SlideShare ist ein Scribd-Unternehmen logo

Hunting for cyber threats targeting weapon systems

•
•
Fidelis Cybersecurity
Fidelis Cybersecurity

While traditional cybersecurity defenses focus on prevention, there are many vulnerabilities and potential attacks against weapon systems. While weapon systems are more software dependent and networked than ever before, cybersecurity has not always been prioritized with regards to weapon systems acquisition. Threat actors have advanced in their sophistication as they are well-resourced and highly skilled, oftentimes gathering detailed knowledge of the systems they want to attack. Ensuring stronger detection methods is imperative, but because these types of threats are very targeted and advanced, agencies need the capability to proactively hunt.

Technologie
1 von 30
Downloaden Sie, um offline zu lesen
Hunting for Cyber Threats Targeting Weapon Systems
© Fidelis Cybersecurity Today’s Speakers Robert Henry Technical Security Engineer Fidelis Cybersecurity, Federal Bob Gourley OODA LLC Co-Founder and CTO Editor of CTOvision.com 2
Cyber Threats: A practitioner’s view Bob Gourley 22 Feb 2019
About this presentation… • Perspectives on the cyber threat • From history • And personal experience • Concluding with actionable recommendations
Based On Three Sources: Human History Trusted Analysis Experience • A lesson from every great period of history • The case of Hannibal • Civil War • OODAloop.com • Recorded Future and other open intel sources • Learning from adversaries in government and industry systems
A Brief History If you know human history you have the most important things down already
The Condensed History of the Cyber Threat • 1862 Civil War: Both sides attacked, exploited, hacked. Cyber attack enabled “The Great Locomotive Chase” which also destroyed comms infrastructure • 1998 Moonlight Maze: It takes a nation to fight a nation • 2007 Estonia: Be ready to weather a storm • 2008 Georgia: Expect cyber attacks timed to military ops • 2008 Turkey Pipeline: Large cyber to physical attack • 2011 Wikileaks: Know the human element. Balance info sharing and protection • 2013 DSB Report: Software for most weapon systems stolen • 2013 Mandiant Report: Cyber intel is strategic • 2013 Snowden Leaks: Know the threat before it strikes • 2013/14 Banks and Retail: Nothing stops this adversary • 2014/15 Embedded IT, including in DoD: Threat actors will find a way • 2015 Healthcare and Governments: No sector immune • 2016: Turla Attacks: Telecom sector a target • 2016: Shift to small and mid-sized businesses, supply chain, and home users • 2017/18: Privacy attacks at scale, ICS/SCADA/Telecom, Cyberwar • 2019: Adversary use of AI and Machine Learning7
Now Some Historical Context 8 8 How we think. Today’s hackers are made of the same stuff as the famously persistent Hannibal, who did not give up till he got through the impassible firewall of the Alps
Observations What is going on in cyberspace right now?
What Are We Seeing Today: • Phishing remains dominant path to organizations… exploits human traits of compassion and curiosity. • Adversaries constantly shift tactics. When Phishing doesn’t work there are plenty of other avenues in. • The big breaches get the press, but many criminals prefer mid-sized businesses, individual users (you!), and government agencies. • DDoS attacks evolved. Can be large enough to take companies offline. • IoT is here... But little indication of IoT security solutions (Lots more room for innovation here). • Complex command and control infrastructures leverage unsuspecting companies and their servers/telecom. • Ransomware evolving/becoming harder to prevent/beat. • 28% of breaches involved insiders. The worse were working for criminals or nations so the “outsider” is still a huge threat. • Adversaries also exploiting vulnerabilities in hardware (Spectre and meltdown) • Governments (especially Russia, China, Iran, DPRK) invest in targeting infrastructure and weapon systems 10
Recommended Actions What does all this mean for organizations today?
Actions: Know The Adversary • Be Prepared To Be Surprised: Big lesson from both history and study of current threats. You will be surprised, so have an incident response plan and exercise it. • Know that the adversaries have weaknesses too: They must obey the same laws of physics that constrain defenders. And when they are in your networks they are on your turf which gives you an advantage. Ensure your defenses are agile enough to take advantage of their weaknesses. Be ready to deceive your adversary. 12
Actions: Know Yourself • Know your own organization: Assess and Understand: Know what data, systems and capabilities are most important to the function of your organization, and maintain continuous automated awareness of their status. • It takes teams to beat teams: No organization can match the technical talent of the modern cyber criminal or nation. Build trust based teams now. Leverage the power of other organizations for your defense. Security professionals, law enforcement, cloud service providers, the FBI, the US CERT, and the appropriate ISAC (FS-ISAC for financial sector). • Test yourself: through independent assessment and realistic training/evaluations (table top exercises) 13
Actions: Raise Your Defenses • Enhance Defenses: The adversary in cyberspace is continuing to innovate, which means we must continue to review our defenses and modernize. Automating is key. Automate configuration management, automate detection, automate response, automate deception. • Design for Containment: Early detection and rapid incident response will be aided if systems are designed to contain adversaries. Containment of attacks is especially important in malicious code. IoT devices critical to segment. • Ensure Backup: Every critical system must have a backup, and recovery methods must be defined and tested. 14
Get Your Mental Model Right: Think OODA • Observe: What do you know about the situation, including adversary actions, your own systems and the environment. • Orient: Consider your observations in the context of everything you know including your business objectives, strengths and weaknesses. • Decide: In dynamic situations the speed of decision is critical. • Act: Minimize the gap between decision and action. The loop continues, now observe what changes in the situation your actions caused 15
One Slide Summary The Key Takeaways
The State Of Cybersecurity Today 17 The Threat Unique Tech Factors The Situation A great deal is known about who is attacking and what their motivations are. By studying them we can build better defenses before attack and respond smarter during attack. Get the right info for strategic, operational and tactical decisions. Every sector of the economy and every government and every citizen is under almost constant attack. Most suffer ongoing infections with malware. Attackers get in fast and remain undetected for months. But risk can be reduced/mitigated. Your Action Governments, businesses, homes, aircraft, cars, roads, trains, ships increasingly interconnected. But cyberspace is hard to observe. Well instrumented systems overseen by trained/experienced people are key to defense. Lead with understanding that cybersecurity is not just a tech function. Must have executive leadership and engagement by entire team. Ensure external verification and validation of strategy, policy, process and tech. Successful Attacks Are By Organizations Defenders Should Collaborate on Lessons Ensure Tech is Independently Assessed Victory Must Be Earned Nations Crime Groups Extremists Hackers Insiders Encryption ID mgnt SDP 2FA AutoPatching Deception Tools To Consider: Adversaries Are: Attackers are persistent, we must prepare for breach Top Lessons Are: Engage with CSA, Collaborate with Peers, Study Threats Top Actions:
OODA LLC • OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future. We provide advanced intelligence and analysis, strategy and planning support, investment due diligence, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments. • OODA is comprised of a unique team of international experts lead by co-founders Matt Devost and Bob Gourley.
Bob Gourley bob@ooda.com OODA.com
Automate Detection, Hunting, and Response One Platform. Multiple Use Cases. Protecting the World’s Most Sensitive Data
© Fidelis Cybersecurity21 Relied on by 40+ U.S. government agencies Trusted by 12 of the Fortune 50 Depended on by 24 of the Fortune 100 Trusted by the World’s Largest Brands & Government Organizations Protecting the World’s Most Sensitive Data FINANCIAL SERVICES GOVERNMENT RETAIL HEALTHCARE PHARMA & BIO TECHNOLOGY INDUSTRIALS ENERGY TELECOM OTHER
Š Fidelis Cybersecurity The Security Objective: Protect Data andAssets In Order to Protect Mission, YOU MUST KNOW YOUR TERRAIN 1. What do we need to secure? 2. What information is of value? 3. What assets do we have? 4. What is their behavior? Adversaries Know How to Exploit Blind Spots in Cyber Terrain 22 Know Your Network Determine most likely paths of: Exfiltration C&C Surveillance Etc.
© Fidelis Cybersecurity23 Agents Sensors Decoys Threat Intelligence Fidelis Insight 3rd Party Threat Intel Customer Defined Intel Sandboxing Execution Analysis File & Web Analysis ML-based Malware Detection ACurated Security Stack— Integrated,Automated & Correlated FIDELIS ELEVATE™ SIEM Real Time Analysis – Detect and Respond Historical Metadata – Hunt and Investigate Response Automation and Analytics Engine Breadcrumbs | Decoys AD | MITM Gateway | Internal |Cloud Email | Web Windows | Linux Mac | Cloud Data Science Statistical analysis Supervised learning models SOAR
© Fidelis Cybersecurity Understanding the Power of Metadata 24 Manual searching, automatic analytics, anomaly detection… At a fraction of the cost of full PCAP storage and much faster response times WHO: Domain user, Webmail user, FTP user, email address, device ID, organization name WHAT: filenames, SHA256, MD5, content tags, malware name, malware type WHEN: From right now back through time – as long as you’re willing to store the data HOW: protocols, applications, file type, User Agent, custom protocols, obfuscated files and scripts WHERE: Source, Destination, country, IP address, organization, URL, Domain
© Fidelis Cybersecurity25 Threat Hunting – Your Last Line of Defense Reduce the Dwell Time of an Attack No YesYes No DetectedPrevented Incident Response Secure Trusted Configuration Attack Dwell Time Threat Hunting
© Fidelis Cybersecurity26 Distribute ▪ Continuously map networks, clouds and assets ▪ Profiles created and updated for asset location, use, type, etc. ▪ Automatically builds deception layer from discovery ▪ Automatically creates decoys based on real assets, services and processes ▪ Automatically deploys decoys in networks and cloud ▪ Seeds breadcrumbs in real assets and Active Directory, plus DNS and ARP poisoning ▪ Alerts from decoy access & engagement, MITM and network traps ▪ Analysis and alerting of poisoned data use (credentials) ▪ Recognizes new assets, network and cloud topologies ▪ Automatic updates to discovery mapping and decoys Agentless automation across on-premise and cloud environments Discover DetectDecoys Adapt
© Fidelis Cybersecurity What You Get With Fidelis Deception 27 UNDERSTAND YOUR TERRAIN ▪ Lure attackers to decoys that divert away from real resources ▪ Detect malware and intruders moving laterally within the network ▪ Active Directory breadcrumbs add privileged users that can be tracked and monitored in the decoys ▪ High-fidelity alerts with very few false positives ▪ Automatically build an accurate deception layer based on the real network ▪ Automatically adapt the deception layer as network changes occur ▪ Rapidly deploy decoys and breadcrumbs for immediate effectiveness – with minimal resources and time required ▪ Understand the network the way an attacker would ▪ Remove the blind spot to discover network assets including legacy systems and shadow IT ▪ Classify all asset types including enterprise IoT ▪ Discover typical internal and external activity including web traffic, browser types, OS in use and IoT connections AUTOMATE THE DECOY LAYER DETECT LATERAL MOVEMENT
Demonstration
© Fidelis Cybersecurity Next Steps: Proof of Concept 29 See Fidelis in Action Map Your Terrain and Find the Blind Spots ▪ Full platform or individual products ▪ Easy-to-implement with flexible deployment options based on your requirements: ▪ VM / Cloud ▪ On-premise ▪ Tactical ▪ You define success criteria and timeline https://www.fidelissecurity.com/contact-us
Thank You

Empfohlen

Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Building the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseBuilding the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseDon Murdoch GSE CyberGuardian CISSP
 
What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?manoharparakh
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 

Empfohlen

Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Building the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseBuilding the Security Operations and SIEM Use CAse
Building the Security Operations and SIEM Use CAseDon Murdoch GSE CyberGuardian CISSP
 
What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?What is SOC and why do banks need SOC-as-a-Service?
What is SOC and why do banks need SOC-as-a-Service?manoharparakh
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
Threat Detection using artificial intelligence
Threat Detection using artificial intelligenceThreat Detection using artificial intelligence
Threat Detection using artificial intelligenceAmazon Web Services
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaTechBiz Forense Digital
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 

Weitere ähnliche Inhalte

Was ist angesagt?

Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat huntingVikas Jain
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceAndreas Sfakianakis
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onSplunk
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK frameworkBhushan Gurav
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideMITRE ATT&CK
 
Threat Detection using artificial intelligence
Threat Detection using artificial intelligenceThreat Detection using artificial intelligence
Threat Detection using artificial intelligenceAmazon Web Services
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxInfosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE - ATT&CKcon
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsYulian Slobodyan
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 

Was ist angesagt? (20)

Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
Soc and siem and threat hunting
Soc and siem and threat huntingSoc and siem and threat hunting
Soc and siem and threat hunting
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
MITRE ATT&CK framework
MITRE ATT&CK frameworkMITRE ATT&CK framework
MITRE ATT&CK framework
 
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
MITRE ATT&CK Updates: State of the ATT&CK (ATT&CKcon 4.0 Edition)
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
ATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue DivideATT&CKing the Red/Blue Divide
ATT&CKing the Red/Blue Divide
 
Threat Detection using artificial intelligence
Threat Detection using artificial intelligenceThreat Detection using artificial intelligence
Threat Detection using artificial intelligence
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptx
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITREMITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
MITRE ATT&CKcon 2.0: State of the ATT&CK; Blake Strom, MITRE
 
Security Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and ToolsSecurity Training: #3 Threat Modelling - Practices and Tools
Security Training: #3 Threat Modelling - Practices and Tools
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving Security
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 

Ähnlich wie Hunting for cyber threats targeting weapon systems

7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bankshreemala1
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookMargarete McGrath
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposedNumaan Huq
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxnikshaikh786
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
Insider threats
Insider threatsInsider threats
Insider threatsizoologic
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav SinghGaurav Singh
 
India is Cyber Vulnerable
India is Cyber VulnerableIndia is Cyber Vulnerable
India is Cyber VulnerableThe eCore Group
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 

Ähnlich wie Hunting for cyber threats targeting weapon systems (20)

Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
wp-us-cities-exposed
wp-us-cities-exposedwp-us-cities-exposed
wp-us-cities-exposed
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Brooks18
Brooks18Brooks18
Brooks18
 
Insider threats
Insider threatsInsider threats
Insider threats
 
Cyber security by Gaurav Singh
Cyber security by Gaurav SinghCyber security by Gaurav Singh
Cyber security by Gaurav Singh
 
India is Cyber Vulnerable
India is Cyber VulnerableIndia is Cyber Vulnerable
India is Cyber Vulnerable
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 

Mehr von Fidelis Cybersecurity

Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensiveFidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateFidelis Cybersecurity
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSFidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Secure Your Data with Fidelis NetworkÂŽ for DLP
Secure Your Data with Fidelis NetworkÂŽ for DLPSecure Your Data with Fidelis NetworkÂŽ for DLP
Secure Your Data with Fidelis NetworkÂŽ for DLPFidelis Cybersecurity
 
Fidelis EndpointÂŽ - Live Demonstration
Fidelis EndpointÂŽ - Live Demonstration Fidelis EndpointÂŽ - Live Demonstration
Fidelis EndpointÂŽ - Live Demonstration Fidelis Cybersecurity
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseFidelis Cybersecurity
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis Cybersecurity
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCFidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 

Mehr von Fidelis Cybersecurity (16)

Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis ElevateInsider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
Insider Threats Part 2: Preventing Data Exfiltration with Fidelis Elevate
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology
 
Extending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWSExtending Your Network Cloud Security to AWS
Extending Your Network Cloud Security to AWS
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Secure Your Data with Fidelis NetworkÂŽ for DLP
Secure Your Data with Fidelis NetworkÂŽ for DLPSecure Your Data with Fidelis NetworkÂŽ for DLP
Secure Your Data with Fidelis NetworkÂŽ for DLP
 
Fidelis EndpointÂŽ - Live Demonstration
Fidelis EndpointÂŽ - Live Demonstration Fidelis EndpointÂŽ - Live Demonstration
Fidelis EndpointÂŽ - Live Demonstration
 
Capture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception DefenseCapture the Flag Exercise Using Active Deception Defense
Capture the Flag Exercise Using Active Deception Defense
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 

KĂźrzlich hochgeladen

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

KĂźrzlich hochgeladen (20)

WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Hunting for cyber threats targeting weapon systems

  • 1. Hunting for Cyber Threats Targeting Weapon Systems
  • 2. Š Fidelis Cybersecurity Today’s Speakers Robert Henry Technical Security Engineer Fidelis Cybersecurity, Federal Bob Gourley OODA LLC Co-Founder and CTO Editor of CTOvision.com 2
  • 3. Cyber Threats: A practitioner’s view Bob Gourley 22 Feb 2019
  • 4. About this presentation… • Perspectives on the cyber threat • From history • And personal experience • Concluding with actionable recommendations
  • 5. Based On Three Sources: Human History Trusted Analysis Experience • A lesson from every great period of history • The case of Hannibal • Civil War • OODAloop.com • Recorded Future and other open intel sources • Learning from adversaries in government and industry systems
  • 6. A Brief History If you know human history you have the most important things down already
  • 7. The Condensed History of the Cyber Threat • 1862 Civil War: Both sides attacked, exploited, hacked. Cyber attack enabled “The Great Locomotive Chase” which also destroyed comms infrastructure • 1998 Moonlight Maze: It takes a nation to fight a nation • 2007 Estonia: Be ready to weather a storm • 2008 Georgia: Expect cyber attacks timed to military ops • 2008 Turkey Pipeline: Large cyber to physical attack • 2011 Wikileaks: Know the human element. Balance info sharing and protection • 2013 DSB Report: Software for most weapon systems stolen • 2013 Mandiant Report: Cyber intel is strategic • 2013 Snowden Leaks: Know the threat before it strikes • 2013/14 Banks and Retail: Nothing stops this adversary • 2014/15 Embedded IT, including in DoD: Threat actors will find a way • 2015 Healthcare and Governments: No sector immune • 2016: Turla Attacks: Telecom sector a target • 2016: Shift to small and mid-sized businesses, supply chain, and home users • 2017/18: Privacy attacks at scale, ICS/SCADA/Telecom, Cyberwar • 2019: Adversary use of AI and Machine Learning7
  • 8. Now Some Historical Context 8 8 How we think. Today’s hackers are made of the same stuff as the famously persistent Hannibal, who did not give up till he got through the impassible firewall of the Alps
  • 9. Observations What is going on in cyberspace right now?
  • 10. What Are We Seeing Today: • Phishing remains dominant path to organizations… exploits human traits of compassion and curiosity. • Adversaries constantly shift tactics. When Phishing doesn’t work there are plenty of other avenues in. • The big breaches get the press, but many criminals prefer mid-sized businesses, individual users (you!), and government agencies. • DDoS attacks evolved. Can be large enough to take companies offline. • IoT is here... But little indication of IoT security solutions (Lots more room for innovation here). • Complex command and control infrastructures leverage unsuspecting companies and their servers/telecom. • Ransomware evolving/becoming harder to prevent/beat. • 28% of breaches involved insiders. The worse were working for criminals or nations so the “outsider” is still a huge threat. • Adversaries also exploiting vulnerabilities in hardware (Spectre and meltdown) • Governments (especially Russia, China, Iran, DPRK) invest in targeting infrastructure and weapon systems 10
  • 11. Recommended Actions What does all this mean for organizations today?
  • 12. Actions: Know The Adversary • Be Prepared To Be Surprised: Big lesson from both history and study of current threats. You will be surprised, so have an incident response plan and exercise it. • Know that the adversaries have weaknesses too: They must obey the same laws of physics that constrain defenders. And when they are in your networks they are on your turf which gives you an advantage. Ensure your defenses are agile enough to take advantage of their weaknesses. Be ready to deceive your adversary. 12
  • 13. Actions: Know Yourself • Know your own organization: Assess and Understand: Know what data, systems and capabilities are most important to the function of your organization, and maintain continuous automated awareness of their status. • It takes teams to beat teams: No organization can match the technical talent of the modern cyber criminal or nation. Build trust based teams now. Leverage the power of other organizations for your defense. Security professionals, law enforcement, cloud service providers, the FBI, the US CERT, and the appropriate ISAC (FS-ISAC for financial sector). • Test yourself: through independent assessment and realistic training/evaluations (table top exercises) 13
  • 14. Actions: Raise Your Defenses • Enhance Defenses: The adversary in cyberspace is continuing to innovate, which means we must continue to review our defenses and modernize. Automating is key. Automate configuration management, automate detection, automate response, automate deception. • Design for Containment: Early detection and rapid incident response will be aided if systems are designed to contain adversaries. Containment of attacks is especially important in malicious code. IoT devices critical to segment. • Ensure Backup: Every critical system must have a backup, and recovery methods must be defined and tested. 14
  • 15. Get Your Mental Model Right: Think OODA • Observe: What do you know about the situation, including adversary actions, your own systems and the environment. • Orient: Consider your observations in the context of everything you know including your business objectives, strengths and weaknesses. • Decide: In dynamic situations the speed of decision is critical. • Act: Minimize the gap between decision and action. The loop continues, now observe what changes in the situation your actions caused 15
  • 16. One Slide Summary The Key Takeaways
  • 17. The State Of Cybersecurity Today 17 The Threat Unique Tech Factors The Situation A great deal is known about who is attacking and what their motivations are. By studying them we can build better defenses before attack and respond smarter during attack. Get the right info for strategic, operational and tactical decisions. Every sector of the economy and every government and every citizen is under almost constant attack. Most suffer ongoing infections with malware. Attackers get in fast and remain undetected for months. But risk can be reduced/mitigated. Your Action Governments, businesses, homes, aircraft, cars, roads, trains, ships increasingly interconnected. But cyberspace is hard to observe. Well instrumented systems overseen by trained/experienced people are key to defense. Lead with understanding that cybersecurity is not just a tech function. Must have executive leadership and engagement by entire team. Ensure external verification and validation of strategy, policy, process and tech. Successful Attacks Are By Organizations Defenders Should Collaborate on Lessons Ensure Tech is Independently Assessed Victory Must Be Earned Nations Crime Groups Extremists Hackers Insiders Encryption ID mgnt SDP 2FA AutoPatching Deception Tools To Consider: Adversaries Are: Attackers are persistent, we must prepare for breach Top Lessons Are: Engage with CSA, Collaborate with Peers, Study Threats Top Actions:
  • 18. OODA LLC • OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future. We provide advanced intelligence and analysis, strategy and planning support, investment due diligence, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments. • OODA is comprised of a unique team of international experts lead by co-founders Matt Devost and Bob Gourley.
  • 20. Automate Detection, Hunting, and Response One Platform. Multiple Use Cases. Protecting the World’s Most Sensitive Data
  • 21. Š Fidelis Cybersecurity21 Relied on by 40+ U.S. government agencies Trusted by 12 of the Fortune 50 Depended on by 24 of the Fortune 100 Trusted by the World’s Largest Brands & Government Organizations Protecting the World’s Most Sensitive Data FINANCIAL SERVICES GOVERNMENT RETAIL HEALTHCARE PHARMA & BIO TECHNOLOGY INDUSTRIALS ENERGY TELECOM OTHER
  • 22. Š Fidelis Cybersecurity The Security Objective: Protect Data andAssets In Order to Protect Mission, YOU MUST KNOW YOUR TERRAIN 1. What do we need to secure? 2. What information is of value? 3. What assets do we have? 4. What is their behavior? Adversaries Know How to Exploit Blind Spots in Cyber Terrain 22 Know Your Network Determine most likely paths of: Exfiltration C&C Surveillance Etc.
  • 23. Š Fidelis Cybersecurity23 Agents Sensors Decoys Threat Intelligence Fidelis Insight 3rd Party Threat Intel Customer Defined Intel Sandboxing Execution Analysis File & Web Analysis ML-based Malware Detection ACurated Security Stack— Integrated,Automated & Correlated FIDELIS ELEVATE™ SIEM Real Time Analysis – Detect and Respond Historical Metadata – Hunt and Investigate Response Automation and Analytics Engine Breadcrumbs | Decoys AD | MITM Gateway | Internal |Cloud Email | Web Windows | Linux Mac | Cloud Data Science Statistical analysis Supervised learning models SOAR
  • 24. Š Fidelis Cybersecurity Understanding the Power of Metadata 24 Manual searching, automatic analytics, anomaly detection… At a fraction of the cost of full PCAP storage and much faster response times WHO: Domain user, Webmail user, FTP user, email address, device ID, organization name WHAT: filenames, SHA256, MD5, content tags, malware name, malware type WHEN: From right now back through time – as long as you’re willing to store the data HOW: protocols, applications, file type, User Agent, custom protocols, obfuscated files and scripts WHERE: Source, Destination, country, IP address, organization, URL, Domain
  • 25. Š Fidelis Cybersecurity25 Threat Hunting – Your Last Line of Defense Reduce the Dwell Time of an Attack No YesYes No DetectedPrevented Incident Response Secure Trusted Configuration Attack Dwell Time Threat Hunting
  • 26. Š Fidelis Cybersecurity26 Distribute ▪ Continuously map networks, clouds and assets ▪ Profiles created and updated for asset location, use, type, etc. ▪ Automatically builds deception layer from discovery ▪ Automatically creates decoys based on real assets, services and processes ▪ Automatically deploys decoys in networks and cloud ▪ Seeds breadcrumbs in real assets and Active Directory, plus DNS and ARP poisoning ▪ Alerts from decoy access & engagement, MITM and network traps ▪ Analysis and alerting of poisoned data use (credentials) ▪ Recognizes new assets, network and cloud topologies ▪ Automatic updates to discovery mapping and decoys Agentless automation across on-premise and cloud environments Discover DetectDecoys Adapt
  • 27. Š Fidelis Cybersecurity What You Get With Fidelis Deception 27 UNDERSTAND YOUR TERRAIN ▪ Lure attackers to decoys that divert away from real resources ▪ Detect malware and intruders moving laterally within the network ▪ Active Directory breadcrumbs add privileged users that can be tracked and monitored in the decoys ▪ High-fidelity alerts with very few false positives ▪ Automatically build an accurate deception layer based on the real network ▪ Automatically adapt the deception layer as network changes occur ▪ Rapidly deploy decoys and breadcrumbs for immediate effectiveness – with minimal resources and time required ▪ Understand the network the way an attacker would ▪ Remove the blind spot to discover network assets including legacy systems and shadow IT ▪ Classify all asset types including enterprise IoT ▪ Discover typical internal and external activity including web traffic, browser types, OS in use and IoT connections AUTOMATE THE DECOY LAYER DETECT LATERAL MOVEMENT
  • 29. Š Fidelis Cybersecurity Next Steps: Proof of Concept 29 See Fidelis in Action Map Your Terrain and Find the Blind Spots ▪ Full platform or individual products ▪ Easy-to-implement with flexible deployment options based on your requirements: ▪ VM / Cloud ▪ On-premise ▪ Tactical ▪ You define success criteria and timeline https://www.fidelissecurity.com/contact-us