SlideShare a Scribd company logo

Evolving Cybersecurity Threats

โ€ขDownload as PPTX, PDFโ€ข
โ€ข
Nevada County Tech Connection
Nevada County Tech Connection

Drawing from CrowdStrike's work, Cayce Beames will present evolving cybersecurity threats, discussed her thoughts on why traditional security is failing and shared a bit on what this "next generation endpoint protection" is about. Cayce has been working in technology for over 25 years. From IT Systems Administration to Network Engineering and Internet Security, Risk Management and Compliance Auditing, Cayce has consulted with many Global corporations and traveled extensively. Cayce is currently a governance, risk and compliance analyst at CrowdStrike and founder of the not for profit, public benefit, education for kids organization called "The Computer Club" where she works to inspire kids and adults to address their fear of the unknown and make something awesome with technology.

Internet
1 of 38
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CYBERSECURITY THREATS & NEXT-GEN ENDPOINT PROTECTION
Cayce Beames ๏‚ง Sr Analyst, GRC at CrowdStrike ๏‚ง 25 Years in IT and Security ๏‚ง Really rather technical ๏‚ง Co-founded a kids club to teach electronics, programming and robotics: www.thecomputerclub.org 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 1 Cybersecurity Threats 2 Attack Vectors 3 Ransomware 4 Why Traditional Security is Failing 5 What is โ€œNext Gen Endpoint Protection?โ€ 6 Questions / Discussion
CYBERSECURITY THREATS The 100,000ft view 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. DATA BREACHES SINCE 2004 WHAT DO THEY ALL HAVE IN COMMON?
FW AV Sandbox IPS White Listing TO STOP THE BREACH Existing Point Solutions FAILED 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
โ€œLegitimate user credentials were used in most hacking related data breaches, with some 81% of them using weak, default, or stolen passwordsโ€ 2017 Verizon Data Breach Investigations Report (DBIR) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
MALWARE 51% THREAT SOPHISTICATION MALWARE STOPPING MALWARE IS NOT ENOUGH HARDERTOPREVENT &DETECT LOW HIGH HIGH LOW 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
THREAT SOPHISTICATION MALWARE NON-MALWARE ATTACKS MALWARE 51% NATION- STATES 49% NON-MALWARE ATTACKS ORGANIZED CRIMINAL GANGS HACKTIVISTS/ VIGILANTES TERRORISTS CYBER- CRIMINALS YOU NEED COMPLETE BREACH PREVENTION HARDERTOPREVENT &DETECT LOW HIGH HIGH LOW 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
CYBERSECURITY THREATS A Closer-up View 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
CYBERSECURITY THREATS - ADVERSARIES ๏‚ง Adversaries are: ๏‚ง Better funded ๏‚ง More sophisticated ๏‚ง More patient ๏‚ง Attacks are ๏‚ง Well planned ๏‚ง Quietly executed ๏‚ง Often malware free ๏‚ง Encrypted ๏‚ง Cleaned up ๏‚ง leaving less evidence 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
IRAN RUSSIA 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NATION STATE ADVERSARY GROUPS INDIA NORTH KOREA CHINA โ€˜PANDAโ€™ โ€˜BEARโ€™ โ€˜CHOLLIMAโ€™ โ€˜TIGERโ€™ โ€˜KITTENโ€™
ADVERSARY PROFILE: ROCKET KITTEN OPERATIONAL WINDOW April 2014 - Present OBJECTIVES Recon Lateral movement Data Theft TARGETING Aerospace Defense Government TOOLS Word Macros Core Impact Gmail C2 FireMalv credential stealer MPK post-exploitation toolkit 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. OTHER ADVERSARY GROUPS SINGING SPIDER UNION SPIDER ANDROMEDA SPIDER CRIMINAL HACKTIVIST/ ACTIVIST/ TERRORIST DEADEYE JACKAL GHOST JACKAL CORSAIR JACKAL EXTREME JACKAL FRATERNAL JACKAL
ATTACK VECTORS A look into a recent case 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ATTACK: DEMOCRATIC NATIONAL COMMITTEE Suspected Large Scale Phishing Campaign WMI, Powershell and known malware SeaDaddy used. Malware fully modular for command and control IOCโ€™s indicated variation of known adversary, Fancy Bear CrowdStrike observed malicious activity in real time โ€œhands on keyboardโ€ Data was exfiltrated prior to our investigation, but ShimCache showed clear targeting DNC IT team reimages infected systems and builds new domain infrastructure
RANSOMWARE ๏‚ง Propagates through unpatched/unknown ( โ€œ0-dayโ€ ) vulnerability ๏‚ง Steals credentials ๏‚ง Propagates further with valid credentials and built-in (aka malware free) tools such as WMI and psexec ๏‚ง Encrypts data or master boot record ๏‚ง Asks for ransom to be submitted in bitcoin ๏‚ง Provides multi-language call center for support ๏‚ง May, or may not decrypt your data, may also destroy your data as well ๏‚ง If email/domains are disabled, decryption keys may not be obtained 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
WHY TRADITIONAL SECURITY IS FAILING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
UNDERTRAINED, UNDEREQUIPPED, UNDERSTAFFED, OVERWORKED ๏‚ง Threats are more complex. ๏‚ง Executives are not the security zealots that the security team is. Security is a steep learning curve for them. ๏‚ง Employees and contractors are pushed harder. ๏‚ง Every budget dollar is scrutinized ๏‚ง Tools are poorly used or are the wrong ones. Drowning in data. 27% of breaches were reported by a 3rd party! ๏‚ง Processes are poorly executed and poorly automated ๏‚ง Training โ€ฆ How does your company train? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Comparative Analysis WHY TRADITIONAL SECURITY IS FAILING Adversary ๏‚ง Well Funded ๏‚ง State vs Corporation ๏‚ง Organized Crime vs Individual ๏‚ง More Sophisticated ๏‚ง Better Tooling ๏‚ง Better Trained ๏‚ง More Patient Organization Security Teams ๏‚ง Funding is up, but to what benefit? ๏‚ง Is it making a difference? ๏‚ง Not very sophisticated ๏‚ง Too much to do ๏‚ง Not enough time ๏‚ง Wrong, or poorly understood tools ๏‚ง Poorly trained ๏‚ง Less patient, too much stress! 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
WISDOM FROM SUN TZU 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. โ€œIf you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.โ€
Do you know if your endpoints are currently compromised by a sophisticated actor? Are you protecting your remote users and compute environments against ransomware and other polymorphic threats? Do your existing security tools stop malware-free breaches? ? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
WHAT IS THIS โ€œNEXT GENERATION ENDPOINT PROTECTIONโ€ BUSINESS?! 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
NEXT-GEN ENDPOINT PROTECTION ๏‚ง The enterprise endpoint protection platform (EPP) is an integrated solution that has the following capabilities: ๏‚ง Anti-malware ๏‚ง Personal firewall ๏‚ง Port and device control ๏‚ง EPP solutions will also often include: ๏‚ง Vulnerability assessment ๏‚ง Application control and application sandboxing ๏‚ง Enterprise mobility management (EMM) ๏‚ง Memory protection ๏‚ง Endpoint detection and response (EDR) technology (see "Market Guide for Endpoint Detection and Response Solutions" ) ๏‚ง Data protection such as full disk and file encryption ๏‚ง Endpoint data loss prevention (DLP) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Next-Generation Endpoint Protection Cloud Delivered. Enriched by Threat Intelligence MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
OLD ENTERPRISE ARCHITECTURE O N P R E M I S E S E C U R I T Y 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
MODERN ENTERPRISE ARCHITECTURE CS SecurityCloud MobileWorkerPublicCloud PrivateCloud RemoteWorkerBranchOffice 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
PublicCloud PrivateCloud MobileWorkerRemoteWorkerBranchOffice CS SecurityCloud PROTECT ALL OF YOUR ASSETS Nohardwareto deploy andmanage Protectendpointsoutside of the Firewall Real-timeupdates Crowdsourcedintelligence BUSINESS VALUE MODERN ENTERPRISE ARCHITECTURE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
NEXT-GEN AVFEATURES Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
NEXT-GEN AVBENEFITS PREVENTS ALL TYPES OF ATTACKS Protect against Known/Unknown Malware Protect Against Zero-Day Attacks Eliminate Ransomware No Signature Updates No User Impactโ€”Less than 1% CPU overhead Reduce re-imaging time and costs BUSINESS VALUE Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
TELEMETRY 170Countries/ 18BEvents per day CORRELATION Real-timeandRetrospective CAPABILITIES Detection/Prevention/Forensics TM Createsa BehavioralIOATimeline FIND THE UNKNOWN UNKNOWNS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
ENDPOINT DETECTION AND RESPONSEFEATURES ! PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT BUSINESS VALUE 5 Second Enterprise Search No Hardware or Storage Costs Full Spectrum Visibility Reduced Time to Remediation BENEFITS ENDPOINT DETECTION AND RESPONSE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
MANAGED HUNTING BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 FEATURES FINDING THE ADVERSARY So You Donโ€™t Have To 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
FINDING THE ADVERSARY So You Donโ€™t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Force Multiplier Community Immunity BENEFITS Reduce Alert Fatigue: Focus on What Matters! Stop the โ€œMegaโ€ Breach MANAGED HUNTING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
FALCON ENDPOINT PROTECTION PLATFORM Cloud Delivered SERVICES ENRICHED BY POWERED BY API CROWDSTRIKE THREAT GRAPHTM CROWDSTRIKE INTELLIGENCE CROWDSOURCED INTELLIGENCE THIRD-PARTY INTELLIGENCE FALCON OVERWATCH Managed Hunting FALCON HOST Endpoint Protection FALCON INTELLIGENCE Threat Intelligence 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
SUGGESTED READING/VIEWING ๏‚ง Gartner Magic Quadrant for Endpoint Protection Platforms 2017 (public web listing) ๏‚ง http://branden.biz/wp-content/uploads/2017/03/Magic-Quadrant-for-Endpoint-Protection-Platforms-2017.pdf ๏‚ง CrowdStrike Cyber Intrusion Services Casebook ๏‚ง https://www.crowdstrike.com/resources/reports/crowdstrike-cyber-intrusion-services-casebook-2016/ ๏‚ง CrowdStrike Global Threat Report ๏‚ง https://www.crowdstrike.com/resources/reports/2015-global-threat-report/ ๏‚ง FireEye M-Trends Report ๏‚ง https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html ๏‚ง Verizon Data Breach Investigation Report ๏‚ง http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/ ๏‚ง George Kurtz presenting at Evolve 2017 ๏‚ง https://youtu.be/WtmX-a-cayQ ๏‚ง Abusing WMI, BlackHat 2015, Matt Graeber ๏‚ง https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A- Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
THANK YOU Please enjoy some refreshments Cayce Beames Cayce.Beames@crowdstrike.com https://www.linkedin.com/in/caycebeames/ 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

Recommended

Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
ย 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
ย 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
Adam Barrera
ย 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
ย 
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Vaticle
ย 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
ย 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
ย 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
ย 

Recommended

Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
ย 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
ย 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
Adam Barrera
ย 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
ArianeSpano
ย 
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Building a Cyber Threat Intelligence Knowledge Management System (Paris Augus...
Vaticle
ย 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
ย 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
ย 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
ย 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
ย 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
MITRE - ATT&CKcon
ย 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
Hybrid IT Europe
ย 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
BeyondTrust
ย 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
ย 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
MITRE - ATT&CKcon
ย 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
Frode Hommedal
ย 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
Ahmed Hashem El Fiky
ย 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
ย 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
ย 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
ย 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
FredBrandonAuthorMCP
ย 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
ย 
AIOps - The next 5 years
AIOps - The next 5 yearsAIOps - The next 5 years
AIOps - The next 5 years
Moogsoft
ย 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
ย 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
Kangaroot
ย 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
ย 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
uthayakumar174828
ย 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the Center
MITRE ATT&CK
ย 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
ย 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
ย 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
ย 

More Related Content

What's hot

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
ย 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
MITRE - ATT&CKcon
ย 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
BeyondTrust
ย 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
danb02
ย 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
MITRE - ATT&CKcon
ย 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
Frode Hommedal
ย 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
ย 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike
ย 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
ย 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
ย 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
MITRE ATT&CK
ย 

What's hot (20)

Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
ย 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
ย 
Zero trust in a hybrid architecture
Zero trust in a hybrid architectureZero trust in a hybrid architecture
Zero trust in a hybrid architecture
ย 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
ย 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
ย 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
ย 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
ย 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
ย 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
ย 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
ย 
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...
ย 
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management SolutionsSC-900 Capabilities of Microsoft Identity and Access Management Solutions
SC-900 Capabilities of Microsoft Identity and Access Management Solutions
ย 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
ย 
AIOps - The next 5 years
AIOps - The next 5 yearsAIOps - The next 5 years
AIOps - The next 5 years
ย 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
ย 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
ย 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
ย 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
ย 
Projects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the CenterProjects to Impact- Operationalizing Work from the Center
Projects to Impact- Operationalizing Work from the Center
ย 
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
Mapping to MITRE ATT&CK: Enhancing Operations Through the Tracking of Interac...
ย 

Similar to Evolving Cybersecurity Threats

DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
ย 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
ย 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
ย 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
CrowdStrike
ย 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
CrowdStrike
ย 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
ย 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
TechBiz Forense Digital
ย 

Similar to Evolving Cybersecurity Threats (20)

DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
ย 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
ย 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
ย 
An Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware OutbreakAn Inside Look At The WannaCry Ransomware Outbreak
An Inside Look At The WannaCry Ransomware Outbreak
ย 
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop ThemUnderstanding Fileless (or Non-Malware) Attacks and How to Stop Them
Understanding Fileless (or Non-Malware) Attacks and How to Stop Them
ย 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
ย 
Cyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.pptCyber-Security-Presentation-2_2017.pptx.ppt
Cyber-Security-Presentation-2_2017.pptx.ppt
ย 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
ย 
Triangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enoughTriangulum - Ransomware Evolved - Why your backups arent good enough
Triangulum - Ransomware Evolved - Why your backups arent good enough
ย 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
ย 
Emerging Threats to Infrastructure
Emerging Threats to InfrastructureEmerging Threats to Infrastructure
Emerging Threats to Infrastructure
ย 
Beveilig je data met windows 10
Beveilig je data met windows 10 Beveilig je data met windows 10
Beveilig je data met windows 10
ย 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
ย 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
ย 
World of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityWorld of Watson 2016 - Information Insecurity
World of Watson 2016 - Information Insecurity
ย 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
ย 
VeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence ServicesVeriSign iDefense Security Intelligence Services
VeriSign iDefense Security Intelligence Services
ย 
Verisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence ServicesVerisign iDefense Security Intelligence Services
Verisign iDefense Security Intelligence Services
ย 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
ย 
PCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red HatPCM Vision 2019 Breakout: IBM | Red Hat
PCM Vision 2019 Breakout: IBM | Red Hat
ย 

More from Nevada County Tech Connection

More from Nevada County Tech Connection (11)

Robotics: Vision-Aided Navigation and Motion Path Planning on Low-End Android...
Robotics: Vision-Aided Navigation and Motion Path Planning on Low-End Android...Robotics: Vision-Aided Navigation and Motion Path Planning on Low-End Android...
Robotics: Vision-Aided Navigation and Motion Path Planning on Low-End Android...
ย 
John Selep: Resources available to the AgTech industry
John Selep: Resources available to the AgTech industryJohn Selep: Resources available to the AgTech industry
John Selep: Resources available to the AgTech industry
ย 
Willa Leong: Farm Date Ownership
Willa Leong: Farm Date OwnershipWilla Leong: Farm Date Ownership
Willa Leong: Farm Date Ownership
ย 
Robert Tse: Broadband and the Future of Agriculture
Robert Tse: Broadband and the Future of AgricultureRobert Tse: Broadband and the Future of Agriculture
Robert Tse: Broadband and the Future of Agriculture
ย 
Gabriel Youtsey: AgTech18 Conference, Nevada County, CA February, 18
Gabriel Youtsey: AgTech18 Conference, Nevada County, CA February, 18Gabriel Youtsey: AgTech18 Conference, Nevada County, CA February, 18
Gabriel Youtsey: AgTech18 Conference, Nevada County, CA February, 18
ย 
Mobile Apps - From Ideas to Excecution
Mobile Apps - From Ideas to ExcecutionMobile Apps - From Ideas to Excecution
Mobile Apps - From Ideas to Excecution
ย 
Artificial Intelligence for Start-Up Funding Success
Artificial Intelligence for Start-Up Funding SuccessArtificial Intelligence for Start-Up Funding Success
Artificial Intelligence for Start-Up Funding Success
ย 
Augmented Reality - Today and the Future
Augmented Reality - Today and the FutureAugmented Reality - Today and the Future
Augmented Reality - Today and the Future
ย 
Rising Above The Noise With Your Tech Brand
Rising Above The Noise With Your Tech BrandRising Above The Noise With Your Tech Brand
Rising Above The Noise With Your Tech Brand
ย 
How to Shoot your Company in the Foot
How to Shoot your Company in the FootHow to Shoot your Company in the Foot
How to Shoot your Company in the Foot
ย 
The Promise of BlockChain
The Promise of BlockChainThe Promise of BlockChain
The Promise of BlockChain
ย 

Recently uploaded

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
ย 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
ย 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
ย 
Hireโ† Young Call Girls in Tilak nagar (Delhi) โ˜Ž๏ธ 9205541914 โ˜Ž๏ธ Independent Esc...
Hireโ† Young Call Girls in Tilak nagar (Delhi) โ˜Ž๏ธ 9205541914 โ˜Ž๏ธ Independent Esc...Hireโ† Young Call Girls in Tilak nagar (Delhi) โ˜Ž๏ธ 9205541914 โ˜Ž๏ธ Independent Esc...
Hireโ† Young Call Girls in Tilak nagar (Delhi) โ˜Ž๏ธ 9205541914 โ˜Ž๏ธ Independent Esc...
Delhi Call girls
ย 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
ย 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
ย 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
kojalkojal131
ย 
Enjoy NightโšกCall Girls Dlf City Phase 3 Gurgaon >เผ’8448380779 Escort Service
Enjoy NightโšกCall Girls Dlf City Phase 3 Gurgaon >เผ’8448380779 Escort ServiceEnjoy NightโšกCall Girls Dlf City Phase 3 Gurgaon >เผ’8448380779 Escort Service
Enjoy NightโšกCall Girls Dlf City Phase 3 Gurgaon >เผ’8448380779 Escort Service
Delhi Call girls
ย 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
ย 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
SUHANI PANDEY
ย 
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐ŸฅตLow Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
Chandigarh Call girls 9053900678 Call girls in Chandigarh
ย 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
ย 
Call Now โ˜Ž 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now โ˜Ž 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now โ˜Ž 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now โ˜Ž 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
soniya singh
ย 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
ย 
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
ย 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
ย 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
ย 

Recently uploaded (20)

VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
ย 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
ย 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
ย 
Hireโ† Young Call Girls in Tilak nagar (Delhi) โ˜Ž๏ธ 9205541914 โ˜Ž๏ธ Independent Esc...
Hireโ† Young Call Girls in Tilak nagar (Delhi) โ˜Ž๏ธ 9205541914 โ˜Ž๏ธ Independent Esc...Hireโ† Young Call Girls in Tilak nagar (Delhi) โ˜Ž๏ธ 9205541914 โ˜Ž๏ธ Independent Esc...
Hireโ† Young Call Girls in Tilak nagar (Delhi) โ˜Ž๏ธ 9205541914 โ˜Ž๏ธ Independent Esc...
ย 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
ย 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
ย 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
ย 
Enjoy NightโšกCall Girls Dlf City Phase 3 Gurgaon >เผ’8448380779 Escort Service
Enjoy NightโšกCall Girls Dlf City Phase 3 Gurgaon >เผ’8448380779 Escort ServiceEnjoy NightโšกCall Girls Dlf City Phase 3 Gurgaon >เผ’8448380779 Escort Service
Enjoy NightโšกCall Girls Dlf City Phase 3 Gurgaon >เผ’8448380779 Escort Service
ย 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
ย 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
ย 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
ย 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
ย 
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐ŸฅตLow Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
Low Sexy Call Girls In Mohali 9053900678 ๐ŸฅตHave Save And Good Place ๐Ÿฅต
ย 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
ย 
Call Now โ˜Ž 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now โ˜Ž 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now โ˜Ž 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now โ˜Ž 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
ย 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
ย 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
ย 
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
๐“€คCall On 7877925207 ๐“€ค Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
ย 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
ย 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
ย 

Evolving Cybersecurity Threats

  • 1. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CYBERSECURITY THREATS & NEXT-GEN ENDPOINT PROTECTION
  • 2. Cayce Beames ๏‚ง Sr Analyst, GRC at CrowdStrike ๏‚ง 25 Years in IT and Security ๏‚ง Really rather technical ๏‚ง Co-founded a kids club to teach electronics, programming and robotics: www.thecomputerclub.org 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 3. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 1 Cybersecurity Threats 2 Attack Vectors 3 Ransomware 4 Why Traditional Security is Failing 5 What is โ€œNext Gen Endpoint Protection?โ€ 6 Questions / Discussion
  • 4. CYBERSECURITY THREATS The 100,000ft view 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 5. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. DATA BREACHES SINCE 2004 WHAT DO THEY ALL HAVE IN COMMON?
  • 6. FW AV Sandbox IPS White Listing TO STOP THE BREACH Existing Point Solutions FAILED 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 7. โ€œLegitimate user credentials were used in most hacking related data breaches, with some 81% of them using weak, default, or stolen passwordsโ€ 2017 Verizon Data Breach Investigations Report (DBIR) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 10. CYBERSECURITY THREATS A Closer-up View 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 11. CYBERSECURITY THREATS - ADVERSARIES ๏‚ง Adversaries are: ๏‚ง Better funded ๏‚ง More sophisticated ๏‚ง More patient ๏‚ง Attacks are ๏‚ง Well planned ๏‚ง Quietly executed ๏‚ง Often malware free ๏‚ง Encrypted ๏‚ง Cleaned up ๏‚ง leaving less evidence 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 12. IRAN RUSSIA 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. NATION STATE ADVERSARY GROUPS INDIA NORTH KOREA CHINA โ€˜PANDAโ€™ โ€˜BEARโ€™ โ€˜CHOLLIMAโ€™ โ€˜TIGERโ€™ โ€˜KITTENโ€™
  • 13. ADVERSARY PROFILE: ROCKET KITTEN OPERATIONAL WINDOW April 2014 - Present OBJECTIVES Recon Lateral movement Data Theft TARGETING Aerospace Defense Government TOOLS Word Macros Core Impact Gmail C2 FireMalv credential stealer MPK post-exploitation toolkit 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 14. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. OTHER ADVERSARY GROUPS SINGING SPIDER UNION SPIDER ANDROMEDA SPIDER CRIMINAL HACKTIVIST/ ACTIVIST/ TERRORIST DEADEYE JACKAL GHOST JACKAL CORSAIR JACKAL EXTREME JACKAL FRATERNAL JACKAL
  • 15. ATTACK VECTORS A look into a recent case 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 16. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ATTACK: DEMOCRATIC NATIONAL COMMITTEE Suspected Large Scale Phishing Campaign WMI, Powershell and known malware SeaDaddy used. Malware fully modular for command and control IOCโ€™s indicated variation of known adversary, Fancy Bear CrowdStrike observed malicious activity in real time โ€œhands on keyboardโ€ Data was exfiltrated prior to our investigation, but ShimCache showed clear targeting DNC IT team reimages infected systems and builds new domain infrastructure
  • 17. RANSOMWARE ๏‚ง Propagates through unpatched/unknown ( โ€œ0-dayโ€ ) vulnerability ๏‚ง Steals credentials ๏‚ง Propagates further with valid credentials and built-in (aka malware free) tools such as WMI and psexec ๏‚ง Encrypts data or master boot record ๏‚ง Asks for ransom to be submitted in bitcoin ๏‚ง Provides multi-language call center for support ๏‚ง May, or may not decrypt your data, may also destroy your data as well ๏‚ง If email/domains are disabled, decryption keys may not be obtained 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 18. WHY TRADITIONAL SECURITY IS FAILING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 19. UNDERTRAINED, UNDEREQUIPPED, UNDERSTAFFED, OVERWORKED ๏‚ง Threats are more complex. ๏‚ง Executives are not the security zealots that the security team is. Security is a steep learning curve for them. ๏‚ง Employees and contractors are pushed harder. ๏‚ง Every budget dollar is scrutinized ๏‚ง Tools are poorly used or are the wrong ones. Drowning in data. 27% of breaches were reported by a 3rd party! ๏‚ง Processes are poorly executed and poorly automated ๏‚ง Training โ€ฆ How does your company train? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 20. Comparative Analysis WHY TRADITIONAL SECURITY IS FAILING Adversary ๏‚ง Well Funded ๏‚ง State vs Corporation ๏‚ง Organized Crime vs Individual ๏‚ง More Sophisticated ๏‚ง Better Tooling ๏‚ง Better Trained ๏‚ง More Patient Organization Security Teams ๏‚ง Funding is up, but to what benefit? ๏‚ง Is it making a difference? ๏‚ง Not very sophisticated ๏‚ง Too much to do ๏‚ง Not enough time ๏‚ง Wrong, or poorly understood tools ๏‚ง Poorly trained ๏‚ง Less patient, too much stress! 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 21. WISDOM FROM SUN TZU 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. โ€œIf you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.โ€
  • 22. Do you know if your endpoints are currently compromised by a sophisticated actor? Are you protecting your remote users and compute environments against ransomware and other polymorphic threats? Do your existing security tools stop malware-free breaches? ? 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 23. WHAT IS THIS โ€œNEXT GENERATION ENDPOINT PROTECTIONโ€ BUSINESS?! 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 24. NEXT-GEN ENDPOINT PROTECTION ๏‚ง The enterprise endpoint protection platform (EPP) is an integrated solution that has the following capabilities: ๏‚ง Anti-malware ๏‚ง Personal firewall ๏‚ง Port and device control ๏‚ง EPP solutions will also often include: ๏‚ง Vulnerability assessment ๏‚ง Application control and application sandboxing ๏‚ง Enterprise mobility management (EMM) ๏‚ง Memory protection ๏‚ง Endpoint detection and response (EDR) technology (see "Market Guide for Endpoint Detection and Response Solutions" ) ๏‚ง Data protection such as full disk and file encryption ๏‚ง Endpoint data loss prevention (DLP) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 25. Next-Generation Endpoint Protection Cloud Delivered. Enriched by Threat Intelligence MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 26. OLD ENTERPRISE ARCHITECTURE O N P R E M I S E S E C U R I T Y 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 27. MODERN ENTERPRISE ARCHITECTURE CS SecurityCloud MobileWorkerPublicCloud PrivateCloud RemoteWorkerBranchOffice 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 28. PublicCloud PrivateCloud MobileWorkerRemoteWorkerBranchOffice CS SecurityCloud PROTECT ALL OF YOUR ASSETS Nohardwareto deploy andmanage Protectendpointsoutside of the Firewall Real-timeupdates Crowdsourcedintelligence BUSINESS VALUE MODERN ENTERPRISE ARCHITECTURE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 30. NEXT-GEN AVBENEFITS PREVENTS ALL TYPES OF ATTACKS Protect against Known/Unknown Malware Protect Against Zero-Day Attacks Eliminate Ransomware No Signature Updates No User Impactโ€”Less than 1% CPU overhead Reduce re-imaging time and costs BUSINESS VALUE Machine Learning IOA Behavioral Blocking Block Known Bad Exploit Mitigation 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 31. TELEMETRY 170Countries/ 18BEvents per day CORRELATION Real-timeandRetrospective CAPABILITIES Detection/Prevention/Forensics TM Createsa BehavioralIOATimeline FIND THE UNKNOWN UNKNOWNS 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 32. ENDPOINT DETECTION AND RESPONSEFEATURES ! PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 33. PREVENT AGAINST SILENT FAILURE DVR FOR ENDPOINT BUSINESS VALUE 5 Second Enterprise Search No Hardware or Storage Costs Full Spectrum Visibility Reduced Time to Remediation BENEFITS ENDPOINT DETECTION AND RESPONSE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 34. MANAGED HUNTING BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 FEATURES FINDING THE ADVERSARY So You Donโ€™t Have To 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 35. FINDING THE ADVERSARY So You Donโ€™t Have To BREACH PREVENTION SERVICES Team of Hunters Working for You 24 x 7 BUSINESS VALUE Force Multiplier Community Immunity BENEFITS Reduce Alert Fatigue: Focus on What Matters! Stop the โ€œMegaโ€ Breach MANAGED HUNTING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 36. FALCON ENDPOINT PROTECTION PLATFORM Cloud Delivered SERVICES ENRICHED BY POWERED BY API CROWDSTRIKE THREAT GRAPHTM CROWDSTRIKE INTELLIGENCE CROWDSOURCED INTELLIGENCE THIRD-PARTY INTELLIGENCE FALCON OVERWATCH Managed Hunting FALCON HOST Endpoint Protection FALCON INTELLIGENCE Threat Intelligence 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 37. SUGGESTED READING/VIEWING ๏‚ง Gartner Magic Quadrant for Endpoint Protection Platforms 2017 (public web listing) ๏‚ง http://branden.biz/wp-content/uploads/2017/03/Magic-Quadrant-for-Endpoint-Protection-Platforms-2017.pdf ๏‚ง CrowdStrike Cyber Intrusion Services Casebook ๏‚ง https://www.crowdstrike.com/resources/reports/crowdstrike-cyber-intrusion-services-casebook-2016/ ๏‚ง CrowdStrike Global Threat Report ๏‚ง https://www.crowdstrike.com/resources/reports/2015-global-threat-report/ ๏‚ง FireEye M-Trends Report ๏‚ง https://www.fireeye.com/current-threats/annual-threat-report/mtrends.html ๏‚ง Verizon Data Breach Investigation Report ๏‚ง http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/ ๏‚ง George Kurtz presenting at Evolve 2017 ๏‚ง https://youtu.be/WtmX-a-cayQ ๏‚ง Abusing WMI, BlackHat 2015, Matt Graeber ๏‚ง https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A- Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  • 38. THANK YOU Please enjoy some refreshments Cayce Beames Cayce.Beames@crowdstrike.com https://www.linkedin.com/in/caycebeames/ 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

Editor's Notes

  1. Better Funded Nation state, organized crime and hacker collectives More Sophisticated Better trained, using more advanced technologies and developed tools taking advantage of undisclosed โ€œzero dayโ€ vulnerabilities. Taking more data, not always what we would expect. More Patient Taking months to perform reconnaissance without detection Well Planned The time spent on reconnaissance, developing new tooling to exploit vulnerabilities, Quietly Executed Using techniques to avoid detection, including on-the-box system utilities and encryption. Cleaned Up Using secure delete, altering file times, clearing logs