SlideShare ist ein Scribd-Unternehmen logo

APT Webinar

•
•
Joseph Schorr
Joseph Schorr
Technologie
1 von 29
ADVANCED PERSISTENT THREAT BREAKING THE ATTACK CYCLE Presented By: Joe Schorr Enterprise Security Practice Manager 800.747.8585 | help@cbihome.com
CBI Introduction Information Technology and Security Solutions Provider • Symantec Partner of the Year, Finalist • Symantec Platinum Partner • Globally capable, superior technical service Experienced Professionals • Operating for 20 years serving more than 500 clients world wide. • Broad customer base ranging from mid-size to Fortune 100 Experienced in Variety of Industries • Healthcare • Government • Banking & Financial Services • Legal • Manufacturing • Retail • Education 2 800.747.8585 | help@cbihome.com
Enterprise Security Practice Joe Schorr: Enterprise Security Practice Manager Managing Consultant for the BT Ethical Hacking Center of Excellence CIO for a large non-profit Global Program Manager – International Network Services Endpoint Enterprise Server Datacenter IT GRC Managemen Security Management Management t 3 800.747.8585 | help@cbihome.com
APT Defined APT is a group of sophisticated, determined and coordinated attacks and attackers that have been systematically targeting, exploiting and compromising U.S. Government and private networks. 4 800.747.8585 | help@cbihome.com
“APT” Advanced means the adversary can operate in the full spectrum of computer intrusion. They can use the most pedestrian publicly available exploit against a well-known vulnerability, or they can elevate their game to research new vulnerabilities and develop custom exploits, depending on the target’s posture. Persistent means the adversary is formally tasked to accomplish a mission. They are not opportunistic intruders. Like an intelligence unit they receive directives and work to satisfy their masters. Persistent does not necessarily mean they need to constantly execute malicious code on victim computers. Rather, they maintain the level of interaction needed to execute their objectives. Threat means the adversary is not a piece of mindless code. This point is crucial. Some people throw around the term “threat” with reference to malware. If malware had no human attached to it (someone to control the victim, read the stolen data, etc.), then most malware would be of little worry (as long as it didn’t degrade or deny data). Rather, the adversary here is a threat because it is organized and funded and motivated. Some people speak of multiple “groups” consisting of dedicated “crews” with various missions. 5 800.747.8585 | help@cbihome.com
Security Trends CHALLENGING THREAT LANDSCAPE MALICIOUS INSIDERS TARGETED ATTACKS INCREASING EVOLVING COMPLEXITY INCREASING FINANCIAL INFRASTRUCTURE AND BRAND RISK DATA GROWTH COMPLIANCE REQUIREMENTS MOBILE VIRTUALIZATION VENDOR COMPLEXITY CLOUD 6 800.747.8585 | help@cbihome.com
Recent Events & Evidence A picture of the hacking software shown during the Chinese military program. The large writing at the top says "Select Attack Target." Next, the user choose an IP address to attack from (it belongs to an American university). The drop-down box is a list of Falun Gong websites, while the button on the left says "Attack." 7 800.747.8585 | help@cbihome.com
RSA and .gov Contractors 8 800.747.8585 | help@cbihome.com
Ever wonder? 9 800.747.8585 | help@cbihome.com
RSA wasn’t alone. http://krebsonsecurity.com/ 10 800.747.8585 | help@cbihome.com
Smoking gun http://krebsonsecurity.com/ 11 800.747.8585 | help@cbihome.com
STUXNET + = 12 800.747.8585 | help@cbihome.com
‘Duqu’ the Son of STUXNET 13 800.747.8585 | help@cbihome.com
Attack Cycle Step 4 • Obtain User Credentials • Install Tools • Escalate privs Step 6 Step 2 •Persistence Step 5 • Delivery of •Residency Expoit • Data Theft and • Enter target Exfltration Step 3 • Create Backdoor • Contact Command & Control (C&C) Step 1 servers • Reconnaissance 14 800.747.8585 | help@cbihome.com
What does this look like? 1. Target selected from shopping list 2. Passive searching – ‘Google-Fu’ 3. Cyber-stalking via Facebook and Linked In 4. Select individuals for Spear-phishing attack 5. Social Engineer custom mail to targets 6. Payload deploys, begins harvest of credentials 7. ‘Owns’ servers and establishes backdoor, establishes tunnels, typically via Port 443 and 53 8. Take data, encrypt and compress and send it home 9. Dormancy until further orders 15 800.747.8585 | help@cbihome.com
Some APT Attack components •Blended weaponized STUXNET clones •Endpoint Compromise •CA Attacks 800.747.8585 | help@cbihome.com
6 recommendations MONITOR! Yes, this means SIM and it also means monitoring your monitor DAILY. If you have challenges in this area consider a MSS solution. MANAGE! access control systems. User management and passwords are not sexy but weak management of this important, basic operational task provides a HUGE attack vector. ENGINEER! your WHOLE network to be secure. The security architecture is not just routers and firewalls. Server, endpoint and application security are as important to a healthy, well-defended enterprise. PATCH! Don’t let the ‘I’ll wait for others to go first….’ mentality lead to inertia. Bad patch management has a direct role in most server and application exploits TEST! your security. Early and often. STOP! The leaks. 17 800.747.8585 | help@cbihome.com
Symantec DLP Overview Storage Endpoint Network Symantec™ Data Loss Prevention Symantec™ Symantec™ Network Discover Data Loss Prevention Data Loss Prevention Endpoint Discover Network Monitor Symantec™ Data Loss Prevention Data Insight Symantec™ Symantec™ Symantec™ Data Loss Prevention Data Loss Prevention Data Loss Prevention Endpoint Prevent Network Prevent Network Protect Management Platform Symantec™ Data Loss Prevention Enforce Platform 18 800.747.8585 | help@cbihome.com
DLP Progress Model Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 19 800.747.8585 | help@cbihome.com
EndPoint Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 20 800.747.8585 | help@cbihome.com
Network Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 21 800.747.8585 | help@cbihome.com
Storage Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 22 800.747.8585 | help@cbihome.com
Desired State for Data Loss The primary goals of using Symantec’s DLP solution are to: 1. Protect confidential and regulated data from leaking or misuse based on corporate business practices 2. Meet or exceed all government regulatory data protection requirements 3. Protect the Client Company brand and image. 23 800.747.8585 | help@cbihome.com
Desired State for Data Loss The DLP solution should perform the following functions: 1. Identify data based on current government regulations and company policies 2. Tuned to minimize false positives 3. Educate Users on proper data handling policies. 4. Notify appropriate parties of data leakage or misuse. 5. Block data leakage or misuse 6. Find sensitive data in file shares and SharePoint 7. Determine who is using data 24 800.747.8585 | help@cbihome.com
Examples of Successful DLP Outcomes 1. Internet traffic is monitored and incidents are created when suspected or confidential data leaves via email or other web process. 2. Endpoint activity is monitored and incidents are created when suspected or confidential data is transferred to USB drives. 3. Manual searches on datastores can be performed if needed 4. General process for handling data breach incidents is established 25 800.747.8585 | help@cbihome.com
Recommendations 1. Upgrade to Symantec Data Loss Prevention version 11.1 2. Refine Existing Policies and Responses 3. Run Network Discover scans 4. Begin using notifications 5. Deploy Email Network Prevent with Symantec Messaging Gateway 6. Deploy Web Network Prevent with Symantec Web Gateway or other ICAP proxy server. 7. Deploy Data Insight 26 800.747.8585 | help@cbihome.com
Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland Reading, England Tokyo, Japan San Francisco, CA Mountain View, CA Austin, TX Chengdu, China Alexandria, VA Culver City, CA Taipei, Taiwan Chennai, India Pune, India Chennai, India Sydney, Australia Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid Detection Attack Activity Malware Intelligence Vulnerabilities Spam/Phishing • 240,000 sensors • 150M client, server, • 35,000+ vulnerabilities • 5M decoy accounts • 200+ countries and gateways monitored • 11,000 vendors • 8B+ email messages/day territories • Global coverage • 80,000 technologies • 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions 800.747.8585 | help@cbihome.com
Next Steps Security and Advisory Assessments – In-depth, consultative engagements – Evaluate and improve your overall security program – Address specific concerns (e.g. PCI/ mobile security issues) 28 800.747.8585 | help@cbihome.com
THANK YOU jschorr@cbihome.com @JoeSchorr 800.747.8585 | help@cbihome.com

Empfohlen

What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
Prime Infoserv
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 

Empfohlen

What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
S.E. CTS CERT-GOV-MD
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
Prime Infoserv
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
Penetration testing reporting and methodology
Penetration testing reporting and methodologyPenetration testing reporting and methodology
Penetration testing reporting and methodology
Rashad Aliyev
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Penetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability ScanningPenetration Testing vs. Vulnerability Scanning
Penetration Testing vs. Vulnerability Scanning
SecurityMetrics
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
SecurityMetrics
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
Mohit Belwal
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
Akshay Kurhade
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber Criminals
Narudom Roongsiriwong, CISSP
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
Marcelo Silva
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
Ryan G. Murphy
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
Rogue Wave Software
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
Btpro-Penetration Testing Service
Btpro-Penetration Testing ServiceBtpro-Penetration Testing Service
Btpro-Penetration Testing Service
Btpro BilgiTeknolojileri
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
Cyber 51 LLC
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Top 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsTop 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security Problems
Narudom Roongsiriwong, CISSP
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
HITCON GIRLS
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defense
Priyanka Aash
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
AlienVault
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Andrew Gerber
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
festival ICT 2016
 
Modelo apt 1
Modelo apt 1Modelo apt 1
Modelo apt 1
john yepes
 

Weitere ähnliche Inhalte

Was ist angesagt?

Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
Rogue Wave Software
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Andrew Gerber
 

Was ist angesagt? (20)

How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Networking and penetration testing
Networking and penetration testingNetworking and penetration testing
Networking and penetration testing
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) services
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber Criminals
 
Info Security - Vulnerability Assessment
Info Security - Vulnerability AssessmentInfo Security - Vulnerability Assessment
Info Security - Vulnerability Assessment
 
What is Next-Generation Antivirus?
What is Next-Generation Antivirus?What is Next-Generation Antivirus?
What is Next-Generation Antivirus?
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
The road towards better automotive cybersecurity
The road towards better automotive cybersecurityThe road towards better automotive cybersecurity
The road towards better automotive cybersecurity
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Btpro-Penetration Testing Service
Btpro-Penetration Testing ServiceBtpro-Penetration Testing Service
Btpro-Penetration Testing Service
 
Penetration Testing Services
Penetration Testing ServicesPenetration Testing Services
Penetration Testing Services
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Top 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security ProblemsTop 10 Bad Coding Practices Lead to Security Problems
Top 10 Bad Coding Practices Lead to Security Problems
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
 
Leveraging red for defense
Leveraging red for defenseLeveraging red for defense
Leveraging red for defense
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
 
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
How to Normalize Threat Intelligence Data from Multiple Sources - Tech Talk T...
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
 

Andere mochten auch

Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
festival ICT 2016
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
ITpreneurs
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the framework
Rob Fuller
 

Andere mochten auch (12)

Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
Advanced Persistent Threat: come muoversi tra il marketing e la realtĂ ?
 
Modelo apt 1
Modelo apt 1Modelo apt 1
Modelo apt 1
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
 
Pentesting with Metasploit
Pentesting with MetasploitPentesting with Metasploit
Pentesting with Metasploit
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?APT 28 :Cyber Espionage and the Russian Government?
APT 28 :Cyber Espionage and the Russian Government?
 
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
EC-Council Certified Ethical Hacker (CEH) v9 - Hackers are here. Where are you?
 
CEHV9
CEHV9CEHV9
CEHV9
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 Hours
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the framework
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at you
 

Ähnlich wie APT Webinar

CBI Threat Landscape Webinar
CBI Threat Landscape WebinarCBI Threat Landscape Webinar
CBI Threat Landscape Webinar
Joseph Schorr
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing Defense
Joseph Schorr
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
Interop
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Precisely
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
CIONET
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
 

Ähnlich wie APT Webinar (20)

CBI Threat Landscape Webinar
CBI Threat Landscape WebinarCBI Threat Landscape Webinar
CBI Threat Landscape Webinar
 
Spear Phishing Defense
Spear Phishing DefenseSpear Phishing Defense
Spear Phishing Defense
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Adaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber AttacksAdaptive Defense - Understanding Cyber Attacks
Adaptive Defense - Understanding Cyber Attacks
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i SystemsAddressing the Top 3 Real-world Security Challenges for Your IBM i Systems
Addressing the Top 3 Real-world Security Challenges for Your IBM i Systems
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
20101012 isa larry_clinton
20101012 isa larry_clinton20101012 isa larry_clinton
20101012 isa larry_clinton
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actorConf 2019 - Workshop: Liam Glanfield - know your threat actor
Conf 2019 - Workshop: Liam Glanfield - know your threat actor
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 

Mehr von Joseph Schorr

Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)
Joseph Schorr
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11
Joseph Schorr
 

Mehr von Joseph Schorr (6)

Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)Rule 1: Cardio (and some other rules to keep intruders out)
Rule 1: Cardio (and some other rules to keep intruders out)
 
Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11
 
FETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons LearnedFETC - A Laptop in Every Classroom: Lessons Learned
FETC - A Laptop in Every Classroom: Lessons Learned
 
HIPAA Preso
HIPAA PresoHIPAA Preso
HIPAA Preso
 
Information Security - The Basics
Information Security - The BasicsInformation Security - The Basics
Information Security - The Basics
 

KĂźrzlich hochgeladen

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

KĂźrzlich hochgeladen (20)

Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

APT Webinar

  • 1. ADVANCED PERSISTENT THREAT BREAKING THE ATTACK CYCLE Presented By: Joe Schorr Enterprise Security Practice Manager 800.747.8585 | help@cbihome.com
  • 2. CBI Introduction Information Technology and Security Solutions Provider • Symantec Partner of the Year, Finalist • Symantec Platinum Partner • Globally capable, superior technical service Experienced Professionals • Operating for 20 years serving more than 500 clients world wide. • Broad customer base ranging from mid-size to Fortune 100 Experienced in Variety of Industries • Healthcare • Government • Banking & Financial Services • Legal • Manufacturing • Retail • Education 2 800.747.8585 | help@cbihome.com
  • 3. Enterprise Security Practice Joe Schorr: Enterprise Security Practice Manager Managing Consultant for the BT Ethical Hacking Center of Excellence CIO for a large non-profit Global Program Manager – International Network Services Endpoint Enterprise Server Datacenter IT GRC Managemen Security Management Management t 3 800.747.8585 | help@cbihome.com
  • 4. APT Defined APT is a group of sophisticated, determined and coordinated attacks and attackers that have been systematically targeting, exploiting and compromising U.S. Government and private networks. 4 800.747.8585 | help@cbihome.com
  • 5. “APT” Advanced means the adversary can operate in the full spectrum of computer intrusion. They can use the most pedestrian publicly available exploit against a well-known vulnerability, or they can elevate their game to research new vulnerabilities and develop custom exploits, depending on the target’s posture. Persistent means the adversary is formally tasked to accomplish a mission. They are not opportunistic intruders. Like an intelligence unit they receive directives and work to satisfy their masters. Persistent does not necessarily mean they need to constantly execute malicious code on victim computers. Rather, they maintain the level of interaction needed to execute their objectives. Threat means the adversary is not a piece of mindless code. This point is crucial. Some people throw around the term “threat” with reference to malware. If malware had no human attached to it (someone to control the victim, read the stolen data, etc.), then most malware would be of little worry (as long as it didn’t degrade or deny data). Rather, the adversary here is a threat because it is organized and funded and motivated. Some people speak of multiple “groups” consisting of dedicated “crews” with various missions. 5 800.747.8585 | help@cbihome.com
  • 6. Security Trends CHALLENGING THREAT LANDSCAPE MALICIOUS INSIDERS TARGETED ATTACKS INCREASING EVOLVING COMPLEXITY INCREASING FINANCIAL INFRASTRUCTURE AND BRAND RISK DATA GROWTH COMPLIANCE REQUIREMENTS MOBILE VIRTUALIZATION VENDOR COMPLEXITY CLOUD 6 800.747.8585 | help@cbihome.com
  • 7. Recent Events & Evidence A picture of the hacking software shown during the Chinese military program. The large writing at the top says "Select Attack Target." Next, the user choose an IP address to attack from (it belongs to an American university). The drop-down box is a list of Falun Gong websites, while the button on the left says "Attack." 7 800.747.8585 | help@cbihome.com
  • 8. RSA and .gov Contractors 8 800.747.8585 | help@cbihome.com
  • 9. Ever wonder? 9 800.747.8585 | help@cbihome.com
  • 10. RSA wasn’t alone. http://krebsonsecurity.com/ 10 800.747.8585 | help@cbihome.com
  • 11. Smoking gun http://krebsonsecurity.com/ 11 800.747.8585 | help@cbihome.com
  • 12. STUXNET + = 12 800.747.8585 | help@cbihome.com
  • 13. ‘Duqu’ the Son of STUXNET 13 800.747.8585 | help@cbihome.com
  • 14. Attack Cycle Step 4 • Obtain User Credentials • Install Tools • Escalate privs Step 6 Step 2 •Persistence Step 5 • Delivery of •Residency Expoit • Data Theft and • Enter target Exfltration Step 3 • Create Backdoor • Contact Command & Control (C&C) Step 1 servers • Reconnaissance 14 800.747.8585 | help@cbihome.com
  • 15. What does this look like? 1. Target selected from shopping list 2. Passive searching – ‘Google-Fu’ 3. Cyber-stalking via Facebook and Linked In 4. Select individuals for Spear-phishing attack 5. Social Engineer custom mail to targets 6. Payload deploys, begins harvest of credentials 7. ‘Owns’ servers and establishes backdoor, establishes tunnels, typically via Port 443 and 53 8. Take data, encrypt and compress and send it home 9. Dormancy until further orders 15 800.747.8585 | help@cbihome.com
  • 16. Some APT Attack components •Blended weaponized STUXNET clones •Endpoint Compromise •CA Attacks 800.747.8585 | help@cbihome.com
  • 17. 6 recommendations MONITOR! Yes, this means SIM and it also means monitoring your monitor DAILY. If you have challenges in this area consider a MSS solution. MANAGE! access control systems. User management and passwords are not sexy but weak management of this important, basic operational task provides a HUGE attack vector. ENGINEER! your WHOLE network to be secure. The security architecture is not just routers and firewalls. Server, endpoint and application security are as important to a healthy, well-defended enterprise. PATCH! Don’t let the ‘I’ll wait for others to go first….’ mentality lead to inertia. Bad patch management has a direct role in most server and application exploits TEST! your security. Early and often. STOP! The leaks. 17 800.747.8585 | help@cbihome.com
  • 18. Symantec DLP Overview Storage Endpoint Network Symantec™ Data Loss Prevention Symantec™ Symantec™ Network Discover Data Loss Prevention Data Loss Prevention Endpoint Discover Network Monitor Symantec™ Data Loss Prevention Data Insight Symantec™ Symantec™ Symantec™ Data Loss Prevention Data Loss Prevention Data Loss Prevention Endpoint Prevent Network Prevent Network Protect Management Platform Symantec™ Data Loss Prevention Enforce Platform 18 800.747.8585 | help@cbihome.com
  • 19. DLP Progress Model Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 19 800.747.8585 | help@cbihome.com
  • 20. EndPoint Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 20 800.747.8585 | help@cbihome.com
  • 21. Network Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 21 800.747.8585 | help@cbihome.com
  • 22. Storage Progress Baseline Remediation Notification Prevention 1000 Establish Initial Policies 800 Identify Broken Employee and Business Incidents Per Week Business Unit Processes 600 Communication Fix Broken Enable EDM/IDM Business Processes 400 Sender Auto Notification 200 Business Unit Risk Scorecard 0 Risk Reduction Over Time Client Company 22 800.747.8585 | help@cbihome.com
  • 23. Desired State for Data Loss The primary goals of using Symantec’s DLP solution are to: 1. Protect confidential and regulated data from leaking or misuse based on corporate business practices 2. Meet or exceed all government regulatory data protection requirements 3. Protect the Client Company brand and image. 23 800.747.8585 | help@cbihome.com
  • 24. Desired State for Data Loss The DLP solution should perform the following functions: 1. Identify data based on current government regulations and company policies 2. Tuned to minimize false positives 3. Educate Users on proper data handling policies. 4. Notify appropriate parties of data leakage or misuse. 5. Block data leakage or misuse 6. Find sensitive data in file shares and SharePoint 7. Determine who is using data 24 800.747.8585 | help@cbihome.com
  • 25. Examples of Successful DLP Outcomes 1. Internet traffic is monitored and incidents are created when suspected or confidential data leaves via email or other web process. 2. Endpoint activity is monitored and incidents are created when suspected or confidential data is transferred to USB drives. 3. Manual searches on datastores can be performed if needed 4. General process for handling data breach incidents is established 25 800.747.8585 | help@cbihome.com
  • 26. Recommendations 1. Upgrade to Symantec Data Loss Prevention version 11.1 2. Refine Existing Policies and Responses 3. Run Network Discover scans 4. Begin using notifications 5. Deploy Email Network Prevent with Symantec Messaging Gateway 6. Deploy Web Network Prevent with Symantec Web Gateway or other ICAP proxy server. 7. Deploy Data Insight 26 800.747.8585 | help@cbihome.com
  • 27. Global Intelligence Network Identifies more threats, takes action faster & prevents impact Calgary, Alberta Dublin, Ireland Reading, England Tokyo, Japan San Francisco, CA Mountain View, CA Austin, TX Chengdu, China Alexandria, VA Culver City, CA Taipei, Taiwan Chennai, India Pune, India Chennai, India Sydney, Australia Worldwide Coverage Global Scope and Scale 24x7 Event Logging Rapid Detection Attack Activity Malware Intelligence Vulnerabilities Spam/Phishing • 240,000 sensors • 150M client, server, • 35,000+ vulnerabilities • 5M decoy accounts • 200+ countries and gateways monitored • 11,000 vendors • 8B+ email messages/day territories • Global coverage • 80,000 technologies • 1B+ web requests/day Preemptive Security Alerts Information Protection Threat Triggered Actions 800.747.8585 | help@cbihome.com
  • 28. Next Steps Security and Advisory Assessments – In-depth, consultative engagements – Evaluate and improve your overall security program – Address specific concerns (e.g. PCI/ mobile security issues) 28 800.747.8585 | help@cbihome.com
  • 29. THANK YOU jschorr@cbihome.com @JoeSchorr 800.747.8585 | help@cbihome.com