Suche senden
Hochladen
[CLASS 2014] Palestra Técnica - Alexandre Euclides
•
1 gefällt mir
•
620 views
TI Safe
Folgen
Título da Palestra: Tensão construtiva: O relacionamento Fornecedor / Pesquisador
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 20
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
CA Technologies
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
Security architecture proposal template
Security architecture proposal template
Moti Sagey מוטי שגיא
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Digital Bond
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012
henkpieper
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Digital Bond
Honeywell Vindicator® Corporate Brochure
Honeywell Vindicator® Corporate Brochure
dp3b58
SmartTV Security
SmartTV Security
Ulisses Albuquerque
Empfohlen
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
Protect Against Security Breaches by Securing Endpoints with Multi-Factor Aut...
CA Technologies
Unidirectional Security, Andrew Ginter of Waterfall Security
Unidirectional Security, Andrew Ginter of Waterfall Security
Digital Bond
Security architecture proposal template
Security architecture proposal template
Moti Sagey מוטי שגיא
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Digital Bond
Waterfall Security Solutions Overview Q1 2012
Waterfall Security Solutions Overview Q1 2012
henkpieper
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Digital Bond
Honeywell Vindicator® Corporate Brochure
Honeywell Vindicator® Corporate Brochure
dp3b58
SmartTV Security
SmartTV Security
Ulisses Albuquerque
Better Do What They Told Ya
Better Do What They Told Ya
urma
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
Dell EMC World
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Digital Bond
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE Outline
Examcollection
Security and Communication Systems Integration
Security and Communication Systems Integration
Chris Cavallo
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
Dell EMC World
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
AdaCore
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
AdaCore
Big Bear Package Details
Big Bear Package Details
Charles_Scholz
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
Denim Group
Why Check Point - Top 4
Why Check Point - Top 4
Moti Sagey מוטי שגיא
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
GE코리아
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
Moti Sagey מוטי שגיא
Making Network Security Relevant
Making Network Security Relevant
HP Enterprise Italia
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
NGFW RFP TEMPLATE - TEST PLAN
NGFW RFP TEMPLATE - TEST PLAN
Moti Sagey מוטי שגיא
Safety Instrumentation
Safety Instrumentation
Living Online
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
rfragola
[CLASS 2014] Palestra Técnica - Marcelo Branquinho e Jan Seidl
[CLASS 2014] Palestra Técnica - Marcelo Branquinho e Jan Seidl
TI Safe
Palestra de Marcelo Branquinho no Congresso Rio Automação
Palestra de Marcelo Branquinho no Congresso Rio Automação
TI Safe
Weitere ähnliche Inhalte
Was ist angesagt?
Better Do What They Told Ya
Better Do What They Told Ya
urma
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
Dell EMC World
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Digital Bond
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE Outline
Examcollection
Security and Communication Systems Integration
Security and Communication Systems Integration
Chris Cavallo
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
Dell EMC World
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Denim Group
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
AdaCore
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
AdaCore
Big Bear Package Details
Big Bear Package Details
Charles_Scholz
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
Denim Group
Why Check Point - Top 4
Why Check Point - Top 4
Moti Sagey מוטי שגיא
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
GE코리아
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
Moti Sagey מוטי שגיא
Making Network Security Relevant
Making Network Security Relevant
HP Enterprise Italia
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
NGFW RFP TEMPLATE - TEST PLAN
NGFW RFP TEMPLATE - TEST PLAN
Moti Sagey מוטי שגיא
Safety Instrumentation
Safety Instrumentation
Living Online
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
rfragola
Was ist angesagt?
(20)
Better Do What They Told Ya
Better Do What They Told Ya
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
CompTIA CAS-002 VCE Outline
CompTIA CAS-002 VCE Outline
Security and Communication Systems Integration
Security and Communication Systems Integration
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
Top Strategies to Capture Security Intelligence for Applications
Top Strategies to Capture Security Intelligence for Applications
Securing the Future of Safety and Security of Embedded Software
Securing the Future of Safety and Security of Embedded Software
Spark / Ada for Safe and Secure Firmware Development
Spark / Ada for Safe and Secure Firmware Development
Big Bear Package Details
Big Bear Package Details
Vulnerability Management In An Application Security World: AppSecDC
Vulnerability Management In An Application Security World: AppSecDC
Why Check Point - Top 4
Why Check Point - Top 4
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
Making Network Security Relevant
Making Network Security Relevant
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
NGFW RFP TEMPLATE - TEST PLAN
NGFW RFP TEMPLATE - TEST PLAN
Safety Instrumentation
Safety Instrumentation
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
Andere mochten auch
[CLASS 2014] Palestra Técnica - Marcelo Branquinho e Jan Seidl
[CLASS 2014] Palestra Técnica - Marcelo Branquinho e Jan Seidl
TI Safe
Palestra de Marcelo Branquinho no Congresso Rio Automação
Palestra de Marcelo Branquinho no Congresso Rio Automação
TI Safe
Apresentação Técnica - Estratégias de Segurança para Redes Industriais e SCADA
Apresentação Técnica - Estratégias de Segurança para Redes Industriais e SCADA
TI Safe
Apresentação Técnica - Evento ISA Campinas
Apresentação Técnica - Evento ISA Campinas
TI Safe
Digital Forensics: The next 10 years
Digital Forensics: The next 10 years
Al Imran, CISA
11U bio ani 04
11U bio ani 04
mrglosterscience
Let's cleanup your website
Let's cleanup your website
Jane Sheeba
Тайская кухня - рецепты и интересная информация
Тайская кухня - рецепты и интересная информация
Bonduelle
Aweber vs get response
Aweber vs get response
Jane Sheeba
Lecture
Lecture
Franklin Go
Как приготовить суши
Как приготовить суши
Bonduelle
11u bio 07
11u bio 07
mrglosterscience
Lola by Anna Premiere
Lola by Anna Premiere
lolabyanna
Family Floater Health Guard Policy Wordings
Family Floater Health Guard Policy Wordings
Berkshire Insurance
Andere mochten auch
(14)
[CLASS 2014] Palestra Técnica - Marcelo Branquinho e Jan Seidl
[CLASS 2014] Palestra Técnica - Marcelo Branquinho e Jan Seidl
Palestra de Marcelo Branquinho no Congresso Rio Automação
Palestra de Marcelo Branquinho no Congresso Rio Automação
Apresentação Técnica - Estratégias de Segurança para Redes Industriais e SCADA
Apresentação Técnica - Estratégias de Segurança para Redes Industriais e SCADA
Apresentação Técnica - Evento ISA Campinas
Apresentação Técnica - Evento ISA Campinas
Digital Forensics: The next 10 years
Digital Forensics: The next 10 years
11U bio ani 04
11U bio ani 04
Let's cleanup your website
Let's cleanup your website
Тайская кухня - рецепты и интересная информация
Тайская кухня - рецепты и интересная информация
Aweber vs get response
Aweber vs get response
Lecture
Lecture
Как приготовить суши
Как приготовить суши
11u bio 07
11u bio 07
Lola by Anna Premiere
Lola by Anna Premiere
Family Floater Health Guard Policy Wordings
Family Floater Health Guard Policy Wordings
Ähnlich wie [CLASS 2014] Palestra Técnica - Alexandre Euclides
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
Scalar Decisions
[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr
TI Safe
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
Denim Group
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
TI Safe
Industry 4.0 and security
Industry 4.0 and security
Denis Jakuzza
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
IBM
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Scalar Decisions
Gettozero stealth industrial
Gettozero stealth industrial
Sherid444
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
360mnbsu
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Digital Bond
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
Scalar Decisions
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Decisions
Info sec for startups
Info sec for startups
Kesava Reddy
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
Mail.ru Group
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN Testing
Robert Grupe, CSSLP CISSP PE PMP
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
iMIS
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
iMIS
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Tripwire
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
SAP Ariba
Ähnlich wie [CLASS 2014] Palestra Técnica - Alexandre Euclides
(20)
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
[CLASS 2014] Palestra Técnica - Oliver Narr
[CLASS 2014] Palestra Técnica - Oliver Narr
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
CLASS 2016 - Palestra Vitor Eduardo Lace Maganha
Industry 4.0 and security
Industry 4.0 and security
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
Gettozero stealth industrial
Gettozero stealth industrial
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Info sec for startups
Info sec for startups
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN Testing
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Securing Your Digital Transformation: Cybersecurity and You
Securing Your Digital Transformation: Cybersecurity and You
Mehr von TI Safe
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
TI Safe
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
TI Safe
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
TI Safe
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
TI Safe
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
TI Safe
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
TI Safe
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
TI Safe
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
TI Safe
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
TI Safe
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
TI Safe
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
TI Safe
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
TI Safe
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
TI Safe
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
TI Safe
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
TI Safe
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
TI Safe
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
TI Safe
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
TI Safe
Retrospectiva
Retrospectiva
TI Safe
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
TI Safe
Mehr von TI Safe
(20)
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Luiz Fernando Roth e Matheus Tourinho - Ataques Cibernéticos a A...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Júlio Omori (COPEL) e Tânia Marques (consultora independente) - ...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Rodrigo Riella (Lactec) e Claudio Hermeling (TI Safe) - A impor...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Thiago Branquinho (TI Safe) - Como implementar e certificar um S...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Sergio Sevileanu (Siemens) e Felipe Coelho (Claroty) - Habilitan...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Eduardo Valério (Ternium) - Uma década de cibersegurança em OT, ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Abilio Franco e Bryan Rivera (Thales) - Privacidade de dados e c...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Roberto Engler Jr. (IBM) - Gestão e monitoramento de alto nível ...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
CLASS 2022 - Maiko Oliveira (Microsoft) - Convergência TO E TI, proteção tota...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
Vitor Sena e Daniel Quintão (Gerdau) - Projeto, implantação, gestão e monitor...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Marty Edwards (Tenable) - O perigo crescente de ransomware crimi...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Júlio Cezar de Oliveira (Hitachi Energy) - Cibersegurança na era...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Denis Sousa, Abner Bueno e Eduardo Pontes (Norte Energia) - Anál...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Nycholas Szucko (Nozomi Networks) - Antifragilidade Cibernética ...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Gustavo Merighi (Energisa) e Alessandro Moretti (Thales) - O Des...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
CLASS 2022 - Marcelo Branquinho (TI Safe) - Ameaças Modernas e Ataques às red...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Webinar cci por que nao se deve contratar so cs de ti hibridos para proteg...
Retrospectiva
Retrospectiva
Pacote TI Safe ONS Ready v1
Pacote TI Safe ONS Ready v1
Kürzlich hochgeladen
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
AndikSusilo4
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Kürzlich hochgeladen
(20)
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
[CLASS 2014] Palestra Técnica - Alexandre Euclides
1.
© Siemens Industry,
Inc. 2014 All rights reserved. Answers for industry. Constructive Tension: The Vendor/Researcher Relationship CLASS 2014 - 1st SCADA Security Conference LATAM
2.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 2 2014-Nov-05 H. Brian/ I DF RD SEC • Introduction • Background of Siemens Industrial Security • Goals of ICS Vulnerability Disclosure • Siemens Disclosure Policy • Other Vendors Disclosure Policies • Researchers Disclosure Policies • Areas of Agreement • Ideas for Improved Cooperation • Conclusions • Q&A Agenda
3.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 3 2014-Nov-05 H. Brian/ I DF RD SEC Personal Introduction Who Am I? Harry Brian Siemens Industry Digital Factory, R&D Responsible for Product and Solutions Security, North America PLC, HMI, Drives Previously: Product and Project Management, System Test Founder and general partner of Paragon Control Systems B.S. Computer Science - North Carolina State University Several SANS certifications
4.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 4 2014-Nov-05 H. Brian/ I DF RD SEC Product Security Responsibilities Digital Factory PLC Drives HMI Networking SCADA
5.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 5 2014-Nov-05 H. Brian/ I DF RD SEC Johnson City, TN USA Product Development S7-200 WinAC PLCSim S7-1200
6.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 6 2014-Nov-05 H. Brian/ I DF RD SEC Industry Security Network Product and Solution Security Office Security System Architecture Research & Development CS Value Services System Test Customer Support Consulting, System functions Interface to Office-IT Security Lab International Hubs Process Improvement Secure PC / HMI Hardware Integrity Security Requirements Security Marketing & Comm Standards, Regulations, internal Assessment Central Office – HQ Nuremburg Security Experts from all organizations Full-time and Part-time Security Product and Process Experts Close to customer Requirements
7.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 7 2014-Nov-05 H. Brian/ I DF RD SEC Singapore Brazil Russia China France India North America UK HQ Siemens Regional Security Hubs Monitor the Regional Security Environment Respond to reports of SIMATIC Security Incidents Interface to External Security Researchers Interface to Regional CERT Coordinate / Resolve customer questions R&D Engineering Support Train RD staff in Product Security Awareness Security Lab Activities Duplication, Resolution of Vulnerabilities
8.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 8 2014-Nov-05 H. Brian/ I DF RD SEC The Problem • Public disclosure of security information inspires vendors to be truthful about flaws, repair vulnerabilities and build more secure products. • Disclosure and peer review advances the state of the art in security. • Researchers can figure out where new technologies need to be developed • Information can help policymakers understand where problems tend to occur. One of the most contentious debates in the ICS security field involves the publication of security vulnerabilities. • Vulnerability information can give attackers the information they need to exploit a security hole in a system and cause harm. • Release of proof-of-concept code allows “script-kiddies” launch attacks without knowledge of consequences. • End-users and Owner/Operators in many cases cannot shut down operations to apply patches, so would be vulnerable to attack. • ICS vendor design and test cycle is lengthy.
9.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 9 2014-Nov-05 H. Brian/ I DF RD SEC ICS Owner/Operator “Window of Exposure” Discovery Exploit Disclosure Window of Exposure Patch Available Window of Exposure (Organization) Patch Applied Source: https://www.honeywellprocess.com/library/news-and-events/presentations/HUGAP-IndustrialCyberSecurity.pdf
10.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 10 2014-Nov-05 H. Brian/ I DF RD SEC Siemens Disclosure Policy Siemens discloses product security vulnerabilities that have been adequately fixed within our products and solutions through security advisories containing detailed information about the issues. Report Analysis Handling Disclosure
11.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 11 2014-Nov-05 H. Brian/ I DF RD SEC Siemens Security Advisories August 14th, 2014 Update for Simatic S7-1500 Siemens provides firmware version Simatic S7-1500 V1.6 which fixes one vulnerability. The update is recommended to all users. We thank Arnaud Ebalard from Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) for his information. --------------------------------------------------------------------------- July 23rd, 2014 Update for Simatic WinCC Siemens provides product release Simatic WinCC V7.3 which fixes several vulnerabilities. We thank Sergey Gordeychik, Alexander Tlyapov, Dmitry Nagibin, and Gleb Gritsai from Positive Technologies for their information
12.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 12 2014-Nov-05 H. Brian/ I DF RD SEC • “With public disclosure, you widen the circle of critical and innovative eyes, and a third party might be able to mitigate where the vendor cannot” • “The industrial sector should realize that security researchers are not against vendors.” • “Security researchers are donating significant time and expertise that would otherwise cost vendors thousands of dollars.” • “Good disclosure programs have: Respect, Optional Anonymity, Legal Impunity, Security, Responsiveness, and Openness.” • “ICS vendors should work with independent security researchers to promote responsible disclosure.” Thoughts from Researchers
13.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 13 2014-Nov-05 H. Brian/ I DF RD SEC Uncoordinated Disclosure Potential for Problems
14.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 14 2014-Nov-05 H. Brian/ I DF RD SEC Who is ICS CERT? Part of the Department of Homeland Security Respond to and analyze control systems related incidents Conduct vulnerability and malware analysis Provide situational awareness in the form of actionable intelligence Coordinate the responsible disclosure of vulnerabilities/mitigations Share and coordinate vulnerability information and threat analysis through informational products and alerts http://www.us-cert.gov/control_systems/ics-cert/ ICS CERT - Industrial Control Systems Cyber Emergency Response Team ICS-CERT Advisories Advisories provide timely information about current security issues, vulnerabilities, and exploits. Advisories by Vendor •ICSA-14-269-01 : Bash Command Injection Vulnerability •ICSA-14-261-01 : Advantech WebAccess Vulnerabilities •ICSA-14-260-01 : Yokogawa CENTUM and Exaopc Vulnerability •ICSA-14-259-01 : Schneider Electric SCADA Expert ClearSCADA Vulnerabilities •ICSA-14-254-01 : Schneider Electric VAMPSET Buffer Overflow •ICSA-14-224-01 : Ecava Integraxor SCADA Server Vulnerabilities •ICSA-14-247-01 : Sensys Networks Traffic Sensor Vulnerabilities •ICSA-14-238-01 : CG Automation Improper Input Validation •ICSA-14-238-02 : Schneider Electric Wonderware Vulnerabilities •ICSA-14-198-03C : Siemens OpenSSL Vulnerabilities (Update C) •ICSA-14-226-01 : Siemens SIMATIC S7-1500 CPU Denial of Service •ICSA-14-196-01 : SubSTATION Server Telegyr 8979 Master Vulnerabilities
15.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 15 2014-Nov-05 H. Brian/ I DF RD SEC ICS-CERT Responsible Disclosure 1. ICS-CERT will attempt to coordinate all reported vulnerabilities with the affected vendor. a. Type and schedule of disclosure will be determined based on the factors involved. 2. The name and contact information of the reporter will be forwarded to the affected vendors unless otherwise requested by the reporter. a. ICS-CERT will advise the reporter of significant changes in the status of any vulnerability reported to the extent possible without revealing information provided in confidence by the vendor. b. Affected vendors will be apprised of any publication plans, and alternate publication schedules will be negotiated with affected vendors as required. 3. UPDATE! In cases where a vendor is unresponsive, or will not establish a reasonable timeframe for remediation, ICS-CERT may disclose vulnerabilities 45 days after the initial contact is made, regardless of the existence or availability of patches or workarounds from affected vendors. 4. Goal: Balance the need of the control system community to be informed of security vulnerabilities with the vendors' need for time to respond effectively. a. The final determination of the type and schedule of publication will be based on the best interests of the community overall.
16.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 16 2014-Nov-05 H. Brian/ I DF RD SEC ICS-CERT Sample Advisory Contents Advisory (ICSA-14-205-02) Siemens SIMATIC WinCC Vulnerabilities Original release date: July 24, 2014 • OVERVIEW • AFFECTED PRODUCTS • IMPACT • BACKGROUND • VULNERABILITY DETAILS • EXPLOITABILITY • EXISTENCE OF EXPLOIT • DIFFICULTY • MITIGATION
17.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 17 2014-Nov-05 H. Brian/ I DF RD SEC Coordinated vs UnCoordinated Disclosure
18.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 18 2014-Nov-05 H. Brian/ I DF RD SEC ICS-CERT Security Incident Occurs Siemens CERT Incident Response Flow Chart - How are patches, CERT Alerts, TAs, and Customer Facing Information Created? Hotline Incidents are generally reported to one of these organizations Initial Review and Classification as Security Incident Siemens CERT, System Test, RD, CS 1, Regional Security Hub are typically involved in this step Form Response Team Develop Transparent Explanation of Problem Propose Solutions to AS Management Coordinate Approved Solutions Response team formed based upon technical nature of event. Typically includes Head of Security Hub, Region Security Hub Lead, Siemens CERT, RD Manager, System Test Manager, Hotline, HQ Media Relations, and other technical experts as required A A RQ’s Generated Bug Fixes System Test - Siemens - CERT - Researcher Patch Available The Transparent Explanation of the Problem is the source for several other important deliverables ICS-CERT Advised ICS-CERT Alert (Private Portal) TA Issued ICS-CERT Alert (Public Portal) R&D Siemens CERT S&S Web Posting Holding Statement S&S Web Posting (update) HQ AS Mkt / PM / MR Create Region Media Message - Issue Statements -- Respond to Press -- Twitter Create Region Mkt. Message - Customer Letters -- Presentations -- Customer Spokespersons Region MR Region Mkt.
19.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 19 2014-Nov-05 H. Brian/ I DF RD SEC Personal Introduction Thank You! – Muito Obrigado! Questions?
20.
© Siemens Industry,
Inc. 2014 All rights reserved. Page 20 2014-Nov-05 H. Brian/ I DF RD SEC Harry Brian Product and Solution Security Siemens Industry, Inc One Internet Plaza Johnson City, TN 37604 Phone: +1 (423) 262-2292 E-mail: harry.brian@siemens.com Contact page Answers for industry.
Jetzt herunterladen