SlideShare ist ein Scribd-Unternehmen logo

Moving target-defense

Zsolt Nemeth
Zsolt Nemeth
TechnologieBusiness
1 von 6
Downloaden Sie, um offline zu lesen
MOVING TARGET DEFENSE Proactive Cyber Defense A New Moving Target Defense Strategy New Perspectives January 14, 2012 A Coronado Group Perspective Moving target defense (MTD) technology Emerging MTD strategy presents two changes the cyber security game by wresting the significant challenges to adoption. First, MTD advantage from the attacker by turning static can’t compromise performance and user systems into dynamic, moving targets. In MTD- productivity. MTD is built on complex enabled environments, attackers have to work processes involving memory address harder to get in, are robbed of time to exploit randomization, network address shuffling, data vulnerabilities, figure out how the systems work complexity, routing remapping and more. All making launching attacks riskier with lower have the potential to require more resources odds of success. just to deliver the same performance. Most customer facing systems don’t have the luxury SCIT-Based Moving Target Defense of adding security that slows down performance for fear that potential users will simply move on Coronado Group is using patented SCIT if they experience slower response times. MTD technology to build state of the art, pro-active approaches that work must be able to maintain and cost-effective MTD cyber defense solutions performance and provide higher levels of that can be implemented now without making protection. changes to your systems or compromising your The second challenge is the need to adding current cyber security investment. complexity just to enhance security. Adding SCIT-MTD takes advantage of multi-core, more complexity to today’s already complex virtualized environments turning them into system environments is anathema for most dynamic moving targets. Using a combination information technology professionals. Injecting of ultra-low persistence times and configurable chaos to the complex, distributed systems virtual machine (VM) rotation times, the attack simply to foil intruders isn’t a viable option for surface of your systems is continuously many organizations because of cost, impact on changed. To the attacker, the system appears service delivery life cycles, and the prospect of static; under the covers, the VMs are being adding new unknown vulnerabilities in the continuously rotated, returning to a pristine process. Enterprise software applications and state a configurable intervals as low as a the emergence of big data sets render the “add minute. complexity” MTD security approach infeasible. SCIT-MTD can be implemented quickly Cloud service and SAAS product providers without making changes to your existing may not have the luxury of adding complexity information systems or security infrastructure. to applications and data they don’t directly SCIT-MTD removes malware without having to control. On demand provisioning of resources know its signature or detect is presence. It can and highly distributed architectures to a wide be implemented now, it’s cost effective, and it range of diverse clients with different needs will dramatically improve your security. require strategies that don’t require direct A New interaction and modification with digital Weapon in Traditional MTD Approaches Don’t Work resources to deliver solid security. the Cyber Coronado Group offers a different approach MTD strategies call for making the attack Security surface of software appear chaotic and for delivery of proactive MTD solutions. and Digital unpredictable to adversaries, forcing them to Asset increase the work effort to exploit vulner- Read further to learn how SCIT-MTD abilities for every desired target and lowering works, what it takes to implement SCIT-MTD, Protection and how to get started. the odds of success. The theory is that by the time an adversary discovers a vulnerability in a service, the service will have changed its attack surface area so that another exploit against that vulnerability will be ineffective. 1 Coronado Group, Ltd.
Self-Cleaning Intrusion Tolerance MOVING TARGET DEFENSE January 14, 2012 How SCIT Works Self Cleaning Intrusion Tolerance (SCIT) is “Hackers have repeatedly penetrated a patented technique for providing ultra-low the computer network of the company intruder persistence time and continuous that runs the Nasdaq Stock Market... rotation of VMs to a pristine state to remove The exchange's trading platform—the malware and rob intruders of the time needed part of the system that executes trades to plan and launch attacks. Coronado Group —wasn't compromised. However, it uses SCIT to create robust, fast, and easy to couldn't be determined which other implement moving target defense solutions that don’t require changes to existing information parts of Nasdaq's computer network systems, applications, or security protocols to were accessed.” deliver a new high level of protection. Wall Street Journal, February 11, 2011 SCIT technology is based on the premise that intrusions are inevitable. Rather than The speed of rotation means that the assuming you can prevent every intrusion and adversary won’t be able to persist in the system keep all the bad guys off your system, the SCIT- and exploit the vulnerability fast enough to MTD approach assumes that someone is going persist in the environment. Forcing the to get in one of these days. When intruders get adversary to make repeated will raise visibility SCIT-MTD in, you need to throw them out as quickly as to traditional detection and monitoring Self-Cleaning possible without waiting to figure out what they capabilities. Intrusion are up to. SCIT-MTD assumes that while If an attacker is able to place malware on a Tolerance- intrusions are inevitable, the bigger problem is server, the malware will be deleted without Moving Target that intruders are in your systems for a very reliance on the signature based detection Defense long time watching how your systems work. process. SCIT-MTD allows systems to continue Once they are in they are learning how your working through an attack, with automatic and A new way to systems operate, where your most valuable rapid recovery to a clean state. level the assets are located, and how to get your data out playing field of your system under your security radar. The Benefits of SCIT-MTD between you Advantage intruder. • Servers are restored to a pristine state based SCIT-MTD is designed to fight this on configurable rotation times as low as every and cyber asymmetric information advantage of your minute; attackers who adversaries. They know about you - you don’t • SCIT-MTD parameters tailored based on the want your know anything about them until it’s too late. security posture of your digital assets - high value data and your SCIT-MTD takes advantage of multi-core assets can have different parameters than low systems. virtualized environments using the system’s value assets; architecture as a weapon in cyber defense. • Malware is deleted without the need to detect SCIT-MTD provides a straight forward it or know it’s signature; approach to security. SCIT-MTD helps change • Attacker visibility is increased by forcing the the cyber war battlefield. attacker to apply multiple attacks in an attempt to gain access to digital assets; How SCIT-MTD Works • Increased security of user dense and SCIT Moving Target Defense continuously application dense cloud environments; changes the attack surface making it difficult to • Near-real time management of digital assets get in and if they get in do not have the time to supporting reconfiguration and application of launch an attack. Using virtualization patches and upgrades without rebooting servers technology, SCIT-MTD rotates pristine virtual supporting mitigation of zero day vulnerabilities; servers and applications at configurable • Elimination or reduction in server failures due intervals as low as every minute, or less. to errors like memory leaks; In a typical implementation, at any given • Better planning of software deployment and time, there are five servers online and three patch management; servers being wiped clean. Eventually every • Applications are harder to corrupt, disable or server will be taken offline, cleaned and remove. restored to its pristine state. 2 Coronado Group, Ltd.
MOVING TARGET DEFENSE January 14, 2012 Hackers who appear to be The National Counter- based in China have intelligence Executive conducted a "coordinated, blamed China and Russia for covert and targeted" stealing sensitive economic campaign of cyber and commercial data espionage against major threatening an estimated Western energy firms $400 Billion in spending on The Wall Street Journal R&D February 11, 2011 The Wall Street Journal November 3, 2011 Make Intruders Work Harder And Wage Cyber War Without Recon Cyber warfare, like conventional warfare, relies on reconnaissance and intelligence. You can’t fight a cyber war SCIT-MTD increases the work effort of the attacker by without knowledge of your enemy and their methods and limiting the time available for launching an attack or exploring tactics. Foiling cyber attacks requires strategies to rob your system capabilities. The present of SCIT-MTD deterrence isn’t adversary of recon and make them work harder. visible to intruders forcing them to try again and again to gain access to your systems. This increases the visibility of an attack By the time most intrusions are discovered, attackers have to conventional cyber security systems. been present in the system for long periods of time going undetected by conventions cyber security infrastructure. A typical attack requires several steps: reconnaissance to Intruders don’t leave a trail so security professionals often have gain access, learn about the system and plan an attack, no idea where they have been or what the have stolen until the introducing malware into the environment and getting it to the damage is done. place where it needs to be to work, and then executing an attack. Intruders who seek to steal data also need to exfiltrate To exploit a system, an adversary must learn a vulnerability the stolen assets. and hope that it is present long enough to exploit. Most attacks exploit more than one vulnerability. Attackers need the ability SCIT-MTD makes each of these steps more difficult, thus to observe the operation of key IT systems over long periods of increasing the attacker’s work load and, in turn, visibility to time. They need the opportunity to map out an inventory of cyber defense systems. This approach provides enhanced assets, vulnerabilities, and potential exploits before they can adversary denial and deception. launch an attack. Attackers can afford to invest significant resources in developing attacks since the attacks can often be In a SCIT-MTD enabled environment malware would need used repeatedly from one system to another. to be changed, loaded, and executed in less than a minute to gain significant access to digital assets. Attackers are robbed of After decades of information system practices focused on the ability to load malware, to upgrade malware, to execute standardization, and replication of servers, standardized programs, and steal data. As processors get faster, faster applications, desktops, browsers, technology built around three swapping will make malware deployment increasingly difficult operating systems and extensive reuse of code and access in this environment. practice we have turned our systems into sitting ducks. Then add the 24/7/365 exposure of mission critical corporate SCIT-MTD supports a variety of deployment strategies that information systems to the internet and you have the optimal enable highly customizable rotation and protection schemes as environment for intrusions and compromise of important well as the capability to create a continuously changing dynamic assets. Moving target defense offers new tools that make your environment that recovers with resilience. enemy wage cyber war without the benefits of recon. Static systems give attackers a substantial advantage. 3 Coronado Group, Ltd.
MOVING TARGET DEFENSE January 14, 2012 “...the speed and agility of adversaries as well as simple polymorphic mechanisms that continuously change the signatures of attacks renders signature-based approaches largely ineffective.” National Cyber Leap Year Summit 2009 Co-Chairs Report September 6, 2009 One Minute Zero Day Vulnerability No Signatures Required ultra-low persistence time removes malware and cuts What do you do when you don’t know what you down the time intruders can exploit the risk. don’t know? Even if there is a vulnerability attackers will need to One of the most vexing problems in cyber defense is try again and again to get into your system. As intrusion the impact of zero day vulnerabilities. A Zero Day attempts go up so does the visibility of the attack in your Vulnerability occurs when an unknown security hole is cyber defense systems. exploited. Once these risks are discovered the goal of cyber security professionals is to understand the security The ability to rapidly deploy new software is a built in hole, build a patch that fixes the problem, deploy the component of SCIT-MTD. New software is added to the patch to customers and users, and make sure system ALL pristine servers that rotate to deliver MTD capabilities the systems where the vulnerability exists are fixed. and it is automatically deployed without system disruption. Security experts try to maintain a quiet period where the holes are only known by a few people in an attempt to SCIT-MTD enabled systems are substantially more keep the security holes from being publicly disclosed. In secure even if there are vulnerabilities present because today’s hyper-connected real time world zero day the timeframe that the attacker has to exploit the vulnerabilities don’t stay quiet for very long. And that’s vulnerability is equal to the time it takes to trigger a new when the trouble begins. server rotation. Organizations can implement faster and more complex rotation schedules while a vulnerability SCIT-MTD enabled systems offer new protection exists adding another layer of security until the from zero day vulnerability intrusions. SCIT-MTD’s vulnerability is patched. 4 Coronado Group, Ltd.
Q&A MOVING TARGET DEFENSE January 14, 2012 On Implementing SCIT-MTD What does it take to implement SCIT-MTD? visibility of serious threats and supporting higher rates of continuous monitoring without having to add more Coronado Group works with you to develop a SCIT- resources to do it. MTD Asset Protection Profile. This defines the assets you want to protect; how frequently you need to rotate your Will SCIT-MTD add new tasks for my security team? VMs to achieve the level of protection you want, what level of forensics you want and how you want the system No. SCIT-MTD is fully automated when it’s to handle your compromised servers - some systems operating. Your team may find the new forensic information valuable and may want to use it to gain operate totally unattended rotating continuously, others rotate to a clean VM based on alerts from your SIEM. insight to what’s going on with their systems and how to Once we have the profile, we install and configure SCIT- make security even tighter. MTD. Your system is protected. What happens during an attack? My systems are already complex. Adding new SCIT-MTD enables your systems to work through complexity at the application and system level isn’t attacks. SCIT continuously replaces the operating feasible. Can I still implement SCIT-MTD? system, device drivers, and applications with a new pristine server. Compromised servers are replaced Yes. SCIT-MTD doesn’t require any changes to IT automatically. SCIT-MTD’s automated clean up and infrastructure or applications other than the addition of a recovery of server assets removes the residue from errors clean VM. SCIT-MTD uses the power of multi-core and cyber attacks automatically without human systems, virtualized environments and fast processors to intervention. rotate the VMs to a pristine state. Will my Cyber Security people be happy? Does SCIT-MTD change the way my systems look to attackers? Yes. When SCIT-MTD is implemented with Forensics, you’ll have near real-time snapshots of No. In fact, an attacker won’t have the advantage of attacker profiles and methods. SCIT-MTD improves knowing you are using SCIT-MTD because the system Incidence Response (IR) providing new tools to will appear static to wanna be intruders. The SCIT-MTD analyzing attacks. SCIT-MTD’s near real-time forensic processes are transparent. Internal IP addresses change. data offers a powerful tool for watching how attacks External ones don’t. evolve. While the attacker is trying to figure out how to What about my existing investment in cyber security get back onto the system, your team will be implementing - IDS/IPS, firewalls, DMZs, and SIEM technology? its defense strategy proactively and gathering intelligence about the intruder’s methods and attempts. The Nothing changes. You can still use those systems. regenerative aspect of SCIT-MTD supports in-attack SCIT-MTD makes these systems more valuable. First, software upgrade and maintenance with no downtime - because intruders have to try again and again to get in it keeping your systems up and your users happy. Machine raises the visibility of attacks. Second, it gets rid of generated reconstitution of compromised servers with hackers by booting them off the system as soon as they high levels of corruption immunity and in-attack software get on. There’s no need to know the attacker’s signature repair and enhancement is another benefit. SCIT-MTD to remove them from your system. SCIT-MTD helps delivers powerful new tools. SCIT-MTD has two other eliminate false positives making your current benefits. It works great for patch management and infrastructure more efficient. Finally, it improves over all automating software upgrades; and it helps control for performance of your security infrastructure by raising the memory leaks. 5 Coronado Group, Ltd.
MOVING TARGET DEFENSE January 14, 2012 How Do I Get Started? Use Our Quick Start Program SCIT-MTD Quick Start Coronado Group can work with you to explore how to deploy SCIT-MTD to protect your digital assets. We’ve Call us for a SCIT-MTD briefing designed our Quick Start program to get you up and and a conversation about running fast so you can see if SCIT-MTD works for you. your security goals. We’ll show you how it works on our fully functioning online store. You can trigger defacement and code Coronado Group will work destruction hacks recover automatically, you can launch with you on approaches to your own attacks on our server. use SCIT-MTD to reach those goals. We’ll develop a comprehensive Asset Protection Pick a test system you want to Profile to help you understand how to use SCIT-MTD for use to give SCIT-MTD a test your systems. Coronado Group will show you how to drive. implement MTD in your environment without having to Learn More change the information architecture of your your systems Work with us to develop an About work. The Asset Protection Profile is yours even if you Asset Protection Profile for Proactive decide SCIT-MTD isn’t for you. We have the tools to help that system so you can learn Cyber you test and evaluate the system so you can focus on which SCIT-MTD options are Security assessing the technology instead of figuring out how to best for you. test it. Implement the Asset Protection Profile Ask about our After the assessment, we’ll bring SCIT-MTD up on a configuration in a five server Cyber Security five server configuration in your environment so you can test environment. Aware Software take it for a test drive for 30 days and see how it works for Development your self. After the Quick Start we’ll work with you to See how it works for you. Seminars deploy SCIT-MTD to protect your digital assets. MOVING TARGET DEFENSE Coronado Group, Ltd. 4938 Hampden Lane #436 Bethesda, Maryland 20814 www.coronadogroup.com About Coronado Group The Coronado Group, Ltd. is a specialized systems integration and professional services firm focused on helping its clients recognize and exploit the value of new and emerging technology to build solutions that work. For more information Coronado Group takes a proactive approach to cyber defense by Contact Us designing and building in security before the programming starts. We provide cyber defense advisory services focused on cyber security, threat analysis and deterrence, agile and resilient cyber strategies, and Please Call or Email emerging computer architectures. Coronado Group has implemented Arleen Zank classified information systems and systems designed to manage privileged and highly sensitive trade secret and digital intellectual property. azank@coronadogroup.com Coronado Group can help you navigate the increasingly interconnected web of legal, regulatory, and statutory requirements to 703.909.7722 help you face the new reputational and economic risks directly related 301.986.1334 ext 109 to how you create, distribute and manage your digital assets. © 2012 Coronado Group, Ltd. All Rights Reserved

Empfohlen

SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 

Empfohlen

SCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsSCIT Labs - intrusion tolerant systems
SCIT Labs - intrusion tolerant systemsZsolt Nemeth
 
Security assessment for financial institutions
Security assessment for financial institutionsSecurity assessment for financial institutions
Security assessment for financial institutionsZsolt Nemeth
 
Hakin9 interview w Prof Sood
Hakin9 interview w Prof SoodHakin9 interview w Prof Sood
Hakin9 interview w Prof SoodZsolt Nemeth
 
Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Trend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGTrend Micro Dec 6 Toronto VMUG
Trend Micro Dec 6 Toronto VMUGtovmug
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance Trend Micro - Virtualization and Security Compliance
Trend Micro - Virtualization and Security Compliance 1CloudRoad.com
 
Trend micro real time threat management press presentation
Trend micro real time threat management press presentationTrend micro real time threat management press presentation
Trend micro real time threat management press presentationAndrew Wong
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
Ijnsa050208
Ijnsa050208Ijnsa050208
Ijnsa050208IJNSA Journal
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
DamballaOverview
DamballaOverviewDamballaOverview
DamballaOverviewDavid C. Petty
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics EMC
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Trend Micro (EMEA) Limited
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloudLakshmi Subramanian
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworksJoe Levy
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...Amazon Web Services
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012Agora Group
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceTrend Micro
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_finalCMR WORLD TECH
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics EMC
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...Dana Gardner
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworksJoe Levy
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 

Was ist angesagt? (20)

Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
AWS Partner Presentation - TrendMicro - Securing your Journey to the Cloud, A...
 
Trend Micro - 13martie2012
Trend Micro - 13martie2012Trend Micro - 13martie2012
Trend Micro - 13martie2012
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Solutions for PCI DSS Compliance
Solutions for PCI DSS ComplianceSolutions for PCI DSS Compliance
Solutions for PCI DSS Compliance
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
Symantec Introduces New Security Solutions to Counter Advanced Persistent Thr...
 
Ijnsa050208
Ijnsa050208Ijnsa050208
Ijnsa050208
 
Darktrace white paper_ics_final
Darktrace white paper_ics_finalDarktrace white paper_ics_final
Darktrace white paper_ics_final
 
DamballaOverview
DamballaOverviewDamballaOverview
DamballaOverview
 
Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics Big data Propels SIEM into the era of Security Analytics
Big data Propels SIEM into the era of Security Analytics
 
BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...BriefingsDirect Transcript--How security leverages virtualization to counter ...
BriefingsDirect Transcript--How security leverages virtualization to counter ...
 
Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?Targeted Attacks: Have you found yours?
Targeted Attacks: Have you found yours?
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014
 
Security of,for & by cloud
Security of,for & by cloudSecurity of,for & by cloud
Security of,for & by cloud
 
SoleraNetworks
SoleraNetworksSoleraNetworks
SoleraNetworks
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 

Ähnlich wie Moving target-defense

Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Acrodex
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threatswhite paper
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS RealityKVH Co. Ltd.
 
SDN architecture for Scalable Resource Management for Big Data Governance in ...
SDN architecture for Scalable Resource Management for Big Data Governance in ...SDN architecture for Scalable Resource Management for Big Data Governance in ...
SDN architecture for Scalable Resource Management for Big Data Governance in ...IRJET Journal
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochiamallblitz0
 
Why Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business WorldWhy Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business WorldCiente
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity TrendsIRJET Journal
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?doan_slideshares
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd Iaetsd
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET Journal
 
V mware sddc-micro-segmentation-white-paper
V mware sddc-micro-segmentation-white-paperV mware sddc-micro-segmentation-white-paper
V mware sddc-micro-segmentation-white-paperEMC
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET Journal
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.IRJET Journal
 
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Editor IJCATR
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)CloudMask inc.
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalJohn Chowdhury
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMwareOpSource
 

Ähnlich wie Moving target-defense (20)

Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
Secure Your Virtualized Environment. Protection from Advanced Persistent Thre...
 
Protecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest ThreatsProtecting Dynamic Datacenters From the Latest Threats
Protecting Dynamic Datacenters From the Latest Threats
 
70 74
70 7470 74
70 74
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
SDN architecture for Scalable Resource Management for Big Data Governance in ...
SDN architecture for Scalable Resource Management for Big Data Governance in ...SDN architecture for Scalable Resource Management for Big Data Governance in ...
SDN architecture for Scalable Resource Management for Big Data Governance in ...
 
Cyber security course in Kerala , Kochi
Cyber security course in Kerala , KochiCyber security course in Kerala , Kochi
Cyber security course in Kerala , Kochi
 
Why Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business WorldWhy Cloud Security Matters in Today's Business World
Why Cloud Security Matters in Today's Business World
 
Latest Cybersecurity Trends
Latest Cybersecurity TrendsLatest Cybersecurity Trends
Latest Cybersecurity Trends
 
Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?Cloud Is Built, Now Who's Managing It?
Cloud Is Built, Now Who's Managing It?
 
Iaetsd cloud computing and security challenges
Iaetsd cloud computing and security challengesIaetsd cloud computing and security challenges
Iaetsd cloud computing and security challenges
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
 
V mware sddc-micro-segmentation-white-paper
V mware sddc-micro-segmentation-white-paperV mware sddc-micro-segmentation-white-paper
V mware sddc-micro-segmentation-white-paper
 
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital ForensicIRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
IRJET- SAAS Attacks Defense Mechanisms and Digital Forensic
 
Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.Literature Review on DDOS Attacks Detection Using SVM algorithm.
Literature Review on DDOS Attacks Detection Using SVM algorithm.
 
PROFILE - NETMONASTERY
PROFILE - NETMONASTERYPROFILE - NETMONASTERY
PROFILE - NETMONASTERY
 
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
Evasion Streamline Intruders Using Graph Based Attacker model Analysis and Co...
 
Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)Advanced persistent threat (apt) & data centric audit and protection (dacp)
Advanced persistent threat (apt) & data centric audit and protection (dacp)
 
433 438
433 438433 438
433 438
 
Security and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 finalSecurity and smart grid what you need to know john chowdhury 2012 final
Security and smart grid what you need to know john chowdhury 2012 final
 
The Cloud according to VMware
The Cloud according to VMwareThe Cloud according to VMware
The Cloud according to VMware
 

Kürzlich hochgeladen

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 

Kürzlich hochgeladen (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 

Moving target-defense

  • 1. MOVING TARGET DEFENSE Proactive Cyber Defense A New Moving Target Defense Strategy New Perspectives January 14, 2012 A Coronado Group Perspective Moving target defense (MTD) technology Emerging MTD strategy presents two changes the cyber security game by wresting the significant challenges to adoption. First, MTD advantage from the attacker by turning static can’t compromise performance and user systems into dynamic, moving targets. In MTD- productivity. MTD is built on complex enabled environments, attackers have to work processes involving memory address harder to get in, are robbed of time to exploit randomization, network address shuffling, data vulnerabilities, figure out how the systems work complexity, routing remapping and more. All making launching attacks riskier with lower have the potential to require more resources odds of success. just to deliver the same performance. Most customer facing systems don’t have the luxury SCIT-Based Moving Target Defense of adding security that slows down performance for fear that potential users will simply move on Coronado Group is using patented SCIT if they experience slower response times. MTD technology to build state of the art, pro-active approaches that work must be able to maintain and cost-effective MTD cyber defense solutions performance and provide higher levels of that can be implemented now without making protection. changes to your systems or compromising your The second challenge is the need to adding current cyber security investment. complexity just to enhance security. Adding SCIT-MTD takes advantage of multi-core, more complexity to today’s already complex virtualized environments turning them into system environments is anathema for most dynamic moving targets. Using a combination information technology professionals. Injecting of ultra-low persistence times and configurable chaos to the complex, distributed systems virtual machine (VM) rotation times, the attack simply to foil intruders isn’t a viable option for surface of your systems is continuously many organizations because of cost, impact on changed. To the attacker, the system appears service delivery life cycles, and the prospect of static; under the covers, the VMs are being adding new unknown vulnerabilities in the continuously rotated, returning to a pristine process. Enterprise software applications and state a configurable intervals as low as a the emergence of big data sets render the “add minute. complexity” MTD security approach infeasible. SCIT-MTD can be implemented quickly Cloud service and SAAS product providers without making changes to your existing may not have the luxury of adding complexity information systems or security infrastructure. to applications and data they don’t directly SCIT-MTD removes malware without having to control. On demand provisioning of resources know its signature or detect is presence. It can and highly distributed architectures to a wide be implemented now, it’s cost effective, and it range of diverse clients with different needs will dramatically improve your security. require strategies that don’t require direct A New interaction and modification with digital Weapon in Traditional MTD Approaches Don’t Work resources to deliver solid security. the Cyber Coronado Group offers a different approach MTD strategies call for making the attack Security surface of software appear chaotic and for delivery of proactive MTD solutions. and Digital unpredictable to adversaries, forcing them to Asset increase the work effort to exploit vulner- Read further to learn how SCIT-MTD abilities for every desired target and lowering works, what it takes to implement SCIT-MTD, Protection and how to get started. the odds of success. The theory is that by the time an adversary discovers a vulnerability in a service, the service will have changed its attack surface area so that another exploit against that vulnerability will be ineffective. 1 Coronado Group, Ltd.
  • 2. Self-Cleaning Intrusion Tolerance MOVING TARGET DEFENSE January 14, 2012 How SCIT Works Self Cleaning Intrusion Tolerance (SCIT) is “Hackers have repeatedly penetrated a patented technique for providing ultra-low the computer network of the company intruder persistence time and continuous that runs the Nasdaq Stock Market... rotation of VMs to a pristine state to remove The exchange's trading platform—the malware and rob intruders of the time needed part of the system that executes trades to plan and launch attacks. Coronado Group —wasn't compromised. However, it uses SCIT to create robust, fast, and easy to couldn't be determined which other implement moving target defense solutions that don’t require changes to existing information parts of Nasdaq's computer network systems, applications, or security protocols to were accessed.” deliver a new high level of protection. Wall Street Journal, February 11, 2011 SCIT technology is based on the premise that intrusions are inevitable. Rather than The speed of rotation means that the assuming you can prevent every intrusion and adversary won’t be able to persist in the system keep all the bad guys off your system, the SCIT- and exploit the vulnerability fast enough to MTD approach assumes that someone is going persist in the environment. Forcing the to get in one of these days. When intruders get adversary to make repeated will raise visibility SCIT-MTD in, you need to throw them out as quickly as to traditional detection and monitoring Self-Cleaning possible without waiting to figure out what they capabilities. Intrusion are up to. SCIT-MTD assumes that while If an attacker is able to place malware on a Tolerance- intrusions are inevitable, the bigger problem is server, the malware will be deleted without Moving Target that intruders are in your systems for a very reliance on the signature based detection Defense long time watching how your systems work. process. SCIT-MTD allows systems to continue Once they are in they are learning how your working through an attack, with automatic and A new way to systems operate, where your most valuable rapid recovery to a clean state. level the assets are located, and how to get your data out playing field of your system under your security radar. The Benefits of SCIT-MTD between you Advantage intruder. • Servers are restored to a pristine state based SCIT-MTD is designed to fight this on configurable rotation times as low as every and cyber asymmetric information advantage of your minute; attackers who adversaries. They know about you - you don’t • SCIT-MTD parameters tailored based on the want your know anything about them until it’s too late. security posture of your digital assets - high value data and your SCIT-MTD takes advantage of multi-core assets can have different parameters than low systems. virtualized environments using the system’s value assets; architecture as a weapon in cyber defense. • Malware is deleted without the need to detect SCIT-MTD provides a straight forward it or know it’s signature; approach to security. SCIT-MTD helps change • Attacker visibility is increased by forcing the the cyber war battlefield. attacker to apply multiple attacks in an attempt to gain access to digital assets; How SCIT-MTD Works • Increased security of user dense and SCIT Moving Target Defense continuously application dense cloud environments; changes the attack surface making it difficult to • Near-real time management of digital assets get in and if they get in do not have the time to supporting reconfiguration and application of launch an attack. Using virtualization patches and upgrades without rebooting servers technology, SCIT-MTD rotates pristine virtual supporting mitigation of zero day vulnerabilities; servers and applications at configurable • Elimination or reduction in server failures due intervals as low as every minute, or less. to errors like memory leaks; In a typical implementation, at any given • Better planning of software deployment and time, there are five servers online and three patch management; servers being wiped clean. Eventually every • Applications are harder to corrupt, disable or server will be taken offline, cleaned and remove. restored to its pristine state. 2 Coronado Group, Ltd.
  • 3. MOVING TARGET DEFENSE January 14, 2012 Hackers who appear to be The National Counter- based in China have intelligence Executive conducted a "coordinated, blamed China and Russia for covert and targeted" stealing sensitive economic campaign of cyber and commercial data espionage against major threatening an estimated Western energy firms $400 Billion in spending on The Wall Street Journal R&D February 11, 2011 The Wall Street Journal November 3, 2011 Make Intruders Work Harder And Wage Cyber War Without Recon Cyber warfare, like conventional warfare, relies on reconnaissance and intelligence. You can’t fight a cyber war SCIT-MTD increases the work effort of the attacker by without knowledge of your enemy and their methods and limiting the time available for launching an attack or exploring tactics. Foiling cyber attacks requires strategies to rob your system capabilities. The present of SCIT-MTD deterrence isn’t adversary of recon and make them work harder. visible to intruders forcing them to try again and again to gain access to your systems. This increases the visibility of an attack By the time most intrusions are discovered, attackers have to conventional cyber security systems. been present in the system for long periods of time going undetected by conventions cyber security infrastructure. A typical attack requires several steps: reconnaissance to Intruders don’t leave a trail so security professionals often have gain access, learn about the system and plan an attack, no idea where they have been or what the have stolen until the introducing malware into the environment and getting it to the damage is done. place where it needs to be to work, and then executing an attack. Intruders who seek to steal data also need to exfiltrate To exploit a system, an adversary must learn a vulnerability the stolen assets. and hope that it is present long enough to exploit. Most attacks exploit more than one vulnerability. Attackers need the ability SCIT-MTD makes each of these steps more difficult, thus to observe the operation of key IT systems over long periods of increasing the attacker’s work load and, in turn, visibility to time. They need the opportunity to map out an inventory of cyber defense systems. This approach provides enhanced assets, vulnerabilities, and potential exploits before they can adversary denial and deception. launch an attack. Attackers can afford to invest significant resources in developing attacks since the attacks can often be In a SCIT-MTD enabled environment malware would need used repeatedly from one system to another. to be changed, loaded, and executed in less than a minute to gain significant access to digital assets. Attackers are robbed of After decades of information system practices focused on the ability to load malware, to upgrade malware, to execute standardization, and replication of servers, standardized programs, and steal data. As processors get faster, faster applications, desktops, browsers, technology built around three swapping will make malware deployment increasingly difficult operating systems and extensive reuse of code and access in this environment. practice we have turned our systems into sitting ducks. Then add the 24/7/365 exposure of mission critical corporate SCIT-MTD supports a variety of deployment strategies that information systems to the internet and you have the optimal enable highly customizable rotation and protection schemes as environment for intrusions and compromise of important well as the capability to create a continuously changing dynamic assets. Moving target defense offers new tools that make your environment that recovers with resilience. enemy wage cyber war without the benefits of recon. Static systems give attackers a substantial advantage. 3 Coronado Group, Ltd.
  • 4. MOVING TARGET DEFENSE January 14, 2012 “...the speed and agility of adversaries as well as simple polymorphic mechanisms that continuously change the signatures of attacks renders signature-based approaches largely ineffective.” National Cyber Leap Year Summit 2009 Co-Chairs Report September 6, 2009 One Minute Zero Day Vulnerability No Signatures Required ultra-low persistence time removes malware and cuts What do you do when you don’t know what you down the time intruders can exploit the risk. don’t know? Even if there is a vulnerability attackers will need to One of the most vexing problems in cyber defense is try again and again to get into your system. As intrusion the impact of zero day vulnerabilities. A Zero Day attempts go up so does the visibility of the attack in your Vulnerability occurs when an unknown security hole is cyber defense systems. exploited. Once these risks are discovered the goal of cyber security professionals is to understand the security The ability to rapidly deploy new software is a built in hole, build a patch that fixes the problem, deploy the component of SCIT-MTD. New software is added to the patch to customers and users, and make sure system ALL pristine servers that rotate to deliver MTD capabilities the systems where the vulnerability exists are fixed. and it is automatically deployed without system disruption. Security experts try to maintain a quiet period where the holes are only known by a few people in an attempt to SCIT-MTD enabled systems are substantially more keep the security holes from being publicly disclosed. In secure even if there are vulnerabilities present because today’s hyper-connected real time world zero day the timeframe that the attacker has to exploit the vulnerabilities don’t stay quiet for very long. And that’s vulnerability is equal to the time it takes to trigger a new when the trouble begins. server rotation. Organizations can implement faster and more complex rotation schedules while a vulnerability SCIT-MTD enabled systems offer new protection exists adding another layer of security until the from zero day vulnerability intrusions. SCIT-MTD’s vulnerability is patched. 4 Coronado Group, Ltd.
  • 5. Q&A MOVING TARGET DEFENSE January 14, 2012 On Implementing SCIT-MTD What does it take to implement SCIT-MTD? visibility of serious threats and supporting higher rates of continuous monitoring without having to add more Coronado Group works with you to develop a SCIT- resources to do it. MTD Asset Protection Profile. This defines the assets you want to protect; how frequently you need to rotate your Will SCIT-MTD add new tasks for my security team? VMs to achieve the level of protection you want, what level of forensics you want and how you want the system No. SCIT-MTD is fully automated when it’s to handle your compromised servers - some systems operating. Your team may find the new forensic information valuable and may want to use it to gain operate totally unattended rotating continuously, others rotate to a clean VM based on alerts from your SIEM. insight to what’s going on with their systems and how to Once we have the profile, we install and configure SCIT- make security even tighter. MTD. Your system is protected. What happens during an attack? My systems are already complex. Adding new SCIT-MTD enables your systems to work through complexity at the application and system level isn’t attacks. SCIT continuously replaces the operating feasible. Can I still implement SCIT-MTD? system, device drivers, and applications with a new pristine server. Compromised servers are replaced Yes. SCIT-MTD doesn’t require any changes to IT automatically. SCIT-MTD’s automated clean up and infrastructure or applications other than the addition of a recovery of server assets removes the residue from errors clean VM. SCIT-MTD uses the power of multi-core and cyber attacks automatically without human systems, virtualized environments and fast processors to intervention. rotate the VMs to a pristine state. Will my Cyber Security people be happy? Does SCIT-MTD change the way my systems look to attackers? Yes. When SCIT-MTD is implemented with Forensics, you’ll have near real-time snapshots of No. In fact, an attacker won’t have the advantage of attacker profiles and methods. SCIT-MTD improves knowing you are using SCIT-MTD because the system Incidence Response (IR) providing new tools to will appear static to wanna be intruders. The SCIT-MTD analyzing attacks. SCIT-MTD’s near real-time forensic processes are transparent. Internal IP addresses change. data offers a powerful tool for watching how attacks External ones don’t. evolve. While the attacker is trying to figure out how to What about my existing investment in cyber security get back onto the system, your team will be implementing - IDS/IPS, firewalls, DMZs, and SIEM technology? its defense strategy proactively and gathering intelligence about the intruder’s methods and attempts. The Nothing changes. You can still use those systems. regenerative aspect of SCIT-MTD supports in-attack SCIT-MTD makes these systems more valuable. First, software upgrade and maintenance with no downtime - because intruders have to try again and again to get in it keeping your systems up and your users happy. Machine raises the visibility of attacks. Second, it gets rid of generated reconstitution of compromised servers with hackers by booting them off the system as soon as they high levels of corruption immunity and in-attack software get on. There’s no need to know the attacker’s signature repair and enhancement is another benefit. SCIT-MTD to remove them from your system. SCIT-MTD helps delivers powerful new tools. SCIT-MTD has two other eliminate false positives making your current benefits. It works great for patch management and infrastructure more efficient. Finally, it improves over all automating software upgrades; and it helps control for performance of your security infrastructure by raising the memory leaks. 5 Coronado Group, Ltd.
  • 6. MOVING TARGET DEFENSE January 14, 2012 How Do I Get Started? Use Our Quick Start Program SCIT-MTD Quick Start Coronado Group can work with you to explore how to deploy SCIT-MTD to protect your digital assets. We’ve Call us for a SCIT-MTD briefing designed our Quick Start program to get you up and and a conversation about running fast so you can see if SCIT-MTD works for you. your security goals. We’ll show you how it works on our fully functioning online store. You can trigger defacement and code Coronado Group will work destruction hacks recover automatically, you can launch with you on approaches to your own attacks on our server. use SCIT-MTD to reach those goals. We’ll develop a comprehensive Asset Protection Pick a test system you want to Profile to help you understand how to use SCIT-MTD for use to give SCIT-MTD a test your systems. Coronado Group will show you how to drive. implement MTD in your environment without having to Learn More change the information architecture of your your systems Work with us to develop an About work. The Asset Protection Profile is yours even if you Asset Protection Profile for Proactive decide SCIT-MTD isn’t for you. We have the tools to help that system so you can learn Cyber you test and evaluate the system so you can focus on which SCIT-MTD options are Security assessing the technology instead of figuring out how to best for you. test it. Implement the Asset Protection Profile Ask about our After the assessment, we’ll bring SCIT-MTD up on a configuration in a five server Cyber Security five server configuration in your environment so you can test environment. Aware Software take it for a test drive for 30 days and see how it works for Development your self. After the Quick Start we’ll work with you to See how it works for you. Seminars deploy SCIT-MTD to protect your digital assets. MOVING TARGET DEFENSE Coronado Group, Ltd. 4938 Hampden Lane #436 Bethesda, Maryland 20814 www.coronadogroup.com About Coronado Group The Coronado Group, Ltd. is a specialized systems integration and professional services firm focused on helping its clients recognize and exploit the value of new and emerging technology to build solutions that work. For more information Coronado Group takes a proactive approach to cyber defense by Contact Us designing and building in security before the programming starts. We provide cyber defense advisory services focused on cyber security, threat analysis and deterrence, agile and resilient cyber strategies, and Please Call or Email emerging computer architectures. Coronado Group has implemented Arleen Zank classified information systems and systems designed to manage privileged and highly sensitive trade secret and digital intellectual property. azank@coronadogroup.com Coronado Group can help you navigate the increasingly interconnected web of legal, regulatory, and statutory requirements to 703.909.7722 help you face the new reputational and economic risks directly related 301.986.1334 ext 109 to how you create, distribute and manage your digital assets. © 2012 Coronado Group, Ltd. All Rights Reserved