Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1 Rohan Kotian | Author, NSA IAM,

Published byRylee Bludworth Modified over 9 years ago

Similar presentations

Presentation on theme: "©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1 Rohan Kotian | Author, NSA IAM,"— Presentation transcript:

1 ©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1 Rohan Kotian | Author, NSA IAM, CEH Product Line Manager | Next Generation Security Platforms rohanrkotian@hp.com Next Generation Cyber Threats Shining the Light on the Industries' Best Kept Secret “Achieving victory in Cyber Security is not going to be won at the traditional point product” -JP

2 2 Footer Goes Here 2 –Next Generation Cyber Threats –Advanced Persistent Threats –Question and Answer Agenda

3 3 Footer Goes Here Next Generation Cyber Threats "The wonderful thing about the Internet is that you're connected to everyone else. The terrible thing about the Internet is that you're connected to everyone else." Vint Cerf (Vice President and Chief Internet Evangelist Google)

4 4 Footer Goes Here 4 Risks are Real & More Visible Sophisticated worm attacks Iran’s Siemen’s SCADA & MS Windows industry control systems Stuxnet Worm The website of U.S Postal Service serving up malware Blackhole Exploit Injected into USPS Website 77 million accounts at risk of data theft Sony PlayStation Network Down Applications and information are the business The servers of RSA have been breached and sensitive information from more than 40 million employees may have been compromised. RSA Hit By Advanced Persistent Threat Confirmed that its computer network had been broken into NASDAQ Stock Market

5 5 Footer Goes Here 5 If it Isn’t Secure, it is for Sale

6 6 Footer Goes Here 6 If it Isn’t Secure, it is for Sale

7 7 Footer Goes Here 7 Understanding data breaches Significant spike in 2011 for the number of data breaches Breaches are evolving from stolen laptops to more sophisticated techniques *Data pulled from DataLossDB.com looking at incidents over time

8 8 Footer Goes Here 8 Vulnerabilities Decreasing Vulnerabilities in commercial applications down 20 percent from 2010 Spike in 2006, for most part steady decline But is not a good indicator or risk *Vulnerabilities measured by OSVDB, 2000 - 2011

9 9 Footer Goes Here 9 Vulnerability Severity Increasing Mid level Severity (CVSS 5-7) Low level Severity (CVSS 1-4) High level Severity (CVSS 8-10) HS Vulnerabilities can cause remote code execution Percentage of HS vulnerabilities has increased by 17 percent in 5 years *Data pulled from OSVDB, 2000 - 2011

10 10 Footer Goes Here 10 Web applications – the “new” frontier 4 of the 6 most popular OSVDB vulnerabilities are exploitable via the Web Web application vulnerabilities (categorically) account for 36 percent of all vulnerabilities Further complicated by customization and add-ons – increased vulnerabilities *Data pulled from OSVDB, 2000 - 2011

11 11 Footer Goes Here 11 The number and costs of breaches continue to rise Web Applications Remain a Leading Issue –80% of successful attacks target the application layer (Gartner) –86% of applications are in trouble Web App Security Consortium studied security tests across 12,186 applications 13% of applications could be compromised completely automatically 86% had vulnerabilities of medium or higher severity found by completely automated scanning X ~ ~ Total average cost of a data breach per compromised record* $202 Average # of compromised records per breach^ 30,000 Average Total Cost per breach* $6.65 M * Ponemon Institute, 2008 Annual Study: $U.S. Cost of a Data Breach ^Source: The Open Security Foundation

12 The Cost of a Compromised Web Application/Server Sony Play Station Network (PSN) Breach LulzSec claimed it only took a single SQL Injection What was compromised: – Usernames – Passwords – Credit card details – Security answers – Purchase history – Address information Estimated Damages – $177 Million (USD) Sony’s official earning forecast and we quote:

13 13 Footer Goes Here 13 –Your Adversaries Count On Your Subscription and Resistance Toward Change –Traditional security is a suckers bet as well! ACLs AV / AS FW SMTP / Web Gateways HIPS Encryption IDS / IDS Logging / SIEM / SEM THEY COUNT ON YOUR ORGANIZATION BEING COMPLIANT AND THEY DON’T CARE!!!! Complacency Is a Suckers Bet

14 14 Footer Goes Here 14 –You have to think beyond tradition –Abandon those ideas which may be promoted by analysts and / or cleverly crafted reports –You must get outside the norms –Embrace ulterior technology and philosophy –Cannot fight a symmetrically wwhen the war requires asymmetric approaches be embraced, employed and acted out n Traditional Security Is a Suckers Bet

15 15 Footer Goes Here None (Normal End-User) Classifying the Cyber Actor (The technical threat telemetry is endless) Fame Destruction Motivation Expertise Result Moral Agenda Money Notoriety Theft Espionage Corporate/Government Fun Unwitting Compromise of an Asset/Policy and/or Intellectual Property Novice (Script Kiddie) Intermediate (Hacker for Hire) Expert (Foreign Intel Service, Terrorist Organization and/or Organized Crime) Intentional Act Non-Intentional Act Attack Vector IM,IRC,P2P Open Ports Web Browsers Email and Attachments Vulnerable Operating System + +=

16 16 Footer Goes Here 16 –Non-traditional intelligence acquisition and digestion –Aggressive, pro-active forensic analytic analysis –Baseline establishment and monitoring –Cyber Reputation Management ® techniques –Advanced & aggressive adoption and deployment of new, innovative, purpose built solutions Embracing Asymmetry

17 17 Footer Goes Here 17 –What’s in a name and MS Tuesday –Hacking as a Service –Botnetting as a Service –Spamming as a Service –DDoSing as a Service –Opportunistic Targets (Retail -> Critical Infrastructure) Next Generation Cyber Threats (Here Today, Gone Tomorrow)

18 18 Footer Goes Here 18 –People Underestimate threat  introduce risk Lack InfoSec knowledge and experience Often not empowered by stake holders due to lack of alignment with business –Process What Gets Measured Is Supposed To Get Results − Horrible IT metrics at best Focus on compliance vs. security –Technology Deep holes in network visibility that must be addressed Threats Have Advanced

19 19 Footer Goes Here 19 Focus on Compliance Versus Security Compliance Security

20 20 Footer Goes Here 20 Network Visibility and Situational Awareness (Gaps Are Critical) Firewalls Intrusion Detection/Prevention Content Monitoring Anomaly Detection End-Point Protection SIEM Defense in Depth Expecting different results using the same technology Massive Gaps Without insight/visibility…what you don’t know will hurt you.

21 21 Footer Goes Here Advanced Persistent Threat’s

22 22 Footer Goes Here 22 –Slow, silent and deadly –What’s in not having a name: Encryption, Beacon’s, Custom, Blended… –Recent Examples Advanced Persistent Threat (Selective, Sophisticated and Silent)

23 23 Footer Goes Here 23 Historic Overview: Solar Sunrise Eligible Receiver Moonlight Maze Titan Rain Byzantine Foothold US Power Grid Operation Shockwave The Classics The Subversives Aurora Exxon The Subversives 1997199819992004200720092010 Ghostnet Stuxnet 2011 “The cyber criminal sector in particular has displayed remarkable technical innovation with an agility presently exceeding the response capability of network defenders. Criminals are developing new, difficult-to-counter tools.“ "Criminals are collaborating globally and exchanging tools and expertise to circumvent defensive efforts, which makes it increasingly difficult for network defenders and law enforcement to detect and disrupt malicious activities."

24 24 Footer Goes Here 24 Advanced Persistent Threat Lifecycle

25 25 Footer Goes Here Lifecycle Similarities & Differences ThreatAPTBotnet Initial EntryRecon & social engineering perhaps via e-mail (phishing, link, or attachment) Spam, phishing, malicious links (all perhaps leveraging social engineering) IntrusionVulnerability, obfuscation, exploitationVulnerability, obfuscation, exploitation, InfectionMalware – custom, off the shelf, DIY RepeatLateral movement, data extrusion, persistence Zombie used to send more spam or drive by web application attacks

26 26 Footer Goes Here 26 –What Happened Verified in 103 countries ▫ Over 1,295 infected hosts identified ▫ Impacts + / - a dozen computers on a weekly basis Commonly Used Tools (Not Too Sophisticated): ▫ Remote access tool called gh0st RAT (Remote Access Tool) ▫ Data harvest ▫ Email siphoning ▫ Listening / Recording of Conversations via microphone and / or webcams Public APT Activity (Ghost Net) aka Byzantine Foothold

27 27 Footer Goes Here 27 Known Current Solutions Not Good Enough Regulatory Compliance != Security Advanced Persistent Threat Will Become Pervasive What are you doing to tackle the problem? Key Point’s

28 28 Footer Goes Here Outcomes that matter.

Download ppt "©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1 Rohan Kotian | Author, NSA IAM,"

Similar presentations

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.

Symantec 2004 Pulse of IT Security in Canada Volume II Survey shows Increases in Concern and Spending for IT Security Andrew Bisson Director, Planning.
2012 Taking Complexity out of Information Security …allowing you to focus on your business.

2012 Taking Complexity out of Information Security …allowing you to focus on your business.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?

Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
Nathan Labadie Systems Engineer, US-Central FireEye

Nathan Labadie Systems Engineer, US-Central FireEye
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Mobile Application Security.

© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Mobile Application Security.
©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey

©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey
ACT User Meeting June 2011. Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.

ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
© Blue Coat Systems, Inc. 2011. All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.

© Blue Coat Systems, Inc All Rights Reserved. APTs Are Not a New Type of Malware 1 Source: BC Labs Report: Advanced Persistent Threats.
Mechelen - 06/02/2014 Telenet Security Day CYBER scrapings putting our 2 cents in.. Christian Van Heurck CERT.be coordinator CERT.be team.

Mechelen - 06/02/2014 Telenet Security Day CYBER scrapings putting our 2 cents in.. Christian Van Heurck CERT.be coordinator CERT.be team.
Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.

Challenges In The Morphing Threat Landscape Apr 2011, Arnhem Tamas Rudnai, Websense Security Labs.
Information Security Management Chapter 12. 12-2 “We Have to Design It for Privacy and Security.” Copyright © 2014 Pearson Education, Inc. Publishing.

Information Security Management Chapter “We Have to Design It for Privacy and Security.” Copyright © 2014 Pearson Education, Inc. Publishing.
SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.

SESSION ID: Continuous Monitoring with the 20 Critical Security Controls SPO1-W02 Wolfgang Kandek CTO.
Www.ikhlas.com.bn 0. 1 1 Introduction to ikhlas ikhlas is an affordable and effective Online Accounting Solution that is currently available in Brunei.

Introduction to ikhlas ikhlas is an affordable and effective Online Accounting Solution that is currently available in Brunei.
Www.accessdata.com Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)

Digital Investigations of Any Kind ONE COMPANY Cyber Intelligence Response Technology (CIRT)
Profile. 1.Open an Internet web browser and type www.linkedin.com into the web browser address bar. 2.You will see a web page similar to the one on.

Profile. 1.Open an Internet web browser and type into the web browser address bar. 2.You will see a web page similar to the one on.
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Firewalls Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Firewalls Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Tim Davidson System Engineer

Tim Davidson System Engineer
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Similar presentations

Ads by Google