Presentation is loading. Please wait.

Presentation is loading. Please wait.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Published byOdalys Locklair Modified over 9 years ago

Similar presentations

Presentation on theme: "1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack."— Presentation transcript:

1 1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack

2 2© Copyright 2011 EMC Corporation. All rights reserved. The “Community’ of Attackers Nation state actors PII, government, defense industrial base, IP rich organizations Criminals Petty criminals Organized crime Organized, sophisticated supply chains (PII, financial services, retail) Unsophisticated Non-state actors Terrorists Anti-establishment vigilantes “Hacktivists” Targets of opportunity PII, Government, critical infrastructure

3 3© Copyright 2011 EMC Corporation. All rights reserved. Advanced Threats 1.0 abc.com def.com 1.2.3.4 Clear-text & custom protocol Clear-text & normal protocol Custom encryption Custom encryption Content Inspection Content Inspection Protocol Anomalies Protocol Anomalies Network Traffic Anomalies Network Traffic Anomalies Known Bad Endpoints Known Bad Endpoints C2 Traffic SSL or other standards based encryption. Custom malware w/ no signature. C2 Traffic (port 80/443) abc.com def.com 1.2.3.4 def.com 3.7.9.1 8.2.3.3 Advanced Threats 2.0

4 4© Copyright 2011 EMC Corporation. All rights reserved. Understanding the threat Intrusion Kill Chain ReconWeaponizationDeliveryExploitationInstallationC2 Act on Objectives Note/ Attribution: ‘Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains’; Hutchins, Cloppert, Amin, Lockheed Martin CIRT; Proceedings of the 6th International Conference on Information Warfare, 2011 7-Phase Model for how an adversary engages a victim Any disruption in the chain will impact their actions Human intervention is often required for success and failure All seven steps can be detected, prevented, or minimized

5 5© Copyright 2011 EMC Corporation. All rights reserved.

6 6 Executive Checklist Is your IT security organization functionally aligned with the greater IT infrastructure? –Outsourcer > Insourced Capabilities > SOC > etc. Do you monitor the crown jewels of your organization and know where your most high value programs and assets are? Does your organization have & practice a breach readiness plan, incident response, discovery & remediation process/procedures? In addition to perimeter defenses (ingress), does there exist an egress defense strategy and approach to mitigate data exfiltration? Is there a consistent 360 degree governance, risk and compliance practice in your organization? –Compliance, Regulatory, Legal, Corporate Policy, Communications & HR

7 7© Copyright 2011 EMC Corporation. All rights reserved. Security Practices – Critical Checklist Business Risk Assessment – Critical Asset Protection Identify most critical systems; ensure they are given the highest priorities for all hardening and monitoring activities Active Directory and Exchange Hardening Minimize number of admins Monitoring and alerting (Windows Event ID #566) Two factor admin access from hardened VDI platform Executable whitelisting on hardened DCs Disable default account and rename key accounts Complex passwords (9 & 15 Char) Infrastructure & Logging Full and detailed logging & analysis Tighten VPN controls Increase controls on crypto keys Full packet capture at strategic network locations Network segmentation Team trained and focused on APT activity Service Accounts Review accounts for privilege creep Change passwords frequently Do not embed credentials into scripts Minimize interactive login Restrict login only from required hosts Web Access Block access to high risk and web filter categories Click through on medium risk websites Black hole dynamic DNS domains Authenticated internet access DNS traffic analysis User Education Increase security training for IT Launch security improvement initiative Regular education of users on phishing attacks Regular education on social engineering Increase mail filtering controls User Machine Hardening Limit local admin and randomize PW- change often Increase patching regime Enable security controls in applications Deep visibility to identify lateral movement Limit use of non-authorized and unapproved software

8 8© Copyright 2011 EMC Corporation. All rights reserved. THANK YOU

Download ppt "1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.

Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.

1© Copyright 2011 EMC Corporation. All rights reserved. Advanced Persistent Threat Sachin Deshmanya & Srinivas Matta.
11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.

11 Zero Trust Networking PALO ALTO NETWORKS Zero Trust Networking April 2015 | ©2014, Palo Alto Networks. Confidential and Proprietary.1 Greg Kreiling.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Chapter 12 Network Security.

Chapter 12 Network Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Controls for Information Security

Controls for Information Security
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Understanding and Dealing with Modern Threats Trent Greenwood, Manager Security Practioners TOLA.

Understanding and Dealing with Modern Threats Trent Greenwood, Manager Security Practioners TOLA.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep

Similar presentations

Ads by Google