Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • APT: It Is Time To Act: Dr. Eric Cole

    Загружено:

    megvik
    33 просмотров22 страницы
    apt

    Оригинальное название

    Webcast

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    apt

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    33 просмотров22 страницы

    APT: It Is Time To Act: Dr. Eric Cole

    Загружено:

    megvik
    apt

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 22

    A P T: It is Time to A ct

    Dr. Eric Cole

    2012 Secure Anchor Consulting. A ll rights reserved.

    APT Defined
    The APT is a cyber-adversary displaying
    advanced logistical and operational
    capability for long-term intrusion
    campaigns with the goal of exploiting
    information in a covert manner

    APT is a sophisticated global threat posing serious


    information security challenges and implications
    Primary goal is long-term occupation for data mining,
    malicious activities and to ensure future use
    Based on current shared industry knowledge and
    experience, a large number of global organizations that
    deal with sensitive information are currently
    compromised

    Just a small sample of breaches

    Aurora
    Night Dragon
    RSA Breach
    Shady RAT

    Most commercial organizations have little experience


    dealing with these advanced threats
    Sophisticated and well-funded APT adversaries do not
    necessarily need to breach perimeter security controls to
    access networks

    APT adversaries are changing the game identification, detection, analysis and remediation
    must evolve to keep pace with new challenges

    The Future is Ours to Decide

    Two roads diverged in a wood, and I - I took


    the one less traveled by, and that has made
    all of the difference Robert Frost

    Why is this Happening?


    PrivacyRights.org (updated weekly)
    Here are some that are reported (most are not)
    Just a small sample (financial records breached):

    Heartland Payment Systems (130+ million)


    Oklahoma Dept of Human Services (1 million)
    International Finance Agency (22 million)
    University of California (160,000 )
    Network Solutions (5 million)
    European Military Veterans Administration (76 million)
    Australian BlueCross BlueShield Assn. (987,000)

    Data Driven Threats

    2001

    End of 2010

    Mid 2012

    Vulnerabilities

    440

    28,500

    34,100

    Password Stealers
    (Main variants)

    400

    80,000

    380,000

    24,000

    26,000

    17,000

    358,000

    484,000

    Malware (main variants)

    18,000 (?)

    586,000

    2,700,000

    Malware Zoo
    (Collection)

    30,000 (?)

    5,800,000

    16,300,000

    Potentially
    Unwanted Programs
    Malware (families)
    (DAT related)

    We cannot solve our problems


    with the same thinking we used
    when we created them.

    Albert Einstein

    Were Security Measures in Place?


    Endpoint
    Software
    Management

    Law Firm

    IDS

    Manufacture

    Anti-virus

    CDC 2

    Host
    Auditing
    Enabled

    CDC 1

    Firewalls /
    Proxy
    Servers

    Oversight
    Compliance
    Government

    Traditional and common information security


    defenses are not effective in the detection and
    prevention

    While traditional countermeasures can be


    implemented, they often prove ineffective
    requiring more advanced approaches

    5 Step to a Secure Future

    Step 1: Identify Critical Data

    Align critical assets


    with threats and
    vulnerabilities to focus
    on risk

    Risk Based Thinking


    1) What is the
    risk?
    2) Is it the highest
    priority risk?
    3) Is it the most
    cost effective
    way of
    reducing the
    risk?

    Step 2: Align the Defense with


    the Offense
    1)
    2)
    3)
    4)
    5)

    Reconnaissance
    Scanning
    Exploitation
    Creating backdoors
    Covering tracks

    Step 3: Know thy Organization


    If the offense knows more than
    the defense you will lose

    Requirements:
    a) Accurate up to date network
    diagram
    b) Network visibility map
    c) Configuration management and
    change control

    You Cannot Protect


    What You Do Not Know About
    10.10.5.3

    10.10.5.9

    10.10.5.10
    10.10.5.x

    21

    25

    80

    53

    Sendmail 8.12.10

    21

    443

    Apache 1.3.26
    10.10.5.3

    25

    80

    Sendmail 8.12.10

    80

    10.10.5.9

    53

    443

    Apache 1.3.26

    10.10.5.10

    80

    Step 4: Defense in Depth

    There is no such thing as an


    unstoppable adversary
    Requirements:
    a) Inbound prevention
    b) Outbound Detection
    c) Log correlation
    d) Anomaly detection

    Step 5: Common Metrics


    Everyone must be using the
    same playbook in order to win
    Requirements:
    a) Utilize the critical controls
    i.
    ii.

    Offense informing the defense


    Automation and continuous monitoring
    of security
    iii. Metrics to drive measurement and
    compliance

    www.sans.org/critical-security-controls/

    %RWWRP/LQH

    It is time to take control of your data

    /HWVVWRSPDNLQJLWHDV\IRUWKH
    adversary

    Final Thought

    ,WLVWLPHWRDFW
    7DNHWKHSDWKOHVVWUDYHOHG

    T H A N K Y O U for your time


    Dr. Eric Cole

    Twitter: drericcole
    ecole@secureanchor.com
    eric@sans.org
    www.securityhaven.com

    Вам также может понравиться