Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02

27
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address. Dr. Eric Cole Secure Anchor Consulting, LLC Mark Evertz, Tripwire, Inc. November 4, 2010

TAGS:

description

Cyber Threat Jujitsu 101 Presentation with Mark Evertz and Dr. Eric Cole, IT Security Consultant and founder of Secure Anchor.Catch the webcast with audio on Tripwire.com here: http://bit.ly/g27pJ6

Transcript of Cyberjutitsu101coleevertzfinal 1296250763392-phpapp02

  • 1. Todays Speakers Dr. Eric Cole Founder/President Secure Anchor Consulting LLC Mark Evertz Security Solutions Manager Tripwire, Inc.

2. You Cant Stop Stupid -- RevisitedDr. Eric ColeSecure Anchor Consulting, LLC 2010 Secure Anchor Consulting. All rights reserved. 3. Why Is This Happening? People PhoneScriptCyber Cyber CyberOutsidersPhreakers Kiddies Crime TerrorWarfareLow Risk+ High Reward = Opportunity 2010 Secure Anchor Consulting. All rights reserved. 4. Why Is This Happening? Technology 2010 Secure Anchor Consulting. All rights reserved. 5. What Is the Outlook? 2010 Secure Anchor Consulting. All rights reserved. 6. Threat Landscape 500% increase 80% for $$ 20% > malicious 25K sample/dayMalwareAttacks 2010 Secure Anchor Consulting. All rights reserved. 7. Threat Landscape 1.5M sites/month DNS attacks Cross Site Scripting DefacingMalwareWebAttacksAttacks 2010 Secure Anchor Consulting. All rights reserved. 8. Threat Landscape 400K zombies a day Conficker / Korea Critical InfrastructureMalwareWeb DDOSAttacksAttacks Attacks 2010 Secure Anchor Consulting. All rights reserved. 9. Threat Landscape $1 trillion/year Autorun.exe USB & phones ComplianceMalwareWeb DDOSDataAttacksAttacks Attacks Attacks 2010 Secure Anchor Consulting. All rights reserved. 10. Threat Landscape Spam = malware Up 10% a year Spear phishing New protocolsMalwareWeb DDOSData EmailAttacksAttacks Attacks AttacksAttacks 2010 Secure Anchor Consulting. All rights reserved. 11. Data Driven Threats 1997 End of 2007 Mid 2010 Vulnerabilities440 28,500 34,100 Password Stealers400 80,000 380,000 (Main variants) Potentially 124,000 26,000 Unwanted Programs Malware (families) 17,000 358,000 484,000 (DAT related) Malware (main variants) 18,000 (?)586,0002,700,000 Malware Zoo 30,000 (?)5,800,00016,300,000 (Collection) 2010 Secure Anchor Consulting. All rights reserved. 12. While it is a hard problem, many attackers make mistakes Leaving a footprint on the system Trying to target and find key information Making an outbound connection for command and control Sending out sensitive information Utilizing encryption to hide Cutting edge or not so cutting edge Running standard tools and techniques 2010 Secure Anchor Consulting. All rights reserved. 13. Sophisticated Yes and NoAttackers have completed access toUser receives email/IM internal systemswith malicious linkBack door is setup and connectsto C&C servers User clicks on link Browser Binary disguised downloads/executesas an image ismalicious javascript downloaded and executes 14. Cyber Jutitzu 101 Know thy system by base lining your environment Rapid baselining and continuous monitoring It is 10pm, do you know where your data is? Focus on outbound traffic Firewall filtering Dropped packets Clipping levels Understand the entry point for attack It has and will always be about the user While you cannot stop stupid, you can contain it 2010 Secure Anchor Consulting. All rights reserved. 15. Trend 1: More focus on Data Correlation 2010 Secure Anchor Consulting. All rights reserved. 16. Trend 2: Threat intelligence analysis will become moreimportant 2010 Secure Anchor Consulting. All rights reserved. 17. Trend 3: Endpoint security becomes foundation 18. Trend 4: Focusing in onproactive forensics instead ofbeing reactive 2010 Secure Anchor Consulting. All rights reserved. 19. Trend 5: Moving beyond signature detection 2010 Secure Anchor Consulting. All rights reserved. 20. Must Make Better Use Of Existing DataWe consistently find that nearly 90% ofthe time logs are available but discovery [of breaches] via log analysis remains under 5% 2010 21. Raw Log DataAm I Secure?Is Policy Impacted?change eventlog eventEvents of Interest! 22. Example: Correlating Log & Change Events5 failed logins Login successful Windows event log cleared Logging turned offHost not generating events Policy test fails 23. Tripwire VIA VISIBILITYINTELLIGENCE AUTOMATION Across the entire Enable better, Reduce manual, IT infrastructure faster decisions repetitive tasks24 24. Tripwire VIA: IT Security & Compliance Automation Event DatabaseCorrelate to Correlate to Bad Changes Suspicious Events 25. THANK YOU!Dr. Eric ColeMark Evertz President Security Solutions Manager Secure Anchor Consulting, LLC Direct: 503.269. 2639 www.tripwire.com E-mail : drcole@secure-E-mail : [email protected] 26. Answers For Your Questions


Evacolorido10copy 140206142238-phpapp02-140516083130-phpapp02

Evacolorido10copy 140206142238-phpapp02-140516083130-phpapp02

Elementosdelteatro 090922064116-phpapp02-130423094839-phpapp02

Elementosdelteatro 090922064116-phpapp02-130423094839-phpapp02

Smawojcikprint 1307728092142 Phpapp02 110610125747 Phpapp02

Smawojcikprint 1307728092142 Phpapp02 110610125747 Phpapp02

Mississippi 100413144130-phpapp02-100413165502-phpapp02

Mississippi 100413144130-phpapp02-100413165502-phpapp02

Linkedinmarketingoverviewjasminesandler 13499986125162-phpapp02-121011184038-phpapp02

Linkedinmarketingoverviewjasminesandler 13499986125162-phpapp02-121011184038-phpapp02

10businessmodelsofourtimebeta 100204180704-phpapp02-130915004644-phpapp02

10businessmodelsofourtimebeta 100204180704-phpapp02-130915004644-phpapp02

Damsustainability 13054265721522-phpapp02-110514213257-phpapp02

Damsustainability 13054265721522-phpapp02-110514213257-phpapp02

Maintest 100713212237-phpapp02-100714080303-phpapp02

Maintest 100713212237-phpapp02-100714080303-phpapp02

Question2 130421110458-phpapp02-130422063552-phpapp02

Question2 130421110458-phpapp02-130422063552-phpapp02

1 1309848222-phpapp02-110705014524-phpapp02

1 1309848222-phpapp02-110705014524-phpapp02

K2partneringsolutionspresentation 13118580048926 Phpapp02 110728080107 Phpapp02

K2partneringsolutionspresentation 13118580048926 Phpapp02 110728080107 Phpapp02

Kme 13386248648833-phpapp02-120602031724-phpapp02

Kme 13386248648833-phpapp02-120602031724-phpapp02

Srtcmasterveryshort 13303482929323-phpapp02-120227071512-phpapp02

Srtcmasterveryshort 13303482929323-phpapp02-120227071512-phpapp02

2011presentation 13121831500421 Phpapp02 110801022136 Phpapp02

2011presentation 13121831500421 Phpapp02 110801022136 Phpapp02

Cursobasicodeevangelismo 120805154410-phpapp02-140104002751-phpapp02

Cursobasicodeevangelismo 120805154410-phpapp02-140104002751-phpapp02

Donnefacebookduepuntozero 111025052158-phpapp02-111109143922-phpapp02

Donnefacebookduepuntozero 111025052158-phpapp02-111109143922-phpapp02

Motivation101016021458 Phpapp02 111130191106 Phpapp02

Motivation101016021458 Phpapp02 111130191106 Phpapp02

Computacinenlanube 100616062101-phpapp02-111107142328-phpapp02

Computacinenlanube 100616062101-phpapp02-111107142328-phpapp02

Presentaciondeltallerdelogistika 100904112427-phpapp02-110326000850-phpapp02

Presentaciondeltallerdelogistika 100904112427-phpapp02-110326000850-phpapp02

5linxbusinessopppresentation 13017946988405-phpapp02-110829222216-phpapp02

5linxbusinessopppresentation 13017946988405-phpapp02-110829222216-phpapp02