STAYING AHEAD OF THE THREAT
Transcript of STAYING AHEAD OF THE THREAT
S T A Y I N G A H E A D O F T H E T H R E A T
C Y B E RS E C U R I T YO V E R V I E W
J O H N H A L L
Cyber Security Analyst
Senior Manager
LARGE DEFENCE CONTRACTOR, HIGHLY TARGETED BY ADVERSARIES
P R O T E C T I N G T H E E N T E R P R I S E
W E N E V E R F O R G E T W H O W E A R E W O R K I N G F O R ™ – B U T N E I T H E R D O E S T H E A D V E R S A R Y
>100,000 Employees
>60,000 Scientists, Engineers And IT
Professionals
Global Operations: 572 Facilities In
Over 63 Countries
6x OC-12 Internet Pipes
~200TB Full Packet Capture Storage
~300 Million Web Requests/Day
~1.2 Million Web Proxy Connections Blocked
per Day
~145,000 Managed Desktops
~1.75 Billion Sensor Events/Day
~30 Million Emails/Day
~800,000 Active Directory Objects
It takes a concerted organizational effort to develop a defensive posture
If tools are your only answer – you asking the wrong question!
Leadership is fundamental,
Strong analyst skills too.
Must demonstrate ongoing performance improvements like anything else
WE HAVE LEARNED MANY HARD LESSONS INCLUDING:
D E V E L O P I N G A S E C U R I T Y M I N D S E T
I T ’ S A M A R A T H O N N O T A S P R I N T
Still the same mechanics : email/web/
some USBs/insiders
Adversary is exploiting the trust
between partners in the supply chain.
THE SUPPLY CHAIN IS A KEY VECTOR
E V O L V I N G C Y B E R E C O S Y S T E M
4
Behavioural analysis so important.
Must look for adversary behaviours
amongst the legitimate traffic
SME/SMB are an integral part of the
national economic infrastructure but
least prepared for the reality.
Companies like LM are constantly
maturing our approach and
expectations for suppliers. Suppliers
that expose us to less risk will have a
benefit over their competition
F35 IN AUSTRALIA C130J IN AUSTRALIA
O N E S U P P L I E R S E X A M P L E
Australian companies have been awarded over $482M USD
in F-35 contracts to date and high tech manufacturing jobs
for Australian industry
Australian industry is expected to gain up to $6.3B USD in
industry opportunities over the life of the JSF program.
Every F-35 built will have some Australian parts and
components.
The F-35 program will sustain high technology
manufacturing jobs across the country for decades to come
To date, there are currently 17 Australian companies with
active F-35 contracts.
C130 has an extensive history in Australia.
– C130A entered service 1958
Currently the Airforce has a ~$290M C130J support contract
with Australian companies through 2030.
– This contract has created a longer tail of SMEs outside
the LM specific supply chain
A local company is producing some $15M worth of carbon-
fibre composite wing flaps per year
S O M E S T A T S F O R L O C K H E E D M A R T I N I N A U S T R A L I A
A T T R I B U T I O N
W H Y M E ?
AUSTRALIA IS PART OF A GLOBAL ECONOMY.
For a corporation: Who only matters to understand Why.
Understanding How is a highly IT based technical skill
Understanding How and Why represent an Intelligence driven approach that helps to apply
limited internal resources to those issues that present the most risk to the corporation.
I think this is true in any scenario with finite resource
Industry and particularly larger industry and state need to work closely. Economically important
to raise the capability and posture of the weakest links.
Small business needs to learn the basics and at least be more informed consumers of the
technology supporting a connected business environment.
OF COURSE THERE IS HOPE… JUST NO SILVER BULLET
T H E T A K E A W A Y
I S T H E R E H O P E ?
“A journey of a thousand miles begins with a single step.”
Lao-tzu, The Way of Lao-tzu
Chinese philosopher (604 BC - 531 BC)
“Opportunities multiply as they are seized.”
Sun Tzu
CYBER THREAT INTELLIGENCEADVANCED THREAT MANAGEMENT
CYBER WORKFORCE AWARENESS
C Y B E RS E C U R I T YS O L U T I O N S
Knowledge Management System (KMS)
of Advanced Indicators
Continuous Collection Allows Constant
Identification of Activities
Extensible Analysis Enables Extraction and
Enrichment of Collected Information
Artifact Retention Provides Evidence for
Prosecution
Detection and Alerts on Covert Malicious
Command & Control Channels
Detection of Advanced File Exploits
On-going, Focused Network Visibility
Custom Exploit Signatures
Notification of Adversarial Tactics,
Techniques, and Procedures Observed at
Internet Points of Presence
iCampaign—Employee Awareness
Training
EXCITE—Accelerates Competency Level
of Cyber Intelligence Analysts through
Courses that Provide an Understanding
of Security Intelligence Concept, Mindset,
Tools and Technologies