Combining the best of Audit and Penetration Testing

Slides:



Advertisements
Similar presentations
Security Life Cycle for Advanced Threats
Advertisements

SIEM Based Intrusion Detection Jim Beechey May 2010 GSEC, GCIA, GCIH, GCFA, GCWN twitter: jim_beechey.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
Malware\Host Analysis for Level 1 Analysts “Decrease exposure time from detection to eradication” Garrett Schubert – EMC Corporation Critical Incident.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
Cyber Principles November 2010 Bob Gourley. The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Red Team “You keep using that word, I do not think it means what you think it means” – Inigo Montoya.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Thursday, January 23, :00 am – 11:30 am. Agenda  Cyber Security Center of Excellence  Project Phase  Implementation  Next Steps 2.
“Building sustainable capabilities across all phases of Emergency Management in Kansas through selfless service” KDEM EMPG 2012 OVERVIEW 13 September 2011.
Operations Security (OPSEC) Introduction  Standard  Application  Objectives  Regulations and Guidance  OPSEC Definition  Indicators.
-UNCLASSIFIED- Missile Defense Exercise Planning Presented By: Mr. Ohad Elbahar Israel Missile Defense Organization May First Annual Israel Multinational.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Understanding the Threats of and Defenses Against Cyber Warfare.
Sky Advanced Threat Prevention
International Cyber Warfare & Security and B2B Conference Participation of Brazilian Cyber Defense Centre ( )
Page 1 of 10 Red Teams & Other Experiment Process Headaches NDSS 2000 Symposium, 4 February 2000 Brad Wood Information Design Assurance.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
How to Make Cyber Threat Intelligence Actionable
Koustav Sadhukhan, Rao Arvind Mallari and Tarun Yadav DRDO, Ministry of Defense, INDIA Cyber Attack Thread: A Control-flow Based Approach to Deconstruct.
Best Cyber Security Practices for Counties An introduction to cybersecurity framework.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
An Anatomy of a Targeted Cyberattack
Understanding and breaking the cyber kill chain
11/03/2016.
Security and resilience for Smart Hospitals Key findings
Defining your requirements for a successful security (and compliance
Proactive Incident Response
Abusing 3rd-Party Services For Command And Control
Six Steps to Secure Access for Privileged Insiders and Vendors
Center of Excellence in Cyber Security
and Security Management: ISO 28000
Cyber Security: State of the Nation
Understanding the Threats of and Defenses Against Cyber Warfare
Intelligence Driven Defense, The Next Generation SOC
Active Cyber Security, OnDemand
Six Steps to Secure Access for Privileged Insiders and Vendors
KELA Targeted Cyber Intelligence
Or how to learn to love the bomb
Topological Vulnerability Analysis
Cyber defense management
Cyber Threat Intelligence Sharing Standards-based Repository
Determined Human Adversaries: Mitigations
Modeling Cyberspace Operations
Threat Gets a Vote Applying a Threat Based Approach to Security Testing Joe Vest
THE NEXT GENERATION MSSP
Security Agility: Creating a Multi-Disciplinary Framework
Risk Assessment = Risky Business
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
PROACTIVE SNOOPING ANALYSIS
Successful Strategies in Enterprise Intrusion Investigations
Validating Your Information Security Program (ISP 3 of 3)
Build a better Catfish 2018 RVASec.
Top Security Priorities 2018
National Cyber Security
The Assumed Breach Model
12/6/2018 Honeypot ICT Infrastructure Sashan
What are the Resilience Mechanisms? Hugo Pereira Evoleo Technologies
Enhanced alerting and collaborative incident management
Strategic threat assessment
Determined Human Adversaries: Mitigations
Mitre Att&ck Matrix RA PS...Trebuchet Font makes crazy ampersands but I was to lazy to change it.
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
Engineering Secure Software
Presentation transcript:

Combining the best of Audit and Penetration Testing Adversary Simulation Combining the best of Audit and Penetration Testing

What is an adversary simulation?

What is an Adversary Simulation? The concept became common during 1960’s military war-game exercises Red Team + Blue Team = Purple Team? Threat Emulation Threat Hunting Adversary (ad-ver-ser-ee) noun a person, group, or force that opposes or attacks; opponent; enemy; foe. Simulation (sim-yuh-ley-shuh n) imitation or enactment, as of something anticipated or in testing. Source: Dictionary.com

Let’s Create a Definition… Assumptions: Compromise is assumed. There is always a successful attack vector, initial compromise cannot be prevented. Focus should be post-compromise actions Goals: Prepare network and host defenses to defend against attacks Prepare defensive staff and incident responders against targeted, sophisticated, and determined attacks Reduce “Time to Detect” and “Time to Recovery” when a real event arises Validate control investments (CHECK) and make configuration improvements (ACT) Requirements for Effectiveness: Must use known adversary tactics, techniques and procedures (TTPs) TTPs should be relevant to your industry and business/organization Emulate real threat actors and scenarios (basic -> advanced)

Adversary Simulation Focuses on Post-Compromise The cyber kill chain Adversary Simulation Focuses on Post-Compromise

Typical Cyber Kill Chain Representation

So what is an Adversary simulation?

SynerComm’s Adversary Simulation Based on pre-defined or customized playbook Command and control, persistence, discovery and credential access Privilege escalation and lateral movement Collection and exfiltration Defense evasion Typically performed onsite in Cooperation with our client’s Team Methodical, repeating process: Attack > Validate Control > Improve Control > Validate Control > Next Attack Tactics, techniques and procedures based on MITRE ATT&CK for Enterprise

MITRE Adversarial Attack Tactics

MITRE ATT&CK for Enterprise

Benefits of Adversary Simulation Train and prepare IT, security and response staff Validate, tune and improve control effectiveness Enterprise focus is on SIEM collection and alerting

SynerComm’s AdSim Process Scope High-Level Playbook Consult to Define the Playbook Execute the Playbook Tune & Adjust Controls Retest

SynerComm’s AdSim Process

SynerComm’s AdSim Process

Thank You for Attending! Go Tell Your Friends Questions? Thank You for Attending! Go Tell Your Friends

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.