© 2014 All Rights Reserved Mohit Rampal Shubika Soni MOBILE & WIRELESS THREATS AND BUILDING CAPACITY FOR SECURITY.

Slides:

Advertisements

Similar presentations

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

Advertisements

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

Security for Today’s Threat Landscape Kat Pelak 1.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

Microsoft Ignite /16/2017 4:54 PM

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Top 7 Things to Know about Activation and Genuine Software with Windows 7 For computers with perpetual licensing obtained through Microsoft volume licensing.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

[Name / Title] [Date] Effective Threat Protection Strategies.

Storage Security and Management: Security Framework

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

Dell Connected Security Solutions Simplify & unify.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.

Accelerating Development Using Open Source Software Black Duck Software Company Presentation.

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

Accompanying notes to presentation What you need to know This presentation is part of the Art of connecting. There are four themes in total, each with.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

LEADERSHIP BUILDS RESILIENCE Resilience- the art of surviving in changing political and financial landscapes From: Resilient Organisations: What about.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Ali Alhamdan, PhD National Information Center Ministry of Interior

TOP 10 TECHNOLOGY INITIATIVES © Robert G. Parker S-1 Issues Loss or theft of mobile devices Lack of MDM (mobile device management) software Cloud.

Network security Product Group 2 McAfee Network Security Platform.

Randy Beavers CS 585 – Computer Security February 19, 2009.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Marin Frankovic Datacenter TSP

© 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Cyber Security and the National.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.

Infrastructure for the People-Ready Business. Presentation Outline POINT B: Pro-actively work with your Account manager to go thru the discovery process.

©2015 Check Point Software Technologies Ltd. 1 [Restricted] ONLY for designated groups and individuals CHECK POINT MOBILE THREAT PREVENTION.

External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.

Why SIEM – Why Security Intelligence??

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Enterprise Network Security Threats that are Overlooked.

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

Tripwire Threat Intelligence Integrations. 2 Threat Landscape by the Numbers Over 390K malicious programs are found every day AV-Test.org On day 0, only.

If it’s not automated, it’s broken!

Security and resilience for Smart Hospitals Key findings

Your Partner for Superior Cybersecurity

Information Security – Current Challenges

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.

Information Technology Sector

THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.

Cyber Security: State of the Nation

Advanced Borderless Network Architecture Sales Exam practice-questions.html.

Improving the WiFi Customer Experience

Jon Peppler, Menlo Security Channels

5G Security Training

I have many checklists: how do I get started with cyber security?

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Panda Adaptive Defense Platform and Services

Supply Chain and the Most Serious Global Risks

Strategic threat assessment

Session 8: Innovative Uses of Captives: Cyber and Beyond

IT Management Services Infrastructure Services

Presentation transcript:

© 2014 All Rights Reserved Mohit Rampal Shubika Soni MOBILE & WIRELESS THREATS AND BUILDING CAPACITY FOR SECURITY

© 2014 All Rights Reserved 2 Strength in visibility

© 2014 All Rights Reserved 3 Today’s world is filled with complexity New threats are waiting for cracks to appear See the cracks Know the threats Build a more resilient world LANDSCAPE TODAY

© 2014 All Rights Reserved 4 CYBER THREATS : MORE PROFESSIONAL & SOPHISTICATED Cyber Attacks: Internet-based incidents involving politically or financially motivated attacks on information and information systems. Zero-day Vulnerabilities, Or Unknown Vulnerabilities: Software flaws that make exploitation and other illegal activities towards information systems possible Proactive Cyber Defense: acting in anticipation to oppose an attack against computers and networks.

© 2014 All Rights Reserved 5 Top 10 risks in terms of Likelihood 1.Interstate conflict 2.Extreme weather events 3.Failure of national governance 4.State collapse or crisis 5.Unemployment or underemployment 6.Natural catastrophes 7.Failure of climate-change adaptation 8.Water crises 9.Data fraud or theft 10.Cyber attacks GLOBAL RISKS FOR 2015 Source: Global Risks Perception Survey representing a risk most likely to occur

© 2014 All Rights Reserved 6 Top 10 risks in terms of Impact 1.Water crises 2.Spread of infectious diseases 3.Weapons of mass destruction 4.Interstate conflict 5.Energy price shock 6.Critical information infrastructure breakdown 7.Failure of climate-change adaptation 8.Fiscal crises 9.Unemployment or underemployment 10.Biodiversity loss and ecosystem collapse GLOBAL RISKS FOR 2015 Source: Global Risks Perception Survey representing a risk most likely to occur

© 2014 All Rights Reserved 7 Large-scale cyber attacks : considered above average on both dimensions of impact and likelihood Reflects : growing sophistication of cyber attacks and the rise of hyperconnectivity In the United States alone, cybercrime already costs an estimated $100 billion each year IOT delivers technology with new risks TECHNOLOGICAL RISKS: BACK TO THE FUTURE Source: Global Risks Perception Survey representing a risk most likely to occur

© 2014 All Rights Reserved 8 TECHNOLOGICAL RISKS: BACK TO THE FUTURE Attacks against infrastructure are targeting significant resources across the Internet Malicious actors are using trusted applications to exploit gaps in perimeter security Evidence of internal compromise in Organisations with suspicious traffic emanating from their networks and attempting to connect to questionable sites Trust with greater attack surfaces, sophistication of attacks and the complexity of threats and solutions Lack of threat intelligence with malicious actors using trusted applications to exploit gaps

© 2014 All Rights Reserved 9 RELOOK AT THREATS AND ATTACKS HEARTBLEED, SHELLSHOCK, POODLE Year 2014: …

© 2014 All Rights Reserved 10 RELOOK AT THREATS AND ATTACKS CYBER SUPPLY CHAIN MANAGEMENT AND TRANSPARENCY ACT OF 2014 TL;DR 1.HW/SW/FW sold to any Agency must come with Bill of Materials 2.Cannot use known vulnerable components 1.Must use less vulnerable version 2.(or need waiver) 3.Must design software so that it can be patched

© 2014 All Rights Reserved 11 CHALLENGES

© 2014 All Rights Reserved 12 SOME WIRELESS SECURITY CONCERNS Wireless (WiFi) BYOD (Device) Virtual WiFi Accidental associations Rogue APs RF congestion / interference (DoS) Mobile (Cellular) BYOD / BYOA (Application) Tethered devices connected to infra. Mobile Malware 3G/4G LTE offload to WiFi (interference / DoS) Bluetooth

© 2014 All Rights Reserved 13 MITIGATING THE RISKS Known Vulnerability Management which is Grey Box Testing Application testing for Associated 3 rd party library vulnerabilities which is testing integrated components for known vulnerabilities Unknown Vulnerability Management which is Black Box Testing Lastly, a process Requirement gathering=>Pre-Tender=>Tender=>Technical Qualify=>Purchase

© 2014 All Rights Reserved 14 THE KNOWN AND THE UNKNOWN Known Vulnerability Management Unknown Vulnerability Management (UVM) Total Vulnerability Management Total Vulnerability Management SAST Approach PC Lint, OSS, Coverity, Fortify, IBM, Microsoft... SAST Approach PC Lint, OSS, Coverity, Fortify, IBM, Microsoft... Whitebox testing DAST Approach Fuzzing: Codenomicon Defensics, Peach, Sulley DAST Approach Fuzzing: Codenomicon Defensics, Peach, Sulley Blackbox testing Satan/Saint Nessus, ISS Reactive Proactive Bottom line: All systems have vulnerabilities. - Both complimentary categories needs to be covered Qualys, HP, IBM, Symantec : Codenomicon AppCheck

© 2014 All Rights Reserved 15 ATTACK POINTS WiFi end points Network elements Unlicensed and unmanaged applications running on Desktop and Mobiles Device Firmware’s Lack of threat monitoring and threat intelligence

© 2014 All Rights Reserved 16 Process of: Detecting attack vectors Finding zero-day vulnerabilities Building defenses Performing patch verification Deployment in one big security push UNKNOWN VULNERABILITY MANAGEMENT (UVM)

© 2014 All Rights Reserved 17 UVM- WORKFLOW Execute tests Configure fuzzer and target Test interoperability Analyze resultsRemediate Repeat

© 2014 All Rights Reserved 18 FUZZ TEST EFFECTIVENESS AGAINST WIFI

© 2014 All Rights Reserved 19 MODEL BASED FUZZING TECHNIQUES Template Based Fuzzing Quality of tests is based on the used seed and modeling technique Very quick to develop, but slow to run Editing requires deep protocol know-how Good for testing around known vulnerabilities Specification Based Fuzzing Full test coverage Always repeatable Short test cycle, more optimized tests Easy to edit and add tests

© 2014 All Rights Reserved 20 Codenomicon Defensics is unsurpassed in finding unknown vulnerabilities. No other solution does more to quickly empower organizations to discover unknown vulnerabilities that put business performance and reputation at critical risk. World’s most powerful platform for stress testing Fast, reliable, efficient deployment Support for 270+ protocols—continuously updated Capable of finding subtle security flaws Run at pace of product development lifecycle and process Discovered Heartbleed PROACTIVE SECURITY TESTING - DEFENSICS Unknown Vulnerability Management (UVM)

© 2014 All Rights Reserved 21 Codenomicon is the industry leader in identifying the threat factors that weaken business trust First to report Heartbleed Global authorities with vast knowledge of known and unknown vulnerabilities Protect customer trust & confidence Trusted partner to Verizon, AT&T, Cisco, Alcatel-Lucent, the FDA, Homeland Security, and notable global governments and agencies Global advocate for improved software development and responsible network safeguarding WHO WE ARE

© 2014 All Rights Reserved 22 SAMPLE CUSTOMER LIST

© 2014 All Rights Reserved 23 Questions