Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Services.

Published byMuriel Richard Modified over 6 years ago

Similar presentations

Presentation on theme: "Global Services."— Presentation transcript:

1 Global Services

2 Business Cases Mitigate Pump and Dump (“unknown package”) - research
“Investigation Package” to reduce cost of Insurance claim (stop premium from going up) Speed up, reduce cost of investigation Public trust management HIPPA FISMA PCI Keep your cardservices running (even if you had a breach) GBLeech

3 The Bad Guy always gets in
There is no perfect security solution Attacker is constantly improving Security is only as good as the weakest link Security is always balanced against cost and convenience Current security solutions are not working Top three AV miss 80% of the threats 75,000 new malware per-day

4 Goal Help our customers stay ahead of the threat curve and truly understand their enemy(s) Detect active threats with no signature Assess specific intention of threat to customer information (what is being stolen, and why) Provide actionable data to rapidly remediate and mitigate Provide Intelligence and Operational support to eliminate the threat on various levels

5 Differentiators Focus is on currently active threats within the Enterprise The bad guy has already broken in… Identify who is behind the threat Geolocation Intention Capability and Funding

6 Tracking Human and Organizational Actors
Managed OPS Center Emergency Services Tracking Human and Organizational Actors Malware Intelligence Feed

7 Managed OPS Center Emergency Services Strategic
Long Term Monitoring Program Honeynet Deployment Tactical Short term deployment Assigned analyst or team

8 Specific Threat Tracking
Managed OPS Center Emergency Services Knock and Talk Tactical Specific Threat Tracking

9 Managed OPS Center Emergency Services Tactical Track and Trace

10 Geolocation & Intelligence
Walk the malware development chain Codename the Actors Penetrate their digital social network Geolocate both operators and developers Baybird Tiller Cedar Tiberwolf Springtime

11 Tracking Human and Organizational Actors
Strategic Long Term Monitoring Program Malware Attribution Baybird Tiller Cedar Tiberwolf Springtime

12 Clear and Present Threat Identification
Threat Advisory Ongoing Tracking Actionable Defense Security Consumables IDS and Firewall Rules DNS Blackholes Baybird Tiller Cedar Tiberwolf Springtime

13 AUTOMATED analysis pipeline
Digital DNA™ AUTOMATED analysis pipeline TOOLKIT Developers Malware Operators Actors, Toolkits, and Variants are all Linked

14 Link Analysis and Visualization
Real world relationships are linked using open source intelligence: Digital DNA™ Traces People, Groups, Social Networks Companies and Organizations Web sites ,Domains, and Net-blocks Phrases, Affiliations, Documents and Files * Software shown is Maltego, from Paterva

15 AUTOMATED analysis pipeline
Ops Path Mr. A Mr. B Mr. C Malware (tip of the spear) AUTOMATED analysis pipeline Digital DNA Determine the capabilities of the attack Geolocation and Intent Infection Map Determine the scope of the attack Antiforensics and Stealth Audio / Video bugging Keylogging File theft Smart Card Attacks Exploitation Leasing Botnet / Spam Financial Fraud Identity Theft Pump and Dump Targeted Threat & Documents Theft Intellectual Property Theft Deeper penetration Distribution systems Social Engineering / Spearfishing Internal network attacks

16 Exploitation Capability Analysis Capability
Core Impact with Private Development Extensions (product + custom dev) Intelligence Feed Relationships (IFR) 3rd party feed sources HBGary Exploitation Capability Arsenal (HECA) Feed Analytics with Digital DNA (Portal Management and Development) Rapid Response RE Geolocation and Implant (G&I, Crafted Documents, Custom Honeypots, HoneyNets) Maltego with Private Server (product + custom dev) Tracking Threats (HOTF) DDNA Feed Contact Local Authorities Threat Advisories Monthly Report

17 Product Output Rapid Response RE Tracking Threats (HOTF)
Rapid response would be around $450/hour w/ 48 hour turn around for a full malware analysis. Threat tracking is done by HBGary and posted as link on portal. Threat tracking is available for base subscription. Each threat that is tracked can be identified by a codename. Malware developers that can be identified are added to threat tracking. Currently active attack operations are added to threat tracking. DDNA feed contains DDNA encoded version of all known pertinent threat features, including attribution traits and traits that are associated with a currently tracked threat. DDNA Feed Contact Local Authorities Threat Advisories Monthly Report

18 Special Operations Honey Net Operations: Track and Trace
Infect a machine with booby-trapped files for the malware to steal When Files are opened they beacon out to the internet and identify their location All activity on this machine are traced and logged with a kernel mode debugger All network traffic is recorded

19 Product Output Rapid Response RE Tracking Threats (HOTF)
If enough evidence can be linked to a specific individual malware author or malware operator / group, HBGary will supply this to government authorities, ISP’s and other locals in the country of origin. Threat advisories are posted over an RSS feed and detail known active attacks. Mitigations such as IDS signatures, IP blacklists, and other actionable data are included. Monthly report is simply a summary of the previous months events with some trending analysis included. DDNA Feed Contact Local Authorities Threat Advisories Monthly Report

20 Work Flow – Example Client X
Client X is infiltrated by targeted malicious code Monitoring Operations commence while initial investigation starts HBGary starts initial intrusion investigation Damage Assessment is provided as deliverable RRMA is performed and Malware Analysis Factors Identified Drop points are located Communications Identified Geo-location

21 Work Flow – Example Client X cont.
Response Action Plan decided upon with Client X Offensive? Tactical Honeynet Operations Strategic Honeynet Operations Will Chumming be included to bait the adversary? Booby Trapped “intellectual Property” offerings

22 Deliverables Threat Intelligence Reports
Damage Analysis – Root Cause – What was stolen Funding sources of client X’s threat Geo Location of adversarial operations Motivations, Identify Teams, Partnerships, Black-market meeting centers

Download ppt "Global Services."

Similar presentations

LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network security policy: best practices

Network security policy: best practices
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Similar presentations

Ads by Google