Presentation is loading. Please wait.

Presentation is loading. Please wait.

PROACTIVE SNOOPING ANALYSIS

Published byJanel Jenkins Modified over 6 years ago

Similar presentations

Presentation on theme: "PROACTIVE SNOOPING ANALYSIS"— Presentation transcript:

1 PROACTIVE SNOOPING ANALYSIS
Abhishek G (Member Technical Staff) Deeksha Murthy (Senior QA Engineer) Aditya Kumar (Senior QA Engineer) First American India

2 Contents Abstract Introduction Problem Solution Conclusion References

3 Abstract Proactive Snooping Analysis
Hackers of the modern days are more smart and skilled than ever before One of the largest breaches of classified information was carried out by an insider Offensive Countermeasures can hunt these threats

4 Introduction According to the 2015 Statistics, the breakdown of the breached targets by type of entity is as follows: Businesses were the target of 40% of the security breaches (312 breaches) Medical and Healthcare entities made up 35.4% of data breach target (276 breaches) Government or military targets made up 8.1% of cybersecurity breaches (63 breaches) Why did this happen? Whom to blame for this? How did this happen ?

5 Problem Delta Detection
Detecting threats and adversaries on networks continues to be a problem for many organizations Alert fatigue: Alert fatigue is an enemy to detecting or hunting real, human adversaries on an organization’s systems Human Adversaries: At the other end of any bot, virus, or targeted attack there is a human Prioritization of Adversaries: what are we protecting and who are our adversaries? Are we prioritising it in right way?

6 Solution Threat Hunting
Proactively and iteratively searching through networks and datasets to detect threats that evade existing automated tools  Intelligence-Driven Situational-Awareness Driven Analytics-Driven Incident Response An essential component of Threat Hunting The bigger result is achievable with hunting and Incident Response working together and in hand with each other

7 Threat Hunting

8 Attribution Dynamic Defense technique which, when combined with Threat Hunting will minimize the effects of a targeted attack Web Bug Server The Web Bug Server is essentially a command and control (C2) server for the defender MoleHunt If the Threat Hunter has a suspicion that there are leaks happening or potentially happening, Mole Hunt helps to narrow the focus Molehunt takes the simple Web Bug concept to the next level By leveraging a list an insider hunt drive can easily be built by feeding the list to a Python script

9 Web Bug Server

10 MoleHunt

11 Bots and machines are not the advanced challengers but humans are..!
Conclusion Large scale data breaks have happened and will continue to happen unless the mindset of security practitioners change Bots and machines are not the advanced challengers but humans are..! Simply selecting through logs and alerts may be effective, but it does not lend to a proactive hunt of intrusions within or against an organization With Active Defence tools of Web Bug Server and Molehunt, the Hunter can go on the offense and proactively seek out insiders who might be leaking data, hopefully before any real data is leaked It is time to let the machines hunt the machines and humans hunt humans..!!

12 References & Appendix https://en.wikipedia.org https://www.sans.org

13 Any Questions..?

14 Thank You!!! First American India Abhishek G (Member Technical Staff)
Deeksha Murthy (Senior QA Engineer) Aditya Kumar (Senior QA Engineer) First American India

Download ppt "PROACTIVE SNOOPING ANALYSIS"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office.

Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office.
Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.

Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.
 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.

PAGE Intelligence Meets Vulnerability Management NYC ISSA January 24, 2013.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

Similar presentations

Ads by Google