Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2014 All Rights Reserved Mohit Rampal Shubika Soni MOBILE & WIRELESS THREATS AND BUILDING CAPACITY FOR SECURITY.

Published byMiles Atkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2014 All Rights Reserved Mohit Rampal Shubika Soni MOBILE & WIRELESS THREATS AND BUILDING CAPACITY FOR SECURITY."— Presentation transcript:

1 © 2014 All Rights Reserved 1 @codenomicon Mohit Rampal Shubika Soni MOBILE & WIRELESS THREATS AND BUILDING CAPACITY FOR SECURITY

2 © 2014 All Rights Reserved 2 Strength in visibility

3 © 2014 All Rights Reserved 3 Today’s world is filled with complexity New threats are waiting for cracks to appear See the cracks Know the threats Build a more resilient world LANDSCAPE TODAY

4 © 2014 All Rights Reserved 4 CYBER THREATS : MORE PROFESSIONAL & SOPHISTICATED Cyber Attacks: Internet-based incidents involving politically or financially motivated attacks on information and information systems. Zero-day Vulnerabilities, Or Unknown Vulnerabilities: Software flaws that make exploitation and other illegal activities towards information systems possible Proactive Cyber Defense: acting in anticipation to oppose an attack against computers and networks.

5 © 2014 All Rights Reserved 5 Top 10 risks in terms of Likelihood 1.Interstate conflict 2.Extreme weather events 3.Failure of national governance 4.State collapse or crisis 5.Unemployment or underemployment 6.Natural catastrophes 7.Failure of climate-change adaptation 8.Water crises 9.Data fraud or theft 10.Cyber attacks GLOBAL RISKS FOR 2015 Source: Global Risks Perception Survey 2014. 7 representing a risk most likely to occur

6 © 2014 All Rights Reserved 6 Top 10 risks in terms of Impact 1.Water crises 2.Spread of infectious diseases 3.Weapons of mass destruction 4.Interstate conflict 5.Energy price shock 6.Critical information infrastructure breakdown 7.Failure of climate-change adaptation 8.Fiscal crises 9.Unemployment or underemployment 10.Biodiversity loss and ecosystem collapse GLOBAL RISKS FOR 2015 Source: Global Risks Perception Survey 2014. 7 representing a risk most likely to occur

7 © 2014 All Rights Reserved 7 Large-scale cyber attacks : considered above average on both dimensions of impact and likelihood Reflects : growing sophistication of cyber attacks and the rise of hyperconnectivity In the United States alone, cybercrime already costs an estimated $100 billion each year IOT delivers technology with new risks TECHNOLOGICAL RISKS: BACK TO THE FUTURE Source: Global Risks Perception Survey 2014. 7 representing a risk most likely to occur

8 © 2014 All Rights Reserved 8 TECHNOLOGICAL RISKS: BACK TO THE FUTURE Attacks against infrastructure are targeting significant resources across the Internet Malicious actors are using trusted applications to exploit gaps in perimeter security Evidence of internal compromise in Organisations with suspicious traffic emanating from their networks and attempting to connect to questionable sites Trust with greater attack surfaces, sophistication of attacks and the complexity of threats and solutions Lack of threat intelligence with malicious actors using trusted applications to exploit gaps

9 © 2014 All Rights Reserved 9 RELOOK AT THREATS AND ATTACKS HEARTBLEED, SHELLSHOCK, POODLE Year 2014: …

10 © 2014 All Rights Reserved 10 RELOOK AT THREATS AND ATTACKS CYBER SUPPLY CHAIN MANAGEMENT AND TRANSPARENCY ACT OF 2014 TL;DR 1.HW/SW/FW sold to any Agency must come with Bill of Materials 2.Cannot use known vulnerable components 1.Must use less vulnerable version 2.(or need waiver) 3.Must design software so that it can be patched

11 © 2014 All Rights Reserved 11 CHALLENGES

12 © 2014 All Rights Reserved 12 SOME WIRELESS SECURITY CONCERNS Wireless (WiFi) BYOD (Device) Virtual WiFi Accidental associations Rogue APs RF congestion / interference (DoS) Mobile (Cellular) BYOD / BYOA (Application) Tethered devices connected to infra. Mobile Malware 3G/4G LTE offload to WiFi (interference / DoS) Bluetooth

13 © 2014 All Rights Reserved 13 MITIGATING THE RISKS Known Vulnerability Management which is Grey Box Testing Application testing for Associated 3 rd party library vulnerabilities which is testing integrated components for known vulnerabilities Unknown Vulnerability Management which is Black Box Testing Lastly, a process Requirement gathering=>Pre-Tender=>Tender=>Technical Qualify=>Purchase

14 © 2014 All Rights Reserved 14 THE KNOWN AND THE UNKNOWN Known Vulnerability Management Unknown Vulnerability Management (UVM) Total Vulnerability Management Total Vulnerability Management SAST Approach 1980- PC Lint, OSS, Coverity, Fortify, IBM, Microsoft... SAST Approach 1980- PC Lint, OSS, Coverity, Fortify, IBM, Microsoft... Whitebox testing DAST Approach 2000- Fuzzing: Codenomicon Defensics, Peach, Sulley DAST Approach 2000- Fuzzing: Codenomicon Defensics, Peach, Sulley Blackbox testing 1995-2000 Satan/Saint 1999- Nessus, ISS Reactive Proactive Bottom line: All systems have vulnerabilities. - Both complimentary categories needs to be covered. 2000- Qualys, HP, IBM, Symantec... 2013: Codenomicon AppCheck

15 © 2014 All Rights Reserved 15 ATTACK POINTS WiFi end points Network elements Unlicensed and unmanaged applications running on Desktop and Mobiles Device Firmware’s Lack of threat monitoring and threat intelligence

16 © 2014 All Rights Reserved 16 Process of: Detecting attack vectors Finding zero-day vulnerabilities Building defenses Performing patch verification Deployment in one big security push UNKNOWN VULNERABILITY MANAGEMENT (UVM)

17 © 2014 All Rights Reserved 17 UVM- WORKFLOW Execute tests Configure fuzzer and target Test interoperability Analyze resultsRemediate Repeat

18 © 2014 All Rights Reserved 18 FUZZ TEST EFFECTIVENESS AGAINST WIFI

19 © 2014 All Rights Reserved 19 MODEL BASED FUZZING TECHNIQUES Template Based Fuzzing Quality of tests is based on the used seed and modeling technique Very quick to develop, but slow to run Editing requires deep protocol know-how Good for testing around known vulnerabilities Specification Based Fuzzing Full test coverage Always repeatable Short test cycle, more optimized tests Easy to edit and add tests

20 © 2014 All Rights Reserved 20 Codenomicon Defensics is unsurpassed in finding unknown vulnerabilities. No other solution does more to quickly empower organizations to discover unknown vulnerabilities that put business performance and reputation at critical risk. World’s most powerful platform for stress testing Fast, reliable, efficient deployment Support for 270+ protocols—continuously updated Capable of finding subtle security flaws Run at pace of product development lifecycle and process Discovered Heartbleed PROACTIVE SECURITY TESTING - DEFENSICS Unknown Vulnerability Management (UVM)

21 © 2014 All Rights Reserved 21 Codenomicon is the industry leader in identifying the threat factors that weaken business trust First to report Heartbleed Global authorities with vast knowledge of known and unknown vulnerabilities Protect customer trust & confidence Trusted partner to Verizon, AT&T, Cisco, Alcatel-Lucent, the FDA, Homeland Security, and notable global governments and agencies Global advocate for improved software development and responsible network safeguarding WHO WE ARE

22 © 2014 All Rights Reserved 22 SAMPLE CUSTOMER LIST

23 © 2014 All Rights Reserved 23 Questions Email: Mohit@Codenomicon.com Shubika@Codenomicon.comMohit@Codenomicon.com Shubika@Codenomicon.com

Download ppt "© 2014 All Rights Reserved Mohit Rampal Shubika Soni MOBILE & WIRELESS THREATS AND BUILDING CAPACITY FOR SECURITY."

Similar presentations

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.

©2014 Bit9. All Rights Reserved The Evolution of Endpoint Security: Detecting and Responding to Malware Across the Kill Chain Chris Berninger, Sr. Solutions.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
Www.mobilevce.com © 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Top 7 Things to Know about Activation and Genuine Software with Windows 7 For computers with perpetual licensing obtained through Microsoft volume licensing.

Top 7 Things to Know about Activation and Genuine Software with Windows 7 For computers with perpetual licensing obtained through Microsoft volume licensing.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
[Name / Title] [Date] Effective Threat Protection Strategies.

[Name / Title] [Date] Effective Threat Protection Strategies.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
EEye Digital Security  1.866.339.3732   On the Frontline of the Threat Landscape: Simple configuration goes a long way.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.

Similar presentations

Ads by Google