DOCSLIB.ORG

Specialized Cyber Red Team Responsive Computer Network Operations

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

TALLINN UNIVERSITY OF TECHNOLOGY DOCTORAL THESIS 25/2019 Specialized Cyber Red Team Responsive Computer Network Operations BERNHARDS BLUMBERGS TALLINNUNIVERSITYOFTECHNOLOGY SchoolofInformationTechnologies DepartmentofSoftwareScience ThedissertationwasacceptedforthedefenceofthedegreeofDoctorofPhilosophy(cyber security)on2ndofApril,2019 Supervisor: Dr. Rain Ottis, Department of Software Science, School of Information Technologies, Tallinn University of Technology Tallinn, Estonia Co-supervisor: Dr. Risto Vaarandi Department of Software Science, School of Information Technologies, Tallinn University of Technology Tallinn, Estonia Opponents: Professor Dr. Hiroki Takakura, National Institute of Informatics, Tokyo, Japan Fregattenkapitän PD Dr. Dr. habil. Robert Koch, Bundeswehr University of Munich, Munich, Germany Defence of the thesis: 27th of May, 2019, Tallinn Declaration: Hereby I declare that this doctoral thesis, my original investigation and achievement, submitted for the doctoral degree at Tallinn University of Technology, has not been submittedforanyacademicdegreeelsewhere. Bernhards Blumbergs signature Copyright: Bernhards Blumbergs, 2019 ISSN 2585-6898 (publication) ISBN 978-9949-83-413-6 (publication) ISSN 2585-6901 (PDF) ISBN 978-9949-83-414-3 (PDF) TALLINNA TEHNIKAÜLIKOOL DOKTORITÖÖ 25/2019 Vastutegevusele orienteeritud punase meeskonna küberoperatsioonid BERNHARDS BLUMBERGS Contents LIST OF PUBLICATIONS 7 AUTHOR’S CONTRIBUTIONS TO THE PUBLICATIONS 8 LIST OF ACRONYMS 10 LIST OF FIGURES 11 LIST OF TABLES 12 1 INTRODUCTION 15 1.1 Problem Statement ............................. 16 1.2 Research Questions ............................. 18 1.3 Contribution ................................. 20 1.4 Thesis Structure ............................... 21 2 BACKGROUND AND RELATED WORK 22 2.1 Responsive Cyber Defence and Initial Attribution ............. 22 2.2 Computer Network Operations ....................... 25 2.3 Cyber Red Teaming ............................. 26 2.4 Cyber Attack Kill Chain ........................... 27 2.5 Cyber Red Team Technical Exercises .................... 29 2.6 Identified Gaps ............................... 30 3 DEFINING SPECIALIZED CYBER RED TEAM RESPONSIVE OPERATIONS 32 3.1 Responsive Cyber Defence Requirements ................. 32 3.2 Computer Network Operation Requirements ............... 35 3.3 Cyber Red Teaming Requirements ..................... 37 4 SPECIALIZED CYBER RED TEAM RESPONSIVE OPERATIONS 40 4.1 Operational Requirements ......................... 40 4.2 Techniques, Tools, Tactics and Procedures . ............... 41 4.2.1 Gaining Initial Access ........................ 42 4.2.2 Establishing Command and Control Channel ............ 45 4.2.3 Delivering the Impact ........................ 48 4.2.4 Countering the Cyber Attack Kill Chain ............... 50 4.3 Chapter Conclusions ............................ 53 5 ADVERSARY DETECTION AND RED TEAM ASSET PROTECTION 55 5.1 System Log File-Based Anomaly Detection . ................ 56 5.2 Cyber Deception-Based Detection ..................... 58 5.3 Cyber Red Team Operational Infrastructure Protection Considerations . 60 5.4 Chapter Conclusions ............................ 64 6 CYBER RED TEAM TRAINING 65 6.1 Cyber Red Team Exercise Design . ................... 65 6.2 Exercise Training and Mission Objectives . ................. 66 6.3 Cyber Red Team Structure and Chain-of-Command . .......... 68 6.4 Technical Environment, Exercise scenario and Legal Considerations .... 73 5 6.5 Training Assessment and Real-time Feedback ............... 78 6.6 Chapter Conclusions ............................ 80 7 CONCLUSIONS AND FUTURE WORK 81 7.1 Summary and conclusions ......................... 81 7.2 Answering the research questions ..................... 82 7.3 Future Work ................................. 85 REFERENCES 86 ACKNOWLEDGEMENTS 93 ABSTRACT 94 KOKKUVÕTE 96 Appendix 1 – Publication I 99 Appendix 2 – Publication II 117 Appendix 3 – Publication III 125 Appendix 4 – Publication IV 139 Appendix 5 – Publication V 147 Appendix 6 – Publication VI 155 Appendix 7 – Publication VII 165 Appendix 8 – Publication IX 173 Appendix 9 – Publication X 185 Appendix 10 – “Crossed Swords” Exercise Feedback Survey Results 197 Curriculum Vitae 210 Elulookirjeldus 214 6 LIST OF PUBLICATIONS The thesis is based on the following publications: Publication I: B. Blumbergs, M. Pihelgas, M. Kont, O. Maennel, and R. Vaarandi. Creat- ing and Detecting IPv6 Transition Mechanism-Based Information Exfiltration Covert Channels. In B. B. Brumley and J. Röning, editors, Secure IT Systems: 21st Nordic Con- ference, NordSec 2016, pages 85–100, Oulu, Finland, November 2016. Springer Inter- national Publishing Publication II: B. Blumbergs and R. Vaarandi. Bbuzz: A Bit-aware Fuzzing Framework for Network Protocol Systematic Reverse Engineering and Analysis. In Milcom 2017 Track 3 - Cyber Security and Trusted Computing, pages 707–712, Baltimore, USA, November 2017. IEEE Publication III: B. Blumbergs. Remote Exploit Development for Cyber Red Team Computer Network Operations Targeting Industrial Control Systems. In 5th International Confer- ence on Information Systems Security and Privacy, ICISSP 2019, pages 88–99, Prague, Czech Republic, February 2019. SCITEPRESS Publication IV: R. Vaarandi, B. Blumbergs, and E. Çalışkan. Simple event correlator - Best practices for creating scalable configurations. In 2015 IEEE International Multi- DisciplinaryConferenceonCognitiveMethodsinSituationAwarenessandDecision Support,pages96–100,Orlando,USA,March2015.IEEE Publication V: R. Vaarandi, B. Blumbergs, and M. Kont. An Unsupervised Framework for Detecting Anomalous Messages from Syslog Log Files. In IEEE/IFIP Network Opera- tions and Management Symposium, pages 1–6, Taipei, Taiwan, April 2018. IEEE Publication VI: A. Fárar, H. Bahsi, and B. Blumbergs. A Case Study About the Use and Eval- uation of Cyber Deceptive Methods Against Highly Targeted Attacks. In Proceedings of Cyber Incident 2017, pages 1–7, London, UK, June 2017. IEEE Publication VII: M. Kont, M. Pihelgas, K. Maennel, B. Blumbergs, and T. Lepik. Franken- stack: Toward Real-time Red Team Feedback. In Milcom 2017 Track 3 - Cyber Security andTrustedComputing,pages400–405,Baltimore,USA,November2017.IEEE PublicationVIII:M.Schmitt,L.Vihul,D.Akande,G.Brown,P.Ducheine,T.Gill, )ĺ ;in|schel von Heinegg, G. Hernandez, D. Housen-Couriel, Z. Huang, E. Talbot Jensen,K.Kittichaisaree,A.Kozik,C.Kreiss,T.McCormak,K.Nakatani,G.Rona,P. Spector,S.Watts,andB.Blumbergs. TallinnManual2.0ontheInternationalLaw ApplicabletoCyberOperations. CambridgeUniversityPress,Cambridge,UK,2017 (Thispublicationhasnotbeenincludedintheappendicesofthisthesisduetothe publishinghousecopyrightrestrictions.) Publication IX: D. Mucci and B. Blumbergs. TED: A Container Based Tool to Perform Secu- rity Risk Assessment for ELF Binaries. In 5th International Conference on Information Systems Security and Privacy, ICISSP 2019, pages 361–369, Prague, Czech Republic, February 2019. SCITEPRESS Publication X: B. Blumbergs, R. Ottis, and R. Vaarandi. Crossed Swords: A Cyber Red Team Oriented Technical Exercise. In 18th European Conference on Cyber Warfare and Se- curity, ECCWS 2019, Coimbra, Portugal, July 2019. ACPI. (Accepted paper) 7 AUTHOR’S CONTRIBUTIONS TO THE PUBLICATIONS Contributions to the publications in this thesis are: I In Publication I, as the main and leading author of this publication, the author pro- posed a problem that IPv6 based transition mechanisms can be abused for unde- tectable covert channel establishment. The author developed, described and proto- typed the IPv6 transition mechanism-based covert channels, created and published the nc64 and tun64 tools. The author designed the test network, implemented com- mon covert channel mechanisms for comparison, and provided the guidelines and requirements to the evasion detection team. Additionally, the author successfully applied the developed nc64 and tun64 tools in practice within the NATO CCD CoE executed cyber defence exercise “Locked Shields”. II In Publication II, as the main and leading author of this publication, the author identi- fied the problem of analysing and attacking the binary network protocols. The author developed, described and prototyped the bit-aware fuzzing framework Bbuzz for bi- nary network protocol reverse-engineering, which requires the minimum effort from the human expert to start the network protocol reverse-engineering or vulnerabil- ity identification. The author addressed the problem by introducing one bit as the smallest unit for fuzzing test-case creation, implemented automated network proto- col sample analysis and test-case creation. Additionally, the author used the devel- oped methodology and prototyped Bbuzz tool to successfully reverse engineer the NATO Link-1 binary protocol to inject fake aeroplane tracks on the radar screen. III In Publication III, as the main and the only author for this publication, the author dis- covered vulnerabilities in major industrial Ethernet protocols (PROFINET IO, IEC-104) and devices (Martem GW6e-TELEM). The author performs and describes the reverse- engineering of the industrial control system network protocols, discloses technical details on identified vulnerabilities, addresses their mitigation by reporting to the vendor and the security community, and proposes the methods for critical infor- mation infrastructure protection. Additionally, the author implemented the found vulnerabilities and designed the attacks into the NATO CCD CoE technical exercises “Locked
Recommended publications
  • A Roadmap for Cybersecurity Research

    A Roadmap for Cybersecurity Research

    A Roadmap for Cybersecurity Research November 2009 Contents Executive Summary ................................................................................................................................................iii Introduction ..............................................................................................................................................................v Acknowledgements .................................................................................................................................................ix Current Hard Problems in INFOSEC Research 1. Scalable Trustworthy Systems ...................................................................................................................1 2. Enterprise-Level Metrics (ELMs) ..........................................................................................................13 3. System Evaluation Life Cycle ...................................................................................................................22 4. Combatting Insider Threats ....................................................................................................................29 5. Combatting Malware and Botnets ..........................................................................................................38 6. Global-Scale Identity Management ........................................................................................................50 7. Survivability of Time-Critical Systems ..................................................................................................57
  • Recent Developments in Cybersecurity Melanie J

    Recent Developments in Cybersecurity Melanie J

    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
  • KPMG Report A4

    KPMG Report A4

    + = TAKING SECURITY TESTING TO THE NEXT LEVEL 5 MAY 2014 STAN HEGT HAVE YOU EVER ENCOUNTERED AN ADVERSARY THAT RAN NESSUS FROM A MEETING ROOM? PENETRATION TESTING vs RED TEAMING Penetration Testing Red Teaming Gain oversight of vulnerabilities Goal Test resilience against real attacks Predefined subset Scope Realistic access paths Focus on preventive controls Tested controls Focus on detection and response Focus on efficiency Test method Focus on realistic simulation Mapping, scanning, exploiting Test techniques Attacker TTPs Very limited Post-exploitation Extensive focus on crown jewels Part of development lifecycle Positioning Periodical exercise RED TEAMING – THE APPROACH The Red Team . Uses the same Tactics, Techniques and Procedures (TTPs) as real adversaries . Red team members must be on top of threat intelligence . Team members must have operational versatility The Blue Team . Is not only the security team (but also users, IT, management) . Does not know if an incident is real or triggered by a red team . Measure improvement: mean time to detect (MTTD) and mean time to recovery (MTTR) THE APPROACH – CYBER KILL CHAIN METHODOLOGY Transmission of the Select targets and attack via physical, Install “malware” to Complete actions and determine attack email, web, or social gain remote control achieve the red flags methods engineering Before the Hack T-1 T0 After the Hack T+1 Recon Weaponize Deliver Exploit Install Control Execute Establish command & Develop the attack Successful penetration control throughout the methods – access gained network Developed by Lockheed Martin, Intelligence-Driven Computer Network Defense THE ASSUME COMPROMISE MODEL Recon Weaponize Deliver Exploit Install Control Execute Focus on last steps in Kill Chain .
  • Mobile Financial Fraud April 2013

    Mobile Financial Fraud April 2013

    White Paper: Mobile Financial Fraud April 2013 Mobile Threats and the Underground Marketplace Principal Investigator and Corresponding Author Jart Armin Contributing Researchers Andrey Komarov, Mila Parkour, Raoul Chiesa, Bryn Thompson, Will Rogofsky Panel & Review Dr. Ray Genoe (UCD), Robert McArdle (Trend Micro), Dave Piscitello (ICANN), Foy Shiver (APWG), Edgardo Montes de Oca (Montimage), Peter Cassidy (APWG) APWG Mobile Fraud web site http://ecrimeresearch.org/wirelessdevice/Fraud/ Table of Contents Abstract ..................................................................................................................................... 2 Introduction and Starting Position ........................................................................................ 2 A Global Overview .................................................................................................................. 3 Vulnerabilities Overview ....................................................................................................... 3 The Underground Mobile Market ....................................................................................... 13 Mobile DNS & Traffic ........................................................................................................... 15 iBots & the Pocket Botnet ..................................................................................................... 18 Mobile Intrusion ...................................................................................................................
  • Download Slides

    Download Slides

    THE UNBEARABLE LIGHTNESS OF APTing WHO ARE WE? Ron Davidson Head of Threat Intelligence and Research Check Point Software Technologies Yaniv Balmas Security Researcher Check Point Software Technologies APT Advanced Persistent Threat APT “An APT is a network attack in which an unauthorized person gains access to a Advanced network and stays there undetected for a long period of time.“ Threat APT “An APT is a network attack in which an unauthorized person gains access to a Advanced network and stays there undetected for a long period of time.“ “APT is a set of stealthy and continuous computer hacking processes … APT usually targets organizations and/or nations for business or political motives.” APT “An APT is a network attack in which an unauthorized person gains access to a ? network and stays there undetected for a long period of time.“ “APT is a set of stealthy and continuous computer hacking processes … APT usually targets organizations and/or nations for business or political motives.” APT HISTORY Cosmic Duke Dragonfly Carbanak Equation Energetic Bear Duqu2 Regin Havex Babar 2015 Casper PlugX 79 Madi Flame 2014 Shamoon 107 Subpab Wiper 2013 Gauss 54 APT1 Red October 2012 Aurora 24 Machete 2011 Stuxnet 13 Duqu 2010 12 RSA Hack github.com/kbandla/APTnotes WHAT’S COMMON? At t ribution @AttributionDice WHAT’S IN COMMON? France 11% Iran 9% China Israel 44% 5% Russia 23% USA 9% @AttributionDice WHEN IN DOUBT… It’s probably China! WITH GREAT POWER COME GREAT APTS VOLATILE CEDAR • A targeted campaign • Has been active since late 2012 • Operation
  • Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism

    Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism

    Journal of Strategic Security Volume 6 Number 5 Volume 6, No. 3, Fall 2013 Supplement: Ninth Annual IAFIE Article 3 Conference: Expanding the Frontiers of Intelligence Education Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins The University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 1-9 Recommended Citation Adkins, Gary. "Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism." Journal of Strategic Security 6, no. 3 Suppl. (2013): 1-9. This Papers is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism This papers is available in Journal of Strategic Security: https://scholarcommons.usf.edu/jss/vol6/iss5/ 3 Adkins: Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Red Teaming the Red Team: Utilizing Cyber Espionage to Combat Terrorism Gary Adkins Introduction The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has become a great asset to both businesses and private citizens. However, there is a dark side to the age we live in as it allows terrorist groups to communicate, plan, fund, recruit, and spread their message to the world. Given the relative anonymity the Internet provides, many law enforcement and security agencies investigations are hindered in not only locating would be terrorists but also in disrupting their operations.
  • Inside a Hacker's Mind

    Inside a Hacker's Mind

    1 © MazeBolt Technologies. All Rights Reserved. 2 Table of Contents Introduction 3 The Evolving Hacker Community 4 What motivates Hackers 4 Modus Operandi of DDoS Hackers 5 Best Practices to Mitigate DDoS Attacks: 8 Summary: Beating Hackers at their Own Game 8 References 9 Table of Figures Figure 1 – Anonymous Hackers Mask _______________________________________________________________ 3 Figure 2 - A Tweet by the Anonymous Group ________________________________________________________ 4 Figure 3 - Another Tweet by Anonymous ____________________________________________________________ 5 Index of Tables Table 1 - Cost of DDoS Services on the Dark Net ________________________________________________________________ 6 © MazeBolt Technologies. All Rights Reserved. 3 Introduction It was in 1974 that the first DDoS attack was launched when David Dennis—a 13-year-old learned about a new command that could be run on CERL’s PLATO terminals. Called “external” or “ext,” the command could cause the terminal to lock up—requiring a shutdown and power- on to regain functionality. He tested his knowledge which forced several users to power off simultaneously. In the 45 years since its inception, this form of attack has gained the status of the most persistent and damaging of all cyber-attacks. The next milestone in DDoS attacks occurred in August 1999, when a hacker used a tool called `Trinoo’ or `Trin00’, to disable the University of Minnesota’s computer network for more than two days. Trinoo is one of the first publicly available DDoS programs and a ground-setter for other widely available DDoS tools that would emerge in the future. Using a compromised host, the attacker executes automated processes to make a list of vulnerable machines.
  • Comptia® Security+ SY0-601 Cert Guide

    Comptia® Security+ SY0-601 Cert Guide

    CompTIA® Security+ SY0-601 Cert Guide Omar Santos Ron Taylor Joseph Mlodzianowski A01_Santos_Fm_pi-plii_1.indd 1 01/06/21 2:49 pm CompTIA® Security+ SY0-601 Cert Guide Editor-in-Chief Copyright © 2022 by Pearson Education, Inc. Mark Taub All rights reserved. No part of this book shall be reproduced, stored in Product Line Manager a retrieval system, or transmitted by any means, electronic, mechanical, Brett Bartow photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the Executive Editor information contained herein. Although every precaution has been taken in Nancy Davis the preparation of this book, the publisher and author assume no respon- Development Editor sibility for errors or omissions. Nor is any liability assumed for damages Christopher A. Cleveland resulting from the use of the information contained herein. ISBN-13: 978-0-13-677031-2 Managing Editor ISBN-10: 0-13-677031-2 Sandra Schroeder Library of Congress Control Number: 2021935686 Senior Project Editor ScoutAutomatedPrintCode Tonya Simpson Copy Editor Trademarks Chuck Hutchinson All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Pearson IT Certification Indexer cannot attest to the accuracy of this information. Use of a term in this book Erika Millen should not be regarded as affecting the validity of any trademark or service mark. Proofreader Abigail Manheim Warning and Disclaimer Technical Editor Every effort has been made to make this book as complete and as accurate Chris Crayton as possible, but no warranty or fitness is implied.
  • Predicting the Spread of Malware Outbreaks Using

    Predicting the Spread of Malware Outbreaks Using

    ISSN: 1803-3814 (Printed), 2571-3701 (Online) https://doi.org/10.13164/mendel.2019.1.157 PREDICTING THE SPREAD OF MALWARE OUTBREAKS USING AUTOENCODER BASED NEURAL NETWORK Bhardwaj Gopika , Yadav Rashi Department of Information Technology, Indira Gandhi Delhi Technical University for Women, India [email protected] Abstract Malware Outbreaks are pervasive in today's digital world. However, there is a lack of awareness on part of general public on how to safeguard against such attacks and a need for increased cooperation between various national and international research as well as governmental organizations to combat the threat. On the positive side, cyber security websites, blogs and newsletters post articles outlining the working and spread of a malware outbreak and steps to recover from the same as well. In this project, an effective approach to predicting the spread of malware outbreaks is presented. The scope of the project is 15 Malware Outbreaks and the approach involves collecting these cyber aware articles from the web, assigning them to the 15 Malware Outbreaks using Topic Modeling and Similarity Analysis and along with Spread information of the Malware Outbreaks, this is input to auto encoder neural network for learning latent space representations which are further used to predict the spread of malware outbreak as either high or low spread outbreak, achieving a prediction accuracy of 75.56. This work can be used to process large amount of cyber aware content for effective and accurate prediction in the era of much-needed cyber security. Received: 14 April 2019 Keywords: malware outbreaks, topic modeling, similarity analysis, auto encoders, Accepted: 31 May 2019 prediction.
  • WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks

    WORLD WAR C : Understanding Nation-State Motives Behind Today’S Advanced Cyber Attacks

    REPORT WORLD WAR C : Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks Authors: Kenneth Geers, Darien Kindlund, Ned Moran, Rob Rachwald SECURITY REIMAGINED World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks CONTENTS Executive Summary ............................................................................................................................................................................................................................................................................................................... 3 Introduction ............................................................................................................................................................................................................................................................................................................................................... 4 A Word of Warning ................................................................................................................................................................................................................................................................................................................. 5 The FireEye Perspective ...........................................................................................................................................................................................................................................................................................
  • Connected, More at Risk Addressing Cybersecurity Concerns for Tribal Organizations

    Connected, More at Risk Addressing Cybersecurity Concerns for Tribal Organizations

    1/7/2019 More Connected, More at Risk Addressing Cybersecurity Concerns for Tribal Organizations January 10, 2019 To Receive CPE Credit › Individuals • Participate in entire webinar • Answer polls when they are provided › Groups • Group leader is the person who registered & logged on to the webinar • Answer polls when they are provided • Complete group attendance form • Group leader sign bottom of form • Submit group attendance form to [email protected] within 24 hours of webinar › If all eligibility requirements are met, each participant will be emailed their CPE certificate within 15 business days of webinar 1 1/7/2019 Presenter Rex Johnson Director [email protected] Introductions Rex Johnson, CISSP®, CISA®, CIPT, PMP®, PCIP™ Director Health Care, Financial Services, Not-for-Profit, Government, Education, Telecommunications & Manufacturing Industries 2 1/7/2019 Breaches Are Continuing … Reported Breaches by Year 1579 2017 totals: • 1,579 breaches total 1600 • 178,955,069 records exposed 1400 1091 1200 2018 update through Dec. 5, 2018: • 1,138 breaches 1000 783 780 614 • 561,782,485 records 800 471 421 600 400 200 0 2011 2012 2013 2014 2015 2016 2017 Source: ID Theft Center https://www.idtheftcenter.org 2018 – Data Breach Category Y-T-D Summary (12/5/2018) Incident vs. Breaches Incident Breach › Security event that › Incident that results in compromises integrity, the confirmed confidentiality or disclosure—not just availability of an potential exposure—of information asset data to an unauthorized party Source: Verizon 2018 Data Breach Investigations Report 3 1/7/2019 Breaches Are Costing More & More Average cost per Likelihood of a Average total cost Companies that lost or stolen recurring breach of a data breach record within two years contained a breach in $3.86 million $148 27.9% less than 30 days saved more than $1 Up from $3.62 million 2017 was $141 27.7% last year million vs.
  • Industrial Cyber Security in a Converging IT/OT World

    Industrial Cyber Security in a Converging IT/OT World

    © 2019 SPLUNK INC. Industrial Cyber Security In A Converging IT/OT World Michael Rothschild Sr Director, Product Marketing | Indegy © 2019 SPLUNK INC. During the course of this presentation, we may make forward‐looking statements Forward- regarding future events or plans of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us Looking and that actual events or results may differ materially. The forward-looking statements made in the this presentation are being made as of the time and date of its live Statements presentation. If reviewed after its live presentation, it may not contain current or accurate information. We do not assume any obligation to update any forward‐looking statements made herein. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only, and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionalities described or to include any such feature or functionality in a future release. Splunk, Splunk>, Turn Data Into Doing, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. © 2019 SPLUNK INC. Critical Infrastructure Is More Than You Think Waste Water Chemical and Nuclear Discrete Building Aerospace Treatment Petrochemical Plants Manufacturing Automation Industry Power and Pharma Water & Food Oil and Gas Electric Transportation Utilities Beverages © 2019 SPLUNK INC.