O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Collaborated cyber defense in pandemic times

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Próximos SlideShares
Threat Hunting
Threat Hunting
Carregando em…3
×

Confira estes a seguir

1 de 16 Anúncio

Collaborated cyber defense in pandemic times

Baixar para ler offline

Key Discussion Points -
- How cyber security teams should collaborate in pandemics
- Your remote employees are now your 3rd parties.
- Quickly achieve security by asking a CISO you know
- How to ask a peer without revealing internal information
- What information is useful to share


About Speakers : Akshat Jain | CoFounder at Cyware Labs & Avkash Kathiriya | VP - Security Research and Innovation at Cyware Labs

Akshat Jain – CoFounder at Cyware Labs
A thought leader and a creative thinker, Akshat has immense expertise in bringing innovative technology solutions for tackling societal and enterprise problems. Akshat holds a Management degree from the most prestigious business school in India, IIM Lucknow, and a Master’s degree in Computer Science from the Central University of Hyderabad.
Before founding Cyware, Akshat served as the Director of Programs at Oracle and was key to facilitating cloud ventures for Oracle Enterprise Manager. His earlier role at Adobe Systems also shaped the company’s core products to grow to a substantial scale and helped secure several patents in core technology domains.

Avkash Kathiriya - VP - Security Research and Innovation at Cyware Labs
Information Security professional with overall 10+ years of experience in the defensive side of the Information Security domain. Currently working on security research in the domain of automated Incident Response using orchestration and Threat Intelligence framework for practical implementation. Also, associated with the Mumbai chapter of the Null community (Open security community).

Key Discussion Points -
- How cyber security teams should collaborate in pandemics
- Your remote employees are now your 3rd parties.
- Quickly achieve security by asking a CISO you know
- How to ask a peer without revealing internal information
- What information is useful to share


About Speakers : Akshat Jain | CoFounder at Cyware Labs & Avkash Kathiriya | VP - Security Research and Innovation at Cyware Labs

Akshat Jain – CoFounder at Cyware Labs
A thought leader and a creative thinker, Akshat has immense expertise in bringing innovative technology solutions for tackling societal and enterprise problems. Akshat holds a Management degree from the most prestigious business school in India, IIM Lucknow, and a Master’s degree in Computer Science from the Central University of Hyderabad.
Before founding Cyware, Akshat served as the Director of Programs at Oracle and was key to facilitating cloud ventures for Oracle Enterprise Manager. His earlier role at Adobe Systems also shaped the company’s core products to grow to a substantial scale and helped secure several patents in core technology domains.

Avkash Kathiriya - VP - Security Research and Innovation at Cyware Labs
Information Security professional with overall 10+ years of experience in the defensive side of the Information Security domain. Currently working on security research in the domain of automated Incident Response using orchestration and Threat Intelligence framework for practical implementation. Also, associated with the Mumbai chapter of the Null community (Open security community).

Anúncio
Anúncio

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Semelhante a Collaborated cyber defense in pandemic times (20)

Anúncio

Mais recentes (20)

Collaborated cyber defense in pandemic times

  1. 1. Collaborated Cyber Defense in Pandemic Times Akshat Jain CTO Avkash Kathiriya VP - Research and Innovation
  2. 2. What is Pandemic? Epidemic Pandemic ➔ Event in which a disease is actively spreading ➔ Often used to describe problem that has grown out of control ➔ Related to geographic spread ➔ Describes diseases that affects a whole country or the entire world Vs
  3. 3. Pandemic Vs Cyber Crisis Prevent Vaccine Preventive Controls - FW, IPS, AV Detect Test SIEM , Data Lake, UEBA, NBAD Respond Trace and Quarantine IR, SOAR, Playbook Predict Good Hygiene Practices Threat Intel, Information Sharing Pandemic Cyber Crisis
  4. 4. Cyber security risks due to current situation Covid-19 Themed Threats 10,0001,200 380,000 Mar-20Feb-20Jan-20 Source: ZScaler 30,000% Increasing in phishing,website and malware targeting remote users Isolated workforce ◆ Security awareness ◆ Security Framework not designed for “Work from Home” ◆ Potential delays in recognizing malicious attacks ◆ Higher rate of vulnerability exploitation Increased COVID-19-themed malicious activity ◆ Spearphishing attacks ◆ Ransomware attacks ◆ Business Email Compromise (BEC) attacks ◆ Malspam attacks ◆ Ransomware attacks ◆ Smishing A heightened dependency on digital infrastructure raises the cost of failure
  5. 5. Importance of information sharing in current situation a Knowledge Sharing Collaborative Defence Shared Expectation Open Trust Environment Participative Decision Making
  6. 6. Data Vs Information Vs Knowledge Observable Collection 3 Data in Context Abstraction 2 Applied Information Implication 1 Data Threat Intelligence Knowledge Information Data
  7. 7. Machine + Machine Threat Intelligence Types Tactical Attacker Tactics, Techniques, and Procedures (TTPs) Technical Indicators of Compromise (IOCs) Operational Details of Specific Attack Member Intel Sharing Strategic High Level Information on Changing Risk Macro • Real time Alerting • Finished Intel Reports • Threat Research Reports • Malware Advisories • Vulnerability Reports • Situational Awareness • Member Intel Sharing Micro • Tactics and Techniques • Indicator (IOC) Sharing • Exploit Alert Sharing • Threat Intel Enrichment • Exploitability Mapping • Kill Chain Mapping • ATT&CK Mapping Human + Machine
  8. 8. Threat Intelligence - Macro Vs Micro
  9. 9. x What is the Right “Human + Machine” Balance? Intel Ingestion Enrichment Collaboration Decision Making Fully Automated Semi Automated Manual Semi Automated Semi Automated Response
  10. 10. When to Use Threat Intelligence? Before an Attack During an Attack After an Attack ➔ Collect, enrich, and contextualize intel from diverse intel sources ➔ Action the curated intel before you become the victim of attack ➔Identify, document, analyze the attack indicators ➔Identify technical and tactical intel and deploy immediate actions ➔Enrich attack indicators with TI ➔Document the learnings - strategic, operational and tactical ➔Collaborate internally ➔Collaborate externally
  11. 11. Internal Collaboration - Fusion Centre Threat Intelligence Center SOC Analyst Incident Responder Threat Hunter Security Architect Risk Mgmt Vulnerability Mgmt Fraud Mgmt SOC Use Cases IR Investigatio n Hunt Hypothesis Vulnerability Triaging TTP Control Heatmap Fraud Analysis Risk Analysis
  12. 12. Internal Collaboration - Intel Cyber Ops Threat Intel Platform Incident Response Platform Threat Hunting Platform Vulnerability Scanner Event Monitoring Platform ITSM Platform Incident Response Platform Security Technologies Business Applications Threat Intel Enrichment Incident IOC Investigation Top Threats for Organization Known Vulnerability Vulnerability Intel Top Threats SOC Use Cases Incident Responder Hunt Hypothesis Threat Hunter Vulnerability Manager SOC Team Actions on Security Incidents Actions on Identified Threats Vulnerability Patching Suspicious Events TI Analyst
  13. 13. External Collaboration - Between Leaders Intel Sharing Strategic Intel Risk information
  14. 14. Security Tech Block IP Block IP Block IP Organisation Calculate Confidence Score Internal Enrichment Sources Hybrid Analysis VirusTotal TI Provider CERT TIP ISAC TIP Peer Org TIP Third Party TIP IP not blocked because IP blocking Policy not found Blocking Policy found but IP not blocked because rule set for IPs with CF>95 SIEM Malicious IP Reported Enrich Enrich Member Submission Blocking Policy found but IP not blocked because rule set for IPs with CF>90 External Collaboration - Between Organizations Enrich Enrich Security Tech Security Tech `
  15. 15. Takeaways Identify bottlenecks and where manual processes are slowing you down and apply automation where possible Contextualize intelligence with vulnerabilities, malware, actors, assets, and incidents across your network Engage in two-way threat intel sharing with ISACs, vendors, and partners 01 02 03
  16. 16. Thank You!Thank You!

×