Date post: | 18-Nov-2014 |
Category: |
Technology |
Upload: | richard-stiennon |
View: | 910 times |
Download: | 1 times |
IT-Harvest Confidential
New threats call for new responses
Richard StiennonChief Research AnalystIT-Harvest
Blog: ThreatChaos.com twitter.com/stiennon
IT-Harvest Confidential
Highly targeted sophisticated attacks• Custom domains/websites• Social network vectors• Custom Trojans• Persistence• Insiders
IT-Harvest Confidential
APT
Adversaries: Competitors, criminals, spies
Pernicious: Devious use of digital trade craft
Targets: source codes, data, SIGINT, personnel,
IT-Harvest Confidential
Ghostnet
• Office of the Dalai Lama infiltrated through malware installed on computers
• Email servers completely owned• Emails modified in transit• Email read and acted on• Over 1,200 infected computers
globally
IT-Harvest Confidential
Sound familiar?
• Pentagon 2007• Rio Tinto 2009• Google Aurora 2010• Stuxnet
IT-Harvest Confidential
Introducing the cyber intelligence team
Cyber Commander
Analysts Operations Red Team
IT-Harvest Confidential
Cyber Commander Assigns and directs roles Makes sure the correct tools and defenses
are deployed Puts in place controls and audit processes Reports to upper management on the
results of those processes and audits Primary point of contact for
communicating to law enforcement and intelligence agencies
IT-Harvest Confidential
Analysts
Cyber defense analysts are the intelligence gatherers. They study the threatscape with an eye towards emerging threats to the organization.
Understanding the state of the art in attack methodologies. Getting to know potential attackers and monitoring their activity.Monitoring known attack sources, Communicating the threat level to the rest of the cyber defense
team. Assisting in evaluating technology for internal deployment.
IT-Harvest Confidential
Operations
Selecting and deploying tools– FireEye, Trend, Netwitness,
Dumbala, Guidance Software
Discovering internal infections
Monitoring insider behavior
IT-Harvest Confidential
Red Team
Attack and penetration
Internal audit
IT-Harvest Confidential
The attackers have changed their tools, targets, and goals.
The defenders must change too.
IT-Harvest Confidential
Blog: www.threatchaos.com
email: [email protected]
Twitter: twitter.com/cyberwar