Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
&
Current Threat
Bobby M Varghese
Landscape
Vice President
Enterprise Security
Services
12th Sep 2014
CSS Corp | Confidential| CSS Corp | Confidential |
www.csscorp.com
www.csscorp.com
Market Snapshot
Threat Intelligence
14% YoY increase in vulnerabilities and threats
Spam volume down in 2013, but proportion of maliciously
intended spam remained constant
Boston Marathon bombing-related SPAM represented 40% of
World wide spam on April 17, 2013
Mobile Attacks
Emerging and logical area of exploration for malware
developers
Increased attempt to monetize
Android compromises
Adware, SMB-related spyware
Firewall
IDS/IPS
Attacker
Cross Site
Scripting
Web Server
Known
Vulnerabilities
DoS
Antispoofing
Applications
Databases
Privileged users
(DBAs, developers)
Parameter
Tampering
Mobile
Port
Scanning
PatternCookie
based Attack Poisoning
Users
SQL
Injection
Hackers break in
using credentials
from PA HVAC
contractor
et
DOJ Contacts RT
to inform them of the
breach
Targe
wit
ts
RT retains
investigators
RT notifies payment
processors and card
brands begins malware removal
Public breach
notification
10
SOC Requirement
Compliance factors
Reduce the impact of an incident
Real Time Threat Monitoring
Proactive reaction
External Threats
Internal Threats
User Activity
Data Activity
Provide evidence in investigations
CSS Corp | Confidential |
www.csscorp.com
11
12
Security
Operations
Center
Blacklisted
IPs
Threat
Intelligence
SIEM
Visual Analytics
CSS Corp | Confidential |
www.csscorp.com
13
Attack Detection
Observed Botnet event
activity
Analyzed the impact
Detectio
n
Analyze and
Create Incident
Ticket
Containment
and Eradication
14
15
Best Practises
16
Device
Management
Services
Vulnerability
Management
Services
Firewall
Vulnerability
/IDS/IPS / WAF
Assessment
Management
Penetration
Authentication
Testing
Server
Web Application
Management
Security
End-Points
Assessment
Management
Secure
Implementation
Configuration
Services
Management
Anti Virus and
Patch
malware
Management
management
service
Security
Operations Center
Mobile
Security
Services
BYOD Policy
Creation
Mobile Devices
(Security)
Management
Mobile Security
Testing
17
SOC Architecture
18
Vulnerability Management
VM services covers four activities - Vulnerability Assessment of IT
assets, validation of identified vulnerabilities, Providing
Recommendations and Reporting
Provides an independent baseline and validation of the organizations
security posture.
Risk analysis and develop remediation plans that are tailored to
unique business requirements and security needs
19
Thank You
CSS Corp
The information contained herein is subject to change
without notice. All other trademarks mentioned herein
are the property of their respective owners.
20
Network
Operations
Security
Operations
Network Behavior
Anomaly
Intrusion Detection
Network device
configuration
Sniffing Troubleshooting
Network Forensics
21
Firewall
logs
Web server
logs
Source
Vendor/Applica
tion
Server syslog
Windows, Linux
Web proxies
Websense
Antivirus
Spam filter
Mcaffe epo
Blue Coat
Cisco ASA,
Checkpoint,
Juniper
Network
firewall
Web
Application
Firewall
Trustwave,
Imperva
Web servers
Apache, IIS
Events
Authentication/authorization
Services starting/stopping
Config changes
Audit events
Web malware downloads,
Command Control check-ins
Malicious activity, Malicious URLs,
malicious attachments
Accepted/denied connections
22
23
24