ciso s guide to shutting down attacks using the dark web
play

CISOs Guide To Shutting Down Attacks Using The Dark Web Agenda The - PowerPoint PPT Presentation

Nov 12, 2022 •373 likes •800 views

CISOs Guide To Shutting Down Attacks Using The Dark Web Agenda The Dark Web: Whats At Stake Gain Visibility, Take Control Leveraging Splunk & Phantom Key Recommendations Agenda The Dark Web: Whats At Stake Gain

  1. CISO’s Guide To Shutting Down Attacks Using The Dark Web

  2. Agenda – The Dark Web: What’s At Stake – Gain Visibility, Take Control – Leveraging Splunk & Phantom – Key Recommendations

  3. Agenda – The Dark Web: What’s At Stake Gain Visibility, Take Control – Leveraging Splunk & Phantom – Key Recommendations –

  4. What Do We Know About The Dark Web?

  5. The Clear, Deep, and Dark Web Clear Web – Search engines – Media, blogs, etc. Deep Web – Unindexed by search engines – Webmail, online banking, corporate intranets, walled gardens, etc. Dark Web – Anonymous, closed sources, Telegram groups, invite-only (sometimes) – Tor, P2P, hacker forums, criminal marketplaces, C2s, etc.

  6. How Tor Works Black market + + + 2 4 1 + Cyber- crime 3 forum User’s TOR client picks a random path to destination server. RED links are encrypted BLUE links are in the clear.

  7. Tor Usage Statistics Source: The Tor project – https://metrics.torproject.org/

  8. Tor Usage Statistics Source: The Tor project – https://metrics.torproject.org/

  9. Tor Usage Statistics

  10. The User Experience Can Match Legitimate Sites

  11. Even Farmers Turn To The Dark Web

  12. Threats are mounting 278% Products for sale on black markets 297% Phishing websites 171% Compromised employee credentials 149% Stolen credit cards for sale on dark web

  13. Agenda The Dark Web: What’s At Stake – – Gain Visibility, Take Control Leveraging Splunk & Phantom – Key Recommendations –

  14. Our attack surface keeps growing IT

  15. Our attack surface keeps growing Shadow IT

  16. Our attack surface keeps growing Mobile Shadow IT

  17. Our attack surface keeps growing Social Mobile Shadow IT

  18. Our attack surface keeps growing Web Social Mobile Shadow IT

  19. Our attack surface keeps growing IoT, ?? Web Social Mobile Shadow IT

  20. Our attack surface keeps growing 3 rd parties 3 rd parties IoT, ?? Web Social Mobile Shadow IT

  21. Our attack surface keeps growing 4 th parties 4 th parties 3 rd parties 3 rd parties IoT, ?? Web Social Mobile Shadow IT

  22. Lack Of Visibility , Lack Of Control

  23. Reduce The “Mean -time-to- Remediate” Unprepared Risk impact Risk Responsive threshold Preventive Potential Emerging Crisis Recovery Event stage

  24. Turning External Data Into External “Intelligence” Intelligence How does it impact my organization? Analysis Information What are the trends and how does it connect? Processing & Organization Data What activity is taking place?

  25. What you’ll uncover: Compromised Credentials Employee credentials Customer logins Bank accounts

  26. What you’ll uncover: Stolen credit & gift cards

  27. What You’ll Uncover: Insider Threats

  28. What External Exposures Are Threats To You? 1) Data leakage: strategic IP, 6) Compromised credentials, customer & employee data, etc. account takeover 2) Malware-as-a-service, software 7) Phishing attacks and domain exploits, phishing kits squatting 3) Stolen and counterfeit products, 8) Insider threats – hiring and gift cards, credit cards coordination 4) Brand attacks: rogue apps, social 9) Third-party and IT vendor risk media weaponization 5) Doxxing and digital extortion, Exec/VIP targeting

  29. Bullet text here – Second level o Third level • Fourth level  Fifth level

  30. Tailor threat intelligence to your business .

  31. Tailor Your Threat Intelligence In Three Phases Analysis Collection Response IOC blocking Social media Algorithms CLEAR App stores Account resets Human Machine DIGITAL analysts Paste sites learning DEEP FOOTPRINT Phishing prevention Leaked DB’s Chat channels DARK Takedowns Threat actor Dark web forums research Black markets Card deactivation

  32. Automate Your Response – Execute takedown processes Social networks – Mobile app stores – Registrars, domain hosting providers – – Streamline card deactivations, password resets, reprovisioning – Automate credential validation checks and protocols – Integrate endpoint, gateway, and perimeter defenses – Prepare digital extortion decision trees, run scenario analyses

  33. Agenda The Dark Web: What’s At Stake – Gain Visibility, Take Control – – Leveraging Splunk & Phantom Key Recommendations –

  34. The Emergence Of Phishing Kits 2) 1) 3) Credential-stealing Website cloned Credentials script run from login collected in bulk page 4) 5) Zip file uploaded New phishing and unpacked for campaign w/ spoofed reuse website

  35. Shutdown Phishing Early In Attack Chain, Pre-Exploit – Monitor suspicious domains before they’re activated. – Automate the takedown process. The Cyber Kill Chain Pre-Compromise Post-Compromise Recon Deliver Control Maintain Weaponize Exploit Execute

  36. Phantom Playbook: Phishing Detect & Respond

  37. Splunk + IntSights For 360 ° Visibility

  38. Agenda The Dark Web: What’s At Stake – Gain Visibility, Take Control – Leveraging Splunk & Phantom – – Key Recommendations

  39. Embedding ETI Into Your Security Program What immediate challenges do we want to solve? ‒ Where are our assets & exposures? What do attackers see? ‒ What can we integrate or automate to improve our ‒ remediation? Internally and externally? How can we leverage threat intelligence in the long-term? ‒ What are expected outcomes in 6 months, 1 year, 3 years? ‒

  40. Recommendations 1) External threat intel improves SecOps – but only if it’s actionable and contextualized to your organization. 2) Define use-cases upfront; start with one or two. 3) Neutralize threats on their territory; mitigate risk pre- exploit.

  41. Thank You! Nick Hayes Get a live demo at Booth #158!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher

Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher

Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher at Trend Micro http://www.madlab.it @embyte * With the cooperation of Mayra Rosario and Vincenzo Ciancaglini The Dark Ecosystem Dark Nets TOR

966 views • 39 slides
Digital Guardian CISO Mentoring Webinar Series Landing Your First CISO Job 1 About Steve Katz

Digital Guardian CISO Mentoring Webinar Series Landing Your First CISO Job 1 About Steve Katz

Digital Guardian CISO Mentoring Webinar Series Landing Your First CISO Job 1 About Steve Katz Recognized as the Worlds First CISO. Wealth of experience including Citigroup, JP Morgan, Deloitte, and Kaiser Permanente

379 views • 26 slides
Mentoring Webinar Series Stories From the CISO Trenches 1 About Larry Brock Principal at

Mentoring Webinar Series Stories From the CISO Trenches 1 About Larry Brock Principal at

Digital Guardian CISO Mentoring Webinar Series Stories From the CISO Trenches 1 About Larry Brock Principal at Brock Cyber Security Consulting LLC Former Global Chief Information Security Officer (CISO) at DuPont (11 years) Held

532 views • 31 slides
CIO / CISO perspectives Challenges and opportunities Trond Ellefsen Head of IT Statoil

CIO / CISO perspectives Challenges and opportunities Trond Ellefsen Head of IT Statoil

CIO / CISO perspectives Challenges and opportunities Trond Ellefsen Head of IT Statoil Development and Production North America 2012-11-26 CISO keynote 1 Content and perspective 2 Common threats and the new Art of war 3 Weapons of mass

425 views • 18 slides
EVOLUTION OF THE CISO And the Confluence of IT Security & Audit Thomas Borton, MBA, CISA,

EVOLUTION OF THE CISO And the Confluence of IT Security & Audit Thomas Borton, MBA, CISA,

EVOLUTION OF THE CISO And the Confluence of IT Security & Audit Thomas Borton, MBA, CISA, CISM, CRISC, CISSP Director, IT Security & Compliance 13 March 2014 AGENDA 1. Introduction 2. Evolution of the CISO: Past, Present & Future

200 views • 18 slides
A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon

A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon

A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon guillaume.valadon@ssi.gouv.fr RIPE 70 - May, 11 2015 ANSSI - http://www.ssi.gouv.fr/guide-ddos & https://goo.gl/UL8M1 1/12 ANSSI Created on July 7th 2009,

142 views • 12 slides
The Sorcerers Apprenctices Guide to Fault Attacks Hagai Bar-El, Hamid Choukri, David

The Sorcerers Apprenctices Guide to Fault Attacks Hagai Bar-El, Hamid Choukri, David

The Sorcerers Apprenctices Guide to Fault Attacks Hagai Bar-El, Hamid Choukri, David Naccache, Michael Tunstall, Claire Whelan WHAT IS THIS ABOUT? OK, please send Id like to buy I ll send $15 Broken toys are not charged to our

736 views • 54 slides
Shutting Down a Project: A Framework and Lessons Learned March 25, 2020 Webinar Webinar

Shutting Down a Project: A Framework and Lessons Learned March 25, 2020 Webinar Webinar

Shutting Down a Project: A Framework and Lessons Learned March 25, 2020 Webinar Webinar Information Please keep microphones muted Look at Existing Plans Ask questions using the chat box Communicate The webinar is being

367 views • 12 slides
HOMELAND SECURITY: CYBER-SECURITY AT THE LOCAL LEVEL Kirk Bailey, CISSP, CISM CISO, UW Ernie

HOMELAND SECURITY: CYBER-SECURITY AT THE LOCAL LEVEL Kirk Bailey, CISSP, CISM CISO, UW Ernie

HOMELAND SECURITY: CYBER-SECURITY AT THE LOCAL LEVEL Kirk Bailey, CISSP, CISM CISO, UW Ernie Hayden, CISSP CISO, Port of Seattle HOW BIG IS THE JOB? WHAT IS INVOLVED (THE SCOPE OF IT)? WHAT ARE THE TOUGH CHALLENGES? WHAT DOES THE FUTURE

377 views • 36 slides
Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and

Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and

Alternatives to Dark Energy and Dark Matter and their implications Evidence for Dark Energy and Dark Matter Modified Gravity Models and their observational implications Orfeu Bertolami Instituto Superior Tcnico Departamento de Fsica

610 views • 46 slides
BCNET Shared CISO Wency Lum, Farooq Naiyer and Ivor MacKay Speakers: Wency Lum CIO University

BCNET Shared CISO Wency Lum, Farooq Naiyer and Ivor MacKay Speakers: Wency Lum CIO University

Conference 2018 Conference 2018 BCNET Shared CISO Wency Lum, Farooq Naiyer and Ivor MacKay Speakers: Wency Lum CIO University of Victoria, Chair of the Cybersecurity and Identity Management Services Committee Farooq Naiyer Shared CISO at

458 views • 24 slides
Search for Dark Matter in the Lab. A personal bit of history OR from Dark MatterWhats

Search for Dark Matter in the Lab. A personal bit of history OR from Dark MatterWhats

Search for Dark Matter in the Lab. A personal bit of history OR from Dark MatterWhats that?? to Dark MatterWhat is it?? Transition was not easy Until mid-80s particle physicists never heard of DMand couldnt care less

424 views • 18 slides
Zero Trust & The Flaming Sword of Justice Dave Lewis, Global Advisory CISO September 26th,

Zero Trust & The Flaming Sword of Justice Dave Lewis, Global Advisory CISO September 26th,

Zero Trust & The Flaming Sword of Justice Dave Lewis, Global Advisory CISO September 26th, 2018 Please Allow Me To Introduce Myself.. #WHOAMI Dave Lewis, Global Advisory CISO Castles Dont Scale Dont trust something just because

880 views • 44 slides
Idea: why not directly couple dark energy and dark matter? Ein eqn : G = 8 GT

Idea: why not directly couple dark energy and dark matter? Ein eqn : G = 8 GT

Interacting Dark Energy [Kodama & Sasaki (1985), Wetterich (1995), Amendola (2000) + many others ] Idea: why not directly couple dark energy and dark matter? Ein eqn : G = 8 GT General covariance : G = 0

537 views • 27 slides
Beyond Dark Matter and Dark Energy Sean Carroll Beyond Dark Matter and Dark Energy Sean Carroll,

Beyond Dark Matter and Dark Energy Sean Carroll Beyond Dark Matter and Dark Energy Sean Carroll,

Beyond Dark Matter and Dark Energy Sean Carroll Beyond Dark Matter and Dark Energy Sean Carroll, Caltech 70% dark energy We think that 95% of the universe is dark. But what if gravity is tricking us? 5% ordinary 25% dark matter matter

632 views • 47 slides
Joe Quinn Jobs and Opportunity at Walmart WE ALL HAVE ROLES TO PLAY IN PREPARING THE The retail

Joe Quinn Jobs and Opportunity at Walmart WE ALL HAVE ROLES TO PLAY IN PREPARING THE The retail

Joe Quinn Jobs and Opportunity at Walmart WE ALL HAVE ROLES TO PLAY IN PREPARING THE The retail Apocalypse has descended upon America Thousands of mall-based Thousands of mall-based stores are shutting down stores are shutting down More

375 views • 19 slides
Speech Thermal Analysis and Management of Multi-core Systems Prof. William Fornaciari

Speech Thermal Analysis and Management of Multi-core Systems Prof. William Fornaciari

September 7-8, 2017 Universit La Sapienza - Roma IWSES - Italian Workshop on Embedded Systems (2 Edition) Speech Thermal Analysis and Management of Multi-core Systems Prof. William Fornaciari Politecnico di Milano, DEIB Dipartimento di

694 views • 37 slides
in Novosibirsk E. Levichev CREMLIN WP7 SCTF Workshop 26-27 May 2018, BINP, Novosibirsk,

in Novosibirsk E. Levichev CREMLIN WP7 SCTF Workshop 26-27 May 2018, BINP, Novosibirsk,

A project of Super charm- tau factory in Novosibirsk E. Levichev CREMLIN WP7 SCTF Workshop 26-27 May 2018, BINP, Novosibirsk, Outline History Technical aspects Status Perspectives Conclusion Long time ago First

224 views • 21 slides
Load Shedding for Network Monitoring Systems (SHENESYS) UPC team: Pere Barlet-Ros

Load Shedding for Network Monitoring Systems (SHENESYS) UPC team: Pere Barlet-Ros

Load Shedding for Network Monitoring Systems (SHENESYS) UPC team: Pere Barlet-Ros Josep Sol-Pareta Josep Sanjus Centre de Comunicacions Avanades de Banda Ampla (CCABA) Diego Amores Universitat Politcnica Intel sponsor:

808 views • 57 slides
iTOP Data Format Proposals Kurtis Nishimura University of Hawaii September 21, 2012 US Firmware

iTOP Data Format Proposals Kurtis Nishimura University of Hawaii September 21, 2012 US Firmware

iTOP Data Format Proposals Kurtis Nishimura University of Hawaii September 21, 2012 US Firmware Meeting 1 iTOP Data Formatting Two sources of data, divided by fiberoptic transceiver (or by USB endpoint pair for local test/use) [see here]:

261 views • 14 slides
Latest on Linear Sketches for Large Graphs: Lots of Problems, Little Space, and Loads of

Latest on Linear Sketches for Large Graphs: Lots of Problems, Little Space, and Loads of

Latest on Linear Sketches for Large Graphs: Lots of Problems, Little Space, and Loads of Handwaving Andrew McGregor University of Massachusetts Latest on Linear Sketches for Large Graphs: Lots of Problems, Little Space, and Loads of

1.04k views • 76 slides
Database Overview WebVision2.0 dataset 5,000 categories From Flickr & Google 16M

Database Overview WebVision2.0 dataset 5,000 categories From Flickr & Google 16M

Database Overview WebVision2.0 dataset 5,000 categories From Flickr & Google 16M images 290K validation images 290K test images Dataset Construction Automatic query generation instead of manual way WebVision Dataset

393 views • 25 slides
Imp mproved Par arall allel l Algorit ithms for r Densit ity-Base sed Ne Network rk

Imp mproved Par arall allel l Algorit ithms for r Densit ity-Base sed Ne Network rk

Imp mproved Par arall allel l Algorit ithms for r Densit ity-Base sed Ne Network rk Clusterin ing Mohsen Ghaffari Silvio Lattanzi Slobodan Mitrovi ETH Google MIT Why density-based network clustering? A wide range of

1.31k views • 85 slides
Semantic Keyword Search in Linked Data Andrea Cal` , Leonardo Coaccioli, Mirko Michele

Semantic Keyword Search in Linked Data Andrea Cal` , Leonardo Coaccioli, Mirko Michele

Semantic Keyword Search in Linked Data Andrea Cal` , Leonardo Coaccioli, Mirko Michele Dimartino, Riccardo Frosini and Federico Pastori University of London, Birkbeck College Oxford-Man Institute of Quantitative Finance, University of Oxford

819 views • 15 slides

More recommend