defending critical assets with deception
play

Defending Critical Assets with Deception Contact Us: - PowerPoint PPT Presentation

Jun 18, 2023 •166 likes •392 views

Defending Critical Assets with Deception Contact Us: https://www.illusivenetworks.com/contact sales@illusivenetworks.com Appearanes can be deceiving Confidential Confidential Who am I A Sr. Solutions Architect for Illusive Networks

  1. Defending Critical Assets with Deception Contact Us: https://www.illusivenetworks.com/contact sales@illusivenetworks.com Appearan¢es can be deceiving Confidential Confidential

  2. Who am I  A Sr. Solutions Architect for Illusive Networks based  Has over 22 years in the IT Industry  With over 17 years of cybersecurity experience with leading companies like CloudPassage, RSA Security, SilverTail Systems, HP ArcSight and Crossbeam Systems.  Assisted customers with Cloud Security, Incident Response, Penetration Testing, Anti-Fraud, Governance Risk and Compliance, and Security Architecture  Has developed and employed effective security strategies across several verticals including financial, healthcare, telecom, retail, industrial, as well as federal, state, and local government.  Chad is a proud husband and father to a 7 year old son a 5 year old daughter and a dog named Harper (don’t ask where the name came from) Chad J. Gasaway Illusive Networks | Sr. Systems Engineer Confidential Confidential chad@illusivenetworks.com

  3. Introduction “All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.” ― Sun Tzu, The Art of War Confidential Confidential

  4. The Challenge Current environment • A Breach Will Occur - Assumed • Advanced Attacks are Top of Mind • Most of the security spend is on prevention • Attackers still make their way through all defenses Challenges • Security has become a big data problem • Budgets are tightening and resources are limited and tale nt is hard to find. • Actionable alerts are scarce - Alert Fatigue • Executive Management now have to answer to the Board Confidential Confidential

  5. 146 Confidential Confidential

  6. Only Need to be Right Once Enough to Get it Wrong Once Getting Easier Can’t Keep Pace Almost No Cost Cost of Defense is Skyrocketing Dynamic Predictable & Static No Rules Highly Regulated Confidential Confidential

  7. THE ASYMMETRIC ARENA VS VS 99/100 = LOSE the battle 1/100 = WIN the battle Organizations need to secure Attackers only need a single 360 degrees of their network to attack path to successfully protect their business infiltrate the network Confidential Confidential

  8. Attack Example: Ukrainian Power Grid Department of Homeland Security issued a formal report titled IR-ALERT-H-16-056-01. In the DHS report, three Ukrainian distribution companies experienced a coordinated cyber- attack that were executed within 30 minutes of each other. These attacks where directed primarily at the regional distribute level impacting over 225,000 customers. The motive and sophistication of the attacker was consistent with a highly organized and well-resourced adversary. The attacker varied tactics and techniques to “Match” the defenses and environment of the impacted target. Source: http://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18 Mar2016.pdf Confidential Confidential

  9. Attack Example: Ukrainian Power Outage Cont. • Access - Spear phishing to bypass automated controls or static policy and engage a “person”. • Recon/Exfiltrate - State sponsored modified variant of Black Energy Malware used for subversion of system resources, data collection and exfiltration and network monitoring. • Navigate - Leveraged stolen credentials from business networks to access VPN to Industrial Control System network (ICS). • Disrupt - Used modified killdisk freeware to erase master boot records and to delete logs. Scheduled service outages in UPS System. Denied telephone service by attacking the call center. Access Recon/Exfiltrate Navigate Disrupt Confidential Confidential

  10. Verizon 2016 DBIR – Attacker Trends Phishing continues to be the #1 way an attacker enters an environment Confidential Confidential

  11. Why does phishing work so well Phishing is Deception Phishing works off the same principles as social engineering. It removes static logic and pre-defined policy to engage the human and trigger a favorable emotional response. What is Phishing: Impersonation in an effort to fool people to respond to a call to action. Example: Click link, provide personal information, request access, provide credentials. Phishing Types: Deceptive Phishing: Impersonates a business Spear Phishing: Highly personalized with a specific target Whaling: Specifically targets CEO or high level employee Pharming: DNS Cache poisoning to redirect victim to a “Deceptive” website Confidential Confidential

  12. It’s all about the PEOPLE behind the attack Confidential Confidential

  13. FLIP THE ASYMMETRY THINK LIKE AN ATTACKER Confidential Confidential

  14. Just a matter of perspective Social Sciences Map Logical IT View Confidential Confidential

  15. 15 Confidential Confidential

  16. The keys are under the welcome matt ADMIN ACCOUN TS Confidential Confidential

  17. People and the Process • Originally developed for fighter pilots by military Observe strategist of the US Air Force Colonel John Boyd • A set of interacting loops that are kept in continuous operation during an engagement • Favors agility over raw power when dealing with The OODA human opponents in any endeavor Act Orient Loop • Works both ways! With current security models, how do we impact this process? Decide Confidential Confidential

  18. People and the Process Observe Deceptions What if we create a different reality for the attacker? What if we disorient the attacker? Automate Disorient What if we increase the probability that Forensic Attacker the attacker makes the wrong decision? Response What if we Act by automatically deploying forensics at the point where the decision was made? Decide Incorrectly Confidential Confidential

  19. Getting Answers To be successful the Attacker has to move After the attacker has entered the environment he must answer 3 questions for himself Establish Persistence Determine Credentials Endpoints Assets Context Identify user What is available Now that I am here How can I get there around me Confidential Confidential

  20. Turning the tables Deception techniques as a defensive strategy enables: • Create an environment where detection is nearly unavoidable • Reduce False positives • Actionable alerts enable automation. Confidential Confidential

  21. Thank You Contact Us: https://www.illusivenetworks.com/contact info@illusivenetworks.com Confidential Confidential

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Optimizing and Defending Capital Allocations for Distribution Assets Steve Bubb Metering

Optimizing and Defending Capital Allocations for Distribution Assets Steve Bubb Metering

Optimizing and Defending Capital Allocations for Distribution Assets Steve Bubb Metering Americas April 25, 2006 Load Data is critical to a number of processes & systems Circuit Analysis Tool Distribution Planning Load Data

655 views • 33 slides
Strategies for Attacking or Defending Trusts Discovering Trust Assets, Navigating Evidentiary

Strategies for Attacking or Defending Trusts Discovering Trust Assets, Navigating Evidentiary

Presenting a live 90-minute webinar with interactive Q&A Divorce Property Division and Trust Assets: Strategies for Attacking or Defending Trusts Discovering Trust Assets, Navigating Evidentiary Issues and Available Remedies, and Joining

1.02k views • 88 slides
Deception and Estimation: Deception and Estimation: How We Fool Ourselves How We Fool Ourselves

Deception and Estimation: Deception and Estimation: How We Fool Ourselves How We Fool Ourselves

T18 Concurrent Session Thursday 06/12/2008 3:00 PM 4:30 PM Deception and Estimation: Deception and Estimation: How We Fool Ourselves How We Fool Ourselves Presented by: Linda Rising Independent Consultant Presented at: Better Software

303 views • 29 slides
Lying and Deception in Games Joel Sobel August 2, 2016 Lying and Deception Sobel What is the

Lying and Deception in Games Joel Sobel August 2, 2016 Lying and Deception Sobel What is the

Lying and Deception in Games Joel Sobel August 2, 2016 Lying and Deception Sobel What is the Talk About? Definitions: 1. Lying 2. Deception 3. Bluff and simple properties. Lying and Deception Sobel Why do this? 1. Coherence 2. To

659 views • 47 slides
Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in

Presenting a live 90 minute webinar with interactive Q&A Lender Liability: Evaluating, Minimizing and Defending Claims Defending Against Attacks on Loans in Workouts, Defaults, and Bankruptcy TUES DAY, DECEMBER 21, 2010 1pm Eastern |

1.33k views • 131 slides
On Deception and Defection Jason Quinley Chris Ahern University of Tbingen, University of

On Deception and Defection Jason Quinley Chris Ahern University of Tbingen, University of

Cooperation and Deception Beggars and Signals Face and Other-Regarding Preferences Further Examples and Discussion On Deception and Defection Jason Quinley Chris Ahern University of Tbingen, University of Pennsylvania August 7, 2012

732 views • 50 slides
Paper Swords I Timothy 4:1-8 The Deception of Demon-Doctrines The deadliest form of evil to

Paper Swords I Timothy 4:1-8 The Deception of Demon-Doctrines The deadliest form of evil to

Paper Swords I Timothy 4:1-8 The Deception of Demon-Doctrines The deadliest form of evil to beware of, is that which has the appearance of good. deception: appears to lead you toward holiness, but eventually leads you astray demon-possession :

394 views • 6 slides
MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL GLOBAL EQUITIES OBAL EQUITIES TO US PRIV US PRIVATE CLIENT E CLIENTS Jonathan F Jonathan Foster ster President & CEO Angeles Wealth

643 views • 19 slides
Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex

Presenting a live 90-minute webinar with interactive Q&A Wrongful Death Claims and Survival Actions: Pursuing or Defending Claims Assessing Claims, Proving or Defending Liability, Navigating Complex Valuation and Settlement Issues WEDNESDAY,

481 views • 26 slides
Deception Detection in Transcribed Speech and Written Text Rebecca Pottenger Background

Deception Detection in Transcribed Speech and Written Text Rebecca Pottenger Background

Deception Detection in Transcribed Speech and Written Text Rebecca Pottenger Background Detecting deception is a difficult problem Human detection accuracy is low For text: on average, correctly classify 47% of lies and 61% of

384 views • 7 slides
Attack Graph Based Metrics for Identifying Critical Cyber Assets in Electric Grid Infrastructure

Attack Graph Based Metrics for Identifying Critical Cyber Assets in Electric Grid Infrastructure

Attack Graph Based Metrics for Identifying Critical Cyber Assets in Electric Grid Infrastructure Chen Huo Panini Sai Patapanchala Dr. Rakesh B. Bobba Dr. Eduardo Cotilla-Sanchez 1 Our Goal Short-term : Developing a method that takes

378 views • 20 slides
Real-time Datalogger To Monitor Your Moving Shipments Monitoring critical, high valued assets

Real-time Datalogger To Monitor Your Moving Shipments Monitoring critical, high valued assets

Real-time Datalogger To Monitor Your Moving Shipments Monitoring critical, high valued assets that are sensitive to environmental conditions is of utmost importance in todays digital world. Kelvin is Adapt Ideations new flagship product

71 views • 5 slides
The Role of Deception in Games CMPUT 654 Leticia Wanderley 1 Agenda Social psychology

The Role of Deception in Games CMPUT 654 Leticia Wanderley 1 Agenda Social psychology

The Role of Deception in Games CMPUT 654 Leticia Wanderley 1 Agenda Social psychology (FAE) Example: Kasparov vs. Deep Blue Overview of deception research Poker 2x2 games Voting games Repeated games

586 views • 36 slides
SQL Server Database Forensics Kevvie Fowler , GCFA Gold, CIS S P, MCTS , MCDBA, MCS D, MCS E

SQL Server Database Forensics Kevvie Fowler , GCFA Gold, CIS S P, MCTS , MCDBA, MCS D, MCS E

SQL Server Database Forensics Kevvie Fowler , GCFA Gold, CIS S P, MCTS , MCDBA, MCS D, MCS E Black Hat USA 2007 S QL S erver Forensics | Why are Databases Critical Assets? Why are databases critical assets? Databases hold critical

435 views • 39 slides
Detecting Hoaxes, Frauds and Deception in Writing Style Online Sadia Afroz, Michael Brennan and

Detecting Hoaxes, Frauds and Deception in Writing Style Online Sadia Afroz, Michael Brennan and

Detecting Hoaxes, Frauds and Deception in Writing Style Online Sadia Afroz, Michael Brennan and Rachel Greenstadt Privacy, Security and Automation Lab Drexel University What do we mean by deception? Let me give an example A Gay

906 views • 65 slides
Protecting the Nations Critical Assets in the 21st Century Dr. Ron Ross Computer Security

Protecting the Nations Critical Assets in the 21st Century Dr. Ron Ross Computer Security

Protecting the Nations Critical Assets in the 21st Century Dr. Ron Ross Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY OPM. Anthem BCBS. Ashley Madison. NATIONAL INSTITUTE OF

506 views • 23 slides
DUTY OF DISCLOSURE AND INEQUITABLE CONDUCT RAISED AS AN AFFIRMATIVE DEFENSE Abraham J. Rosner and

DUTY OF DISCLOSURE AND INEQUITABLE CONDUCT RAISED AS AN AFFIRMATIVE DEFENSE Abraham J. Rosner and

DUTY OF DISCLOSURE AND INEQUITABLE CONDUCT RAISED AS AN AFFIRMATIVE DEFENSE Abraham J. Rosner and Grant Shackelford Sughrue Mion, PLLC In addition to the defenses of non-infringement and invalidity, an alleged infringer may also raise

413 views • 40 slides
Litigation, Regulation, & Reform Track B: The Defense Perspective George Talarico, Esq.

Litigation, Regulation, & Reform Track B: The Defense Perspective George Talarico, Esq.

Responding to the Opioid Crisis: Litigation, Regulation, & Reform Track B: The Defense Perspective George Talarico, Esq. Partner (973) 643-5566 | gtalarico@sillscummis.com One Riverfront Plaza Newark, NJ 07102 Giovanni Ciavarra, PhD

973 views • 44 slides
Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

434 views • 8 slides
Memory corruption: Why we cant have nice things Mathias Payer (@gannimo)

Memory corruption: Why we cant have nice things Mathias Payer (@gannimo)

Memory corruption: Why we cant have nice things Mathias Payer (@gannimo) http://hexhive.github.io Software is unsafe and insecure Low-level languages (C/C++) trade type safety and memory safety for performance Programmer responsible

602 views • 39 slides
NETWORK MONITORING AND DECEPTIVE DEFENSES Michael Collins, RedJack mpcollins@redjack.com Brian

NETWORK MONITORING AND DECEPTIVE DEFENSES Michael Collins, RedJack mpcollins@redjack.com Brian

NETWORK MONITORING AND DECEPTIVE DEFENSES Michael Collins, RedJack mpcollins@redjack.com Brian Satira, Noblis Brian.satira@noblis.org INTRODUCTION 2 INTRODUCTION Statement of problem Experimental System Model of Attack

379 views • 25 slides
Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of

Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of

Sen. Cristina Castros Cybersecurity Forum Protecting Your Data Presented by: Shawn Davis Adjunct Professor - Illinois Institute of Technology Dir. of Digital Forensics Edelson PC Data Collection & Tracking Staying Safe Online

594 views • 41 slides
Briefing on I-976 Board of Directors Meeting 03/26/2020 I-976 Application to Sound Transit

Briefing on I-976 Board of Directors Meeting 03/26/2020 I-976 Application to Sound Transit

Briefing on I-976 Board of Directors Meeting 03/26/2020 I-976 Application to Sound Transit Repeals statutory authority for MVET and Rental Car Tax Repeal of taxes takes effect after ST retires, refinances, or defeases bonds that are

415 views • 7 slides
Can t Get You Out Missile Defense and the Future of Nuclear Stability Eric Gomez Wednesday,

Can t Get You Out Missile Defense and the Future of Nuclear Stability Eric Gomez Wednesday,

It Can Get You into Trouble, but It Can t Get You Out Missile Defense and the Future of Nuclear Stability Eric Gomez Wednesday, February 5, 2020 STRATCOM Academic Alliance Presentation Introduction Chapter of broader anthology.

494 views • 24 slides

More recommend