Cyber Preparedness

Слайд 3

Cyber Preparedness

Слайд 4

Technology?
Security team?
Processes?
Where Does Cyber Preparedness Begin?

Слайд 5

It starts with
The Board.
It is driven by a culture

where cyber risk is addressed as part of operational risk

Слайд 6

Why Should
They Care?

Слайд 7

The Obvious

Слайд 8

Reducing Risk.
Enables Growth.

Слайд 9

Cyber Preparedness

Слайд 10

Fire started in a NJ home last year
A driver saw the

fire and banged on the front door until someone answered
The alarms went off -- afterward
The family inside escaped
Fireman eventually got control
Happy ending … but what if the driver did not stop?
Also, almost one year later, re-construction is just starting

Слайд 11

Effective Smoke Detection
Consider where you replace them
Ensure the batteries work
Monitor and

maintain

Слайд 12

Have a Plan for
When the Alarm
Goes Off
Think of this

as Incident Response
The value of knowing someone is looking after you … ready to bang on your door when fire starts

Слайд 13

What if there’s a “fire” in your network?
What if the alarms

don’t go off right away or if you don’t have the right alarms in place?
What kind of damage could that do if your business took a year to get back to normal?
Also, consider the scenario where your entire operation “burns to the ground”

Слайд 14

Hierarchy of Security Needs
To be fully prepared and avoid disasters:
Detect new,

hidden threats
Effectively and efficiently respond
Reduce the time & resources required in the detection to resolution phase

Слайд 15

Prevention: Still Important

Слайд 16

Balancing Spend Allocations
Prevention
Detection
Response

Слайд 17

detect the incident.
The ability to respond to an incident is

only as good as an organization’s ability to …

Слайд 18

Detection
Too many bad guys/attacks
Bad guys don’t want to be found
Attacks take

new forms every day
Sophisticated APT and targeted attacks routinely circumvent existing security defenses
The longer they stay undetected, the greater the financial damage and sensitive data loss

Why It’s Challenging

Слайд 19

Analytics Techniques
Attacks
Detection Techniques
Anomaly Detection Analytics
Unsupervised machine learning
Anomaly Detection Analytics
Behavioural Analytics
Supervised machine

learning

Anomaly Detection Analytics
Behavioural Analytics
Unsupervised machine learning

Signatures
Rules

New, unknown, attacker techniques
Nation state, targeted attacks

Known attacker methods.
Exploit kits, evolving malware strains. e.g. key loggers, browser clashes

Known attacker techniques.
Beaconing, watering hole etc.

Previously seen threat.
Exact malware match, known bad end points

Threat Landscape

Increasing Risk

Слайд 20

Characteristics of Behavioral Analytics

Слайд 21

Detection needs to driven by a Threat model
Delivering malware on to

the user’s machine via email, USB, web etc.

Exploiting a vulnerability to execute code on the user estate

Installing malware on the asset

Setting up a command channel for remote manipulation of victim

With access to the estate, attacker can accomplish their original goal

Analytics are categorised by ‘attack technique’. These are the stages an attacker has to go through to successfully complete an attack on a network.

Слайд 22

Cyber Preparedness

Слайд 23

Response

Слайд 24

Having proper analysis capabilities requires both trained personnel and the proper

tools to perform the analysis.

Слайд 25

A PLAN
vs
A FRAMEWORK
"No plan of operations
extends with certainty
beyond the

first encounter
with the enemy's main strength“
-- Helmuth Karl Bernhard Graf von Moltke

Слайд 26

FRAMEWORK
Authority and Scope
Team Members and Responsibilities
Logistics
Process to determine severity and

escalation
Post-Incident Activities
Supporting Documentation

Слайд 27

The most critical component in any Incident Response Practice …
Authority and

backing from executive management.

Слайд 28

IR Team
Primary team
Extended team
Third parties

Слайд 29

Primary
Security Team
IR Lead
Operations Team
Service Desk Team

Слайд 30

Extended
Executives
Legal
Communications
Human Resources
Compliance
Physical Security

Слайд 31

3rd Parties
Outsourced IT (help desk, server support)
Forensic Firms
ISPs
Legal Counsel
Law Enforcement
Public Relations

Teams

Слайд 32

LOGISTICS
E-Mail Distro / Call bridge for communication
War Room
Computing equipment
Evidence Locker
Often overlooked

items:
Succession of Command
Catering
Shipment of Evidence
OpTempo

Слайд 33

Testing Incident Response
High Level Audit
Objective Based Assessment
Table top Exercise
War Game

Слайд 34

Cyber Preparedness – Key Takeaways

Слайд 35

Thank You

Слайд 36

Q&A

Слайд 37

BAE Systems
Surrey Research Park
Guildford
Surrey
GU2 7YP
United Kingdom
T: +44 (0)1483 816000
F: +44 (0)1483

816144
Unpublished Work Copyright © 2015 BAE Systems. All Rights Reserved.
BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc.
The information in this document contains proprietary information of BAE Systems. Neither this document nor any of the proprietary information contained therein shall be (in whole or in part) published, reproduced, disclosed, adapted, displayed, used or otherwise made available or accessible (in each case, in any form or by any means) outside of BAE Systems without the express written consent from the document originator or an approved representative of BAE Systems.
BAE Systems Applied Intelligence Limited registered in England and Wales Company No. 1337451 with its registered office at Surrey Research Park, Guildford, England, GU2 7YP.

Cyber Preparedness

Содержание

Cyber Preparedness

Cyber Preparedness

Technology?Security team?Processes?Where Does Cyber Preparedness Begin?

It starts with The Board. It is driven by a culture

Why ShouldThey Care?

The Obvious

Reducing Risk.Enables Growth.

Cyber Preparedness

Fire started in a NJ home last yearA driver saw the

Effective Smoke DetectionConsider where you replace themEnsure the batteries workMonitor and

Have a Plan for When the Alarm Goes OffThink of this

What if there’s a “fire” in your network?What if the alarms

Hierarchy of Security NeedsTo be fully prepared and avoid disasters:Detect new,

Prevention: Still Important

Balancing Spend AllocationsPreventionDetectionResponse

detect the incident. The ability to respond to an incident is

DetectionToo many bad guys/attacksBad guys don’t want to be foundAttacks take

Analytics TechniquesAttacksDetection TechniquesAnomaly Detection AnalyticsUnsupervised machine learningAnomaly Detection AnalyticsBehavioural AnalyticsSupervised machine

Characteristics of Behavioral Analytics

Detection needs to driven by a Threat modelDelivering malware on to

Cyber Preparedness

Response

Having proper analysis capabilities requires both trained personnel and the proper

A PLANvsA FRAMEWORK"No plan of operations extends with certainty beyond the

FRAMEWORKAuthority and ScopeTeam Members and ResponsibilitiesLogistics Process to determine severity and

The most critical component in any Incident Response Practice …Authority and

IR TeamPrimary teamExtended teamThird parties

PrimarySecurity TeamIR LeadOperations TeamService Desk Team

ExtendedExecutivesLegalCommunicationsHuman ResourcesCompliancePhysical Security

3rd PartiesOutsourced IT (help desk, server support)Forensic FirmsISPsLegal CounselLaw EnforcementPublic Relations

LOGISTICSE-Mail Distro / Call bridge for communicationWar RoomComputing equipmentEvidence LockerOften overlooked

Testing Incident ResponseHigh Level AuditObjective Based AssessmentTable top ExerciseWar Game

Cyber Preparedness – Key Takeaways

Thank You

Q&A

BAE SystemsSurrey Research ParkGuildfordSurreyGU2 7YPUnited KingdomT: +44 (0)1483 816000F: +44 (0)1483

Похожие презентации

Technology?
Security team?
Processes?
Where Does Cyber Preparedness Begin?

It starts with
The Board.
It is driven by a culture

Why Should
They Care?

Reducing Risk.
Enables Growth.

Fire started in a NJ home last year
A driver saw the

Effective Smoke Detection
Consider where you replace them
Ensure the batteries work
Monitor and

Have a Plan for
When the Alarm
Goes Off
Think of this

What if there’s a “fire” in your network?
What if the alarms

Hierarchy of Security Needs
To be fully prepared and avoid disasters:
Detect new,

Balancing Spend Allocations
Prevention
Detection
Response

detect the incident.
The ability to respond to an incident is

Detection
Too many bad guys/attacks
Bad guys don’t want to be found
Attacks take

Analytics Techniques
Attacks
Detection Techniques
Anomaly Detection Analytics
Unsupervised machine learning
Anomaly Detection Analytics
Behavioural Analytics
Supervised machine

Detection needs to driven by a Threat model
Delivering malware on to

A PLAN
vs
A FRAMEWORK
"No plan of operations
extends with certainty
beyond the

FRAMEWORK
Authority and Scope
Team Members and Responsibilities
Logistics
Process to determine severity and

The most critical component in any Incident Response Practice …
Authority and

IR Team
Primary team
Extended team
Third parties

Primary
Security Team
IR Lead
Operations Team
Service Desk Team

Extended
Executives
Legal
Communications
Human Resources
Compliance
Physical Security

3rd Parties
Outsourced IT (help desk, server support)
Forensic Firms
ISPs
Legal Counsel
Law Enforcement
Public Relations

LOGISTICS
E-Mail Distro / Call bridge for communication
War Room
Computing equipment
Evidence Locker
Often overlooked

Testing Incident Response
High Level Audit
Objective Based Assessment
Table top Exercise
War Game

BAE Systems
Surrey Research Park
Guildford
Surrey
GU2 7YP
United Kingdom
T: +44 (0)1483 816000
F: +44 (0)1483