big data & cybersec - institute of forensics and ict …...and old-style cyber-security...
TRANSCRIPT
Big Data & CyberSec
An introduction
Forensic. Advisory. Fraud. www.summitcl.com | Improving Your Security
Mustapha B. Mugisa, CEH, CHFI, CISA, CFE
Forensic. Advisory. Fraud. www.summitcl.com
Agenda
1. Big Data an introduction
2. Cyber security, an introduction
Forensic. Advisory. Fraud
On-line communication & interaction between parties Im
ag
e c
red
it,
AC
FE
.co
m
Lots of data…
Internet photos:
http://www.ecommerce-web-hosting-
guide.com/what-is-social-networking.html
Forensic. Advisory. Fraud. www.summitcl.com
OSINT model…
Pattern based ,
Predictive Analysis
Govt Data
ANALYSIS
Public Source Data
Private Sector Data
DATA WAREHOUSE
Reports. Images Alerts Files Linkages Photos
INPUT OUTPUT
Forensic. Advisory. Fraud. www.summitcl.com
Demo… case studies…
1. Managing Lots of Data, on a low budget (SQL
Server & MS Excel) for leaders
2. On-line data gathering about people – re:
CEH foot printing & reconnaissance e.g.
whois.com etc…
Forensic. Advisory. Fraud. www.summitcl.com
Information assets…
1. People 2. Application
systems 3. Technology 4. Facilities 5. Data
Source: COBIT
Forensic. Advisory. Fraud. www.summitcl.com
Is your data safe?
1. People 2. Application systems 3. Technology 4. Facilities 5. Data
The weakest link in any system is the user.
Forensic. Advisory. Fraud. www.summitcl.com
The hacked prime minister…
The first update, which reads: "I am resigning. I am ashamed of the actions of the government. Forgive me.“ Read more: http://www.businessinsider.com/medvedev-twitter-hacked-2014-8#ixzz3B0HCjjYP
Someone Hacked The Russian Prime Minister's Twitter Account And Announced His Resignation
The Economist, November 2015
“Many networks have no means of detecting a breach at all. And old-style cyber-security generates too many alerts: “false positives”, in the jargon. When a burglar alarm rings constantly, people ignore it. Now the combination of cleverer algorithms, better data collection, cheaper storage and greater processing power makes it easier to automate the detection of anomalous behaviour, and to work out who is up to what.“ - Edward Lucas
Damaging Data Breaches
Damaging Data Breaches
http://www.telegraph.co.uk/news/2017/03/17/security-breach-fears-26-million-nhs-patients/
Common Attack Scenario
Weaponization
Delivery
Reconnaissance Command & Control
Actions on Objective
Exploitation Installation
“Traditional Security” Creates Silos
Security
Firewall
IPS
Malware
WAF
End Point
Network
Routers
Switches
Wireless
Directory Services
Active Directory
Users
Groups
Data Manage
ment
Data Loss
Data in Motion
Data at Rest
Spam
Malware
Phishing
Physical
Alarms
Surveillance
Access Control
Partners Have Engaged Their Customers With These Solutions For Years…..
CyberIntelligenceTools Makes These Pieces Work As A Single Security Eco System…
Cyber Intelligence & Live Data Capture
Big Data Analytics can best detect these threats
An Excellent Security Intelligence Platform Delivers:
• Big Data analytics to identify advanced threats
• Qualified and prioritized detection, reducing noise
• Incident response workflow orchestration and automation
• Capabilities to prevent high-impact breaches & damaging cyber incidents
However, advanced threats:
• Require a broader view to recognize
• Only emerge over time
• Get lost in the noise
Prevention-centric approaches
can stop common threats
A New Security Approach is Required
Data Exfiltration Can Be avoided
Advanced threats take their
time
and leverage the holistic
attack surface
Early neutralization = no damaging cyber incident or data breach
Initial Compromise
Command & Control
Lateral Movement
Target Attainment
• Exfiltration • Corruption • Disruption
Reconnaissance
AT
TAC
K
Security Intelligence Platform
TIME TO DETECT TIME TO RESPOND
Recover
Cleanup
Report
Review
Adapt
Neutralize
Implement countermeasures to mitigate threat
and associated risk
Investigate
Analyze threat to determine nature and extent of the
incident
Threat Lifecycle Management: End-to-End Detection &
Response Workflow
Qualify
Assess threat to determine risk
and whether full investigation is necessary
Detect & Prioritize
User Analytics
Machine Analytics
Collect & Generate
Forensic Sensor Data
Security Event Data
Example Sources
Log & Machine Data
Example Sources
Faster Detection & Response Reduces Risk
High Vulnerability Low Vulnerability
Months
Days
Hours
Minutes
Weeks
MT
TD &
MT
TR
MEAN-TIME-TO-DETECT (MTTD)
The average time it takes to recognize
a threat requiring further analysis and
response efforts
MEAN-TIME-TO-RESPOND (MTTR)
The average time it takes to respond
and ultimately resolve the incident
As organizations improve their ability to
quickly detect and respond to threats,
the risk of experiencing a damaging
breach is greatly reduced
Exposed to Threats Resilient to Threats
Forensic. Advisory. Fraud. www.summitcl.com
Q&A
We take pride in doing the right thing, rather than what is right for the profitability of SCL.
Thank you! www.scluniversity.com or www.summitcl.com for more insights +256712984585