defensa centralizada contra amenazas multi-vector - configuración de un centro de respuestas para...
DESCRIPTION
Charla impartida por Dragos Lungu de BitDefender, en el evento "Asegura IT Camp2" que tuvo lugar los días 22, 23 y 24 de Octubre de 2010 en El Escorial.TRANSCRIPT
BitDefender: Defensa centralizada contra amenazas multi-vector –Configuración de un centro de respuesta para incidentes de
seguridad informática
Dragos Lungu, BitDefender Consultant
Buzzwords are not enough!
•Stuxnet : digital weapon attacking Siemens' •Stuxnet : digital weapon attacking Siemens'
WinCC / PCS 7 SCADA Systems
•ZeuS/ZBOT Trojan : loots money from bank
accounts
•Spanair Flight JK 502 : malware led to 20
August 2008 tragedy, 154 people died.
CERT / CSIRT
Incident Management
•Early Detection
•Handling & Remediation
•Prevention
Incident Triage
•Incident Triage: What hit me?
•Attacker Profiler : Who is behind this ?
•Sizing the Incident: How hard was I hit ?
Incident Coordination
•Root cause analysis
•Contacting law enforcement, CERTs
•Documenting and reporting the incident
•Public announcements
Incident Resolution
•Removing the Exploits
•Fixing Vulnerabilities •Fixing Vulnerabilities
•Patch Management
•Risk Analysis
•Business Continuity
•Disaster Recovery
•Evidence Collection
•Digital Forensics
Proactive Services - People
www.malwarecity.es
Proactive Services - Technologies
•Managed Networking & Security Devices
•Security Information & Event Management
•Honeypots (SMTP, HTTP, Other)
•Security Assements & Penetration Testing
Proactive Services - Processes
•Procedures, Incident workflow
•Ticket management system
•Affiliations : MSPAlliance, FIRST
WÜtzÉá _âÇzâ
f|ÇvxÜxÜxÄç? f|ÇvxÜxÜxÄç? f|ÇvxÜxÜxÄç? f|ÇvxÜxÜxÄç?