© All Rights reserved to Cynet 2016. www.cynet.com

Think Like a Hacker React Like a CISO

5th April 2016 © All Rights reserved to Cynet 2014. www.cynet.com

Erez Braun Territory Sales Manager

© All Rights reserved to Cynet 2016. www.cynet.com

Cynet Created from Real World Experience

Leading Israeli Cyber Consulting company

Veteran Cyber and Information Security Specialists

Founded in 2005

Web Anti-fraud, Anti-phishing,

and Anti-malware Solutions

Deployed in Thousands of Enterprises

Acquired by F5 in September 2013

Spun Off from BugSec in 2015

Featured in Gartner “User and Entity Behavior Analytics” (Sep. 2015) and “Endpoint Detection and Response”

(Dec. 2015) Market Guides

© All Rights reserved to Cynet 2016. www.cynet.com

• Much harder to follow procedures than to break them

• Impossible to train and track compliance of thousands

• Procedures are static while attack techniques change

• Technological barriers are limited by time and progress

• Security analysts are limited to threat vectors they know

Why Cyber Attackers are Winning the War

© All Rights reserved to Cynet 2016. www.cynet.com

Types of Hackers to be Encountered

4

• Black Hat: the bad guys

• Script Kiddies: defacers seeking fame

• Hacktivists: motivated by politics, religion, desire to expose wrongdoing or exact revenge

• State Sponsored: Government “agents”

• Spy Hackers: Corporate espionage

• Cyber Terrorists: motivated by religious or political beliefs

© All Rights reserved to Cynet 2016. www.cynet.com

Hacker Goals and Motivation

Money; Power; Control; Publicity; Revenge; Learning; Political;

Espionage; Hacktivist; Personal Fame; Curiosity; Psychological Need; Desire to Learn; Recognition; Desire

to Embarrass; Maliciousness; Altruistic Reasons; Joyriding;

Experimentation

© All Rights reserved to Cynet 2016. www.cynet.com

Get Inside the Head of the Hacker

Persistence and Patience

Breach Sophistication

Phased Progression

Objective Focused

© All Rights reserved to Cynet 2016. www.cynet.com

Hacker Footprinting and Reconnaissance

Collect information about the target, its network and systems

Determine O/S used, platforms, database, web servers, Anti-virus, Firewalls

Find vulnerabilities, exploits and ways in to the enterprise to penetrate the perimeter

Performed using techniques that include both technical as well as human interventions

© All Rights reserved to Cynet 2016. www.cynet.com

Looking for the Easiest Way to Infiltrate Enterprises

Phishing email, Spam with Trojan Malware ransomware, Call to secretary Delivery man, Social engineering Human Weakness

System Weakness Vulnerability exploits, SQL injection, session hijacking Firestorm Next Gen vulnerability

Intellectual property, financial information, medical records, private data, market data

Data exfiltration Credential theft Ransomware payloads

How, when, where will the attack hit?

© All Rights reserved to Cynet 2016. www.cynet.com

Hunger for Technology Increases Vulnerability

© All Rights reserved to Cynet 2016. www.cynet.com

Evolution of the Security Battle Field

Zero-day and Unsigned Malware

Threat Type

Generic Threats

Surgical

Hacker Sophistication

CISO Mindset

Technology

Spray and Pray

I Will Be Hacked I Can Prevent Attacks

Behavior and Analytics Based

YOU HAVE BEEN

HACKED

Signature and Rules Based

© All Rights reserved to Cynet 2016. www.cynet.com

React Like a Chief Information Security Officer

11

© All Rights reserved to Cynet 2016. www.cynet.com

Most Important First Step

12

© All Rights reserved to Cynet 2016. www.cynet.com

Activate the Incident Response Team

13

Preparation

Incident

Detection

Containment

Elimination

Recovery

Investigation

© All Rights reserved to Cynet 2016. www.cynet.com

Ransomware Attacks to Grow in 2016

© All Rights reserved to Cynet 2016. www.cynet.com

Recent Ransomware Incident Response Case

2 Hour Set Up of Cynet 360; Scanning Initiated; Initial Results Within 90 Minutes

• 3 Machines with Active Ransomware Detected

• Worm Spreading Ransomware Detected on 16 Machines

• Ransomware Unsigned and Undetected by Existing Prevention Solutions

• Ransomware Eliminated and Spreading Worm Killed

Multi-national Manufacturing Company Under Attack

© All Rights reserved to Cynet 2016. www.cynet.com

Cynet 360 Advanced Threat Framework

• Collect threat indicators from across organization

• Correlate indicators to determine risk ranking

• Invoke advanced security threat intelligence

• Receive alerts as deeply hidden threats are found

• Remediate threats from all potential threat vectors

© All Rights reserved to Cynet 2016. www.cynet.com

Incident Response with Cynet 360

Two Hour Setup 1.

Incident Report 3.

IndicatorsDetection and

Elimination 2.

© All Rights reserved to Cynet 2016. www.cynet.com

Think Like a Hacker React Like a CISO

• Hackers Have the Upper Hand

• Impossible to Train and Track Compliance

• Prevention is Critical but Not 100%

• Incident Response Must be Rapid and Comprehensive

• Imperative to Have Detection Solutions in Place

© All Rights reserved to Cynet 2016. www.cynet.com

Questions