© All Rights reserved to Cynet 2016. www.cynet.com Think Like a Hacker React Like a CISO 5 th April 2016 © All Rights reserved to Cynet 2014. www.cynet.com Erez Braun Territory Sales Manager
© All Rights reserved to Cynet 2016. www.cynet.com
Think Like a Hacker React Like a CISO
5th April 2016 © All Rights reserved to Cynet 2014. www.cynet.com
Erez Braun Territory Sales Manager
© All Rights reserved to Cynet 2016. www.cynet.com
Cynet Created from Real World Experience
Leading Israeli Cyber Consulting company
Veteran Cyber and Information Security Specialists
Founded in 2005
Web Anti-fraud, Anti-phishing,
and Anti-malware Solutions
Deployed in Thousands of Enterprises
Acquired by F5 in September 2013
Spun Off from BugSec in 2015
Featured in Gartner “User and Entity Behavior Analytics” (Sep. 2015) and “Endpoint Detection and Response”
(Dec. 2015) Market Guides
© All Rights reserved to Cynet 2016. www.cynet.com
• Much harder to follow procedures than to break them
• Impossible to train and track compliance of thousands
• Procedures are static while attack techniques change
• Technological barriers are limited by time and progress
• Security analysts are limited to threat vectors they know
Why Cyber Attackers are Winning the War
© All Rights reserved to Cynet 2016. www.cynet.com
Types of Hackers to be Encountered
4
• Black Hat: the bad guys
• Script Kiddies: defacers seeking fame
• Hacktivists: motivated by politics, religion, desire to expose wrongdoing or exact revenge
• State Sponsored: Government “agents”
• Spy Hackers: Corporate espionage
• Cyber Terrorists: motivated by religious or political beliefs
© All Rights reserved to Cynet 2016. www.cynet.com
Hacker Goals and Motivation
Money; Power; Control; Publicity; Revenge; Learning; Political;
Espionage; Hacktivist; Personal Fame; Curiosity; Psychological Need; Desire to Learn; Recognition; Desire
to Embarrass; Maliciousness; Altruistic Reasons; Joyriding;
Experimentation
© All Rights reserved to Cynet 2016. www.cynet.com
Get Inside the Head of the Hacker
Persistence and Patience
Breach Sophistication
Phased Progression
Objective Focused
© All Rights reserved to Cynet 2016. www.cynet.com
Hacker Footprinting and Reconnaissance
Collect information about the target, its network and systems
Determine O/S used, platforms, database, web servers, Anti-virus, Firewalls
Find vulnerabilities, exploits and ways in to the enterprise to penetrate the perimeter
Performed using techniques that include both technical as well as human interventions
© All Rights reserved to Cynet 2016. www.cynet.com
Looking for the Easiest Way to Infiltrate Enterprises
Phishing email, Spam with Trojan Malware ransomware, Call to secretary Delivery man, Social engineering Human Weakness
System Weakness Vulnerability exploits, SQL injection, session hijacking Firestorm Next Gen vulnerability
Intellectual property, financial information, medical records, private data, market data
Data exfiltration Credential theft Ransomware payloads
How, when, where will the attack hit?
© All Rights reserved to Cynet 2016. www.cynet.com
Evolution of the Security Battle Field
Zero-day and Unsigned Malware
Threat Type
Generic Threats
Surgical
Hacker Sophistication
CISO Mindset
Technology
Spray and Pray
I Will Be Hacked I Can Prevent Attacks
Behavior and Analytics Based
YOU HAVE BEEN
HACKED
Signature and Rules Based
© All Rights reserved to Cynet 2016. www.cynet.com
React Like a Chief Information Security Officer
11
© All Rights reserved to Cynet 2016. www.cynet.com
Activate the Incident Response Team
13
Preparation
Incident
Detection
Containment
Elimination
Recovery
Investigation
© All Rights reserved to Cynet 2016. www.cynet.com
Recent Ransomware Incident Response Case
2 Hour Set Up of Cynet 360; Scanning Initiated; Initial Results Within 90 Minutes
• 3 Machines with Active Ransomware Detected
• Worm Spreading Ransomware Detected on 16 Machines
• Ransomware Unsigned and Undetected by Existing Prevention Solutions
• Ransomware Eliminated and Spreading Worm Killed
Multi-national Manufacturing Company Under Attack
© All Rights reserved to Cynet 2016. www.cynet.com
Cynet 360 Advanced Threat Framework
• Collect threat indicators from across organization
• Correlate indicators to determine risk ranking
• Invoke advanced security threat intelligence
• Receive alerts as deeply hidden threats are found
• Remediate threats from all potential threat vectors
© All Rights reserved to Cynet 2016. www.cynet.com
Incident Response with Cynet 360
Two Hour Setup 1.
Incident Report 3.
IndicatorsDetection and
Elimination 2.
© All Rights reserved to Cynet 2016. www.cynet.com
Think Like a Hacker React Like a CISO
• Hackers Have the Upper Hand
• Impossible to Train and Track Compliance
• Prevention is Critical but Not 100%
• Incident Response Must be Rapid and Comprehensive
• Imperative to Have Detection Solutions in Place