of 16

Neca% Ertugrul CTO MAY Cyber Technologies. U%lizing Endpoint Analy%cs on Big Data PlaAorms to Discover Threats

Neca% Ertugrul CTO MAY Cyber Technologies U%lizing Endpoint Analy%cs on Big Data PlaAorms to Discover Threats Agenda Changing Landscape in Cyber Threats A Summary of Malware PaHerns Endpoint Analy%cs &
0 views16 pages
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Documenttranscript
Neca% Ertugrul CTO MAY Cyber Technologies U%lizing Endpoint Analy%cs on Big Data PlaAorms to Discover Threats Agenda Changing Landscape in Cyber Threats A Summary of Malware PaHerns Endpoint Analy%cs & Big Data for Discovery Breaches Verizon 2017 Data Breach Inves%ga%ons Report Changing Landscape in Cyber Threats 7.3% of users across multiple data contributors were successfully phished Changing Landscape in Cyber Threats Risks Arising From Users & User Devices Are Increasing. (Verizon 2016 Data Breach Inves%ga%ons Report) Changing Landscape in Cyber Threats Data Retrieval Takes Time AWer a Breach (Verizon 2016 Data Breach Inves%ga%ons Report) Verizon 2017 Data Breach Inves%ga%ons Report Changing Landscape in Cyber Threats 6925 Incidents,47 confirmed with data disclosure. %99 sent via e- mail or webserver. A Summary of Malware PaHerns System is Breached. Vulnerability User Error Malware Injects Itself to System. Autorun Service Driver Startup Folder Scheduled Tasks Malware Fulfills it s Func%on. Informa%on Disclosure Informa%on Destruc%on Malware Starts Spreading. WannaCry WannaCry exploits the system through a vulnerability in the Windows Server Message Block (SMB) file sharing protocol. Persistence is Achieved: HKCU\SOFTWARE\MicrosoW\Windows\CurrentVersion\Run \ Random HKLM\SOFTWARE\MicrosoW\Windows\CurrentVersion\Run \ Random ServiceName: mssecsvc2.0 ServiceName: 8-15lower 3number Files Are Encrypted. New infec%ons through the same vulnerability. A Different Malware Installed as a file system filter driver. Listen shared file ac%vity. Answer SMB requests on behalf of infected computer. Deliver the malware. Endpoint Analy%cs for Discovering Threats Processes U%lizing Network Ports Processes Crea%ng Network Traffic Bandwidth U%liza%on Analysis Network Connec%on Analy%cs Port Scan Detec%on Password Breach AHempt Detec%on Weak SNMP Creden%al Discovery Weak Windows Creden%al Discovery Malware Discovery Malicious Driver Discovery Malicious Service Discovery Malicious Startup Object Discovery Malicious Scheduled Task Discovery An%virus. Inventory Analysis for Discovering Threats Cri%cal Security Events (Delete Security Log, Change Group Membership etc.) Detec%on of Network Address Transla%on Through Virtualiza%on PlaAorms. Processes & Services. Installed SoWware. Real IP Address & Rogue DHCP & Sta%c IP Usage Detec%on Endpoint Analy%cs for Discovering Threats A Real Life Experience The malware infects the system. An updated an%virus sowware does not detect the malware. The malware starts to scan local user accounts on the computers in the same subnet gradually expanding scan range. The failed login event logs monitored from all endpoint trigger the threshold. The scanning source is blocked before infec%ng remote systems. A SOC Based on Big Data A big data based SOC PlaAorm can unify: SIEM Endpoint Analy%cs Incident Management Cyber Intelligence Monitoring Vulnerability Scanning Asset Discovery 13 Elas%cSearch ELK is built for speed and scale ELK delivers near instant results at massive scale. ELK is more highly- available and resilient ELK, HA is very simple to configure. ELK is applicable to a wide range of use cases, including Search and BI Many solu%ons can t handle unstructured textual data, e.g. tweets, s, documents, limi%ng the range of solu%ons. ELK is a flexible plaaorm truly designed for developers ELK s API s can be used to build an enterprise applica%on on top of it. ELK is easier to automate and monitor at scale due to embedded cluster management intelligence. 14 Elas%c Scalability Bloomberg Servers Daily 1.5 Billion, 1 TB Log Data Verizon Daily 10 Billion, Total 500 Billion Documents 128 Node Cluster Turkish Social Security Organiza%on Server Daily 750 GB Data Collec%on Goldman Sachs e- Trade Cisco NeAlix Uber Benefits of Big Data & Integra%on Search in 400 TB+ log data is real- %me. Correla%on & Trend Analysis is performed within longer %me spans. Machine learning algorithms can run with unmatched performance. The integrated plaaorm can enable the discovery of unknown processes crea%ng network traffic and automa%c termina%on, preven%ng major security risks. When an unknown process deletes a file in user documents it can be terminated. An applica%on on user PC creates a traffic to an unauthorized geographical loca%on. The applica%on can be killed immediately. Traffic to a malware/phishing site is detected and blocked immediately. Unifying asset discovery, SIEM and status monitoring can offer unprecedented centralized management. 16
Advertisement
MostRelated
View more
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x