how malops changes the game for secops and apt objective
play

How MalOPS Changes the Game for SECOPS and APT objective Case - PowerPoint PPT Presentation

Dec 01, 2023 •542 likes •742 views

How MalOPS Changes the Game for SECOPS and APT objective Case overview blackhole & APT case illustrating gap between OPS for malware vs. APT Moving toward success Visibility, Intelligence, Response Outcome-based metrics

  1. How MalOPS Changes the Game for SECOPS and APT

  2. objective • Case overview – blackhole & APT case illustrating gap between OPS for malware vs. APT • Moving toward success – Visibility, Intelligence, Response™ – Outcome-based metrics for MalOPS / APT

  3. @j_j_thompson • Hoosier native, Hawkeye alum • Former EY smoke jumping team (OCA) • ISC2 Indy, CISSP • (2) x RTW • 1.5M amex pts, 30K aa miles last month • Quadrupling size of SOC!!!! • Entrepreneur, husband, father. Infosec, cybercrime, intelligence & management consultant. Into mountaineering, hunting, fishing, shooting, photo & tactical gear. Don't blink.

  4. definitions – see next slide • APT • Hacking • Malware

  5. THIS IS CALLED HACKING case 2 - apt • Case overview – blackhole & APT case illustrating gap between OPS for malware vs. APT • Moving toward success – Visibility, Intelligence, Response™ – Outcome- based metrics™ for MalOPS / APT

  6. THIS IS APT 0. demand Wiift ? what’s in it for them? To be Promoted to a cyber Warfare unit? To make Money? To be famous? You tell me. What did your last risk assessment show would be valuable to ___ based on _____ (scenarios)?  THIS IS PART OF WHAT A RISK ASSESSMENT DOES.

  7. THIS IS CALLED MALWARE case 1 - malware • Case overview – blackhole & APT case illustrating gap between OPS for malware vs. APT • Moving toward success – Visibility, Intelligence, Response™ – Outcome- based metrics™ for MalOPS / APT From bromium.com

  8. case 1a - malware • Palo detected bh2*.jar • Policy in place, grab machine, analyze. SLA: 15m • Ran redline, gmer, sophos, kaspersky , … • Re- built user’s machine • Wish list?

  9. case 1b - malware • AL detected bh2*.jar • Alerted local IT, ran AV, nothing. • 2 hr spent on packet analysis proving not a FP • Local team asks us not to send tickets • Local team unplugs AL • Wish list?

  10. case 2 - apt • Alerted by FBI • Kernel level, blackout on HDD timeline • Compromised accounts and points of persistence • Known data exfil, visualized via netflow • Massive response effort boatloads of IOCs

  11. to success and beyond – Visibility, Intelligence, Response™ • How do you detect malware? APT? • What is the context around it that changes the approach? • How do you respond appropriately based on threat, adversary, and data at risk? – Outcome-based metrics for MalOPS / APT • Measure only if it will result in an action or change of strategy

  12. Visibility, Intelligence, Response™

  13. intelligence

  14. response

  15. response

  16. response Sanitized excerpts from Rook’s SOC Threat Classifications Table more obtained at www.rooksecurity.com

  17. response CASE: SEA targeted probe to sensitive server INCIDENT PRIORITIZATION & COMMUNICATION DATA CLASSIFICATION CATEGORY of THREAT of TARGET INTEL on ATTACKER

  18. Outcome-based metrics • Measure only if it will result in an action or change of strategy

  19. ASK questions @j_j_thompson rooksecurity.com jj@rookconsulting.com 888.712.9531

Recommend

#MicroFocusCyberSummit ArcSight is an Open Architecture for SecOps Marius Iversen KPN ZM OPS

#MicroFocusCyberSummit ArcSight is an Open Architecture for SecOps Marius Iversen KPN ZM OPS

#MicroFocusCyberSummit ArcSight is an Open Architecture for SecOps Marius Iversen KPN ZM OPS TRS Security Services Contents Introduction Business Use Cases 01 05 What makes API Important? Open Source Initiatives 02 06 ArcSight Logger

228 views • 22 slides
e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and

e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and

e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and Learning Outcomes Feedback to date and evaluation plans Game Style Game style encompasses two genres of game o Platform game fast action

575 views • 22 slides
e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and

e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and

e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and Learning Outcomes Feedback to date and evaluation plans Game Style Game is a detective game where the player investigates microbial problems.

572 views • 19 slides
Cell-fie Grace Ling Overview Objective: Gamify learning in biology and chemistry Game

Cell-fie Grace Ling Overview Objective: Gamify learning in biology and chemistry Game

Cell-fie Grace Ling Overview Objective: Gamify learning in biology and chemistry Game Type: Virtual Reality role-playing and simulation Goal: Usage in educational institutions ranging from middle schools to high schools

254 views • 21 slides
Cell-fie Grace Ling Overview Objective: Gamify learning in biology and chemistry Game

Cell-fie Grace Ling Overview Objective: Gamify learning in biology and chemistry Game

Cell-fie Grace Ling Overview Objective: Gamify learning in biology and chemistry Game Type: Virtual Reality role-playing and simulation Goal: Usage in educational institutions ranging from middle schools to high schools

596 views • 20 slides
SKULLS OF THE SHOGUn AI POST-MORTEM Background SKULLS OF THE SHOGUN CONSTRAINTS GAME MECHANICS

SKULLS OF THE SHOGUn AI POST-MORTEM Background SKULLS OF THE SHOGUN CONSTRAINTS GAME MECHANICS

SKULLS OF THE SHOGUn AI POST-MORTEM Background SKULLS OF THE SHOGUN CONSTRAINTS GAME MECHANICS - Units GAME MECHANICS - Resources GAME MECHANICS - TERRAIN GAME MECHANICS - Advanced ABILITIES 1 st sKULL Objective Evaluation Pathfinding 1 st

446 views • 27 slides
Kanban Tetris Game instructions Objective: Build Walls for our Customers Acceptance Criteria

Kanban Tetris Game instructions Objective: Build Walls for our Customers Acceptance Criteria

Kanban Tetris Game instructions Objective: Build Walls for our Customers Acceptance Criteria Walls are 32 wide Only the wall face matters blocks can hang out the back of the wall Maximize the Contiguous Area Step 1:

210 views • 16 slides
1 What a Game is Not Outline A bunch of cool features What is a Game? Necessary, but

1 What a Game is Not Outline A bunch of cool features What is a Game? Necessary, but

Outline What is a Game? The Game Development Genres Process: Genres What is a Game? (1 of 4) What is a Game? (2 of 4) Movie? Movie? No interaction , outcome fixed Toy? Toy? Puzzle? No goal , but still fun!

512 views • 4 slides
Rally-Owl Overview of Rally-Owl Game This game is based off of Rally-X The goal of the game is

Rally-Owl Overview of Rally-Owl Game This game is based off of Rally-X The goal of the game is

Rally-Owl Overview of Rally-Owl Game This game is based off of Rally-X The goal of the game is to collect all 10 flags before losing all your lives The game makes use of a horizontally and vertically scrolling map This game implements a

101 views • 8 slides
Eric Rasmusen, Erasmuse@indiana.edu. http://www.rasmusen The essential elements of a game are

Eric Rasmusen, Erasmuse@indiana.edu. http://www.rasmusen The essential elements of a game are

Eric Rasmusen, Erasmuse@indiana.edu. http://www.rasmusen The essential elements of a game are players , actions , payoffs , and information . These are collectively known as the rules of the game , and the modellers objective is to describe a

682 views • 25 slides
Game interoperability with functors functor AgsFun (structure Game : GAME) :> sig structure

Game interoperability with functors functor AgsFun (structure Game : GAME) :> sig structure

Game interoperability with functors functor AgsFun (structure Game : GAME) :> sig structure Game : GAME val bestmove : Game.config -> Game.Move.move option val forecast : Game.config -> Player.outcome end where type Game.Move.move =

247 views • 22 slides
X4 Nick Maggini X4 - The Game The classic game of Connect Four or Four-in-a-Row. Game

X4 Nick Maggini X4 - The Game The classic game of Connect Four or Four-in-a-Row. Game

X4 Nick Maggini X4 - The Game The classic game of Connect Four or Four-in-a-Row. Game board is 7x6 Two player game, each get a color Players alternate until four tokens of the same color make a line Stalemates are possible

891 views • 13 slides
The name of the game: BASKIN ITALY https://www.youtube.com/watch?v=yttF1D_C9ok Game Basics Type

The name of the game: BASKIN ITALY https://www.youtube.com/watch?v=yttF1D_C9ok Game Basics Type

The name of the game: BASKIN ITALY https://www.youtube.com/watch?v=yttF1D_C9ok Game Basics Type of the game: Ball game Character of the game: Competitive Aim of the game: To score more points and goals than the opponent team. Number of players:

333 views • 6 slides
Android & iOS on the edge of Qt and Java/Objective-C Maciej Wglarczyk Android & iOS

Android & iOS on the edge of Qt and Java/Objective-C Maciej Wglarczyk Android & iOS

Android & iOS on the edge of Qt and Java/Objective-C Maciej Wglarczyk Android & iOS on the edge of Qt and Java/Objective-C About me Cracow, Poland Graduated from AGH-UST with MSc in CS 6+ Qt years Game industry

545 views • 33 slides
LIBERTY BIKES An online game for 1-4 players Built on microservices What is Liberty Bikes? What

LIBERTY BIKES An online game for 1-4 players Built on microservices What is Liberty Bikes? What

LIBERTY BIKES An online game for 1-4 players Built on microservices What is Liberty Bikes? What is Liberty Bikes? Objective: be the last player alive Join a game by entering a code Bikes move at the same speed Each round

456 views • 27 slides
Pre-Game More Than the Game Don Harkey, CEO People Centric Consulting Group Springfield, MO

Pre-Game More Than the Game Don Harkey, CEO People Centric Consulting Group Springfield, MO

Pre-Game More Than the Game Don Harkey, CEO People Centric Consulting Group Springfield, MO Pre-Game Last Chance U Season 5 Pre-Game Dior Walker-Scott Laney College Star WR Pre-Game Great work ethic Team player Great

746 views • 61 slides
WILDLANDS OBSTACLE AVOIDANCE ANTHONY HERRON AND MAHFOUDH BATARFI GOAL We wanted to create a

WILDLANDS OBSTACLE AVOIDANCE ANTHONY HERRON AND MAHFOUDH BATARFI GOAL We wanted to create a

WILDLANDS OBSTACLE AVOIDANCE ANTHONY HERRON AND MAHFOUDH BATARFI GOAL We wanted to create a game that is easy to pick up and play. The game is supposed to be played mostly for exploring the world. The objective in the game is to

375 views • 15 slides
Introduction to Game Programming Steven Osman sosman@cs.cmu.edu Introduction to Game

Introduction to Game Programming Steven Osman sosman@cs.cmu.edu Introduction to Game

Introduction to Game Programming Steven Osman sosman@cs.cmu.edu Introduction to Game Programming Introductory stuff Look at a game console: PS2 Some Techniques (Cheats?) What is a Game? Half-Life 2, Valve Designing a Game Computer

1.37k views • 59 slides
COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from

COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from

COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from Objective-C Objective-C Behavior in Swift Classes IMPORTING OBJECTIVE-C INTO SWIFT APPLE FRAMEWORKS No additional setup required! import UIKit import

339 views • 22 slides
Game theory (Ch. 17.5) Announcements Midterm Thursday Game theory Typically game theory uses a

Game theory (Ch. 17.5) Announcements Midterm Thursday Game theory Typically game theory uses a

Game theory (Ch. 17.5) Announcements Midterm Thursday Game theory Typically game theory uses a payoff matrix to represent the value of actions The first value is the reward for the left player, right for top (positive is good for both) Game

738 views • 30 slides
Game Concept Build the game Battleship on embedded hardware Build the game Battleship

Game Concept Build the game Battleship on embedded hardware Build the game Battleship

Battleship Marc Howard, Dan Aprahamian Apoorva Gade, Shihab Hamati Game Concept Build the game Battleship on embedded hardware Build the game Battleship on a computer Get the two versions of the game to communicate via Ethernet

437 views • 14 slides
Interactive Media and Game Development Introduction Outline What is a Game? Genres

Interactive Media and Game Development Introduction Outline What is a Game? Genres

Interactive Media and Game Development Introduction Outline What is a Game? Genres The Game Industry Game Timeline Development Teams 1 What is a Game? (1 of 3) Movie? (ask: why not?) no interaction , outcome fixed

650 views • 35 slides
Business Rongkai Guo Game Business? Having experiences with a big game company is always

Business Rongkai Guo Game Business? Having experiences with a big game company is always

Business Rongkai Guo Game Business? Having experiences with a big game company is always great! How many of you did think about working as an individual game designer? What you need to do as a junior/senior game design college

303 views • 16 slides
SPECIAL PRESENTATION Winning The Losers Game Harish Kawalkar Investing is not One Game

SPECIAL PRESENTATION Winning The Losers Game Harish Kawalkar Investing is not One Game

SPECIAL PRESENTATION Winning The Losers Game Harish Kawalkar Investing is not One Game Simon Ramo identified the crucial difference between a Winner's Game and a Loser's Game in his excellent book on playing strategy, Extraordinary Tennis

382 views • 37 slides

More recommend