Professional Documents
Culture Documents
RT Zero Day Attacks - May 2013
Uploaded by
StkiCopyright
Available Formats
Share this document
Did you find this document useful?
Is this content inappropriate?
Report this DocumentCopyright:
Available Formats
RT Zero Day Attacks - May 2013
Uploaded by
StkiCopyright:
Available Formats
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax.
972-97442444
-
Zero Day Attacks
3102
02 1
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
,
Round Table .Zero Day Attacks
" .
.
"".
zero day .
. ,
, . ,
.
. ,
.
.
,
2 ........................................ ................................ ................................ ................................
6 ......................................... ................................ ................................
8 ............ ................................ ................................ ................................
9 ................ ................................ ................................ ................................
/zero day 01 ......................................... ................................ ................................
STKI 02 ........................................ ................................ ................................
02 ..................................... ................................
02 ........... ................................ ................................ ................................ WE
01 .................................. ................................ ................................ Prodware
01 .................................... ................................ ................................ Mobisec
01 ..................................... ................................ ................................
09 ............. ................................ ................................
31 ............ ................................ ................................ ................................ HP
0 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
:
)0
)3
)2
)1
-Cyber terror ,
.
-Cyber warfare (
) , ( ) , ,
( , ,
).
-Cyber crime , ,
,/ , .
-Cyber security ,
( / /).
, ( hacking )
, ( / /).
see security :
:
.i
- Distributed Daniel of Service Attack -DDOS .
DDOS ,VPS
" ( , , ').
3 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
.ii
-Advanced Persistent Threat -APT " " ,
, .
,
, .
.iii
-Zero day attack
( ) ' ' ,
. , -
4 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
. , ,
.
,Zero-Day
.dark net , ,
, , '.
.iv
-Rootkit ( )kit
" "Root .,
Rootkit
, ( Rootkit-
) . .
,
ANTI VIRUS,FW,IPS .
.
5 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
.
buzzword
. . DDOS
.
"" .
DMZ
' .
.
. ,
. ,
.3G
,
, . .
.
. .
, .call center ,
, - ?
.
6 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
. 1
, .
.
.
FW
.
. , ,
.
, .
.
.
. ,.
21 .
.
" . .
.
. ,
.
" " . . ,
" ,ARBOR .
. .
.
.
FW .
- , ,.help desk
. SWAT-NAC
, , fireye .
.
.
. , " , "
.31/1 .
.
?
. .
7 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
buzzword . .
.
.
.penetration test .
, .cyber arm , ,
, ,
.
. ,
. .
. . ,
.
.
.
.
. .
, ,
. " .
.
. .
auditing .
DB . , SIEM
.
. .
,
,
.
, .
,
. .
. ,
31 .
8 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
,
.
. 5 .
.
. .
. .false positive
. .checkmarks
.
.
.
- .
, . ,
.
"
,PDF PPT .
. ,
. .
. ,
. . ,
, -
. ! , ,
. .
.
. , . ,
, .
.
.
cyber sense .
honeypots . .
" .
.
.
9 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
/zero day
, .
- . ,
, DNS ,
.
.
.
, .
. " .
SIEM SOC.
.
. ,
. '
. , .
.
.AV.IPS,FW :
? , .DLP
? netwitness
. light
cyber .
.
,zero day patches
. .
zero day DLP .
. .
.DDOS
.
patches - 3-2 .
.
patches .
.
patch
. , fireeye
. , .
, .
12 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
"" thin client fireeye [ . -
fireye
?] .
zero day .
sourcefire ,IPS ,FW
.
. . ,IPS
. , SIEM .zero day
. " , ,ISP
. " . ,
" -
"?
ISP
netwitness . , .light cyber
.
SIEM . zero day
.
,VDI whitelist
. HP
. .IT
- SOC .
.
, , .
.
" [ ?] .
. "
. " .
.
IP . .
, .
- .
. ,
. ,
.WAF 011%
. , .
.
11 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
. ,
. .
.
. ,
. denial of service
. zero day .
.
. "
. .
. whitelist .
.
.
.
. .
.fireeye
websense ,sandbox .sandbox DLP
.zero day segregation of ,
,duties . Sourcefire
snort .
.
.
network access control NAC .
.SWAT penetration test
.
10 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
STKI
WE
: dori@we-can.co.il 1532329111
!We ,Post Prevention
\
. ,
.
,
.
( ,)/DBIR 2013 http://www.verizonenterprise.com/DBIR/2013
11,111 , 66%!
.
13 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
( ,)SIEM
,
.
, 01,111 " ECAT -
/http://www.siliciumsecurity.com .
/https://www.damballa.com
" Sandbox ,DNS
01 .
Prodware
: - abentolila@prodware.fr 1123111110
ERP , CRM , SharePoint IT ,
, .
.
, ,
.
, Cyber ,
.
Mobisec
: lior@sourcefire.com 1511215619
, '',
( )spyware ( .)rootkit
, ( .)APT
,
.
, , :
?
14 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
AMP Advance Malware Protection
Sourcefire
, endpoint
windows( .Android- MAC .)iOS -
Sourcefire " "
( )Fingerprinting ( , ,
) ?
? ?
\ .
Sourcefire .
:
.0
.3
.
.
.2
Sandboxing 111-
.1
Sandbox .
.
.5
AMP- ()Outbreak Control
. :
/
( Group Policy Control )Real-time User Awareness-
Whitelisting "" ( Homegrown
.)Applications
Blacklist
,
/ " :
,
Zero Day , ,
.
,
. ""
", " Attack Chain
( ) Sandbox
.
15 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
( ,)Attack Chain
.
, Verizon 2012 Data Breach Investigations ( 3103
)Report ,
.
, "
" .
, . .
.
,
. ,
(. )Forensic
.
" \ \
"?
, ,
. ?
? ,
.. ,
? ?
( ,
) .
, .
, ,
? ? ? .
, ,
.
, , ,
,
,
, ' ' . ,
16 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
, .
:
?
- IOC - Indicator Of Compromise , .
.
"" VM
.0
( )SANDBOX
DNS ( ,
.3
DNS , )
.2
WiresharkDEBUG
.1
( )CA
,
GATEWAY ,
, () silver bullets
. .
.
: , ,',151-3318156 :
ShlomiBo@tangram-soft.co.il :
.
Zero Days
.
17 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
( )APT Auditing ,
,
.
, QRadar
IBM. QRadar
( NetFlow,SFlow .)JFlow- ,
QFlow )DPI (Deep Packet Inspection
( VLAN ,Spooler
81 )HTTP .VFlow
Baseline ,
.
(
) .
( )SOC .
, " "
, .
.
.
, , ""
" ( ,
) , -
'
-.
, ,
, , ,
.
,
.
,
/ .
: , , , , ,
, , , , ,
, , , , , ,
.
18 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
: , ,'153- :
6158211stabib@johnbryce.co.il :
: 151-1111926 nirsha@taldor.co.il ,
,
05 .
, ,
Zero Day , ,
( - )
.
,
Zero Day ,
05- .
, , Zero Day
,
, (,
, )
.
, Visibility
() ,
, , Kernel-
rootkit 'Bot , ,
,
.
,
,
, ,
PS .
19 02
Moshav Bnei Zion P.O.Box 151, 60910 Israel Tel. 972-9-7907000 Fax. 972-97442444
HP
: 052 4840866 Eyal.dali@hp.com
HP TippingPoint Zero Day Initiative
zero day Intrusion Prevention
. ,Intrusion Prevention
. ,
.
IPS- ,
.
FW/IPS
( ) .
.
,
().
TELUS /
. Assurant ( ) Microsoft
. Active (MAPP). MAP
, ,
.
>-.
,
.
Frost & Sullivan
. ,
.
HP TippingPoint 2-
.
. HP TP
. /
.
02 02
You might also like
- Team Extension and Re-SourcingDocument7 pagesTeam Extension and Re-SourcingStkiNo ratings yet
- Idm 2018Document17 pagesIdm 2018StkiNo ratings yet
- The Next Wave of RPADocument7 pagesThe Next Wave of RPAStkiNo ratings yet
- Cloud Center of ExcellenceDocument4 pagesCloud Center of ExcellenceStki100% (1)
- Converged / Hyper Converged 2017Document5 pagesConverged / Hyper Converged 2017StkiNo ratings yet
- Output ManagementDocument7 pagesOutput ManagementStkiNo ratings yet
- CV-of Jimmy's Students 2016 PDFDocument12 pagesCV-of Jimmy's Students 2016 PDFStkiNo ratings yet
