Professional Documents
Culture Documents
Complex…
Who is good, and who is bad?
In short: It’s all about “Cats vs. Rats.”
Scratchy: CFO
4
Types of Malware
Man in the Middle
Spoofing & Reflected (DDoS)
ICMP Vulnerabilities (SMURF ATTACK)
TCP SYN Flooding
SQL INJECTION
Vectors of an Attack
Physical Digital
• Intel Gather
• Surveil • Scan
• Pick • Assess
• Force • Exploit
• Conceal • Persist
• Persist
Converged •
•
Propagate
Exfiltrate
Attack Converged
attacks are most
Social effective and most
• Targeted Phishing difficult to thwart
• Conning Guards/Staff
• Impersonation
• Phone Phishing
• Create Spies
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Tools Used – By Attackers
The Kill Chain
Focus on Methodology,
Not Tools!
• Original work by Lockheed Martin
–Inspiration from military kill chain
• Model describing structure of attack
• Note that attackers are not legally bound to
follow the exact model ….
• Still useful to understand stages of attacks
–Instead of focusing on specific exploits
*http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf
Zero-Day Attack
Perimeter Enterprise Network
(Inbound)
2 Reconnaissance and
Network Traversal
1 Infiltration and
Backdoor establishment
CnC Server
Attacker
5 Data
Admin Node 3 Exploitation and
Exfiltration
Perimeter Privilege Elevation
(Outbound) Staging and
4 Persistence (Repeat 2,3,4)
Key Point: Integrate Your Defenses
• Avoid silos!
• Cooperation between:
• Security
• Network
• Desktop/Clients
• Active Directory
• IoT
• Training
• …
Next-Gen Security Infrastructure Must Address…
PROTECTION VISIBILITY MITIGATION AUTOMATION
Stay ahead of View the network Detect and contain after Respond quickly with
the evolving threat holistically and compromise has integrated defense
landscape heuristically already occurred systems
0
1
1
1
0
1110011 110011 101000 011 1110011 0
110011 101000 011
1
0
0
1
1
1
0
Cybersecurity Goals
• Confidentiality =
Protect sensitive data
• Integrity =
Ensure no unauthorized modifications
• Availability =
Authorized people can access it
Assets, Vulnerabilities, and Countermeasures
Network Vulnerability
Vulnerabilities
• Weakness in system
• Configuration error, missing patch,
design flaw, etc.
• Signature security defend attacks
(exploiting)
against vulnerabilities. Examples IPS,
Anti-Virus
Many Targets to Consider
HQ
HQ
Branch Network
Users
Cloud
Data Center
Admin
Roaming Users
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
IoT Challenges
Patch Delays