Abstract image of a woman sitting on books and studying on a laptop

comesa cybersecurity

Download as PPT, PDF
Cade Zvavanjanja, profile picture
Cade Zvavanjanja

This document discusses zero-day attacks, which exploit unknown vulnerabilities that have no patch. It begins with key terms, then describes the anatomy and methodology of zero-day attacks. Countermeasures are discussed, as well as the economics of cybersecurity and questions from attackers. On average, zero-day attacks last 8 months, allowing theft of valuable assets before detection. They are heavily used in targeted attacks due to the advantage over targets. Overall the document provides an overview of zero-day attacks and potential strategies to secure against unknown threats.

1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Zero day attacks anatomy & countermeasures By Cade Zvavanjanja Cybersecurity Strategist
Question? • How do you secure against something Your security system can’t capture, your experts don’t know , your vendors don’t know and the tech community doesn’t know? ~ Which is only known by the attacker(s)!
Outline: • Key terms • Anatomy of Zero days • Attack methodology • Zero day attack(s) Countermeasures • Way forward • Economics of cybersecurity • Q & A • References
Key term(s): • Zero-day exploits are cyber-attacks against software/hardware vulnerabilities that are unknown and have no patch or fix.
Introduction: •Traditional security tools rely on malware binary signatures or the reputation of outside URLs and servers. By definition, these defenses identify only known, confirmed threats. •At the same time, operating system-level protections such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) are becoming less effective
Intro Cont…. •An attacker can easily hijack a legitimate website to bypass a blacklist. •Code morphing and obfuscation techniques generate new malware variants faster than traditional security firms can generate new signatures. •And spam filters will not stop lowvolume, targeted spear-phishing attacks. •ASLR bypassing methods to neutere once- effective safeguard.
Intro Cont…. • Zero day attacks are rising in prominence • They tend to be behind the most devastating attacks these days • Generally used by very high end criminals and nation states • You usually don’t know about the attack unless there are other indicators
Key term(s)
Lifespan of Zero-day: •typical zero-day attack lasts an average of eight months—and can last close to three years in some cases. That gives attacks ample time to steal organizations’ most valuable assets and leave before anyone knows what happened. •Not surprisingly, zero-day exploits are heavily used in targeted attacks. These secret weapons give attackers a crucial advantage over their targets.
comesa cybersecurity
Zero Day Anatomy
Introduction
Threat landscape:
Countermeasures:
comesa cybersecurity
comesa cybersecurity
Way Forward
Economics of Cybersecurity
• What is the ratio between events received and action taken? • What is the efficacy level in the events & incidents you identify (i.e. the real cyber attack event to false positive ratio)? • How many cycles do you iterate through to get from an event(s) to an action; is it timely and cost efficient? (Can you rank the processes/tools you leverage today in terms of man-hours and skills required to get to to action?)
• Do you align, prioritize and qualify events against against business goals and impact (How many cycles does this take)? • Make the assessment using the framework & success criteria below to evaluate the key time and cost multipliers in your event/incident security process, so you can validate the economic value that comes from the processes and tools you leverage today, to see which are effective and which are not?
Q& A: Thank You Cade Zvavanjanja Director - Zimbabwe Cybersecurity Center cadezvavanjanja@gmail.com +263 773796365
References •Zero Day Malware Threat Prevention Ensuring Document Safety with Outside In Clean Content Oracle brief | july 2015 •The Best Defenses Against Zero-day Exploits for Various-sized Organizations SANS I September 21st 2014: David Hammarberg •http://www.trapx.com/wp-content/uploads/2015/02/Anatomy-of- Attack__Zombie-Zero.pdf •http://www.industryweek.com/rockwell-connected-industrial-enterprise/cyber- threats-hiding-targeting-valuable-assets • Internet Security Threat ReportInternet Report Symatic, APRIL 2016 •https://www2.fireeye.com/rs/848-DID-242/images/wp-zero-day-danger.pdf • k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks •A Review on Zero Day Attack Safety Using Different Scenarios 2015 Harshpal R Gosavi and Anant M Bagade •Detection and Prevention of Unknown Vulnerabilities on Enterprise IP Networks IJRITCC | February 2015, Vincy Rose Chacko • Regulating the zero-day vulnerability trade: a preliminary analysis 2014: mailyn fidler

More Related Content

PPT
Cyber Security 2016 Cade Zvavanjanja1
Cade Zvavanjanja
 
PPTX
Cyber Threat Intelligence Solution Demonstration
SurfWatch Labs
 
PPTX
Security Analytics Beyond Cyber
Phil Huggins FBCS CITP
 
PDF
Enumerating your shadow it attack surface
Priyanka Aash
 
PPTX
6 Steps for Operationalizing Threat Intelligence
Sirius
 
PPTX
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs
 
PDF
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
PPTX
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
SurfWatch Labs
 
Cyber Security 2016 Cade Zvavanjanja1
Cade Zvavanjanja
 
Cyber Threat Intelligence Solution Demonstration
SurfWatch Labs
 
Security Analytics Beyond Cyber
Phil Huggins FBCS CITP
 
Enumerating your shadow it attack surface
Priyanka Aash
 
6 Steps for Operationalizing Threat Intelligence
Sirius
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs
 
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
SurfWatch Labs
 

What's hot (20)

PPTX
How to Mitigate Risk From Your Expanding Digital Presence
SurfWatch Labs
 
PDF
Vulnerability management - beyond scanning
Vladimir Jirasek
 
PPTX
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
PPTX
Threat intelligence in security
Osama Ellahi
 
PPTX
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
PPTX
Your cyber security webinar
Intergen
 
PPTX
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 
PDF
Proactive Defense: Understanding the 4 Main Threat Actor Types
Recorded Future
 
PPTX
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
SurfWatch Labs
 
PDF
4 Rules for Successful Threat Intelligence Teams
Recorded Future
 
PDF
Pitfalls of Cyber Data
Phil Huggins FBCS CITP
 
PDF
Cyber Threat Intelligence
ZaiffiEhsan
 
PPTX
Roadmap to security operations excellence
Erik Taavila
 
PDF
Top 6 Sources for Identifying Threat Actor TTPs
Recorded Future
 
PPTX
Ethical hacking concept-Part 1
Saurabh Upadhyay
 
PDF
Chapter 15 incident handling
newbie2019
 
PDF
Threat Intelligence Tweaks That'll Take Your Security to the Next Level
Recorded Future
 
PDF
Improve Your Threat Intelligence Strategy With These Ideas
Recorded Future
 
PPTX
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
SurfWatch Labs
 
PDF
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24
 
How to Mitigate Risk From Your Expanding Digital Presence
SurfWatch Labs
 
Vulnerability management - beyond scanning
Vladimir Jirasek
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
Threat intelligence in security
Osama Ellahi
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Mark Arena
 
Your cyber security webinar
Intergen
 
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Recorded Future
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
SurfWatch Labs
 
4 Rules for Successful Threat Intelligence Teams
Recorded Future
 
Pitfalls of Cyber Data
Phil Huggins FBCS CITP
 
Cyber Threat Intelligence
ZaiffiEhsan
 
Roadmap to security operations excellence
Erik Taavila
 
Top 6 Sources for Identifying Threat Actor TTPs
Recorded Future
 
Ethical hacking concept-Part 1
Saurabh Upadhyay
 
Chapter 15 incident handling
newbie2019
 
Threat Intelligence Tweaks That'll Take Your Security to the Next Level
Recorded Future
 
Improve Your Threat Intelligence Strategy With These Ideas
Recorded Future
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
SurfWatch Labs
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24
 
Ad

Similar to comesa cybersecurity (20)

PDF
What Role Do Zero-Day Vulnerabilities Play In Modern Security Solutions?
Rion Technologies
 
PDF
Glasswall - How to Prevent, Detect and React to Ransomware incidents
Dinis Cruz
 
PDF
What is a Zero-Day Exploit Understanding the Threat of Unknown Vulnerabilitie...
uzair
 
PPTX
Battlefield network
Tal Be'ery
 
PDF
Stopping zero day threats
Zscaler
 
PDF
What Is a Zero-Day Vulnerability? How It
BORNSEC CONSULTING
 
PDF
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
PPTX
Janitor vs cleaner
John Stauffacher
 
DOCX
Zero-Day Vulnerability and Heuristic Analysis
Ahmed Banafa
 
PPTX
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
PPTX
Taking the Attacker Eviction Red Pill [updated]
Frode Hommedal
 
PDF
Zero Day Vulnerabilities: A threat to security.
chrish87
 
PPTX
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
Frode Hommedal
 
PDF
Cehv8 module 01 introduction to ethical hacking
Mehrdad Jingoism
 
PPTX
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PDF
CSF18 - Guarding Against the Unknown - Rafael Narezzi
NCCOMMS
 
PDF
The Aftermath: You Have Been Attacked! So what's next?
Albert Hui
 
PPTX
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
Skybox Security
 
PDF
Cyber security series advanced persistent threats
Jim Kaplan CIA CFE
 
PDF
Check point 2015-securityreport
EIINSTITUT
 
What Role Do Zero-Day Vulnerabilities Play In Modern Security Solutions?
Rion Technologies
 
Glasswall - How to Prevent, Detect and React to Ransomware incidents
Dinis Cruz
 
What is a Zero-Day Exploit Understanding the Threat of Unknown Vulnerabilitie...
uzair
 
Battlefield network
Tal Be'ery
 
Stopping zero day threats
Zscaler
 
What Is a Zero-Day Vulnerability? How It
BORNSEC CONSULTING
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
North Texas Chapter of the ISSA
 
Janitor vs cleaner
John Stauffacher
 
Zero-Day Vulnerability and Heuristic Analysis
Ahmed Banafa
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Taking the Attacker Eviction Red Pill [updated]
Frode Hommedal
 
Zero Day Vulnerabilities: A threat to security.
chrish87
 
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
Frode Hommedal
 
Cehv8 module 01 introduction to ethical hacking
Mehrdad Jingoism
 
zero day exploits
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
NCCOMMS
 
The Aftermath: You Have Been Attacked! So what's next?
Albert Hui
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
Skybox Security
 
Cyber security series advanced persistent threats
Jim Kaplan CIA CFE
 
Check point 2015-securityreport
EIINSTITUT
 
Ad

More from Cade Zvavanjanja (9)

PPT
Cade zvavanjanja saigf cybercrime & security online
Cade Zvavanjanja
 
PPT
Cade zvavanjanja iot afigf online
Cade Zvavanjanja
 
PPT
A case for multi-stakeholder cybersecurity by zvavanjanja
Cade Zvavanjanja
 
PDF
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Cade Zvavanjanja
 
PPT
Cloud computing & service level agreements
Cade Zvavanjanja
 
PPT
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
PPT
Introduction to IT Security
Cade Zvavanjanja
 
PPTX
Gainful Information Security 2012 services
Cade Zvavanjanja
 
PDF
Top online frauds 2010
Cade Zvavanjanja
 
Cade zvavanjanja saigf cybercrime & security online
Cade Zvavanjanja
 
Cade zvavanjanja iot afigf online
Cade Zvavanjanja
 
A case for multi-stakeholder cybersecurity by zvavanjanja
Cade Zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Cade Zvavanjanja
 
Cloud computing & service level agreements
Cade Zvavanjanja
 
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
Introduction to IT Security
Cade Zvavanjanja
 
Gainful Information Security 2012 services
Cade Zvavanjanja
 
Top online frauds 2010
Cade Zvavanjanja
 

comesa cybersecurity

  • 1. Zero day attacks anatomy & countermeasures By Cade Zvavanjanja Cybersecurity Strategist
  • 2. Question? • How do you secure against something Your security system can’t capture, your experts don’t know , your vendors don’t know and the tech community doesn’t know? ~ Which is only known by the attacker(s)!
  • 3. Outline: • Key terms • Anatomy of Zero days • Attack methodology • Zero day attack(s) Countermeasures • Way forward • Economics of cybersecurity • Q & A • References
  • 4. Key term(s): • Zero-day exploits are cyber-attacks against software/hardware vulnerabilities that are unknown and have no patch or fix.
  • 5. Introduction: •Traditional security tools rely on malware binary signatures or the reputation of outside URLs and servers. By definition, these defenses identify only known, confirmed threats. •At the same time, operating system-level protections such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) are becoming less effective
  • 6. Intro Cont…. •An attacker can easily hijack a legitimate website to bypass a blacklist. •Code morphing and obfuscation techniques generate new malware variants faster than traditional security firms can generate new signatures. •And spam filters will not stop lowvolume, targeted spear-phishing attacks. •ASLR bypassing methods to neutere once- effective safeguard.
  • 7. Intro Cont…. • Zero day attacks are rising in prominence • They tend to be behind the most devastating attacks these days • Generally used by very high end criminals and nation states • You usually don’t know about the attack unless there are other indicators
  • 9. Lifespan of Zero-day: •typical zero-day attack lasts an average of eight months—and can last close to three years in some cases. That gives attacks ample time to steal organizations’ most valuable assets and leave before anyone knows what happened. •Not surprisingly, zero-day exploits are heavily used in targeted attacks. These secret weapons give attackers a crucial advantage over their targets.
  • 19. • What is the ratio between events received and action taken? • What is the efficacy level in the events & incidents you identify (i.e. the real cyber attack event to false positive ratio)? • How many cycles do you iterate through to get from an event(s) to an action; is it timely and cost efficient? (Can you rank the processes/tools you leverage today in terms of man-hours and skills required to get to to action?)
  • 20. • Do you align, prioritize and qualify events against against business goals and impact (How many cycles does this take)? • Make the assessment using the framework & success criteria below to evaluate the key time and cost multipliers in your event/incident security process, so you can validate the economic value that comes from the processes and tools you leverage today, to see which are effective and which are not?
  • 21. Q& A: Thank You Cade Zvavanjanja Director - Zimbabwe Cybersecurity Center cadezvavanjanja@gmail.com +263 773796365
  • 22. References •Zero Day Malware Threat Prevention Ensuring Document Safety with Outside In Clean Content Oracle brief | july 2015 •The Best Defenses Against Zero-day Exploits for Various-sized Organizations SANS I September 21st 2014: David Hammarberg •http://www.trapx.com/wp-content/uploads/2015/02/Anatomy-of- Attack__Zombie-Zero.pdf •http://www.industryweek.com/rockwell-connected-industrial-enterprise/cyber- threats-hiding-targeting-valuable-assets • Internet Security Threat ReportInternet Report Symatic, APRIL 2016 •https://www2.fireeye.com/rs/848-DID-242/images/wp-zero-day-danger.pdf • k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks •A Review on Zero Day Attack Safety Using Different Scenarios 2015 Harshpal R Gosavi and Anant M Bagade •Detection and Prevention of Unknown Vulnerabilities on Enterprise IP Networks IJRITCC | February 2015, Vincy Rose Chacko • Regulating the zero-day vulnerability trade: a preliminary analysis 2014: mailyn fidler