SIEM tool is among some of the most complex security tools to manage and operate. Here in this learn about the key parameters which you can track to make your SIEM tool more effective:

1. Percentage reduction in False Positives/Negatives over a specified period of time:

These metrics track the maturity and effectiveness of SIEM tool rule sets. A SIEM rule-sets which is not properly defined can throw a lot of alerts in a day which overloads the available resources to analyse the alerts. Fine-tuning rule sets can reduce this number drastically and help you focus your resources on more genuine alerts.

2. Number of Redundant/Out-dated SIEM rule sets:

SIEM Rule sets are continuously updated with new rule sets. Over a period of time, some rules become redundant and obsolete. Redundant SIEM rule-sets pose management overhead and also poses difficulty in auditing. This can also be a security risk for the organisation. This metrics is tracked to optimise SIEM rule-set.

3. Ratio of Alerts triggered to Alerts remediated:

A mature SIEM program will generate only high fidelity alerts. If a SIEM tool is generating thousands of alerts every day with lots of false positives then it probably needs to fine-tune. This Metric gives you the idea about your organisation risk-score. Ideally, all the alerts generated by SIEM should be looked into by Analysts in a timely manner. Alerts triggered by SIEM solution if not followed and remediated on time can render SIEM program useless

4. Number of undocumented SIEM rules:

It is of utmost importance that all SIEM rules must be documented properly for audits. Ideally, the number of undocumented SIEM rules should be zero

5. Mean time to respond to security incidents:

The time interval between when an alert is generated and first response to it is initiated. This time should not be too long

6. Number of open incidents related to your critical assets (Devices, systems, applications and users):

SIEM tools can classify Alerts and incidents in respect to their criticality. If an incident is alert is raised and the device, user, endpoint and application in question handles critical business function or data then that should be remediated on a priority basis. This metric talks about the incidents that are critical in nature. Ideally, this metric should be zero as it leaves your organisation vulnerable to severe disruptions or data breach incidents.

Check out the Security Information and Event Management (SIEM) market within Product Comparison Platform to get more information on these markets.

With Ransomware attacks becoming increasingly frequent, we thought of putting together a list of technologies that can help organizations protect themselves against ransomware attacks. Please note that even though this blog discusses technology measures, this does NOT mean people & process are secondary. There’s no single technology that can protect against ransomware, and for effective defense a combination of technologies along with right processes and skilled security professionals is a must.  

Some of the well known RansomWare are CryptoLocker, Cyrptowall, Teslacrypt, Torrentlocker and CTB locker. Frequently attackers release new variants of Ransomware by tweaking and subtly changing lines of codes in most popular ones to avoid detection.  According to various research works, India ranks 3rd in the Asia and 9th worldwide among the countries affected by Malware attacks. The most affected being Banking and Pharmaceuticals sectors. A research team at Malwarebytes has identified LeChiffre, whose name means "encryption" in French, which caused millions of dollars of damages after infecting several banks and pharmaceuticals company. According to The Economic times, some companies have paid ransoms in millions of dollars after such attacks.

Here’s the Technology Stack for Ransomware Protection:

Technologies for Ransomware Prevention

Security Awareness & Training – One of the most effective ways to secure any organization. Continuous security training & simulations can help reduce the risk significantly.

Vulnerability Assessment & Patch Management – Continuous VA & Patch Management is a very effective measure. Remember if people had patched their Windows after Microsoft released the patch for EternalBlue, they’d be protected against WannaCry.

Perimeter Security

Email Security Gateways – Email being one of the most common channels used to spread malware, requires a strong focus. Organizations can also consider dedicated email ATP technologies from major security vendors.

Firewalls / Next Generation Firewalls – Well this is for basic hygiene, scan all traffic for malicious activity and block / alert when required. UTM is another option.

Web Security Gateways – Prevent drive by attacks and infections from visiting infected websites

Endpoint Security

Anti-Virus (AV) / Endpoint Protection Platforms (Next Gen AV if you like): Platforms based on machine learning will serve the purpose better than traditional ones. There are even dedicated Ant-Ransomware solutions out there.

Application Whitelisting – There are dedicated solutions out there for this, as well as AV solutions and OSes with this capability.

Port Control – Restrict USB access by using solutions like Group Policies

• Backup – A multitude of backup solutions exists, choose the one that suits your need so that you can quickly restore in case of an infection. Make sure that the backup is not infected. If taking cloud / network backup, do not map it as a network drive
• Network Sandboxing – Helps analyze malicious files / payloads if they bypass the perimeter controls or can augment perimeter security controls
• Network Segmentation / Micro-segmentation – A number of solution exists and infection in one segment will not spread to others if properly implemented

>>Free Report- Get Your Ransomware Risk Assessment

Browser Protection

Ad-Blocker – you probably already have this, check out the browser store in case you don’t have this.

Browser / Application Virtualization – Will prevent machine infections from malicious websites as the Application (Browser) is running in a virtual instance

Technologies for Ransomware Detection – i.e. Before you Seen the Demand for Bitcoins

Endpoint Detection & Response – Detect infections which have evaded your AV and other security controls

Honeypots & Deception Tech – Strategically placed decoys or honeypots (files, devices etc.) across the IT infrastructure can help detect ransomware before it causes any significant damage

File Integrity / Activity Monitoring (FIM) – Monitoring file integrity on devices can generate early warning signals to act on

Threat Intelligence (TI) – TI feeds fed into SIEM, IPS/IDS, Perimeter Security and other solutions can help provide both prevention and early detection of threats

SIEM – The one solution to rule them all, enough said

HIPS / IPS / IDS with Exploit Kit Detection – Some may have FIM capabilities built in

UBA / NBA – Behavioral analytics at network / endpoint level can provide early signals of possible infections

And of course, a number of APT Security / ATP / ATA Solutions.

In Cyber Security Maturity Report of Indian Industry (2017), we’ve researched the current cybersecurity maturity of Indian industry based on the kind of technical security controls they have in place against modern day attacks.

Cyber security is now a persistent business risk, across organizations of all size, large or small. To  secure businesses, you need to have in place a variety of security technologies along with skilled personnel and mature processes.

CyberSecurity Breaches & Impact

There has been a number of data breach and hacking incidents in 2017. Some of the them which has affected the industry in big way are as following:

• Zomato hacked: Security breach results in 17 million user data stolen Source: ET
• India based payment processing firms ElectraCard & enStage breached, Visa delists them. Source: TOI
• Data of about 3.2 million debit cards was lost in what is claimed to the India’s biggest breaches. SBI, HDFC Bank, ICICI, YES Bank and Axis were worst hit by the breach of the debit cards. Source: ET

India vs. World

As per, International Telecommunication Union’s (ITU) Global Cybersecurity Index (GCI) 2017 :

• India is ranked 23rd out of 164 Nations, with a score of 0.683
• Singapore & US are ranked 1 & 2 respectively, with a score 0f 0.925 & 0.919 respectively
• Singapore, Malaysia & Australia are the top three countries in Asia & Pacific Region

Key Findings

Some of the key findings from Cyber Security Maturity Report (2017) published by FireCompass are as following:

• Large Indian Banks and Telcos are the most mature with average score of  ~60% with Small Banks and Insurance are lagging far behind at ~45%
• Internal Technology Controls are primarily around prevention, with not sufficient measure implemented around detection & response
• Indian organizations are primarily compliance driven & reactive, with average security scores  hovering around ~50/ 100
• Response Capabilities across sectors is very poor, ranging between 25 to 40%
• Preliminary data on startup shows that the security maturity is abysmally low at around 8%

To Know more, you can download the full report from here

Source: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-R1-PDF-E.pdf

CyberSecurity Maturity of Indian Industries Show Grim Picture: Large Banks Score 61 & Online/FinTech Startups Score 8 (Out Of 100), As Per FireCompass Report

India, August 31, 2017 – FireCompass, a Cyber Security product company that specializes in security maturity assessment, has released industry’s first vertical wise maturity report for India. Based on extensive research of 200+ organizations from across India, FireCompass unveils report on CyberSecurity Maturity Score of Indian Industries.

Cyber Security is now a persistent business risk, across organizations of all sizes, large or small. To  secure businesses, an organization needs to have in place a variety of security technologies along with skilled personnel and mature processes. In this report, FireCompass has researched the current CyberSecurity maturity of Indian enterprises, based on the kind of technical security controls they have in place against modern day attacks.

Speaking on the launch of FireCompass CyberSecurity Maturity Report, Bikash Barai, Co-Founder of FireCompass and a serial IT Security technology entrepreneur said, “Management / Board are increasingly asking about the cybersecurity posture and the relative benchmark against industry peers, but so far we were not able to measure cybersecurity performance based on objective, quantitative data. Organizations traditionally have been using informal approaches to communicate security posture to the management/board, making it difficult to benchmark security across industry.”

He added, “FireCompass has standardized the approach and uses quantitative data to measure security posture across organizations. Based on this we’re pleased to launch the first report on cybersecurity performance of industry for India”. Barai earlier founded iViZ Security, an IT Security product company funded by IDG Ventures and later acquired by Cigital / Synopsys.

FireCompass has assessed 50+ data point of more than 200 organizations, both from an internal & external perspective to give a holistic view of security performance. NIST CyberSecurity Framework (promoted by USA government) was leveraged to classify the technology controls capabilities across 5 dimensions – Identify, Protect, Detect, Respond, Recover. The score is based on data on actual security controls implemented as well as open source security intelligence.

The scores are especially important for board / management to measure/benchmark their organization’s cybersecurity maturity, understanding gaps and building security roadmap. Such scores can also help insurance companies to calculate the cyber risk insurance premiums.

Research Methodology

• Online survey was conducted for which 200+ CISOs (or equivalent) in India responded, across verticals. Survey comprised questions around current technology controls in place and roadmap
• The scores were calculated based on the statistical models created by FireCompass based on NIST CSF

Key insights from the report

• Large Indian Banks and Telcos are the most mature in terms of CyberSecurity with Small Banks and Startups lagging far behind. Average industry scores are as follows:

• • Large Banks: 61%
  • Telco: 61%
  • Financial Services: 58%
  • IT/ITeS: 52%
  • Manufacturing: 51%
  • Insurance: 45%
  • Small Banks: 43%
  • Online Startups / FinTech: 8%

• Security investments have primarily been done around prevention technologies like Firewalls, AV etc., where as investments in detection & response capabilities  were largely neglected. Security should be designed considering that an organizations may be breached and there should be adequate preparedness to respond and recover from such breaches. Average scores are:

• • Prevention: 63%
  • Detection: 51%
  • Response: 30%

• Indian organizations are primarily compliance driven & reactive, with average security scores  hovering around ~50/ 100. India ranks 23 out of 164 countries in ITU’s Global CyberSecurity Index (2017).
• Response Capabilities is grossly neglected across sectors with very poor score, ranging between 3% to 40% and an average of 30%.
• Preliminary research on online startups show that the security maturity is abysmally low at around 8%. One of the major reasons for this is that FinTech & Online Startups are primarily focussing on Application Security, which covers only 5 out of the 25 capability areas, and have not focussed on rest of the 20 capability areas.

You can access the full report using the following link:

https://www.cisoplatform.com/profiles/blogs/cyber-security-maturity-report-of-indian-industry-2017

1000+ Products (Product Comparison Platform)

The product comparison platform is the world’s first AI-Assistant for CyberSecurity Strategy & Buying. It helps organizations to measure their CyberSecurity maturity for reporting to management/Board as well as creating their security strategy and roadmap. FireCompass also has detailed, granular data on capabilities of 1,000+ CyberSecurity products, which it leverages to assess the CyberSecurity posture of organizations as well as helping organization to choose the right technology for bridging the security gaps. More than 1,200 Enterprises across the globe uses FireCompass, which includes the 8 out Top 10 Indian Banks and 4 out of Top 5 Indian Telcos etc.

For more information, please visit: http://products.cisoplatform.com/security/home

Media Contact

Denise Bailey : contact@cisoplatform.com

Our Mission

Children are amongst the most vulnerable in the Cyber world and we believe It is time for us to do something for our next generation.

At CISO Platform community, we have taken on a mission to help the kids. We are creating "Kid's Cyber Safety Week" on June 4 -10 to help train kids and their parents.

We need you to help to realize our vision. It would be great if you could indicate your interest by volunteering.

For more details visit here : https://www.cisoplatform.com/page/kids-cyber-safety-initiative

Progress Report - Kids Cyber Safety November 2019

Community Contributors

• Sesanka Pemaraju (Director Enterprise Technology, ISB-Indian School Of Business) ,
• Lalit Kumar Jha (DGM-IT, GatiKwe)
• Sridharan (Ex-CISO, NCDEX) ,
• Gowdhaman Jothilingam (Senior IT Manager, LatentView Analytics),
• Kanika Jain (Ex-Lead IS Analyst, Target) , 
• Ashish Paliwal (Information Security Officer, Sony), 
• Nitin (School Contributor), Priyank Seth (Head IT, Midday Infomedia),
• Sudarshan Singh (CISO, Capgemini),
• Neha Vachhani (Information Security Analyst, IDFC Bank),
• Anuprita Daga (CISO, Reliance Capital) , Nabankur Sen (Ex-CISO, Bandhan Bank)
• Vijay, Nitin Bhogan (Head Risk Awareness, Mahindra SSG)
• more ( this list is partial)
• here is a link to our first training pilot in Mumbai: https://www.cisoplatform.com/m/blogpost?id=6514552%3ABlogPost%3A61832

Next Actions

• 3 Kids Cyber Safety Training in chennai local group
• 2 Kids Training in hyderabad group
• Create calendar of activities in remaining local groups and volunteers

Key Meeting Presentations & More

https://www.cisoplatform.com/profiles/blogs/securing-today-s-online-kids-rsa

https://www.cisoplatform.com/profiles/blogs/cyber-safety-training-for-young-students

https://www.cisoplatform.com/profiles/blogs/chennai-local-city-round-table-ciso-meet-kids

https://eforensicsmag.com/child-identity-theft-101-by-mark-neuzil/

[PPT] CYBER Safety Training For Young Students

The Chennai security community got together for their November meet. Here's the session learnings and documents. Glad to see the Chennai chapter growing. Downloadable document links are given under header 'Documents from meeting'. Or Click Here To Go to download

Agenda Sessions : 

1.Networking and High Tea
2.GDPR Session by Dhanasekaran
3.Open Source Intelligence Session By Gowdhaman
D4.iscussion on Cyber Security Initiative for Kids and planning for next meeting.

Minutes Of The Meeting

1.Next meeting will be on 19th Dec 2019. Topic: Zero Trust Security Model. Session By: A V S Prabhakar (FSS).Venue will be confirmed by Prabhakar Sir (TNQ)Vijay, Palani, Dhana, Srinivasulu ,
2.AVS Prabhakar other CISO's are interacting with schools and will be finalized by next week.
3.Prabhakar Sir has collected feedback on Kids cyber security Topic and Presentation.
4.Chennai CISO's are ready to create the awareness among students and have set of volunteers.

Presentations

By Community Members Gowdhaman Jothilin and Dhana Madaswamy

Mention Chapter Lead Sridharan

Download below

Documents From Meeting (Download)

Documents from the meeting are mentioned below. Click on the link to visit the individual document. At the bottom of each link, the document in excel version is available for download

P.S. Please login with your member details to view and download the meeting documents as this is for the community by the community

• OSINT Tools For CISOs - View here
• GDPR CISO Kit - View here
  • CISO Priorities for GDPR
  • GDPR Data Protection Survey
  • GDPR Program Management Checklist
  • GDPR Data Protection Impact

You can download all the documents by visiting each link. Each page will have a download link at the bottom

Register For Next Chennai Meet

1.Next meeting will be on 19th Dec 2019. Topic: Zero Trust Security Model. Session By: A V S Prabhakar (FSS). Venue will be Chennai 

You can register here

This talk will bring to us the current applications and future possible impacts of artificial intelligence in security. Sign up here

Key Points To Be Discussed : 

-AI & industry 4.0
-Brief intro AI, ML, IoT
-Security Evolution (AI related)
-Era Of Data
-AI use cases in security
-Building and deploying an intelligent security product

>> Register for webinar here

About Speaker : 

Subrat Panda, Capillary Technologies, Principal Architect AI & Data Sciences
He is currently working as a Principal Architect with Capillary Technologies where he is heading AI and Data Sciences teams which builds products in the Retail domain. Prior to this he worked with a bay area based food tech startup, Taro and as a Senior architect with Nvidia and as a research engineer with IBM. He completed his BTech(2002) and PhD(2008) in Computer Science from IIT Kharagpur. He is Co-Founder of IDLI(Indian Deep Learning Initiative). He has multiple patents and publications. He was previous SACON Speaker

>> Register for webinar here

How do tech companies manipulate the way people think? What would a top-secret Russian agency do to affect the outcome of the US presidential elections? Can systems today analyze people’s behavior to the point where they can predict every move they’ll make?

Watch Webinar : 

Key Points Discussed : 

-Privacy Mining will increase because of billions of IoT devices being connected every day. Combined with advanced psychologic research, this can be a very powerful tool for manipulating people's behavior.

-A Fake reality also poses a big threat to our future of privacy. Software, such as Deep Fakes, has the ability to use someone's facial structure and create fake videos featuring digitally created characters with an uncanny resemblance of real people, such as celebrities. This technology is so advanced, that our minds aren't sophisticated enough to comprehend the difference between real and fake data created by it, which leads to the next point

-We are entering a trust crisis. Trust is the foundation for innovation and technological advance. If people don't trust autonomous cars - they won't use them; if people don't certain websites - they won't read their news; Without trust, we cannot move forward, which is why we need to raise awareness about the dark future of privacy.

About Speaker : 

Menny is an internationally known cybersecurity expert and evangelist of innovation. He is a strategic adviser to leading enterprises around the world, as well as States and Governments and sits in the advisory board of several startup companies. Menny is also a co-founder of ALiCE, an AI Cyber Security Startup, co-founder at FortyTwo Global, Cyber Security Professional Services (Israel), and co-founder at FortyTwo R&D Labs (India). Additionally, he is the CTO of the Interdisciplinary Cyber Research Center at Tel-Aviv University. Furthermore, he is a former CISO in the intelligence services of the Israeli Defense Forces (Capt. Res.) and worked at the leading Israeli banking group in various positions including the head of the IT Audit Department

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets.

What Will You Learn ?

• Why It Happened ?
• Audit Recommendation From Office of Inspector General
  
• Detailed Audit Report By Inspector General, NASA

Read the complete report here

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets.

What Will You Learn ?

• Why It Happened ?
• Audit Recommendation From Office of Inspector General
  
• Detailed Audit Report By Inspector General, NASA

Read the complete report here

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do an attack surface analysis for an organization to have a know-how of all the access and assets.

What Will You Learn ?

• Why It Happened ?
• Audit Recommendation From Office of Inspector General
  
• Detailed Audit Report By Inspector General, NASA

Read the complete report here

Breaches are at all time high. In this webinar learn the do's and don't of handling breach disclosure. Best practices of how to set up a bounty program . How to respond to responsible disclosures? Do's and Don'ts and learning from the industry.

Key Points To Be Discussed:
-How to build a vulnerability disclosure program?
-What are various types of vulnerability disclosures programs?
-When and when NOT to have a bug bounty program?
-Do's and Don'ts for handling a breach disclosure

Presentation Slides : 

Full Webinar Video :

Watch The Webinar Video (By Section)

(Part 1) : Publicly Available Breach Risk Information

(Part 2) : How To Handle A Breach Disclosure

Meet the best security minds & learn @ SACON

This presentation will address all the relevant information about default security postures achieved by using the -aaS model. This session will be a unique opportunity to hear from Murray Goldschmidt, renowned DevSecOps expert, explaining the key items to achieve a secure deployment from build through ongoing continuous deployment, particularly for CI/CD DevOps environments

Key Points To Be Discussed:
-Learn the no-cost or low-cost measures to put in place immediately to secure their -aaS deployments.
-Understand where commercial products provide capability, particularly for container security.
-Understand the weaknesses of public cloud PaaS defaults—examples provided for AWS and Azure. Pre-Requisites:AWS and Azure PaaS offerings.

About Speaker :
Murray Goldschmidt is the Co-Founder and Chief Operating Officer at Sense of Security, now celebrating 18 years in business. He is an industry-recognized information security expert, particularly for agile and cloud, and is seen as the region’s thought leader on successful automated security integration for DevOps environments (DevSecOps). Articulate and eloquent, with extensive experience, Goldschmidt is a high-profile speaker, providing candid, unbiased and to-the-point media commentary for both enterprise and consumer cyber security trends, attacks and issues. Along with a degree in electrical engineering, he holds CISSP, IRAP and PCI QSA certifications.

Presentation Slides : 

Full Webinar Video : 

Meet the best security minds & learn @ SACON

RBI & SEBI has recently notified the Banks and Stock Brokers/Depository Participants and published a cyber security framework to be deployed. Here is a consolidated learning compiled by us and you can also access the detailed frameworks from here

>> Access The RBI & SEBI Cyber Security Frameworks for Banks and Stock Brokers/Depository Participants

Top Learning From RBI Cyber Security Framework For Banks

• Cyber Security Policy to be distinct from the broader IT policy / IS Security Policy of a bank
• Arrangement for continuous surveillance
• IT architecture should be conducive to security
• Comprehensively address network and database security
• Ensuring Protection of customer information
• Cyber Crisis Management Plan
• Cyber security preparedness indicators
• Sharing of information on cyber-security incidents with RBI
• Supervisory Reporting framework
• An immediate assessment of gaps in preparedness to be reported to RBI
• Organisational arrangements
• Cyber-security awareness among stakeholders / Top Management / Board

Baseline Cyber Security and Resilience Requirements

Baseline Controls

• Inventory Management of Business IT Assets
• Preventing execution of unauthorised software
• Environmental Controls
• Network Management and Security
• Secure Configuration
• Application Security Life Cycle (ASLC)
• Patch/Vulnerability & Change Management
• User Access Control / Management
• Authentication Framework for Customers
• Secure mail and messaging systems
• Vendor Risk Management
• Removable Media
• Advanced Real-time Threat Defence and Management
• Anti-Phishing
• Data Leak prevention strategy
• Maintenance, Monitoring, and Analysis of Audit Logs
• Audit Log settings
• Vulnerability assessment and Penetration Test and Red Team Exercises
• Incident Response & Management
• Risk based transaction monitoring
• Metrics
• Forensics
• User / Employee/ Management Awareness
• Customer Education and Awareness

Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

Key Responsibilities of SOC could include:

• Monitor, analyze and escalate security incidents
• Develop Response - protect, detect, respond, recover
• Conduct Incident Management and Forensic Analysis
• Co-ordination with contact groups within the bank/external agencies

Detailed information on points that need to be considered, expectations and key requirements are mentioned. It is very illustrative cover here, kindly access the framework for this. Further details on people, process, external integrations are also mentioned.

>> Access The RBI & SEBI Cyber Security Frameworks for Banks and Stock Brokers/Depository Participants

Top Learning From RBI Cyber Security Framework For Primary (Urban) Cooperative Banks (UCBs)

• Need for a Board approved Cyber Security Policy
  • Cyber Security Policy to be distinct from the IT policy/IS Policy of the UCB
  • IT Architecture/Framework should be security compliant
  • Cyber Crisis Management Plan
• Organisational Arrangements
• Cyber Security awareness among Top Management/Board/other concerned parties
• Ensuring protection of customer information
• Supervisory reporting framework

Top Learning From SEBI Cyber Security & Cyber Resilience Framework For Stock Brokers / Depository Participants

• Governance
• Identification
• Protection
  • Access Control
  • Physical Security
  • Network Security Management
  • Data Security
  • Hardening of Hardware and Software
  • Application Security in Customer Facing Applications
  • Certification of off the shelf products
  • Patch management
  • Disposal of data, systems and storage devices
  • Vulnerability Assessment and Penetration Testing (VAPT)
• Monitoring and Detection
• Response and Recovery
• Sharing of Information
• Training and Education
• Systems managed by vendors
• Systems managed by MIIs
• Periodic Audit

The above pointers are just a gist of the overview, the details involve looking into infrastructure and setting up processes. We suggest you read the detailed frameworks and consult a security analyst. Here's a free 30 Minutes analyst consultation to ensure your security readiness for RBI & SEBI

>> Check Your RBI & SEBI Readiness (Free Analyst Consultation)

We wanted to share an alert with all the community members

Yesterday HCL data Breach was made public by a security research organization which is now in news. We wanted to share some best practices on how to handle such situations


Dos & Don'ts On How To Handle Such Situations

• Create A Public Page: Create a public page on how researchers can disclose vulnerabilities and breaches to your organization. Create a hall of fame or rewards program.
  
  
• Respond And Engage: Respond and engage with researchers who disclose breach or vulnerability. 
  
  
• Appoint Headed Security Persons: Appoint headed security persons to interact. In our past experience when we disclosed such breaches in several cases we found that folks who were in denial mode and sometime rude to researchers. We need to be tactful not create new enemies. There are already a lot of them :)
  
  
• Do It Jointly: If such disclosing organizations requests for press release then do it jointly so that you can control the messaging
  
  
• Conduct Proactive Measures: Conduct proactive measures to know your attack surface and discover such exposures and breaches before it gets known to others

BTW, We are hosting a webinar on 'How to handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Disclosures and more..' Here is the link to join: Webinar

>> Sign Up for webinar on 'How to handle breach disclosures'

In recent past there have been some major breaches and some key reasons responsible for the breach were Shadow IT, Leaked Credentials, 3rd Party/Vendor Risks. Major breaches happened, like American Express, Uber, Dropbox, Dunkin Donuts, British Airways & many more. FireCompass product & their research team continouosly monitor the web (surface,deep,dark) to understand the leaked credentials, pattern of data loss etc... this webinar talks about teh shocking results they found from their 12 months of monitoring.

We were excited to have the head of engineering, FireCompass (Jitendra Chauhan) with us sharing with us insights from his team's 12 month monitoring of the hidden internet that led to some shocking results.

(Webinar) Key Points Of Focus :
- Major causes of recent breaches
- Results from indexing the deep, dark & surface web
(Exposed database, Leaked passwords, Code leaks, Open cloud resources, Exposed network services)

Watch Webinar

Speaker : Jitendra Chauhan, Head Of Engineering, FireCompass

If you want to learn more about the exposed attack surface, types of sensitive data these are exposing and how you can help to mitigate this problem contact FIRECOMPASS

The RSAC Innovation Sandbox Contest brings out cybersecurity’s boldest new innovators who have made it their mission to minimize infosec risk. Each year, 10 finalists grab the spotlight for a three-minute pitch while demonstrating groundbreaking security technologies to the broader RSA Conference community. Over the past five years, the contests top 10 finalists' have received over $2.05 billion in investments. (Source : RSA Conference)

RSA Innovation Sandbox is one of the platform where information security startups can showcase their research and innovation. For the past 14 years, it is working as interface for cybersecurity companies to promote their new technology and connect with venture capitalists, industry veterans and experts at RSA Conference. In the past five years alone, the RSAC Innovation Sandbox Contest’s top 10 finalists have collectively seen 14 acquisitions and have received over $2.2 billion in investments. “A key trend among this year’s RSAC Innovation Sandbox Contest finalists was machine-based security and automation, which emphasizes just how critical it is to develop solutions that will increase response times to outpace modern cyber-crime,” said Linda Gray Martin, Director & Chief of Operations of RSA Conference. (Source : Business Wire)

This year, out of 10 finalists, RSA Conference awarded Axonius as the Most Innovative Startup 2019 with their innovative solution for cyber security asset management.

Process Of Selection

This year RSA Innovation Sandbox team is working with WSJ Pro Cyber Security as Exclusive media partner. In the final round of the contest, each finalist has to give a presentation to jury panel (a team of industry experts). Jury team includes Hugh Thompson (Program Committee, RSA Conference), Asheem Chandra (Partner, Greylock Partners), Gerhard Eschelbeck (Vice President Security and Privacy Engineering, Google), Nillofar Razi Howe (Senior Vice President and Chief Strategy Officer, RSA Corp.), Patrick Heim (Operating Partner and Chief Information Security Officer, ClearSky), Paul Kocher (Entrepreneur/Researcher). For more information about the current standing status and funding of the past finalists of RSA Innovation Sandbox, visit the RSAC Innovation Sandbox Leaderboard.

Top 10 finalists of RSA Innovation Sandbox 2019

Axonius- Named as “RSAC Most Innovative Startup 2018”

Axonius is the cybersecurity asset management platform that lets IT and Security teams see devices for what they are to manage & secure all. They are based out of Tel Aviv, Israel

Arkose Labs- Runner up at RSAC Innovation Sandbox 2018

Arkose Labs solve multimillion-dollar fraud problems for the world’s most targeted businesses with zero friction to users. They are based out of San Francisco, California

Capsule 8- is an information technology company that develops real-time zero-day attack detection at production scale. They are based out of Brooklyn, New York, United States

Cloud Knox- provides a single platform that manages the entire identity privilege lifecycle across any private and public cloud infrastructure. They are based out of Sunnyvale, California, United States

Disrupt Ops- is building a platform to bring unprecedented insight, control, and expertise into your cloud environment. They are based out of Kansas City, Missouri, United States

Duality Technologies- addresses the rapidly growing need of enterprises across regulated industries to collaborate on sensitive data. Duality’s award-winning SecurePlus platform enables secure analysis and AI on encrypted data, deriving insights from sensitive data without exposing the data itself. The groundbreaking technology also protects valuable analytics models from exposure to external collaboration parties during computations. They are based out of Israel

Eclypsium- provides technology that helps organizations defend their systems against firmware, hardware, and supply chain attacks. They are based out of Portland, Oregon, United States

Salt- The Salt API Threat Protection solution discovers APIs, detects vulnerabilities and provides prioritized insights to eliminate risk. They are based out of Palo Alto, California, United States

ShiftLeft- delivers a new model for protecting cloud or data center hosted software.They are based out of Santa Clara, California, United States

Wirewheel-is a software company that revolutionizes data privacy and protection as-a-service for companies. They are based out of Arlington, Virginia, United States

References

Source: RSA Blog https://www.rsaconference.com/events/us19/agenda/innovation-sandbox-contest

Get free access to the presentations by Dr. Phil Polstra, Wayne Tufek, Madhu Akula, Anant Shrivastava, Shomiron Das Gupta, Wasim Halani, Sahir Hidayatullah, Sudarshan Pisupati & more. SACON is one of the largest Security Architecture Conferences in APAC region. With over 500+ participants, this was the 6th edition of SACON and here are a few highlights we wanted to share with you. It was held on 15-16th Feb, Bangalore, India. All sessions were workshop style with 3-4 hours or 6-8 hours of hands on training.

We had with us Top Security Industry Leaders who helped SACON with great content. For more details visit: sacon.io

>> Pre-Register for SACON 2020

01. Cloud Pentesting (Anant Shrivastava)

This session includes Understanding attack surface of AWS, Azure, GCP, OpenStack.....Abusing cloud storage, Forensic analysis, Understanding & attacking IAM & much more

>> Pre-Register for SACON 2020

Meet the best security minds & learn @ SACON

02. Automated Defense Using Cloud Services For AWS, Azure, GCP (Madhu Akula)

This session includes environment setup using automated playbook, cloud provider account configuration, hardened elastic stack, configuring cloud infrastructure, centralized monitoring system, attack pattern analysis & detection, attack monitoring dashboards, SSH-brute force, AWS cloudwatch, AWS cloudtrail logs, AWS lambda, Container logs to defend Kubernetes security attacks(GCP), Content management system audit analysis (Azure) & more

>> Pre-Register for SACON 2020

Meet the best security minds & learn @ SACON

03.Practical Threat Hunting Using Open Source Tools (Wasim Halani & Shomiron Das Gupta)

This session was co-presented by 2speakers.

The first part by Wasim Halani included fundamentals, threat hunting approaches, elastic stack primer (elastic search, log stash, kibana, beats), concepts (nodes & cluster, index & shards, documents, fields, logstash), Logstash (configuration, plugins), GROK (basics,example), Kibana (examples), Filebeat, Winlogbeat, Demo (Investigating logs, creating visualizations, analysing data), Use Case.

The second part by Shomiron Das Gupta included the open source aspect of threat hunting - triggers for threat hunt, analytics (tools & techniques), phases in threat management life cycle, attach navigator (Mitre,Deep Panda, Lazarus Group, Inferencing (forward/reverse), building playbooks for standard threat hunt & more

>> Pre-Register for SACON 2020

Meet the best security minds & learn @ SACON

04.Linux & Windows Forensics (Phil Polstra)

This includes building a toolkit for digital forensics, live response analysis (data analyzying, detecting incident), preparing for dead analysis (memory image, filesystem images), FAT filesystems, NTFS filesystems, file analysis (slack space, file signature, recovery), registry, windows artifacts, memory analysis & more

>> Pre-Register for SACON 2020

Meet the best security minds & learn @ SACON

05.Practical Security Architecture (Wayne Tufek)

It includes a method of designing a security architecture brings together the following: Sherwood Applied Business Security Architecture (SABSA), Intel’s Threat Agent Risk Assessment (TARA), Lockheed Martin’s Cyber Kill Chain and threat driven approach, Mandiant’s M-Trends report, Verizon’s Data Breach Investigations Report, ASD Essential 8 and Mitre’s Adversarial Tactics, Techniques & Common

>> Pre-Register for SACON 2020

Meet the best security minds & learn @ SACON

06. Active Deception For Red & Blue Team (Sahir Hidayatullah & Sudarshan Pisupati)

Includes deception techniques for red team and counter-deception for blue teams. Techniques include that used in office files (MS Office), executable trusted files, scripts, active directories (groups, SPNs, ACLs) credentials (windows, SSH, AD), databases (credentials & more), host and enterprise applications, designing deception, wireless deception, identification, rapid deployment at scale using WMI & PowerShell

>> Pre-Register for SACON 2020

Meet the best security minds & learn @ SACON

07.IoT Network & Ecosystem Security Attacks & Secure Design (Sumanth Naropanth)

Includes attacking of IoT ecosystems, and learning how to securely design such platforms to prevent the demonstrated attacks. Students will learn to analyze the architecture of IoT market products from a security perspective, and using specialized hardware & software tools, perform hands-on security assessments, including packet capture/manipulation/injection in wireless sensor networks (WSN) and Bluetooth/BLE communication channels.

>> Pre-Register for SACON 2020

Meet the best security minds & learn @ SACON

Recently, you might have heard in news about COSMOS Bank, a 112-year old cooperative bank in India and the second largest in the country being hacked and crores were siphoned off. The bank lost 940 million (94 Crores) due to this breach on 11th & 13th August.

As per reports, the fraudulent transactions were carried out on August 11 and August 13 and the malware attack by the hackers originated in Canada, Cosmos Bank chairman Milind Kale told. In the first attack on August 11, using stolen card details, approximately Rs 78 crore was withdrawn in transactions in 28 countries. This included around 12,000 Visa card transactions. On the same day, approximately, Rs 2.5 crore was withdrawn through 2,800 debit card transactions in India at various locations. On August 13, the hackers transferred Rs 13.94 crore into an account in the Hang Seng Bank in Hong Kong by initiating a SWIFT transaction."In two days, hackers withdrew a total Rs 78 crore from various ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India, and another Rs 2.5 crore were taken out within India," he said. It was observed that unusual repeated transactions were taking place through Visa and Rupay cards used at various ATMs for nearly two hours .

This report gives you an understanding of the COSMOS hack, how it happened, a detailed technical analysis, learning from it & more

What Will You Find In The Report ?

• Learn the hack fundamentals & how the breach happened ?
• A detailed technical analysis of the breach
• Top 7 key learnings from it

>> Download The Complete Report

Defining The Scope

• Embedding human security as a part of organization culture
• Empowering and enabling every individual

Understanding The Attack Surface & Risks

• Expansion of attack surface due to merging of official and personal spaces
• Non-obvious attack surface – IoT, BYOD
• Agentless malware
• Spear phishing
• Management is more vulnerable
• Identity theft
• 3rd and Vendor’s people risk
• APT/Ransomware
• Insider threats
• Complacency as a major cause

Strategies / Principles

• Getting management alignment …and budget
• Utilize Training budget
• Define responsibilities set the KRAs/KPIs
• Specialized training especially for the top management

Framework (In PPT)

Parameters include Identify, Protect, Detect, Respond, Recover

Identify

• Process
  • Identify most vulnerable users and key person
  • Compromise assessment
  • Red teaming with social engineering
  • Take audit and incident inputs
  • Metrics Program
• Technology
  • Phishing simulating technology
  • Vulnerability/Threat scanning for users, bad domains, spear phishing
  • Regular measurement and reporting

Protect

• DMARC/DKIM/SPF
• Awareness/Training
• Anti-APT
• Anti-Spear phishing solutions
• MFA

Detect

• Detect incidents
• UEBA/UAM
• Honeypots/Deception
• SOC/SIEM
• Actionable Threat intel (Internal+External)
• Email security solutions
  • Sandboxing, AI, Threat intel sources, ease of management,Spam filters, Geo-tagging
  • Ease of reporting/Multi channel
• Web filtering

Respond & Recover

• Crisis management training+playbook+simulations
• Breach reporting and compliance reporting
• BCP/DR testing
• IR playbooks specific to human centrics attacks
• Continuous Backups+resotration
• Email forensics
• Compromise assessment
• Cyber insurance

Detailed Presentation