Article submitted by Suryanarayanan K, ,Central Bank Of India

Phishing attacks are one of the most common security challenges that both individuals and organizations face in keeping their information secure. Phishing is the attempt to obtain sensitive information such as usernames, passwords, credit/debit card details etc., often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to the legitimate one. Also phishing emails may contain links to websites that are infected with malware.

One of the effective method to assess the awareness level among staff is to conduct phishing drill wherein a phishing mail will be sent to the mail ids of staff. The mail can have a link (intranet link) where staff will be prompted to fill in certain details. Subsequent analysis like number of staff opened the mail, number of staff clicked on the link provided, number of staff provided the details asked etc. will help in assessing the awareness level. It is to be ensured that no critical/sensitive information is collected from them, to avoid any type of possible misuse of the same.

Such a drill was conducted recently in the organization, details of which are as follows :

• A webpage in organization’s intranet server has been created for inputting the details by staff.
• A separate temporary mail server, outside organization’s domain, has been created for sending the mail to all staff. The domain used was different but looking similar to actual domain.
• A mail was sent to all staff (wherever mail ids available), asking certain details and requesting them to provide the details by clicking the link provided in the body of the mail. Though the information sought was not so critical (considering the possible misuse of the same), there was some sort of urgency created in the mail, like any other actual phishing mails do.
• The drill was very successful in the sense that nobody could recognize that this is an exercise conducted by the organization.

Summary of response by staff in this regard is as follows :

• Some of the staff have reported the receipt of the mail to their controlling offices and also to CISO through mail/phone and requested to confirm the genuineness of the mail.
• Some of the offices have advised the offices/staff under their control that it is a fraudulent mail and not to provide the information asked in the mail.
• Some of the staff reported the receipt of the mail to the incident response team of the organization.
• Some of the staff reported that the link is not opening at their end for providing the required details, which indicates that they will end up with providing the details if the link is opened.
• A good portion of staff from various offices across the country have clicked the link and provided the details.

Observations/findings from the drill are as follows :

• A good portion of the staff are aware of such phishing mails and the harm associated with it. They are aware that such mails are not to be responded.
• A major portion of the staff are not aware of such phishing mails. Considering the urgency mentioned in the mail, they have provided the details asked in the mail. Also they could not identify the difference in the domain name used for sending the mail.
• Since certain departments/staff have alerted the branches under their control, most of the branches/officials have not submitted the details. If the exercise was to a targeted group, say branches only, then the number of staff clicking the link and submitting the details may be more.

Considering the above, there is a need to improve the awareness level among staff, on a continuous basis.

An advisory with special reference to the phishing drill conducted with instructions regarding what they are supposed to do on receipt of such mails has been sent to all staff subsequently.

This gives a glimpse of Advanced Security Operations Centre (SOC) Features & Technical Capabilities. This document is not explicit, it assumes you have…

This was presented at SACON and speakers explain subjects in detail during sessions for deeper understanding. Next sessions are in order, you can pre-register/register for special deals and/or notifications here . You can check out the complete presentation here

Advanced Security Operations Centre (SOC) Features

• Threat Assessment & Hunting
  
  
  • Knowing threats & adversaries
  • Their tools & methods
  • Critical assets for targets
  • Existing controls & weaknesses
  • Monitoring presence, IOC,Management & Hunting

• Threat Intelligence
  
  
  • Internal threat intelligence
  • External threat intelligence
  • Application of threat intelligence
  • Automated consumption of threat intelligence (automated SIEM rules/runbook)

( Do More : Workshops on SOC, Threat Intelligence, Threat Hunting, Incident Response. To get notifications on the workshop session, keynote speaker etc. Register here )

• Situational Awareness
  
  
  • Context and enrichment
  • Visibility

• Security Analytics
  
  
  • Behavioral profiling for users & systems
  • Database searches & statistical modeling, reporting & visualization
  • Forensics capability

( Read more : Security Incident & Event Management (SIEM) Framework For Product Evaluation )

Advanced Security Operations Centre (SOC) - Technical Capabilities

• Data collection capabilities & compliance benefits of log management
• The correlation, normalization and analysis capabilities of SIEM (Security Incident & Event Management)
• The network visibility and advanced threat detection of NBAD (Network Behaviour Anomaly Detection) and user behaviour anomaly detection (UBA) by machine learning
• The ability to reduce breaches and ensure compliance provided by Risk Management
• The network traffic and application content in sight afforded by Network Forensics
• The automation of Incident Response by Artificial Intelligence/ Run Books
• IOC /  VM Management by Threat Intelligence
• Reporting & Visualization provided by Presentation Layer

SIEM as a platform should be a truly integrated solution built on a common codebase, with a single data management architecture and a single user interface.

Did you know you could compare all SOC/SIEM products and vendors on a single platform instantly ? 

You could compare and discover the SIEM products here.  FireCompass is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. Grab your FREE Account Now (For a Limited Time ONLY)………Claim Your Free Account Now By Signing Up

Do write to us at pritha.aash@cisoplatform.com if you'd like us to cover some topics, we'll add it to our research plan.

This gives a glimpse of how 'Machine Learning & Analytics' can be used for Threat Detection. This document is not explicit, it assumes you have prior knowledge of the subject, therefore only pointers have been mentioned.

This was presented at SACON and speakers explain subjects in detail during sessions for deeper understanding. Next sessions are in order, you can pre-register/register for special deals and/or notifications here . You can check out the complete presentation here

Dissecting Detection Systems

• Signature Based
• Anomaly Engines
• Analytics Workbench
• Learning Systems

Why Do We Need Analytics ?

• Cyber Security Refresh Rate
• Custom Payloads From Attackers
• Servers Not The Target
• Speed With Volume

Learning Systems

• Heuristic Learning
  
  
  • Virus Detection , OS Rootkit
• Anomaly Engines
  
  
  • DDoS Detection, Protocol Obfuscation, Malformed Data Streams, Application Breach
• Spot / Baseline / Profiles
  
  
  • Unordered action - new rule, new device, long dead user, database user event
• Time Series Analytics
  
  
  • DDoS, Flow Outliners, Protocol Breach, Zombies
• Classifiers
  
  
  • SPAM, Botnets, Authentication Anomalies
• Unassisted Learning
  
  
  • SPAM, DNS Detection, L2 Attacks

When is Machine Learning Working ?

• Credible / Clean training data
• Positive and timely feedback
• Picking the right features
• Consistent feature variations
• Consistent data pattern

Where Does Machine Learning Work ?

• DNS Based Detection
• DDoS/ Traffic Anomaly
• SPAM Mail Filters
• Authentications
• Application Modeling
• Threat Intelligence

Machine Learning Is Fading

• Variance Challenge
• The "state dataset" problem
• Mass labelling
• Complex selection challenges

How To Get Started With Machine Learning ?

• Programming in R /Python
• Data platforms - Splunk, DNIF
• Infrastructures - Generic Hadoop, Hortonworks

Did you enjoy reading this? This was presented at SACON. Great security minds from the world come together to present and conduct workshops on Threat Detection, Threat Hunting, IoT Security, Incident Response, Cyber Range Drills & more at SACON - International Security Architecture Conference. Check out this year's session plan here .

You can also tweet to us by tagging @CISOPlatform or #SACON and let us know what workshops you think should be added to help today's security builders ?

Components of Google BeyondCorp

Device & Hosts

• Device : Collection of physical & virtual components that act as computer. Eg. PC, Server, VMs

• Host : Snapshot of a device state at a given point of time. Eg. Device might be a mobile phone, while a host would be specifics of operating system and software running on the device.

Device Inventory Service

• Contains information on devices, hosts and their trust decisions

• Continuously updated pipeline that imports data from a broad range of sources
  
  
  • System management source : Active directory, Puppet, Simian
    
    
  • On-device agents, CMS, Corporate Asset Management
    
    
  • Out-of-band-data source: vulnerability scanners, certificate authorities, network infrastructure elements (eg. ARP tables)
    
    
  • Full or incremental data set
    
    
  • Google's scale : Initial phases ingested billions of deltas from 15+ data sources at 3 million data per day totalling to 80 Terabytes
    
    
  • Retaining historical data allowed Google to understand end-to-end life cycle of a device, track & analyze trends, perform security audits & forensic analysis

Tiered Access

• Trust levels are organised into tiers and assigned to each device by the trust inferer
  
  
• Each resource is associated with minimum trust tier required for access
  
  
• To get access, each device's trust tier assignment must be >= resource's trust tier
  
  
• Trust inferer also supports network segmentation effort by dynamically assigning VLAN based on device state
  
  
  • Eg. A device without adequate OS patch level becomes untrustworthy and hence assigned to a quarantine network

>> Check full details of Google's BeyondCorp Architecture & Components in the presentation here by Arnab Chattopadhayay, Senior Director. It was earlier presented at SACON - International Security Architecture Conference.

Google's BeyondCorp Architecture (Image)

Architecture shown above includes:

• Devices
  • cell installer
  • configuration mgmt agent
  • patch & inventory agent
• Certificate authority
• Configuration Mgmt Services
• Patch Mgmt Services
• Asset Mgmt
• Directory Services
• Network Infrastructure
• Vulnerability Scanners
• Inventory Service

Did you enjoy reading this? Great security minds from the world come together to present and conduct workshops at SACON - International Security Architecture Conference. Check out this year's session plan here

Interested to deliver a talk? Fill in Call For Speakers here

Here's a small classification of Types Of Threats In Application Threat Modeling. This was earlier presented in SACON (International Security Architecture Conference) by Nilanjan De [Multiple patents, Zero Day Discovery, Co-Founder at FireCompass]

Types Of Threats :

• Network
• Host
• Application

Threat Against The Network

• Information Gathering
  
  
  • Port Scanning
  • Using trace routing to detect network topologies
  • Using broadcast requests to enumerate subnet hosts
• Eavesdropping
  
  
  • Using packet sniffers to steal passwords
• Denial Of Service (DoS)
  
  
  • SYN floods
  • ICMP echo request floods
  • Malformed packets
• Spoofing
  
  
  • Packets with spoofed source addresses

Threats Against The Host

• Arbitrary Code Execution
  
  
  • Buffer Overflows In ISAP DLLs (eg. MS01-033)
  • Directory Traversal Attacks (MS00-078)

• File Disclosure
  
  
  • Malformed HTR requests (MS01-031)
  • Virtualized UNC share vulnerability (MS00-019)

• Denial Of Service (DoS)
  
  
  • Malformed SMTP requests (MS02-012)
  • Malformed WebDAV requests (MS01-016)
  • Malformed URLs (MS01-012)
  • Brute-force file uploads

• Unauthorized access
  
  
  • Resources with insufficiently restrictive ACLs
  • Spoofing with stolen login credentials

• Exploitation of open ports & protocols
  
  
  • Use NetBIOS and SMB to enumerate hosts
  • Connecting remotely to SQL Server

Threats Against The Application

• SQL Injection
  
  
  • Including a DROP TABLE command in text typed into an input field

• Cross-site scripting
  
  
  • Using malicious client-side script to steal cookies

• Hidden-field tampering
  
  
  • Maliciously changing the value of a hidden field

• Eavesdropping
  
  
  • Using a packet sniffer to steal passwords and cookies from traffic on unencrypted connections

• Session hijacking
  
  
  • Using a stolen session ID cookie to access someone else's session state

• Identity Spoofing
  
  
  • Using a stolen forms authentication cookie to pose as another user

• Information Disclosure
  
  
  • Allowing client to see a stack trace when an unhandled exception occurs

References:

You can view the full presentation here

SACON is the only International Conference On Security Architecture in the region. Who attends : CISO, CRO, CIO, Information Security Experts, IT Risk Professionals, Appsec professionals. Agenda includes SOC, Incident Response, Security Architecture Workshops, Cyber Range Drills, Threat Hunting, IoT Security, Forensics, AI & Machine Learning, Deception & much more. Click here to Pre-Register.

With Big Data and Behavior Analytics advances, the need of an SIEM at the enterprise level may be a question. This question is addressed in this report. It analyses, dissects and tries to find out the pros and cons of both sides.

>> Download

Why Read This Report ?

• Evaluate if SIEM is a need for your organization (in presence of Big data & behavior analytics) ?
• How to build and effective & mature SIEM?
• How to build SIEM infrastructure to reduce false positives?
• How to scale the security detection in an SIEM?

& more (includes data security, event logs...)

>> Download

This report gives insight into 4 key cyber security incident trends observed in 2015. Includes top insights and detailed analysis of each attack and how one could prevent their organisation from being a target as well as mitigation.

>> Download Report

Why Read This Report ?

• 4 Key Cyber Crime Trends
• Factors that facilitate each attack
• Impact of each type of attack
• Preparation & Prevention strategies

>> Download Report

Author - Sanjay D. Tiwari, CISO, Suryoday Small Finance Bank

Prioritizing the handling of the incident is perhaps the most critical decision point in the incident handling process.
Incidents should not be handled on a first come, first served basis because of resource limitations. Instead, handling should be prioritized based on severity. Prioritizing incident defines how quickly the addressed incident need to be resolved.

Prioritization based on how quickly an incident to be resolved is directly proportional to the impact of the incident.

Here is a sample of classification of Incidents based on severity.

Also, find below the detailed Incident Management Plan shared by our member.

Download The Complete Plan :

Need to download the detailed Incident Management Plan ? You can download it here

In this Forrester's report they identify and analyze 13 significant firms in the IT security consulting services - Accenture, Atos, BAE Systems, Dell SecureWorks, Deloitte, EY, HPE, IBM Security Services, KPMG, Protiviti, PwC, Verizon & Wipro 

Why Read This Report ?

• Capability Mapping for the 13 significant players
• Information Security Consulting Services Evaluation Overview
• Forrester Wave for Information Security Consulting Service Providers

>> Download Report

Organizations around the globe are investing heavily in cyber defense capabilities to protect their critical assets. Whether protecting brand, intellectual capital, and customer information or providing controls for critical infrastructure, the means for incident detection and response to protect organizational interests have common elements: people, processes, and technology.

The maturity of these elements varies greatly across organizations and industries. In this fourth annual State of Security Operations report, Hewlett Packard Enterprise provides updates to the current and emerging capabilities, best practices, and performance levels of security operations as learned from the assessment of organizations around the globe.

>> Download Report

Why Read This Report ?

• SOC Struggles (Industry Wise)
  
  
• Commercial vs Open Source Tools in Security Operations
  
• Regional & Industry trends (Healthcare, Government, Financial, Telco etc.)
  
• Finding for each category - People, Process, Technology, Business in SOC
  
• Summary Of Findings

>> Download Report

As mobile gains more capabilities and access to company data, mobile devices continue to play an important role in how workers do their jobs. Information workers are no longer tied to their PCs — smartphones, tablets, and laptops give them the flexibility to choose the device that best suits the context of each task performed. The internet of things (IoT) represents the next leap in business transformation, changing how enterprises sense, analyze, and control their connected worlds. Applying artificial intelligence (AI) techniques, such as cognitive computing and machine learning, to the analysis of all the new data created in such a paradigm is not only transformational but required as the device count (and complexity) rises. 

Forrester Consulting evaluated the means by which enterprises are managing and securing various endpoint form factors today and how strategies will change over the next three years. In conducting an in-depth survey of 556 IT and security leaders in the US, the UK, Germany, India, and Australia, Forrester found that while enterprises have a decentralized approach to managing and securing smartphones, tablets, laptops, and IoT today, they will move to a more consolidated and cognitive approach by 2020.

> Download The Report

Key Points in This Report : 

• The Impact Of Mobility, IOT & AI On The Future Of  Business Transformation in 2020
• How consolidation plays a key role in bringing down TCO (Total cost of ownership)
• How are organisations planning for Unified End point management for future

> Download The Report

Author - Tushar Vartak, Director Information Security, Rak Bank

Since 12th Apr 2017, a Ransomware exploiting MS17-010 has been wreaking havoc worldwide.

Precautions to be taken:

1 - Patch Management

• Ensure all Workstations and Servers have the latest Microsoft patches, especially the ones related to MS17-010.

2 - Antivirus

• Ensure AV signatures are updated on all assets. Identify critical assets and target them first. Block IOCs on AV solution.
• Get the details with regards to the name of the malware and verify if this malware has been detected in the logs for last 1 week.

3 - IPS

• Ensure IPS signatures are updated. Verify if the signature that can detect this vulnerability / exploit attempt is enabled and is in blocking mode.
• Get the details with regards to the name of the Signature and verify if this Signature has been detected in the logs for last 1 week.

4 - eMail Gateway

• Ensure eMail Gateway solutions has all relevant updates for detecting possible mails that may bring the Trojan in the environment.

5 - Proxy

• Ensure Proxy solution has updated database. Block IOCs for IP Address and Domain names on the Proxy.
• Verify last one week logs for the IOCs on Proxy and take action on sources of infection.

6 - Firewall

• Block the IP addresses on Perimeter Firewall.
• Verify logs for last one week.

7 - Anti - APT Solutions

• Ensure signatures are up to date.
• Check for possible internal sources of infection and take actions.

8 - SIEM

• Check logs to verify if any of the IOCs have been detected in 1 week logs.

Note:
a - If required, raise case with OEM for getting details
b - All changes to follow proper approvals and change management process

Author - Abdur Rafi, CISO, ABP Pvt. Ltd., India

A series of broad attack began that spread the latest version of the WanaCryptor ransomware. This attack, also referred to as WannaCrypt or WannaCry, reportedly impacted systems of public and private organizations worldwide.  The attack caused Britain's NHS to cancel surgeries, a wide array of Russian and Chinese private and public institutions to be crippled most of the day, and the rest of the world to recoil in shock.

Here's a solution : Anti-WannaCry, developed by ABP IT Security Team, in Kolkata DataCentre, India, launched on 15^th May 2017.

Anti-WannaCry, is a complete framework, which not only find and remove any traces of WannaCry from the PC, but also actively stops any future infection, thus making the system immune from future Wannacry attacks.

It’s a self-contained client based solution. Its OS independent, but .NET framework version 4.5 is required.  

It works based on behavioral analysis and not signature dependent. It doesn’t require any internet connectivity or updates to work properly. It is also able to work in isolated systems where no network or internet is provided.

The structure of its 360 degree protection system will cover all these:

It monitors and protects all these vectors for WannaCry related infections, and actively stops its execution and growth. (See more on : https://youtu.be/sJzeb30SwBQ)

Please download a copy yourself to evaluate from here.

(Link was provided by author, please be careful while navigating outside cisoplatform.)

What is WannaCry?

WannaCry is the latest ransomware, effecting PC’s and servers like wildfire. The functional architecture of the ransomware is shown below: 

If you execute the ransomware, you can see the following files:

Dissecting Its Package - Part 1

• After execution file footprint :
  • WannaCry.exe
  • Tasksche.exe ( with /i switch )
• Anti-Detection/Stealthy ness:
  • OpenServiceA@ADVAPI32.DLL at PID 00003256
  • OpenServiceA@ADVAPI32.DLL at PID 00003256

Some interesting ransomware code snippet

Dissecting Its Package - Part 2

Features of WannaCry:

• Contains a remote desktop related string.
• Reads terminal service related keys (RDP related).
• Uses network protocols on unusual ports.
• Deletes volume snapshots.
• Disables startup repair.
• Modifies auto-execute functionality by setting/creating values in the registry.
• Spawns a lot of processes.
• Tries to suppress failures during boot (often used to hide system changes).
• Reads system information using Windows Management Instrumentation Command line (WMIC).
• Reads the active computer name.
• Reads the cryptographic machine GUID.

Dissecting Its Package - Part 3

Some of the interesting Processes interacts / executed / created by WannaCry:

• attrib.exe
• taskdl.exe
• cmd.exe with command line "cmd /c 44651494617562.bat“
• attrib.exe with command line "attrib +h +s %SAMPLEDIR%\$RECYCLE"
• cscript.exe with commandline "//nologo m.vbs"
• @WanaDecryptor@.exe with commandline "co"
• cmd.exe with commandline "/c start /b @WanaDecryptor@.exe vs"
• taskhsvc.exe with commandline "TaskData\Tor\taskhsvc.exe"
• taskse.exe with commandline "C:\@WanaDecryptor@.exe"
• http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.testing

(Kill switch for WannaCry v2.0)

Dissecting Its Package - Part 4

Some of the interesting strings found inside the source code & Memdump of WannaCry:

• !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
• https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip
• \\172.16.99.5\IPC$ ( Malicious share will be opened )
• \\192.168.56.20\IPC$ ( Malicious share will be opened )
• C:\%s\qeriuwjhrf
• C:\WannaCrya.exe
• C@GW?M[3
• cmd.exe /c "%s"
• CryptImportKey
• DisableLocalOverride
• DisablePassport
• diskpart.exe
• GetAdaptersInfo
• GetCommandLineA
• GetComputerNameW
• GetCPInfo
• GetCurrentProcess
• GetCurrentProcessId
• GetExitCodeProcess
• GetLastError
• GetNativeSystemInfo

CISO Platform Decision Summit @Pune, last week saw over 150+ attendees for over 2 days making the the spirit of knowledge sharing and learning a huge success in the Information Security Executives of India. Here are the highlights of the awesome keynotes, electrocuting Turbo sessions and some great knowledge boost training sessions.

It was held on 12th & 13th May, Hyatt, Pune, India.

Some Exciting Sessions & Task Force Meetups:

• Overview Of Google's Beyondcorp Approach To Security By Arnab Chattopadhayay (Click here for PPT)
• IoT Hacking By Sri Chakradhar (Click here for PPT)
• Tabletop Wargame: Cyber Crisis Management Drill ( PPT not yet available )
• Panel Discussion On Emerging Technologies ( PPT not yet available )
• Task force Reference Framework: Breach & IR Playbook ( PPT not yet available )
• Task force: Convincing the management ( PPT not yet available )
• Task force SecDevOps Program ( PPT not yet available )
• Task force Mobility Management Playbook ( PPT not yet available )
• Task force Security Maturity model and scorecard for organisation ( PPT not yet available )
• Task force Student awareness program framework ( PPT not yet available )
• Task force Create A Framework For Role Of A CISO ( PPT not yet available )
• Tabletop Wargame: Creating a Framework for 3rd party risks / Vendor Risk Management ( PPT not yet available)
• Panel: Key Security Insights From Top Security Implementations (Deception, SOC, Privacy etc) ( PPT not yet available )

( Note - Speaker presentations represent the views of the individual speakers and not of CISO Platform or their employers )

Post finalization & collection of the above presentations, they will be available at this link : http://www.cisoplatform.com/page/ciso-platform-task-force

(Currently not yet available. Expected by 29th May, 17)

Photo Album

Some great photographs have been compiled into an album. Help us Tag you ( Tag yourself ) and let us know if you want to add some pictures you took at the event. Email - pritha.aash@cisoplatform.com

Here's the Photo Album link - Click Here

Here's the CISO Platform 100 Recognition Photo Album Link - Click Here

This Article was shared by Nachiket Sathaye, Information Security Consultant, Ultradefence Solutions

“We are PCI Compliant, now we are secured”- While assisting customers with their PCI DSS Compliance, I always come across teams making this statement. This is a very common myth amongst PCI DSS customers. Do you really think that you will not face any security threats once you are PCI compliant - Absolutely not!

When PCI Scope is defined, a small piece of infrastructure dealing with card holder data and related processes is considered. Stakeholders and owners participating in PCI Assessment work throughout the assessment cycle performing various tasks and maintaining records / evidences; sometime actively or sometime forcefully. Most of the time PCI DSS is considered as a project by Compliance and / or IT Infrastructure teams rather than Business requirement. Other teams are always busy with their tasks and not willing to actively participate in PCI programs as it is not on their priority list. This may lead to ignorance towards security standards and processes making them weakest link in the chain.

There are lot of technologies and processes involved in any Payment businesses – Business Applications, Network and Compute systems, processes etc. Vulnerabilities and other NCs which makes this payment ecosystem more complex. Teams struggle to remediate the issues but they face challenges in terms of compatibility issues, application and business process level dependencies, no downtime approvals, fund shortage for technology upgrade etc. which further delays the compliance cycle. PCI Compliance is a snapshot of time. Evidences / records maintained for assessment cycle are validated along with periodic security tests performed throughout the assessment cycle. However, attackers and threats are nowadays getting very sophisticated. Instead of leaking out the data immediately, they harvest the information, wait for the perfect time for actual breach. That’s why Customers must assess and remediate the issues in CDE environment at regular intervals.

Many times, PCI Customers outsource the tasks to 3rd party vendors or merchants. Although outsourcing simplifies customer’s business and it is cost effective, it creates another security challenge. Understanding and implementing PCI DSS Standards is a challenge for small vendor without skilled security resources or IT Teams with good knowledge of security standards. Past Data breaches in the Payment industry has revealed that many times the breach happened via 3rd party / outsourced unit as it was a part of customers trusted network but with less security controls at their end thus making them easy target.

PCI Standards also talks about security and penetration testing from non CDE environment but how many customers do really focus of this part and related processes to maintain the similar security standards to it? I would say, very few customers. Most of the time, non CDE Environment is ignored due to lack of time, workload with existing resources, commercial issues etc. which leads to a breach via non card data environment.

Security awareness amongst employees is also big challenge. IT Teams, Business Application owners, management people might be aware of security threat but not the general user. Common Users (or sometimes experienced guys, CxO guys also) becomes victim of security attacks due to lack of security
awareness which in might led to huge security breach in future.

PCI DSS standards (or any other security framework) is just a benchmark and snapshot of particular period. It should be part of your IT Security strategy of businesses to protect sensitive data and continuity of operations but at the same time they need to look beyond the Compliance standards, continuously assess the environment for all kind of security threats, create and assess organization wide security awareness, give equal importance to entire infrastructure and outsourced vendors as well.

Instead of following / targeting the compliance frameworks points just to handle the mandates , one should follow short term / long term security strategies to strengthen their environment and business processes, regular audits / tests to check the effectiveness which will automatically help them to achieve the compliance certification without much issues.

Want To Be A 'Knowledge Donor' too? Click here to write an article

This is a study done by Ponemon Institute on 2016 Cost of Data Breach Study in India. This report includes 150 Indian Organisations who have participated in the benchmarking process.

This study examines the costs incurred by 37Indian companies in 12industry sectors after those companies experienced the loss or theft of protected personal data and then had to notify breach victims and/or regulators as required by lawsand business contracts. It is important to note the costs presented in this research are not hypothetical but are from actual data loss incidents. They are based upon cost estimates provided by the individuals we interviewedover a ten-month periodin the companies that are represented in this research

>>Download The Report

Why Read This Report ?

• 7 Global Trends In The Cost Of Data Breach Research
  
  
• Key Findings & Trends from the India Dat Breach Research
  
  
• Learning the Costs, Factors, Root Causes for the data breach (In Depth with graphical representation)

>>Download The Report

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top Emerging Areas In Security Technology talks at RSA Conference 2017.

RSA Conference held its event at the Moscone Center in San Francisco and brought together a record number of more than 45,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars. Keynotes, sessions and debates focused on New Attack Technique, Encryption, Artificial Intelligence, Machine Learning, Internet Of Things, Cloud Security & Virtualization & many more.

(Source: RSA Conference USA 2017)

1) Machine Learning: Cybersecurity Boon or Boondoggle?

Speaker :  Dr. Zulfikar Ramzan

Machine learning (ML) and artificial intelligence (AI) are the latest “shiny new things” in cybersecurity technology but while ML and AI hold great promise for automating routine processes and tasks and accelerating threat detection, they are not a panacea. This session will demonstrate what they can and can’t do in a cybersecurity program through real world examples of possibilities and limits.

>> Go To Presentation

2) Ridge-based Profiled Differential Power Analysis

Speakers : Yu Yu 

Ridge-based differential power analysis techniques and side-channel attacks on intermediate states with no partial key guessing are discussed. Topic 1: Ridge-Based Profiled Differential Power Analysis Authors: Weijia Wang, Yu Yu, François-Xavier Standaert, Dawu Gu, Sen Xu and Chi Zhang Topic 2: My Traces Learn What You Did in the Dark: Recovering Secret Signals without Key Guesses Authors: Si Gao, Hua Chen, Wenling Wu, Limin Fan, Weiqiong Cao and Xiangliang Ma.

>> Go To Presentation

3) Advances in Cloud-Scale Machine Learning for Cyber-Defense

Speakers : Mark Russinovich

Picking an attacker’s signals out of billions of log events in near real time from petabyte scale storage is a daunting task, but Microsoft has been using security data science at cloud scale to successfully disrupt attackers. This session will present the latest frameworks, techniques and the unconventional machine-learning algorithms that Microsoft uses to protect its infrastructure and customers.

>> Go To Presentation

4) Applied Machine Learning: Defeating Modern Malicious Documents

Speakers : Evan Gaustad

A common tactic adopted by attackers for initial exploitation is the use of malicious code embedded in Microsoft Office documents. This attack vector is not new, but attackers are still having success. This session will dive into the details of these techniques, introduce some machine learning approaches to analyze and detect these attempts, and explore the output in Elasticsearch and Kibana.

>> Go To Presentation

5) Hello false flags! The art of deception in targeted attack distribution

Speakers : Brian Bartholomev (@Mao_Ware), Juan Andrés Guerrero-Saade

When it comes to targeted attacks, everyone is obsessed with attribution. It’s a near impossible question to answer. Attackers often try to muddy the waters through deception tactics like false flags. This talk will draw on unpublished research to provide real-world examples of false flag operations and explain why understanding them is crucial for researchers and users of threat intelligence.

>> Go To Presentation

6) Confusion and Deception:  New Tools for Data Protection

Speakers : Craig Astrich, Daniel Frank

Cyberthreats are assymetric risks: corporate defenders must secure and detect everything, but the attacker needs to exploit only once. As petabytes of data traverse the ecosystem, legacy data protection methods leave many gaps. By looking through the adversary’s eyes, you can create subterfuges, delay attack progress or reduce the value of any data ultimately accessed—and shift the risk equation.

>> Go To Presentation

7) Automated Prevention of Ransomware with Machine Learning and GPOs

Speakers : Rob Soto, Joseph Zadeh

This talk will highlight a signature-less method to detect malicious behavior before the delivery of the ransomware payload can infect the machine. The ML-driven detection method is coupled with the automated generation of a Group Policy Object and in this way we demonstrate an automated way to take action and create a policy based on observed IOC’s detected in a zero-day exploit pattern.

>> Go To Presentation

8) Applied Cognitive Security: Complementing the Security Analyst

Speakers : Vijay Dheap, Brant Hale 

Security incidents are increasing dramatically and becoming more sophisticated, making it almost impossible for security analysts to keep up. A cognitive solution that can learn about security from structured and unstructured information sources is essential. It can be applied to empower security analysts with insights to qualify incidents and investigate risks quickly and accurately.

>> Go To Presentation

9) (FREE ACCESS) FireCompass : Discover & Compare 1000+ Global Sec...

Description: AI Assistant For Security Product Buying

FireCompass is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. Grab your FREE Account Now (For a Limited Time ONLY).

>>Claim Free Account

Your Complete Guide To Top Talks @RSA Conference 2017 (USA)

Get your FREE Guide on Top Talks @ RSA Conference 2017 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

2016 has been a great year for the CISO Platform Community and our vision to create tangible community goods. We wanted to thank all those who made valuable contributions to make this happen. 

We have created more than 200+ checklist. Here are some of them listed:

Partial List of Past community projects-

1. Cyber Crisis Management Plan (CCMP) for Banks in India- Click here to download
   
   
2. Top N Threats & Controls Mapping for IT/ITES Industry- Click here to download
   
   
3. Top N Threats and Controls Mapping for Insurance Industry- Click here to download
   
   
4. Top 4 Resources On IoT Security Click Here To Read More
   
5. Checklist To Evaluate SIEM Technology - Click Here To Read More
   
   
6. Checklist To evaluate A Cloud Based WAF- Click Here To Read More
   
   
7. Checklist To Evaluate A DLP Technology - Click Here To Read More
   
   
8. (Checklist) Incident Response: How to respond to a security breach during first 24 hours Click Here To Read More

Access 300+ Community Articles/Frameworks we built

To read more of the community articles,checklists etc. click here

2016 Community Achievements

• 8 Successful Task Force Initiatives which created various best practices documents like Crisis Management Framework, Top N Threats Frameworks etc.
  
  (For more details on Task Force Initiative and contribution click here )
   
• 10+ Playbooks Created which summarised the community learning in form of practical reference document. Thanks to those who hosted or agreed to host such Round Tables in their offices for more intimate knowledge sharing.
   
• 150+ Blogs and Articles were published on CISO Platform
   
• 25+ Community RFPs Created
   
• SACON- India's 1st & Only Security Architecture Conference was started to bridge the skill gap in security architecture. We have a lot of hackers (ethical or otherwise) but very few security architects. We had more than 250 people who participated in Bangalore and Goa
  
  (For more details on SACON event click here)
   
• CISO Platform 100 global initiative is promoting the top 100 influencers of the industry. At Kochi we hosted India's top 100 influencers who are shaping the future of the industry and the country
   

Focus for 2017

Technical Focus Areas: Incident Response, Security Architecture, Fintech Security (for cashless india), IoT Security. Apart from these we will continue with the earlier initiatives.

Key Community Programs: Task Force, Playbooks and Wargaming. 

"CISO Platform 100" Community Projects- Promote the spirit of giving to community to shape the future of our industry, country and society.... Let's inspire the next generation... Let's create a dent in the world.

A big thank you to our  CISO Platform IoT Security Task Force. They did a 6 hour blogathon and came up with very interesting articles for our community.

If you love it, don't forget to share it !

IoT Security Using Blockchain

Two of the most talked about technologies in today's world are blockchain and IoT. In this article our attempt is to critically view the use of blockchain technology to secure IoT......Read More