New White House Cyber security Plan Creates Federal CISO - 9 Feb 2016

White House officials plan to enact a range of initiatives this year that they believe will strengthen computer networks against cyber attacks. Obama administration officials are instituting what they call a cybersecurity national action plan, which would create a federal chief information security officer, establish a new commission that looks for ways to protect computer networks, and increase coordination between federal officials who focus on privacy issues. The proposal includes $3.1 billion for an IT Modernization Fund to retire, replace and modernize legacy IT systems used within the federal government.
...Read More

How to Hack the Power Grid through Home Air Conditioners- 9 Feb 2016

Researchers have found another way to take down the power grid: by remotely manipulating home and office air conditioners to create a surge. It’s an attack that has the potential to be very serious impact. The hack targets remote shut-off devices that utility companies install on air conditioners to conserve energy during peak summer periods. A hacker could cut air conditioners during a heatwave—creating a potentially fatal condition for the elderly and sick—or turn air conditioners on during peak energy periods, causing a surge that creates a widespread blackout. Or a hacker could directly attack a group of specific homes or offices by taking advantage of the fact that unique IDs are assigned to groups of devices, allowing them to be singled out.
...Read More

( Read More: Checklist To Evaluate SIEM Vendors )

Researcher finds serious flaw in Chromium-based Avast Safe Zone browser- 5 Feb 2016

Avast SafeZone browser, internally known as Avastium, which is installed with the paid versions of Avast's antivirus and security suites. Google Project Zero researcher Tavis Ormandy found a vulnerability that could allow an attacker to take control of Avastium when opening an attacker-controlled URL in any other locally installed browser. By exploiting the flaw, an attacker could remotely read "files, cookies, passwords, everything and also attacker can even take control of authenticated sessions and read email, interact with online banking, etc.
...Read More

Newly Fired CEO of Norse Fires Back At Critics- 4 Feb 2016

Norse Corp, a Foster City, Calif. based cyber security firm that has attracted much attention from the newsmedia and investors alike this past year, fired its chief executive officer this week amid a major shakeup which may spell the end of the company. The remaining employees at the Foster City, Calif.-based threat intelligence firm were apparently informed they could continue showing up for work, but there would be no guarantee they would be paid, KrebsonSecurity reported but Critics have accused Norse of going to market too soon with the data in had, and of drawing conclusions not actually supported by the data.
...Read More

( Read More: Identity & Access Management (Workshop Presentation) )

Google issues Chrome update to fix Windows, Mac, and Linux bugs- 10 Feb 2016

Google issued a Chrome update to address Windows, Mac, and Linux vulnerabilities that, if exploited, would allow remote attackers to take control of affected systems. The bugs were discovered by Mariusz Mlynski, lukezli, Jann Horn, and an anonymous security researcher working with HP's Zero Day Initiative. Google also announced it will no longer allow Flash display ads on AdWords or DoubleClick Digital Marketing campaigns, starting June 30
...Read More

IRS Hack Affects 101000 Tax Returns- 11 Feb 2016

The tax collection agency US Internal Revenue Service (IRS) was the target of a malware attack and that allowed the perpetrators to access the electronic tax-return credentials for 101,000 social security numbers. The attack was performed by an automated bot. It's objective was to extract PINs from the Electronic Filing PIN application on the IRS.gov website. The app creates 5-digit PIN codes for those who want to file their tax returns online, and the code is used to authenticate the filer's identity. 
...Read More

Java installer flaw shows why you should clear your Downloads folder- 8 Feb 2016

Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers in default download folder and use new ones for versions 6u113, 7u97, 8u73 or later. The reason is that older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files from the current directory. In the case of Java installers downloaded from the Web, the current directory is typically the computer's default download folder.
...Read More

Let us know which was your favorite news? Leave us your thoughts in the comments below

Technology comes with a cost. The cost, one could never have imagined if not properly implemented. Enterprise Mobility Management (EMM) solution at place boosts the productivity, enhances mobile security, and provides easy access to corporate content. However, the important question is whether you are ready for this technology or not?

Here in this article, we shall look at the five important questions to ask yourself before implementing enterprise mobility management solution.

1. What is the volume of Mobile Workforce?

Mobile workforce for an organization are those employees using laptops, Smartphone's etc. for official purposes both on and off the corporate network. If your organization has a good proportion of a mobile workforce, Enterprise Mobility Management (EMM) solution can provide secure access to corporate email, calendar, and documents. If not, Enterprise Mobility Management (EMM) solution may not improve the overall productivity.

2. What are your Business Goals?

What are your business goals, to increase responsiveness, customer service, and/or productivity? Do a crisp research of customer need and workforce need on mobility to understand it better. Make sure that the solution you are going to implement meets your business goals.

( Read more:  Top IT Security Conferences In The World )

3. How do you want to fit Enterprise Mobility Solution into your Enterprise Architecture?

You need to find a fit between new mobility architecture and existing IT architecture. You need to plan beforehand for the resources to operate and support the mobility. You also need to prioritize mobile projects based on funding and resources. IT leader should also track and manage fast-changing technology.

4. What are the Mobile Applications and Security Concerns?

Mobile application development will engage critical resources. Prioritize on what mobile applications to build. You must think from the perspective of customers, employees, and partners to optimize their interaction with organization through mobile applications. You must decide on how to provide control access to corporate data while mobile for security either via application wrapping or SDK.

( Read more:  Free Resources For Kickstarting Your IT-GRC Program )

5. What is the TCO and is it worth it?

The prime question should be whether the implementation will bring the expected benefits in terms of customer service, employee productivity, partners’ interaction, etc. given the cost of implementation and concerns of security of critical data. If your implementation cost subsets the benefit then it is a good-to-go decision.

What are your thoughts on the above? Let us know in comments below!

Identity Access Management (IAM) is a set of business policies, framework and processes which ensures the right person has access to the right asset/resources. Identity Access Management solutions can deliver intangible benefits that are revenue increasing and other tangible benefits that are cost reducing.

Here are 11 Ways To Measure The Effectiveness of your Identity Access Management (IAM) solution:

• Average number of distinct accounts (credentials) per user:
  Generally an organisation has multiple number of accounts per user. Identity Access Management (IAM) solutions can help organisations to reduce this number close to one using their SSO (Single Sign on) functionality.
• Number of unused accounts:
  Identity Access Management(IAM) solution can also help in reducing the number of unused/uncorrelated accounts. Uncorrelated accounts are the accounts which don’t have any owners and they come into picture because of promotions, transfers, and termination of workforce. These uncorrelated accounts can create risk for the companies if being hijacked by outsiders.

• Number of orphaned accounts:
  These are the privileged accounts without an owner. For an effective Identity Access Management (IAM) solution, this metric should come down.
  
  ( Read more: 10 questions to ask before you start your Bug Bounty program… )
  

• Number of new accounts provisioned:
  Number of new accounts provisioned should be equal to the number of new joinees. If there is a significant difference between these two numbers then it indicates that your IAM solution is not effective to give correct identity data.

• Number of exceptions per access re-certification cycle:
  Exceptions means when the user is assigned the rights he/she should not be given. High number of exceptions can be because of poor identity data or access process problem (persons requesting re-certification do not have all the information required).

• Password policy effectiveness:
  To measure the effectiveness of your IAM solution you can check the password reset data for a period say one month. With an effective Identity Access Management (IAM) solution this volume of data should tend to go down. If it does not, then there may be some issues with the password policies and management of your organisation.

• Average time to provision and de-provision of a user:
  For an effective Identity Access Management (IAM) solution, this metric should come down.Most of the time, if someone is not getting the timely access, then there are backend processes responsible for that. This gives you an indication that you should work on your business processes.

• Average time to provide an authorization
  For an effective Identity Access Management (IAM) solution, this metric should come down.This metric can provide insight into the efficiency of an organization's approval processes.Knowing the time taken can help to resolve the bottlenecks and help in improving out dated processes.
  
  

  ( Read More: Checklist To Assess The Effectiveness Of Your Vulnerability Management Program )
  
  
  

• Average time to make changes in identity policies:
  For an effective Identity Access Management (IAM) solution, this metric should come down as IAM solutions can aid centralization of policies. So changes are faster compared to traditional ways. Organisation wide changes can be made easily.

• Violation of separation of duties:
  For an effective Identity Access Management (IAM) solution, this metric should come down.The organization should implement preventive controls to monitor these violations, report them and orchestrate their remediation.

• Reduced identity management cost
  For an effective Identity Access Management (IAM) solution, this cost of managing the large amount of identity store should come down. An effective IAM solution will provide the capability to expand the organization’s people and IT resources without increasing the IT staff.

More:  Join the community of 3000+ Chief Information Security Officers.  Click here

Firewall in simple terms acts as a barrier to prevent unauthorized access or malicious traffic within a system or in a network. The rapid growth of new innovative technology and alongside with the massive growth of new security threat, the traditional firewall is not enough to compete. To deal with these changes, vendors in the enterprise firewall market have created a new generation of firewall devices dubbed the Next Generation Firewall or NGFW.

A next-generation firewall (NGFW) is a hardware or software-based network security system that is able to detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level.

9 Top features in Next generation firewall:

• Application Awareness : Next Generation Firewall must be able to identify, allow, block or limit applications regardless of port, protocol etc. This provides visibility into unknown & proprietary application within the organization network.
  
  One of the major difference between a traditional firewall and a next-generation firewall (NGFW) is the fact that these newer devices are application aware. Traditional firewalls rely on common application ports to determine the applications that were running and the types of attacks to monitor for.

• Identity Awareness: Next generation firewalls supports Identity awareness for granular control of applications by specific users, group of users and machines that the users are using.
  
  A Next generation firewall device also supports all major authentication protocols such as LDAP/AD, RADIUS, Kerberos and Local Auth. This helps organizations control not only the types of traffic that are allowed to enter and exit the network, but also what a specific user is allowed to send and receive. 
  
  

  ( Read more: Major components of IT GRC solutions )
  
  

• Centralized Management, Administration, Logging and Reporting: Separate management solution is available for management, logging and reporting. This helps organizations in log analysis and policy management. This tool is also used to export firewall rules set and configuration. Centralized management provides administrator with security health dashboard to view the happenings and traffic patterns and associated risks in network in real time.
  
  Central management should also give you the ability to automate routine tasks, reuse elements and employ shortcuts and drill-downs to produce maximum efficiency with minimal effort.
• State-full Inspection: While the general definition of Stateful inspection does not differ from traditional firewalls, a next-generation firewall (NGFW) tracks the connections from layer 2 to layer 7 (even layer 8 due to identity awareness) in contrast with the traditions firewalls which tracks the traffic from layer to layer 4. This difference allows a lot more control and provides the organizations the ability to have very granular policies. 
• Deep Packet Inspection: Deep packet inspection (DPI) is one of the prior features of next-generation firewall (NGFW). This capability ensures the various pieces of each packet are thoroughly examined to identify malformed packets, errors, known attacks and any other anomalies. DPI can rapidly identify and then block Trojans, viruses, spam, intrusion attempts and any other violations of normal protocol communications. 
• Integrated IPS: In an environment where a traditional firewall is deployed, it is common to see an Intrusion Detection System (IDS) or IPS deployed as well. Commonly, this was done with a separate appliance or an appliance that is logically separate within a single appliance. With a next-generation firewall (NGFW), the IPS or IDS appliance is fully integrated. It can be activated and de-activated as and when required. The IPS functionality itself is the same as it was with a separate appliance; the main difference is in the performance and accessibility of the information from all layers of the traffic. 
  
  

  ( Read more: Incident Response: How to Respond to a Security Breach during First 24 Hours (Checklist) )
  
  

• Able to monitor SSL or other encrypted traffic: The next-generation firewall (NGFW) is able to monitor SSL and Http tunneled traffic flows as well. In order to secure encrypted traffic the Next generation Firewall supports all inbound and outbound SSL decryption capabilities. This helps Organization identify and prevent threats and malware in encrypted network streams
• Integration with other security solutions: The next-generation firewall (NGFW) is capable with integrating with other security solutions such as SIEM tools, reporting tool, two factor authentication systems etc. with littke or no modifications. This enhances the overall capability of security systems of an organization.
• Inbuilt Antivirus and Anti-Bot solution: Next-generation firewall (NGFW) have inbuilt antivirus engine and are able to inspect https traffic on the fly for any infected file. these protections are available for protocols like HTTP, HTTPS, FTP, POP3, SMTP, SMB etc. They are also capable of identifying malware coming from incoming file and malwares downloaded from internet

More:  Want to become a speaker and address the security community?  Click here

• Tanium
  
  
  • Headquarters: Emeryville, CA
  • Founded: 2007
  • Founder: Orion Hindawi, David Hindawi
  • Funding: $302.31M
  • Website: http://www.tanium.com/
    
    
  • Description: Tanium Inc. provides security and management system solutions that allow enterprises and government organizations to query and modify their managed computer assets. It offers Tanium Endpoint Platform, a platform to secure, control, and manage various endpoints; and Endpoint Security, a solution to detect and remediate threats and issues, including incident response, endpoint security lifecycle, and security ecosystem connecting solutions. The company also provides Endpoint Management that reduces tools, management, and infrastructure cost; reclaims software licenses and hardware assets; repurposes operations staff to strategic projects; retrieves software and hardware information; and provides patch management and software distribution solutions. In addition, it offers Tanium Architecture, an endpoint communications architecture solution that collects data and takes action on the endpoint. The company serves banks, retailers, and other industries.
    
    
    
    
• CrowdStrike

• Cybereason
  
  
  • Headquarters: Boston, Massachusetts
  • Founders: Yonatan Amit,Lior Div, Yossi Naar
  • Founded: 2012
  • Funding: $88.6M
  • Website: http://www.cybereason.com
  • Description: Cybereason’s Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response.Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.
    The company's approach to security is based on the assumption that hackers will find a way into the corporate network someway anyway, so any attacks have to be detected in real-time otherwise once they are inside they can lurk for months or years.

• Cylance
  
  
  • Headquarters: Irvine, California
  • Founded: July4, 2012
  • Founder: Stuart McClure, Ryan Permeh
  • Funding: $77M
  • Website: http://www.cylance.com
• Description: Cylance is the first company to apply artificial intelligence, algorithmic science and machine learning to cyber security and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using a breakthrough mathematical process, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats.

Countertack

Headquarters: Waltham, MA
Founded: 2007
Founder: Alan Capalik, Stan Eramia
Funding: $67.44M
Website: http://www.countertack.com
Description:
CounterTack is the leading provider of real-time, Big Data endpoint detection and response technology for the enterprise. CounterTack provides unprecedented visibility and context around operating system and binary behaviors to detect zero-days attacks, rootkits, targeted malware and advanced persistent threats, enabling our customers to improve incident response and advanced threat detection, enterprise-wide.

SentinelOne

Headquarters: Mountain View, Ca
Founded: 2013
Founder: Almog Cohen, Tomer Weingarten
Funding: $39.52M
Website: http://www.sentinelone.com/
Description:
SentinelOne is reinventing endpoint security to protect organizations against advanced threats and nation state malware. The company uses predictive execution inspection to detect and protect all devices against targeted zero day threats in real time. SentinelOne was formed by an elite team of cyber security and defense experts from Intel, McAfee, Checkpoint, IBM and the Israel Defense Forces.

Invencea

Headquarters: Fairfax, VA
Founded: 2009
Founder: Anup Ghosh
Funding: $37.4M
Website: http://www.invincea.com
Description:
Invincea is the premier innovator in advanced malware threat detection, breach prevention, and forensic threat intelligence.
Invincea is the market-leading solution that provides enterprise networks with coverage against the largest attack surface for cyber-breach attacks aimed at end-users in the form of spear phishing, drive-by download exploits, poisoned search results and user-initiated infections. The company’s solutions include a desktop security software suite and threat intelligence appliance.

Ziften Technologies

Headquarters: Austin, TX
Founded: 2009
Founder: Mark Obrecht
Funding: $35.3M
Website: http://www.ziften.com
Description:
Ziften provides groundbreaking software that enables enterprises to achieve true end-to-end visibility of people-centric devices to enhance security. Ziften Open Visibility™ and intelligence provides a more secure environment by delivering actionable analytics for any user device across the enterprise. Ziften extends existing security, system management, and event monitoring tools. It delivers crucial open intelligence of any enterprise endpoint, enabling to run your business in a more efficient, intelligent, and secure manner.

Barkly

Headquarters: Boston, MA
Founded: 2013
Founder: Mike Duffy, Jack Danahy
Funding: $17M
Website: http://www.barklyprotects.com/
Description:
In the hot endpoint security space, Barkly promises a lightweight agent to gather data – lightweight in its footprint and in its CPU usage. That makes it less intrusive to end users. Barkly is a new type of advanced security that actively protects users without slowing them down. By automatically recognizing modern attacks and stopping them before they can do more harm, companies are more prepared, more confident, and more productive with Barkly by their side. Its founders have driven other successful startups, notably OpenPages and OunceLabs, both bought by IBM.

ENSILO

Headquarters: San Francisco, California
Founded: August, 2014
Founder: Roy Katmor, Udi Yavo, Tomer Bitton, Ido Kelson
Funding: $12M
Website: www.ensilo.com
Description:
ENSilo offers a real-time targeted attack exfiltration prevention platform. enSilo has developed a platform which accurately distinguishes legitimate connections from malicious ones from the moment a connection is established. Their solution provides virtual patching against advanced targeted threats, enabling employees to keep working as usual while a device compromise is resolved. enSilo is financially-backed by Lightspeed and Carmel Ventures.

Triumfant

Headquarters: Rockville,MD
Founded: 2002
Founder: Dave Hooks
Funding: $6.75M
Website: http://www.triumfant.com
Description:
Triumfant provides companies and government entities worldwide with continuous protection from advanced malware threats. Applying mathematical theory, patented analytics and precision-remediation capabilities, Triumfant offers the best protection available at the most vulnerable location – the endpoint – enabling organizations to prevent, detect and respond quickly to sophisticated attacks that bypass traditional signature-based tools. Without lockdown, forklift upgrades, signatures or prior knowledge of any kind, Triumfant stops a breach before it becomes a full-scale attack, then automatically repairs the machine and all of the collateral damage within minutes of the attack. When inevitable attacks happen, large enterprises trust Triumfant to quickly recover and prevent loss without any disruption to the business.

Below are Top 6 Reasons Why Data Loss Prevention/ Data Leakage Prvention (DLP) Fails:

• Lack of business/key-stakeholders involvement: Failure to include key stakeholders (Including Business and C-level executives) while defining requirements and formulating DLP policy make implementation harder. A clear 'Data Loss Prevention policy' from the management and Board clearly sets-up the expectations, allocate needful resources and comes up with a plan for its governance.

• Ineffective data classification methods: Failure to identify the right data to be protected. Undermining certain data can lead to the exposure of sensitive information while overwhelming amount of protected data can bring down the system and network performance. Conducting risk assessment on data, data-owners and data custodians is very crucial for the success of any DLP implementation.

• Improperly configured content scanning module: Failure in defining right use cases and processes related to sensitive information may lead to ineffective controls which can open doors for an attacker to get his hands on the sensitive information
  
  ( Read more: Bad USB Defense Strategies )

• Excessive False positives: Overly strict rule-set, policies can lead to an overwhelming amount of false positives and reporting. This can drastically bring down employee productivity and results in unnecessary workload for IT security team

• Loosely Integrated Data Loss Prevention modules: A complete DLP implementation will have network protection modules, Host protection modules and storage modules tightly integrated and centrally managed. Loosely Integrated DLP modules will create a lot of management overhead and may lead to ineffective monitoring.

• Failure in periodic monitoring of changes in organization IT Infrastructure, Business units and processes: This can render previous DLP controls ineffective. The changes must be taken into account to fine tune DLP modules from time to time in order for the DLP solution to deliver its value
  
  ( Read more:  Top IT Security Conferences In The World )

More:  Join the community of 3000+ Chief Information Security Officers.  Click here 

Cloud services, being cost effective, scalable and agile are growing at a slow but steady pace in India. For years enterprises and the security  community have debated over its maturity and the readiness for its adoption . Major concerns such as security and confidentiality of data have marred its large scale adoption for many decades. Surprisingly, the cloud delivery model is being used to deliver a growing number of security-critical tasks. Irrespective of all the concerns, Cloud Services is an inevitable choice in today's dynamic environment.

According to the Enterprise Cloud Adoption Survey by the Everest Group, over 56% enterprises consider cloud as a strategic differentiator and about 58% of enterprises spend upwards of 10% of their IT budget on cloud services.  The inherent ability to increase operational efficiency  is accelerating the demand for more such services.  Today Cloud Services are broadly offered in three medium popularly known as IAAS(Infrastructure as a Service) , PAAS ( Platform as a Service) & SAAS(Software as a Service ).

In India, According to "2015 Top markets report on Cloud computing" by international trade administration " over 250 million Indians today use web connected devices, which generally rely on cloud services for applications and other functionality. As Internet access, e-commerce, mobile device usage, and business adoption continue to expand, the growth in cloud-related spending in India should outpace that in the rest of the world" . Research firm Gartner believes that by 2018 public cloud spending in India will reach nearly $2 billion, from $638 million in 2014. Other estimates are similarly upbeat, IDC predicts $3.5 billion will be spent on cloud services in total in India by 2016 – growth of over 400 percent from the 2012 level. Finally, Forrester expects the software-as-a-service (SaaS) market in particular to roughly double in value between 2014 and 2020, when it will be worth $1.2 billion.

Despite optimistic predictions and overwhelming market potential, however, a variety of challenges have held India’s back in realizing its cloud potential even as adoption continues growing. Some of the  most critical and current problem is the country’s Internet infrastructure (i.e., bandwidth constraints and fiber optic weaknesses) and the inconsistency of its power supply in some areas. Other key concerns that are preventing organizations, especially public sectors  is regarding  security of their confidential data. IT regulations in India have been very strict and requires that the organization must store their data locally(In India), As many cloud providers have their data centers located outside India, the current scenario discourages firms to adopt for cloud services.

Fortunately, the government is aware of these challenges, and its ambitious Digital India program aims to address some of the infrastructural and policy weaknesses, though it remains to be seen if this will lead to significant improvements.

Do you need a DLP? Here's a small list to check if your organization actually needs a DLP Solution:

• If your organization wants to protect itself against negative exposures and fines associated with data breaches?
• If your organization wants to comply with the various regulatory requirements and data protection laws?
• If you want to protect your organisation sensitive data against insider attack?
• If you want to find out where your organisation sensitive data is being stored?
• If you want to find out who is accessing your organisation sensitive data?
• If you want to find out where your organisation sensitive data is being sent?
• If your company has subscribed to cloud services and you are uncertain about the level of protection for your company’s sensitive data?
• If your organisation is associated with third party service providers who manage appliactions, systems and network and you want to monitor them?
• If you want to centrally govern the entire lifecycle of sensitive data in your organisation?
• If you want to optimize the incident response process in case of any data breach?

Is Your Organization Thinking Of Adopting DLP? Here is a  small checklist you may like to check to tick off before you start the adoption:

• Your organization have developed appropriate policy to govern the use of DLP solution?
  
  To draw true value from any DLP deployment an organisation must first come up with a DLP specific policy to start with. The policy should clearly talk about the goals and objectives of DLP deployment, identify and allocate resources for it and talk about the roles and responsibilities of stakeholders for effective governance of the same
   

• You have defined the data to be protected?
  
  It is very important to know what is to be protected. You have to be very meticulous in defining what constitute sensitive data. You can look at the regulatory requirement that your organisation must comply with or/and refer to the various Industry standards to find out.
  
  

• You have done comprehensive risk assessment to identify the applications, people, processes, systems and protocols that deals with the sensitive data?
  
  Once you have defined what is to be protected, next step is to find out who to protect it from? And how to protect it? Risk assessment can help you answer these questions.  Identify all the key applications that processes that data, the system on which it resides, the network devices through it passes, the protocols that is uses, the people who uses it etc.
  
  

•  You have designed workflow to handle policy violations and data breaches?
  
  Incidence response workflow must be designed to tackle any data breaches. Flow-chart can be developed identifying steps to take to isolate the incident, people to notify immediately, and methods for the preservation of evidence for forensics. The entire process must be tested for its applicability
  
  

• Your organisation has clearly defined roles and responsibilities for each employee, including privileged users?
  
  Clearly define the roles and responsibility for each employee. Identifying who is the owner of data? Who is the custodian of data? Who is the user of data? The answer to these questions will help you in assigning privileges to users on data.

• Ability to discover sensitive data across all platforms:

A DLP solution should be able to discover sensitive data across applications, storage towers, systems and devices. It should have inbuilt rules to identify sensitive data as required by various regulatory requirements


• Ability to do deep content and context analysis for Encrypted/Password protected content:

Apart from applying content analysis techniques, such as database fingerprinting, partial document matching, regular expressions etc., on normal documents good DLP solution must also have access to centralized key/password management tool to scan the encrypted file types.


• Ability to identify sensitive information in graphical documents and image files:

This feature helps organizations to prevent data breaches via screen-shots, print screen functionality and other tools which convert document into graphic files. The solution must have optical character recognition feature to scan file for any sensitive content.


• Ability to scan for sensitive data in archival tools and documents embedded inside another document:

A DLP tool should be able to monitor data transfer in zipped format as well such as .zip/rar/.7z/.tar etc.


• Ability to identify sensitive content in all languages:

A malicious insider (esp. privileged users) can employ this technique to leak any sensitive data by simply translating the data into another language. A good DLP solution must be able to identify and prevent such actions


• Ability to protect data both on and off the corporate network:

After BYOD trend people are bringing various mobiles devices to workplace. Sensitive data on those mobile devices are frequently leaving the companies secure network. In this scenario a good DLP solution must have Mobile device management capabilities and must ensure that data is protected both on and off the network


• Ability to log the actions of privileged users:

Most of the data breaches today are happening due to the abuse of privileged accounts. A DLP solution must be able to audit the use of privileged accounts and logs all the actions in an encrypted and digitally signed file.


• Integration with Directory services, Mail servers, and other security tools:

Integration with Active Directory, SIEM tools, IAM, IPS, Databases, Mail servers and proxies are critical to enhance the effectiveness of any DLP solution


• Supports for MAC and Linux platforms:

Should provide support for MAC and Linux systems.

• Supports centralized deployment and incident response workflow:

A Centralized management will ensure effective monitoring of all the DLP components from a single user interface. It also supports centralized policy creation, generating reports and managing incident response in case of any breach.

Implementing DLP? Here's a quick overview of Top 5 Reasons for DLP Implementation Failures-

• Ineffective data classification methods:
  
  Failure to identify the right data to be protected. Undermining certain data can lead to the exposure of sensitive information while overwhelming amount of protected data can bring down the system and network performance.
  
  
• Improperly configured content scanning module:
  
  Failure in defining right use cases and processes related to sensitive information may lead to ineffective controls which can open doors for an attacker to get his hands on the sensitive information
  
  
• Excessive False positives:
  
  Overly strict rule-set, policies can lead to an overwhelming amount of false positives and reporting. This can drastically bring down employee productivity and results in unnecessary workload for IT security team
  
  
• Loosely Integrated DLP modules:
  
  A complete DLP implementation will have network protection modules, Host protection modules and storage modules tightly integrated and centrally managed. Loosely Integrated DLP modules will create a lot of management overhead and may lead to ineffective monitoring.
  
• Failure in periodic monitoring of changes in organization IT Infrastructure, Business units and processes:
  
  This can render previous DLP controls ineffective. The changes must be taken into account to fine tune DLP modules from time to time in order for the DLP solution to deliver its value

CISO Platform recognizes World's Top 100 IT Security Influencers who have/are impacting the information security industry's in various ways. This list includes top researchers, industry experts, leading entrepreneurs, a must follow for infosec industry. The list will be declared in 4 parts each with 25 Top Influencers, this is the first part.

Kevin Mitnick

@kevinmitnick

Kevin is often known as The World's Most Famous Hacker. He is the author of several books in the field of security and actively writes and tweets on security. He runs Mitnick Security Consulting, LLC that helps test a company's security strengths, weaknesses, and potential loopholes. He is active in various companies as board member as well as adviser. Kevin also helps consumers from students to retirees, learn how to protect their information.

Stefan Esser

@i0n1c

He is best known as the 'PHP Security Guy' in the security community. He was the first to boot Linux directly from the hard disk of an unmodified XBOX through a buffer overflow in the XBOX font loader. Following year he founded the project named 'Hardened-PHP' which aimed at developing a more secure version of PHP, known as Hardened-PHP, which evolved as the Suhosin PHP Security System.

Eugene Kaspersky

@e_kaspersky

Eugene Kaspersky is an IT Security expert, CEO and co-founder of Kaspersky Lab. He was voted the World’s Most Powerful Security Exec by SYS-CON Media in 2011, awarded an Honorary Doctorate of Science from Plymouth University in 2012, and named one of Foreign Policy Magazine’s 2012 Top Global Thinkers for his contribution to IT Security Awareness' as mentioned on the Kaspersky website.

Want To Share it with your Friends?

Click to share Facebook, Twitter, LinkedIn, Google+

Ramy Raoof

@RamyRaoof

Ramy Raoof is a technologist and digital security researcher who engages with human rights initiatives, NGOs, journalists, lawyers, youth groups, university students and CSOs on various topics. In the course of his work, he provided and developed digital security plans and strategies for NGOs and media personnel, urgent support and interventions in cases of confiscation and raiding offices, support on publishing sensitive materials, secure systems for managing information about sexual violence and torture survivors, and developed operational plans for human rights emergency response teams.

Brian Krebs

@briankrebs

Brian Krebs is a journalist & investigative reporter. Krebs is the author of KrebsOnSecurity.com, a daily blog on computer security and cybercrime. He is also known for interviewing hacker 0x80. On March 14, 2013, he became one of the first journalists to become a victim of Swatting.

( Read More: Incident Response: How To Respond To A Security Breach During First 24 Hours (Checklist) )

Mikko Hypponen

@mikko

Mikko Hypponen is the Chief Research Officer at F-Secure since 1991. He actively speaks at various security conferences including Black Hat,RSA etc. His TED Talk is one of the most viewed computer security talks in the world. He played significant role in research on virus and computer worms like Blaster & Sobig Computer. He actively writes and tweets on IT Security.

Bruce Schneier

@schneierblog

Bruce Schneier is an internationally renowned security technologist. He has been called "Security Guru" by The Economist. He is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a board member of the Electronic Frontier Foundation(EFF) and the Chief Technology Officer at Resilient Systems. Bruce has authored several well known IT Security books and also made significant contribution in IT Security research.

Dr. Eric Cole

@drericcole

Dr. Eric Cole is an industry-recognized security expert with over 20 years of hands-on experience who has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a master's degree in computer science from NYIT and a Doctorate from Pace University. He has authored several books like Hackers Beware, Hiding in Plain Site, Network Security Bible, Insider Threat. He is an inventor who has filed over 20 patent applications. He is also a member of the Commission on Cyber Security for the 44th President. Dr. Cole is founder of Secure Anchor Consulting in which he provides state of the art security services and expert witness work. He is a SANS faculty fellow and course author.

Want To Share it with your Friends?

Click to share Facebook, Twitter, LinkedIn, Google+

Charlie Miller

@0xcharlie

Charlie Miller is currently an engineer in Uber post his role in Twitter.Interestingly he was a computer hacker for National Security Agency for 5 years. He has a Phd in Mathematics from University of Notre Dame.He is a four time winner of the Pwn2Own competition. He has discovered plenty vulnerabilities with Apple products. He had found a hack for both the iphone and android when they were released first.

Christopher Soghoian

@csoghoian

Christopher is a privacy researcher and activist who currently serves as the principal technologist at American Civil Liberties Union. His research has revealed various surveillance techniques used by law enforcing authorities in the US. He has also co-created Do Not Track privacy anti-tracking mechanism which have been used by major browsers. Earlier he has worked for FTC's Division of Privacy and Identity Protection which included investigating Facebook, Twitter, MySpace, Netflix etc. He deals into the thin line between Digital Privacy Rights and Government Surveillance.

( Read More: 5 Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution )

Dan Kaminsky

@dakami

Dan Kaminsky has been a noted security researcher for over a decade, and has spent his career advising Fortune 500 companies such as Cisco, Avaya, and Microsoft.Dan is best known for his work finding a critical flaw in the Internet's Domain Name System (DNS), and for leading what became the largest synchronized fix to the Internet's infrastructure of all time. Dan is presently developing systems to reduce the cost and complexity of securing critical infrastructure, as mentioned on Dan Kaminsky's Blog.

Graham Cluley

@gcluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been part of the information security industry since early 1990s. He is one of the world's leading experts in viruses and spam .He has also written regular columns on information security for IT Week, Computer Weekly, VNUNet etc. while he continues his super exciting blog grahamcluley.com .

Dave Kennedy

@HackingDave

David Kennedy is Founder of TrustedSec, LLC and Co-Founder and CTO of Binary Defense Systems (BDS). He was also one of the founding members of the “Penetration Testing Execution Standard (PTES)“. He is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET) and more. He is also co-author of the "Metasploit: The penetration testers guide". Before he plunged into the private sector, he worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.

Want To Share it with your Friends?

Click to share Facebook, Twitter, LinkedIn, Google+

Paul Asadoorian

@securityweekly

He is currently the product strategist at Tenable Network Security. Previously he was the founder & CEO at Security Weekly. He is the host of PaulDotCom Security Weekly (http://pauldotcom.com) which is a weekly podcast discussing all things IT security including interviews with some of the top security professionals. He is also the co-author of Ultimate WRT54G Hacking, a book dedicated to embedded device hacking and wireless technology as sourced from his RSA speaker profile.

Alan Woodward

@ProfWoodward

His specialities include Computer & Network Security, Cryptography & Steganography, Computer Forensics & Signal Processing. While he serves the security industry he keeps close connect with academia and research. He is the Professor in the Computer Science Department of Faculty of Engineering and Physical Sciences at the University of Surrey. His achievements have resulted in him being elected as a Fellow of various institutions including the British Computer Society, Institute of Physics and Royal Statistical Society.

( Read More: Comprehensive Salary Guide For Cyber Security Professionals: First Time Ever In India )

Matthew Green

@matthew_d_green

Matthew is a cryptographer & professor at Johns Hopkins University who has designed & analyzed various crytographic systems used in payment systems, wireless networks etc.Recently his work focuses on developing privacy-preserving cryptographic protocols for implementing anonymous electronic cash and identification. Additionally, he has been working on new automation techniques to assist in the design and deployment of advanced cryptographic protocols as sourced from the University Profile.

Timothy Brown 

Timothy is the Executive Director Security at Dell. Previously he was the CTO at CSID and much earlier CTO at Symantec. He has multiple patents on Dynamic Endpoint Compliance Policy, Data Leakage Prevention etc. His expertise includes identity management, GRC, Antivirus, intrusion detection, encryption, security event management, cloud security, forensics and managed security services.

Joshua Corman

@joshcorman

Joshua Corman is currently the CTO for Sonatype, the software company that enables developers to rapidly build secure software. He co-founded Rugged Software and IamTheCavalry, to promote new security approaches in response to the world’s increasing dependence on digital infrastructure. He is a well known security strategist in the information security industry. His unique approach to security, in the context of human factors, adversary motivations and social impact, has helped position him as one of the most trusted names in security.

Want To Share it with your Friends?

Click to share Facebook, Twitter, LinkedIn, Google+

Dave Lewis

@gattaca

Dave is currently the Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave also serves on the (ISC)2 Board of Directors. He has worked for a defense contractor as a security consultant to clients such as the FBI, US Navy, US Department of Defense & many others. He is a Forbes contributor and a CSO Online writer.

Katie Moussouris

@k8em0

Katie Moussouris is the Chief Policy Officer for HackerOne. She has earlier worked on initiatives such as Microsoft's bounty programs, BlueHat content chair, security researcher outreach, Vulnerability Disclosure Policies & Microsoft Vulnerability Research. She is also a subject matter expert for the US National Body of the International Standards Organization (ISO). She is an ex-hacker, ex-Linux developer. She has received the 2011 Executive Women's Forum Women of Influence Award in the category of One to Watch.

( Read more: Security Metrics and Dashboard for the CEO / Board )

Richard Bejtlich

@taosecurity

Richard Bejtlich is Chief Security Strategist at FireEye. Formerly, he was Mandiant's Chief Security Officer. Earlier he was Director of Incident Response for General Electric, where he built and led the 40-member GE Computer Incident Response Team (GE-CIRT). He is also an advisor to Threat Stack, Sqrrl, and Critical Stack who is pursuing a Doctor of Philosophy in War Studies at King's College London. Richard is a graduate from Harvard University & the United States Air Force Academy. His has authored several books and actively blogs as well as tweets.

Simon Crosby

@simoncrosby

Simon Crosby is Co–founder and CTO at Bromium. He was founder and CTO of XenSource, which was later acquired by Citrix. Following this he served as CTO of the Virtualization and Management Division at Citrix. Previously, Crosby was a Principal Engineer at Intel, where he led strategic research in distributed autonomic computing, platform security & trust. He was also the Founder of CPlane Inc., a network optimization software vendor. Prior to CPlane he was a tenured faculty member at the University of Cambridge, UK, where he led research on network performance & control & multimedia operating systems.

Runa A.Sandvik 

@runasand

Runa A. Sandvik is a privacy & security researcher who helps media organizations improve their security posture. She works at the intersection of technology, law and policy. She also teaches digital security to journalists & was a teacher at Folkeuniversitetet during 2008. Runa is also a technical advisor at the Freedom of the Press Foundation & a member of the review board for Black Hat Europe.

Want To Share it with your Friends?

Click to share Facebook, Twitter, LinkedIn, Google+

Andy Ellis

@CSOANDY

Andy Ellis is Akamai's Chief Security Officer (CSO). He is responsible for overseeing the security architecture and compliance of the company's massive, globally distributed network & is the patentholder of Akamai's SSL acceleration network, as well as many other critical technologies related to Akamai's Cloud Security Solutions. An MIT graduate, recipient of the CSO Magazine Compass Award & many more accolades.

Alex Stamos

@alexstamos

Alex Stamos is the CISO of Facebook currently, previously he was the CISO at Yahoo. He was the co-founder of iSEC Partners and founder of Artemis Internet. He is a noted expert in Internet infrastructure, cloud computing and mobile security. He is a frequent speaker at conferences such as Black Hat, DEF CON, Amazon ZonCon, Microsoft Blue Hat, FS-ISAC and Infragard. He holds a BSEE from the University of California, Berkeley. He is also a part of the reviewing board at Black Hat.He personally blogs at unhandled.com.

*Profile details have been sourced from various online resources such as LinkedIn,Twitter & others. In case of any queries you may address a mail to contact@cisoplatform.com to resolve it.

More:  Join the community of 3000+ Chief Information Security Officers.  Click here

Keynote Turbo Talks

Protecting SCADA environments

Daniel Lakier, CTO & President at SeeGee Technologies

This talk will take you through the fundamentals followed by the advanced levels of SCADA. What is SCADA, Why do we need to care, What are the Risks & Challenges,Operational Practical ( IT challenges), Why the traditional answer isn't enough. According to Daniel, The best answer today is Stealth Networking and next generation two factor authentication.

Network Machine Learning and the Security Industry: Past, Present, And Future

Bob (Robert H) Klein, Black Hat 2015 Speaker

Lessons learnt from recent Cyber-attacks on SAP systems

Alexander Polyakov 

This talk will take you through the past attacks on SAP systems in history and 10 lessons learnt from it. 

Since for a long time, almost no real attacks on SAP and Oracle ERP systems were known to the public, it gave CISOs a false sense of security. While the number of breaches in less critical applications was increasing rapidly, and so was the awareness, only a small group of professionals were aware of attacks on business applications. The most popular example of such fraud was to create a fake vendor and a payment order for this vendor and then to approve it. According to the Association of Certified Fraud Examiners, losses from internal fraud constitute 7% of profit on average. To prevent those types of attacks, the segregation of duties concept was created. ERP security isn’t limited to SoD. The issue of unauthorized access to system and user accounts via vulnerabilities now matters. Moreover, the increasing number of SAP vulnerabilities in ERP systems (from 100 in 2007 to 3500 in 2015 only in SAP) makes these issues more critical than ever. But what’s more important, in 2012 we saw a first sight of cyber-attack via SAP Vulnerabilities. Our predictions proved accurate and by now we have witnessed a number of examples from Anonymous attacks on Greek Ministry of Finance via SAP to the attest breach of US Investigation Services (a largest subcontractor of OPM) that led to company’s bankruptcy. In this talk, take a look at the history of ERP attacks and learn 10 lessons how to avoid them.

Building Immune Systems For Our Enterprises: Detecting Emerging Threats in real Time

Dave Palmer, Director of Technology, Darktrace

This talk will take you through a new perspective to realize how the math evolves to detect and emerge from the threats. Learn the algorithms behind, statistics, probability, the techniques, its evolution and how it can create the immune system for your organization.

United Nation's program to help developing nations in IT Security

Paul Raines - CISO, United Nations Development Programme

Cybersecurity assistance for developing nations. This talk will highlight a new initiative within the United Nations Development Programme (UNDP) to provide cybersecurity assistance to the governments of developing nations to help protect their critical national infrastructure and digital economies. UNDP uses its own experienced, award winning cybersecurity team instead of hiring expensive, outside consultants. Thus, UNDP can deliver services to its clients at less cost, less overhead and with the hands-on experience of a team of world recognised experts. The services to be provided include cybersecurity training, risk assessment, incident response training and exercises, training in business continuity/disaster recovery and preparation for ISO 27001 certification.

Sessions

Forensics & Incident Response Essentials 

Sachin 

This workshop session will help you to peek into the fundamentals of Incident Response,       Incident Response Stages: Preparation, Identification, Containment, Eradication, Recovery & Memory Forensics in Incident Response. This can be attended as hands on 2 day training. To know more Click here

Network Forensic Tools & Techniques 

Tamaghna Basu

This talk will explore an Introduction to network forensics, The Basic protocol analysis, Forensic analysis network/web/malware, Basic packet analysis challenges. This can be attended as hands on 2 day training. To know more Click here

Application Security Workshop - IAST, RASP, Real Time Polymorphism

Nilanjan De & Jitendra Chauhan

This talk will explore Understanding IAST/RASP,Realtime Polymorphism.

Some areas covered under IAST/RASP would be Web Security Evolution, Marketing view of RASP and IAST, Science Behind RASP and IAST, Way Forward.

Some areas covered under Realtime Polymorphism would be Polymorphism, Automated attacks, Threat model and attack vectors, Reference Polymorphism, Field Polymorphism., advantages, Limitations.

A brief demonstration and behavior of the  technologies will leave you awed, a much appreciated session in the past.

Threat Intelligence Workshop

Bikash Barai

This talk will explore the Key components i.e. (People, Process and Technology), Threat Intelligence Maturity model, Threat Collection & Analysis eg. OSINT, Integrating Actionable Intelligence,Technology and Vendor Landscape. Find frameworks and checklists to build on for your next threat intelligence project!

Legal Workshop

This talk will explore the legalities you need to know, the key priorities and things to keep in mind. Explore with some common mistakes and get info on the go to resources!

Cloud Access Security Brokers Workshop

Ravi Mishra

This talk will explore the Technology Taxonomy for Cloud Security, Key components of cloud security architecture, Blue print to build your cloud security program & Basics of Cloud Security Access Brokers. Find frameworks and checklists to build on for your next CASB implementation project!

Security Analytics and SOC up-gradation workshop

This talk will explore from fundamentals to advanced of Security Analytics from how to use it to its requirement in your organization. For a recent implementation, this can garner you some tips and also some good connect to useful resource.

DDOS Workshop

This talk will explore from fundamentals to advanced of DDOS from how to use it to its requirement in your organization. For a recent implementation, this can garner you some tips and also some good connect to useful resource.

Security Metrics and Dashboard Workshop

Bikash Barai

This talk will explore the Challenges & Gaps, Board Meeting Goals, Metrics-Measuring Security, Dashboard-Calculate & Show $ Lost,  Measures- What If Breached?,  Tools for Benchmarking your organization’s security,  How to Involve The Board & Educate Them. Access Basic Template Find frameworks and checklists to build on for your next threat intelligence project!

Identity & Access Management Workshop

Manjula Sridhar

This talk will explore the Challenges & Gaps, Fundamentals, PIM as an aspect of IAM, Tools and techniques, taxonomy and vendor mapping for IAM, Need assessment and evaluation checklists. Access Basic Template Find frameworks and checklists to build on for your next threat intelligence project!

IT GRC Workshop

Ravi Mishra

This talk will explore Key Components and Architecture for GRC,  How to Jumpstart your GRC program with freely available tools and content,Overview of Free Tools that you can use today,  Complete Vendor and Technology Taxonomy,  Customer Satisfaction based Rating of vendors along with Analysts opinion, Checklist to evaluate a GRC Vendor, CISOs who implemented GRC to share their real life experiences. Find frameworks and checklists to build on for your next CASB implementation project!

Security Architecture Workshop

Arnab Chakraborty & Bikash Barai

This talk will explore various challenges, techniques and fundamentals for implementing a secure architecture. Learn it from scratch and find some ready made, go to material. Find frameworks and checklists to build on for your next threat intelligence project!

WarGame Sessions

Successful Implementation of Incident Response Program

Building Security Dashboard and Metrics for Your Enterprise

Building Security Maturity Model for Banks

Successful Implementation of SIEM Program

Successful Implementation of IT GRC Program

Successful Implementation of IAM Program

Workshop Sessions

The changing world of SCADA and how to secure it

Daniel Lakier, CTO & President at SeeGee Technologies

This workshop session will take you through major questions like What is SCADA/PCD* and why is it so insecure ? Why should we care and what are the risks of not securing it ? What are the operational challenges and why is it so hard to secure ? What are some strategies to mitigate operations vs IT conflict? How to decide the best course of action( Logic its always the same ) i.e. if you have a proprietary 15 year old operating system (obviously you can't put Anti virus on it even if it would void the manufacturers guarantee/warranty.) ? The forgotten pieces and how best to manage associated risk ? Traditional PCD security and why the changing world has rendered most of the existing answers mute ? The next best thing to a solution ?

>> Register Now!

Defeating Machine Learning: Malware Detection Deep Dive

Bob (Robert H) Klein, Black Hat 2015 Speaker

Implementing SAP security in 5 steps case-study

Alexander Polyakov 

This workshop session will help you to learn: How to start SAP Security Project from scratch, Practical steps for securing SAP against top 9 EAS-SEC risks, Optimal approach to start SOD project with minimum costs, Main issues in ABAP code and first steps to analyze them  Practical steps for forensic investigation and log analysis of SAP Platform. 

>> Register Now!

Security Governance for the Cloud

Paul Raines - CISO, United Nations Development Programme

This talk will explore what types of due diligence governance actions an organisation should take when managing one or multiple cloud service providers. Topics to be covered include contractual provisions, security policies, audits, security service level agreements and security authentication/authorisation.

Key Learning on What standards should be used in evaluating cloud providers? What contractual clauses should you insist on with cloud providers? If your organisation uses several cloud providers, how do you ensure standard levels of service? Once the contract is signed, what due diligence should you undertake to ensure continued compliance?

Forensics & Incident Response Essentials

Sachin 

This workshop session will help you to peek into the fundamentals of Incident Response,       Incident Response Stages: Preparation, Identification, Containment, Eradication, Recovery & Memory Forensics in Incident Response. This can be attended as hands on 2 day training. To know more Click here

Network Forensic Tools & Techniques Workshop

Tamaghna Basu

This talk will explore an Introduction to network forensics, The Basic protocol analysis, Forensic analysis network/web/malware, Basic packet analysis challenges. This can be attended as hands on 2 day training. To know more Click here

>> Register Now!

Application Security Workshop - IAST, RASP, Real Time Polymorphism

Nilanjan De & Jitendra Chauhan

This talk will explore Understanding IAST/RASP,Realtime Polymorphism.

Some areas covered under IAST/RASP would be Web Security Evolution, Marketing view of RASP and IAST, Science Behind RASP and IAST, Way Forward.

Some areas covered under Realtime Polymorphism would be Polymorphism, Automated attacks, Threat model and attack vectors, Reference Polymorphism, Field Polymorphism., advantages, Limitations.

A brief demonstration and behavior of the  technologies will leave you awed, a much appreciated session in the past.

Threat Intelligence Workshop

Bikash Barai

This talk will explore the Key components i.e. (People, Process and Technology), Threat Intelligence Maturity model, Threat Collection & Analysis eg. OSINT, Integrating Actionable Intelligence,Technology and Vendor Landscape. Find frameworks and checklists to build on for your next threat intelligence project!

>> Register Now!

Cloud Access Security Broker Workshop

Ravi Mishra

This talk will explore the Technology Taxonomy for Cloud Security, Key components of cloud security architecture, Blue print to build your cloud security program & Basics of Cloud Security Access Brokers. Find frameworks and checklists to build on for your next CASB implementation project!

Security Analytics Workshop

Bikash Barai

This talk will explore the various aspects of Security Analytics with respect to business requirements and implementation.

Keynote Turbo Talks

Protecting SCADA environments

Daniel Lakier, CTO & President at SeeGee Technologies

This talk will take you through the fundamentals followed by the advanced levels of SCADA. What is SCADA, Why do we need to care, What are the Risks & Challenges,Operational Practical ( IT challenges), Why the traditional answer isn't enough. According to Daniel, The best answer today is Stealth Networking and next generation two factor authentication.

>> Register Now!

Network Machine Learning and the Security Industry: Past, Present, And Future

Bob (Robert H) Klein, Black Hat 2015 Speaker

Lessons learnt from recent Cyber-attacks on SAP systems

Alexander Polyakov 

This talk will take you through the past attacks on SAP systems in history and 10 lessons learnt from it. 

Since for a long time, almost no real attacks on SAP and Oracle ERP systems were known to the public, it gave CISOs a false sense of security. While the number of breaches in less critical applications was increasing rapidly, and so was the awareness, only a small group of professionals were aware of attacks on business applications. The most popular example of such fraud was to create a fake vendor and a payment order for this vendor and then to approve it. According to the Association of Certified Fraud Examiners, losses from internal fraud constitute 7% of profit on average. To prevent those types of attacks, the segregation of duties concept was created. ERP security isn’t limited to SoD. The issue of unauthorized access to system and user accounts via vulnerabilities now matters. Moreover, the increasing number of SAP vulnerabilities in ERP systems (from 100 in 2007 to 3500 in 2015 only in SAP) makes these issues more critical than ever. But what’s more important, in 2012 we saw a first sight of cyber-attack via SAP Vulnerabilities. Our predictions proved accurate and by now we have witnessed a number of examples from Anonymous attacks on Greek Ministry of Finance via SAP to the attest breach of US Investigation Services (a largest subcontractor of OPM) that led to company’s bankruptcy. In this talk, take a look at the history of ERP attacks and learn 10 lessons how to avoid them.

>> Register Now!

Building Immune Systems For Our Enterprises: Detecting Emerging Threats in real Time

Dave Palmer, Director of Technology, Darktrace

This talk will take you through a new perspective to realize how the math evolves to detect and emerge from the threats. Learn the algorithms behind, statistics, probability, the techniques, its evolution and how it can create the immune system for your organization.

United Nation's program to help developing nations in IT Security

Paul Raines - CISO, United Nations Development Programme

Cybersecurity assistance for developing nations. This talk will highlight a new initiative within the United Nations Development Programme (UNDP) to provide cybersecurity assistance to the governments of developing nations to help protect their critical national infrastructure and digital economies. UNDP uses its own experienced, award winning cybersecurity team instead of hiring expensive, outside consultants. Thus, UNDP can deliver services to its clients at less cost, less overhead and with the hands-on experience of a team of world recognised experts. The services to be provided include cybersecurity training, risk assessment, incident response training and exercises, training in business continuity/disaster recovery and preparation for ISO 27001 certification.

>> Register Now!

With overwhelming response for Defcon 22 Top Talks, we decided to present Defcon 23 again. Let us know which were your favorite talks?

Important Note:

All presentations are courtesy Defcon and is presented as-is without any modification
Some of the descriptions below are taken from Defcon website (www.defcon.org)
You need to Sign in/Sign up to view the presentations. (It's free)

With overwhelming response for Defcon 22 Top Talks, we decided to present Defcon 23 again. Let us know which were your favorite talks?

Important Note:

All presentations are courtesy Defcon and is presented as-is without any modification
Some of the descriptions below are taken from Defcon website (www.defcon.org)
You need to Sign in/Sign up to view the presentations. (It's free)

Bruce-Potter-Hackers-Guide-to-Risk

Measuring risk in two words, assessing, managing and measuring risk. This can be a guide for security researchers to measure risk in day to day life.

Colin-O'Flynn-Dont-Whisper-My-Chips

The nature of this talk was hands-on. It presents to you how weak security in embedded hardware systems are. More surprising all of the hacks could be done with open source tools.

Craig-Young-How-To-Train-Your-RFID-Hacking-Tools

Learn how to use the tools, how to develop new firmware etc. with examples. It includes architecture of Proxmark3.

Damon-Small-Beyond-the-Scan

Getting into the depths of Vulnerability Assessment, this presentation will highlight the importance of VA for security in an organization.

Daniel-Crowley-Damon-Smith-Bugged-Files

Files communicate to Endpoints when opened eg. microsoft word, PDF. This ability can have an interesting perspective in terms of security concerns. It delves into possible scenarios of exploit.

Dennis-Maldonado-Are-we-really-safe-bypassing-access-control-systems

Maybe your access control systems are accessed by some one else. That being said, here's the talk that demonstrated the walk through access control systems like a breeze. Maybe our dependence on them needs a thought.

Eric-Van-Albert-Zack-Banks-Looping-Surveillance-Cameras Through Live Editing Of Network Streams

Remember the CCTV in the movies looping the same incidents again and again. That's exactly what happens here and best we learnt how it happens. Better still, it is possible to modify this to level of high sophistication.

Etienne-Martineau-Inter-VM-Data-Exfiltration

It states multi-core covert channel between co-located VMs are real. From fundamentals of cache line encoding to techniques & challenges-know it all.

Gerard-Laygui-Forensic-Artifacts-Pass-The-Hash-Attack

A useful guide for system admins to help understand the extent of devastation of the attack and some fundamentals to help if the forensic expert isn't around.

Grant-Bugher-Obtaining-and-Detecting-Domain-Persistence

If a windows domain is hacked into with domain administrator privileges, this talk explains how to detect this incident and rule it out.

Ian-Latter-Remote-Access-the-APT

This focuses on new TGXf technique, which can allow data transfer by by-passing present security measures like Perimeter or End Point Security.

Joshua-Drake-Stagefright-Scary-Code-in-the-Heart-of-Android

Android vulnerabilities- speaker explains reaching Stagefright Multimedia Framework and various other vulnerabilities.

Joshua-Smith-High-Def-Fuzzing-Exploitation-Over-HDMI-CEC

Justin-Engler-Secure-Messaging-For-Normal-People-W

Ken-Westin-Confessions-of-a-Cyberstalker

Lance-Buttars-Nemus-Hacking-SQL-Injection-for-Remote-Code-Execution-on-a-LAMP-UPDATED

Lin-Huang-Qing-Yang-GPS-Spoofing

Marte-L0ge-I-will-Tell-you-your-Lock-Pattern-UPDATED

Michael-Robinson-Knocking-My-Neighbors-Kids-Drone-Offline-UPDATED

The CISO(Chief Information Security Officer) is a C-Level position, responsible to align security to business goals and to secure information assets of the company. The C-Level position has changed and evolved so much, we see the ‘CISO’ as a union of CRO,CIO etc.  and the sole person responsible for the company’s security.

We have identified 5 major segments of a CISO's Role, namely Understanding the Organization's Business Strategy, Understanding the IT Infrastructure & Building a Security Architecture Optimized for it, Creating Optimal Risk Management & Disaster Recovery Plan, Managing the Insider Threats & Training Programmes and Maintaining all systems with respect to Compliance and Regulations. Each of the CISO Role Segments have been described briefly below along with the major pointers under them.

CISO Role Segments-

1. Organization’s Business Strategy
2. IT Infrastructure, Security Architecture & Assets
3. Optimal Risk management & Disaster Recovery Plan
4. Managing Inside Threats (training & awareness)
5. Compliance & regulations

( Read More: How To Respond To A Breach During First 24 Hours )

Role1: Organization’s Business Strategy

Understanding the Business Plan & Strategy is key to align security to it. Security should not become a hindrance, if it is necessary it should be discussed to optimize the strategy and find a solution. A CISO should participate in discussions to take the Business point into consideration.

• Partnerships & Acquisitions to enhance the company’s security standing
• Cloud platform Adoption for Productivity Benefit Vs Low Cost
  
  
  • Integration & Strategy
  • Compliance Requirements
  • Architecture
  • CASB partners & strategy
  • SLA
  • Policy
  • Vendor Risk
  • Security Monitoring modes eg. Testing
• BYOD Platform to create a employee friendly environment and minimizing the risks
  
  
  • Access Controls
  • Secure VPNs
  • Policies & Guidelines
  • Monitoring lost devices & Remote swipe
  • Vendor Risk
• ROSI for security strategy to create optimal plan with available budget
  
  
  • Security Budget
  • Highest ROSI
  • Security Standing of company
• Vendor Risk Management
  
  
  • Third Party Apps
  • Service Providers
  • Public/Private/hybrid Cloud

Role2:  IT Infrastructure, Security Architecture & Assets

Understanding the present IT Infrastructure and the greatest assets should enable a CISO to create an optimal security strategy, a chief component of a CISO's role.  A well-planned security architecture implementation addresses issues at the root level and can go a long way.

• Application Security eg. WAF, Secure coding etc.
• Encryption Technology Adoption
• Vulnerability management
• Network Security eg. monitoring, packet filtering, segmentation, firewall , IPS & IDS etc.
• Identity & Access Control eg. SSO, 2FA, Role based access etc.
• Cloud Integration
• Disaster recovery
• Compliance & Regulations
• Threat Prevention
• Data Loss Prevention
• Incident Management & Forensics eg. IR plan, Response time, First 24 hours etc.
• Sensitive Data Storage eg. Data discovery, Data classification, policies etc.
• Monitoring eg. Detailed logs, log management etc.

Role3: Optimal Risk management & Disaster Recovery Plan

This segment finds overlap with security architecture, however due to its importance we have mentioned it separately. A CISO's role is often to build and oversee the security architecture from the scratch, post which Risk Management and Disaster Recovery are the major components.

• Risk Management Strategy
• Architecture implementations
• Points of anomaly capture
• Infrastructure support for disaster
• Contact personals- Legal, Audit Advisors etc.
• IR Plan
• Asset priority
• Prevention plans
• Forensic support

Role4: Managing Inside Threats (Training & Awareness)

Controlling the access, data leak and preventing accidental organization risk comes under this category. Raising awareness in all employees & customers handling any sensitive data or using any organization asset is a primary part of it. Training and awareness indirectly helps a CISO carry out his role and responsibility.

• Training & Awareness programs
• Measuring progress in employees & customers
• Test attacks
• Monitoring Policy Violations Or Access Escalations
• Security courses & certifications
• Policy violation penalty

Role5: Compliance & regulations

This is relatively complex but mandatory control in the organization with plenty of regulations and updates making it difficult to keep track. Frameworks to maintain and regulate compliance have been made and make life easier. A CISO's role in the field of compliance can be overwhelming due to new regulations & updates from time to time.

Popular Compliance list-

• PCI DSS
• HIPAA & HITECH
• Sarbanes-Oxley
• FISMA

( Read More: Free Resources For Kickstarting Your IT GRC Program )

References-

https://www.rsaconference.com/writable/presentations/file_upload/cxo-w04-don_t-get-left-in-the-dust-how-to-evolve-from-ciso-to-ciro.pdf

http://rafeeqrehman.com/?attachment_id=576

What Is Bad USB?

The phenomenon of using the USB for malicious intent can be termed as Bad USB. USB Thumb Drives are the last considerations of malicious intent. However, if manipulated, they can takeover almost everything.

Some interesting demonstrations have been done at Black Hat conference by 2 highly regarded security researchers.

( Listen To Karsten's Talk: Bad USB On Accessories That Turn Evil )

Possible Ways To Mitigate Bad USB Threats

• Whitelisting USB devices
• Block Critical Device Classes, Block USB Completely
• Scan Peripheral Firmware For Malware
• Use Code Signing For Firmware Updates
• Disable Firmware Updates In Hardware

Limitations In Bad USB Mitigation Strategies

• Whitelisting USB devices
  • Unique Serial No. may not be available in some USBs
  • Operating Systems don't support any USB Whitelisting
• Block Critical Device Classes, Block USB Completely
  • Ease Of Use will override
  • USB usability is highly reduced if basic classes are blocked
    (Basic classes can be used for compromise)
• Scan Peripheral Firmware For Malware
  • Very challenging, Malicious firmwares can spoof a legitimate one
• Use Code Signing For Firmware Updates
  • Unauthorized updates still have a high chance eg. implementation error
  • Challenges in implementing secure cryptography on microcontrollers
  • Challenges in implementing for all devices
• Disable Firmware Updates In Hardware
  • Most effective, however this may be available only for new devices

Threat

• Present Security Solutions cannot detect malicious intent of USB
• It can be used for spying,data theft,data tampering,almost anything-it can take control etc.
• Security has to be built in before commercializing the product-no response yet on that!
• Post Derbycon Hacker Conference 2 researchers have made some attack codes public-this puts millions of us at risk

( Read More: Top IT Security Conferences In The World )

References

1. Extracts have been taken from 'Bad USB On Accessories That Turn Evil' Talk by Karsten Nohl during Annual Summit, 2014. Click Here For Full Talk

2.http://securityaffairs.co/wordpress/27211/hacking/hackers-can-exploit-usb-devices-trigger-undetectable-attacks.html

3.http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/

4.http://www.zdnet.com/article/badusb-big-bad-usb-security-problems-ahead/

The intent of using IT Governance Risk Compliance (IT GRC) tools and capabilities is to report and manage IT Risks. We will study the critical platform capabilities for IT GRC Tools.

Critical Platform Capabilities In IT GRC Solution

• IT Risk Management
• IT Asset Management
• Policy Management
• Social Media Risk Management
• IT Vendor Risk Management
• 3rd party Vendor Integrations
• Incident tracking & management
• Customizable Reports and Dashboards
• Customizable Workflows
• Security Monitoring & Overview
• Disaster Recovery & Business continuity management
• IT GRC Elements Mapping / Cross Mapping and Interlinks between modules
• Integration with Enterprise IT – SSO (with RBAC), DBMS, HRMS etc.
• Survey creation & distribution (with or without access to GRC platform)
• Pre-packaged content (Policies, Controls, Procedures, Risk Register, Metrics (KRIs, Security etc.) Assessment Questionnaire etc.)
• Integration with Cloud and BYOD

The major areas under consideration should be the IT Risk Mapping, Ability To Track Risk and Estimate it, Presenting of the data in Dashboard/Reports.

( Read More: Free Resources For Kickstarting Your IT-GRC Program )

Few Questions to assess an IT GRC Vendor

• Do they have Proof Of Concept support? Timeline?
• What are the added costs?
• Scope of expansion of IT GRC Product? Can the vendor support expand into Enterprise and Legal GRC?
• What is the feedback of real users? Ask your colleagues
• What are the supported OS,Cloud and Mobile?
• What are the liabilities they entail? Have the contract well checked for adverse situations. 

( Read More: Incident Response: How To Respond To A Security Breach During First 24 Hours (Checklist) )

Reference

1. Extracts have been taken from IT GRC Workshop, Decision Summit, Delhi 2015 by Ravi Mishra

Governance, Risk and Compliance is sometimes a managerial step or a mandatory step to adhere with regulations & maintain compliant systems. It widely helps in Risk Management.

Some of the major components of IT GRC are:

1. IT Policy Management
2. IT Risk Management
3. Compliance Management
4. Threat & Vulnerability Management
5. Vendor Risk Management
6. Incident Management

1. IT Policy Management

An administrative method to simplify management by defining and enabling rules(policies) for various apprehensive situations. This is done keeping in mind the organization's goals & belief

• Policy Life Cycle Management
• Policy Creation
• Establish Linkages
• Alerts & Notification
• Manage Exceptions
• Metrics & Dashboard Reporting

2. IT Risk Management

This includes all risk associated with owning IT assets. In larger scales, for an organization, all the data stored is part of this.

• Risk Identification
• Risk Assessment Scheduling
• Aggregate Data
• Risk Assessment & Evaluation
• Issue / Action Tracking
• Metrics & Dashboard Reporting

( Read More: Checklist: Skillset required for an Incident Management Person )

3. IT Compliance Management

A proper framework in place can save money, time and energy. The framework should be set up once and your organization should be compliant while it should be able to notify on the new compliance requirements and licenses

• Regulatory Alerts, Rule Mapping
• Federation
• Surveys, Assessment
• Testing
• Certification & Filing
• Issue / Action Tracking
• Metrics & Dashboard Reporting

4. Threat & Vulnerability Management

This is a continuous process to manage all the assets owned by the organization. Prioritization is key as it directly estimates loss.

• Create Asset Repository
• Prioritize Assets
• Threat & Vulnerability Assessment
• Analysis & Prioritization
• Closed Loop Issue Management
• Metrics & Dashboard Reporting

5. Vendor Risk Management

This refers to all third party vendor risk. Vendor selection should be preceded by checking their risk scenario.

• Vendor Information Management
• Vendor Risk Assessment
• Vendor Compliance Management
• Closed Loop Remediation
• Metrics & Dashboard Reporting

6. Incident Management

This is constant monitoring, tracking analysis and reporting to make sure incidents are at bay. In case there is a breach, policies should be in place to tackle them.

• Aggregate & Track Incidents
• Incident & Issue Analysis
• Integrate with 3rd Party Solutions
• Resource Management & Collaboration
• Closed Loop Monitoring
• Metrics & Dashboard Reporting

( Read More: Critical Platform Capabilities For IT GRC Solution )

Reference-

1.Extracts have been taken from IT GRC Workshop, Decision Summit, Delhi 2015 by Ravi Mishra

2.http://whatis.techtarget.com/definition/policy-based-management

3.http://www.techopedia.com/definition/25836/it-risk-management