SOC Architecture - Building the NextGen SOC

Nov 14, 20165 likes4,773 views

Why are APTs difficult to detect Revisit the cyber kill chain Process orient detection NextGen SOC Process Building your threat mind map Implement and measure your SOC

Building the NextGen SOC
Shomiron DAS GUPTA (GCIA)
Founder, CEO
NETMONASTERY Inc.
#SACON

Agenda
■ Why are APTs difﬁcult to detect
■ Revisit the cyber kill chain
■ Process orient detection
■ NextGen SOC process
■ Building your threat mind map
■ Implement and measure your SOC
#SACON

Why are we failing to pick them
■ Made to order
■ Exploit trust relationships
■ Multi stage deployments
#SACON

The Cyber Kill Chain
■ Reconnaissance
■ Weaponize
■ Delivery
■ Exploitation
■ Installation
■ Command and Control
■ Actions on objectives
#SACON

So which are the phases you
should track to detect
Advanced Persistent Threats?
#SACON

So, what are you looking for?
Indicators Of Compromise
or
Attempt To Compromise
#SACON

Process Orient Detection
■ Visualize your engagement with threats
■ Identify detection phases
■ Build a list of primary issues
■ Create use cases
■ Connect use cases for multi phase threats
■ Burn the context layer in to your SIEM for detection
#SACON

Concerns from the Old SOC
■ Lack of focus on detection
■ Push required to build new rules
■ Rules get out dated before you go production
■ Continuous improvement doesn’t exist
■ Lack of active pursuit
#SACON

ASOC One such option
Hunter
• Looking for threats
• Multiple toolkits
• No boundaries - laterals
• Finding loopholes
• Building content
• Writing process
• Handover and review
Process SOC Ops
• Understand threats
• React - FP Filtering
• Respond
• Resolve
• Metrics & Improvement
• Case retirement
#SACON

What does it take?
■ Approach 
IOC or ATC
■ Anticipation 
High Probability Threats
■ Active Playbook 
Build - Review - Improve
#SACON

Implement and Measure
■ Watch for primary issues not events
■ Connect multi phase threats automatically with tools
■ Selectively implement incident management
■ Look out for threat trends
■ Cyclically iterate and improve every week
#SACON

Shomiron DAS GUPTA
shomiron@netmonastery.com
+91 9820336050
Thank You!
#SACON

Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task. Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.

Security operation center (SOC)Ahmed Ayman

The document discusses security operation centers (SOCs) and their functions. It describes what a SOC is and its main purpose of monitoring, preventing, detecting, investigating and responding to cyber threats. It outlines the typical roles in a SOC including tier 1, 2 and 3 analysts and security engineers. It also discusses the common tools, skills needed for each role, and types of SOCs such as dedicated, distributed, multifunctional and virtual SOCs.

SOC Architecture Workshop - Part 1Priyanka Aash

The document discusses advanced security operations centers (A-SOCs) and their capabilities. It describes how A-SOCs go beyond traditional SOCs by focusing on threat mitigation, proactive monitoring and intelligence. It outlines key A-SOC capabilities like threat assessment and hunting, threat intelligence, situational awareness, and security analytics. The document also provides examples of A-SOC architecture, frameworks, technologies, queries, organization structure, and processes. It proposes a maturity model for advanced SOC services and provides an example use case for the Carbanak attack.

An introduction to SOC (Security Operation Center)Ahmad Haghighi

The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.

Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH

Cyber Security Trends Business Concerns Cyber Threats The Solutions Security Operation Center requirement SOC Architecture model SOC Implementation SOC & NOC SOC & CSIRT SIEM & Correlation ----------------------------------------------------------- Definition Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC. A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however. A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC. Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC. Services that often reside in a SOC are: • Cyber security incident response • Malware analysis • Forensic analysis • Threat intelligence analysis • Risk analytics and attack path modeling • Countermeasure implementation • Vulnerability assessment • Vulnerability analysis • Penetration testing • Remediation prioritization and coordination • Security intelligence collection and fusion • Security architecture design • Security consulting • Security awareness training • Security audit data collection and distribution Alternative names for SOC : Security defense center (SDC) Security intelligence center Cyber security center Threat defense center security intelligence and operations center (SIOC) Infrastructure Protection Centre (IPC) مرکز عملیات امنیت

Security Operation Center - Design & BuildSameer Paradia

Need of SIEM when You have SOARSiemplify

It’s a fair question and one that is compounded by the convergence we see happening across many categories within cybersecurity. Security operations teams have a broad spectrum of choices from pure-play security orchestration and automation platforms to traditional SIEMs that are adding orchestration capabilities. Visit - https://siemplify.co/blog/do-i-need-a-siem-if-i-have-soar/

SOC presentation- Building a Security Operations CenterMichael Nickle

Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security

Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.

Optimizing Security Operations: 5 Keys to SuccessSirius

Organizations are suffering from cyber fatigue, with too many alerts, too many technologies, and not enough people. Many security operations center (SOC) teams are underskilled and overworked, making it extremely difficult to streamline operations and decrease the time it takes to detect and remediate security incidents. Addressing these challenges requires a shift in the tactics and strategies deployed in SOCs. But building an effective SOC is hard; many companies struggle first with implementation and then with figuring out how to take their security operations to the next level. Read to learn: --Advantages and disadvantages of different SOC models --Tips for leveraging advanced analytics tools --Best practices for incorporating automation and orchestration --How to boost incident response capabilities, and measure your efforts --How the NIST Cybersecurity Framework and CIS Controls can help you establish a strong foundation Start building your roadmap to a next-generation SOC.

Security Operation Center FundamentalAmir Hossein Zargaran

The document provides an introduction and agenda for a 3-day security operations center fundamentals course. Day 1 will cover famous attacks and how to confront them, as well as an introduction to security operations centers. Day 2 will discuss the key features, modules, processes, and people involved in SOCs. Day 3 will focus on the technology used in SOCs, including network monitoring, investigation, and correlation tools. The instructor is introduced and the document provides an overview of common attacks such as eavesdropping, data modification, spoofing, password attacks, denial of service, man-in-the-middle, and application layer attacks.

DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh

This document discusses building a cyber security operations center (CSOC). It covers the need for a CSOC, its core components including security information and event management (SIEM), and integrating components like monitoring, alerting, and reporting. Key aspects that are important for a successful CSOC are people, processes, and technology. The roles and skills required for people in the CSOC and training needs are outlined. Developing standardized processes, procedures and workflows that align with frameworks like ISO are also discussed.

Strategy considerations for building a security operations centerCMR WORLD TECH

This document discusses considerations for building a security operations center (SOC) to better manage security threats. It describes the evolving threat landscape and increasing attacks faced by organizations. An enterprise SOC provides centralized monitoring, investigation of incidents, and reporting to improve protection of critical data assets. It assesses existing security capabilities, outlines five essential SOC functions, and discusses capacity management and moving forward with development. Consulting partners can assist with strategy and implementation of an enterprise SOC.

Governance of security operation centersBrencil Kaimba

This document provides an overview of governance of security operations centers. It discusses the impact of disruptive technologies on organizations and the need for security operations centers to manage security risks. It covers designing an effective SOC including defining threats, processes, technology and acquiring a SOC. Operating a SOC includes defining expectations, baselining normal activity, using threat intelligence and handling incidents. Qualities of analysts and measuring SOC success are also discussed. Sustainable SOC governance principles like investing in people and emphasizing teamwork are presented.

Cyber Threat IntelligenceZaiffiEhsan

Cyber threat intelligence involves collecting, analyzing, and sharing information about threats to help organizations assess risks and defend themselves. It follows principles like being centralized, objective, and continuous. The Structured Threat Information Expression (STIX) framework allows sharing threat data consistently between organizations using common language. Intrusion detection systems monitor networks and systems for malicious activity, using either signature-based methods to detect known threats or anomaly-based methods to find unknown behaviors.

Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh

Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay. In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.

What is SIEM? A Brilliant Guide to the BasicsSagar Joshi

From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash

You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model. Learning Objectives: 1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm? 2: What are the pros and cons of in-house, fully managed and hybrid security? 3: What considerations go into deciding whether to employ a hybrid strategy? (Source: RSA Conference USA 2018)

Security operation centerMuthuKumaran267

Effective Security Operation Center - present by Reza AdinehReZa AdineH

The document discusses how to effectively manage a cyber security operations center (SOC). It addresses questions about how to assess the effectiveness and maturity of a SOC, ensure sufficient threat detection capabilities through proper sensors and data collection, and utilize threat intelligence and data enrichment. The document also provides steps to implement threat management, incident response processes, and leverage machine learning and user entity behavior analytics to detect anomalous user behavior and insider threats.

Building a Next-Generation Security Operations Center (SOC)Sqrrl

So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations. Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc

Security Information and Event Management (SIEM)k33a

This document provides an overview of security information and event management (SIEM). It defines SIEM as software and services that combine security information management (SIM) and security event management (SEM). The key objectives of SIEM are to identify threats and breaches, collect audit logs for security and compliance, and conduct investigations. SIEM solutions centralize log collection, correlate events in real-time, generate reports, and provide log retention, forensics and compliance reporting capabilities. The document discusses typical SIEM features, architecture, deployment options, and reasons for SIEM implementation failures.

Rothke secure360 building a security operations center (soc)Ben Rothke

Building a Security Operations Center (SOC) requires extensive planning and consideration of various organizational and technical factors. A SOC provides continuous monitoring, detection, and response capabilities to protect against cyber threats. It is important to determine whether to build an internal SOC or outsource these functions. Proper staffing, processes, metrics, and management are critical for SOC success.

SOAR and SIEM.pptxAjit Wadhawan

SIEM (Security Information and Event Management) technology provides real-time analysis of security alerts from various sources like network devices, servers, etc. It has four main components - SEM (Security Event Management), SIM (Security Information Management), data collection, and data analysis. SOAR (Security Orchestration, Automation and Response) was developed to address limitations of SIEM tools like needing regular tuning and dedicated staff. SOAR technologies enable automated response to security events by integrating data from various sources, building response processes using playbooks, and providing a single dashboard for security response. Key benefits of SOAR include faster incident detection/response, better threat context, simplified management, and boosting analyst productivity through automation.

When and How to Set up a Security Operations CenterKomand

Security Operations Center (SOC) Essentials for the SMEAlienVault

Closing the gaps in security controls, systems, people and processes is not an easy feat, particularly for IT practitioners in smaller organizations with limited budgets and few (if any) dedicated security staff. So, what are the essential security capabilities needed to establish a security operations center and start closing those gaps? Join Javvad Malik of 451 Research and Patrick Bedwell, VP of Product Marketing at AlienVault for this session covering: *Developments in the threat landscape driving a shift from preventative to detective controls *Essential security controls needed to defend against modern threats *Fundamentals for evaluating a security approach that will work for you, not against you *How a unified approach to security visibility can help you get from install to insight more quickly

Cyber Threat Intelligencemohamed nasri

This document discusses cyber threat intelligence and strategies for defense. It begins with an introduction to cyber threat intelligence and discusses the cyber attack life cycle model from Lockheed Martin. It then addresses questions to consider regarding cyber threats. The document outlines threat intelligence standards and tools like STIX and TAXII, and discusses challenges with SIEM systems. It proposes architectures that incorporate threat intelligence to provide preventive, detective, and fusion capabilities. The presentation concludes with a discussion of data sources and architectures to support cyber threat analysis.

SIEM ArchitectureNishanth Kumar Pathi

Network Forensics and Practical Packet AnalysisPriyanka Aash

Practical Applications of Block Chain Technologies Priyanka Aash

The document discusses blockchain technology and its potential practical uses. It begins by defining blockchain as a distributed digital ledger that allows participants in a network to securely record transactions without a central authority. It then provides examples of how blockchain could be used in healthcare to securely store electronic health records, enable smart contracts to automatically pay providers, and track medical devices to prevent counterfeiting. The document concludes by describing a hypothetical example where blockchain is used to give healthcare providers access to a patient's complete medical history from various sources to improve treatment while reducing redundant tests.

More Related Content

What's hot (20)

Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security

Optimizing Security Operations: 5 Keys to SuccessSirius

Security Operation Center FundamentalAmir Hossein Zargaran

DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh

Strategy considerations for building a security operations centerCMR WORLD TECH

Governance of security operation centersBrencil Kaimba

Cyber Threat IntelligenceZaiffiEhsan

Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh

What is SIEM? A Brilliant Guide to the BasicsSagar Joshi

From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash

Security operation centerMuthuKumaran267

Effective Security Operation Center - present by Reza AdinehReZa AdineH

Building a Next-Generation Security Operations Center (SOC)Sqrrl

Security Information and Event Management (SIEM)k33a

Rothke secure360 building a security operations center (soc)Ben Rothke

SOAR and SIEM.pptxAjit Wadhawan

When and How to Set up a Security Operations CenterKomand

Security Operations Center (SOC) Essentials for the SMEAlienVault

Cyber Threat Intelligencemohamed nasri

SIEM ArchitectureNishanth Kumar Pathi

Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security

Optimizing Security Operations: 5 Keys to SuccessSirius

Security Operation Center FundamentalAmir Hossein Zargaran

DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh

Strategy considerations for building a security operations centerCMR WORLD TECH

Governance of security operation centersBrencil Kaimba

Cyber Threat IntelligenceZaiffiEhsan

Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh

What is SIEM? A Brilliant Guide to the BasicsSagar Joshi

From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash

Security operation centerMuthuKumaran267

Effective Security Operation Center - present by Reza AdinehReZa AdineH

Building a Next-Generation Security Operations Center (SOC)Sqrrl

Security Information and Event Management (SIEM)k33a

Rothke secure360 building a security operations center (soc)Ben Rothke

SOAR and SIEM.pptxAjit Wadhawan

When and How to Set up a Security Operations CenterKomand

Security Operations Center (SOC) Essentials for the SMEAlienVault

Cyber Threat Intelligencemohamed nasri

SIEM ArchitectureNishanth Kumar Pathi

Viewers also liked (20)

Network Forensics and Practical Packet AnalysisPriyanka Aash

Practical Applications of Block Chain Technologies Priyanka Aash

Workshop on Endpoint Memory ForensicsPriyanka Aash

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash

Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash

Application Security Architecture and Threat ModellingPriyanka Aash

Keynote Session : Kill The PasswordPriyanka Aash

Keynote Session : The Non - Evolution of SecurityPriyanka Aash

Keynote Session : Emerging Healthcare Tech & Future Security ImpactPriyanka Aash

Enterprise Security ArchitecturePriyanka Aash

Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Priyanka Aash

Keynote Session : NIST - Cyber Security Framework Measuring SecurityPriyanka Aash

Practical Enterprise Security Architecture Priyanka Aash

This document summarizes two innovative approaches to enterprise security architecture: Google's BeyondCorp architecture and the Cloud Security Alliance's Software Defined Perimeters (SDP). BeyondCorp aims to remove network-based attacks by implementing zero-trust network access based on continuous device/user authentication and authorization. SDP uses cryptographic protocols and dynamic firewalls to create on-demand, air-gapped networks between initiating and accepting hosts. The document then discusses how organizations can implement these approaches using existing security tools and outlines steps to develop an enterprise security architecture.

Enterprise Security ArchitecturePriyanka Aash

The document discusses enterprise architecture frameworks and how they can help DreamKart, an ecommerce company facing several IT challenges. It describes the Zachman Framework, which provides a taxonomy for organizing architecture artifacts, and TOGAF, which defines an architecture development method (ADM) process. Using Zachman's taxonomy, DreamKart could classify artifacts, ensure all stakeholder perspectives are considered, and trace business requirements to technical implementations. However, Zachman alone does not provide a process for creating new architectures. TOGAF's ADM process could guide DreamKart in developing enterprise architectures by moving from generic to specific. Using both approaches could help address DreamKart's problems.

SACON OrientationPriyanka Aash

This document summarizes SACON, India's first security architecture conference. It discusses the need for more security architects to address issues like the halting problem and building secure systems. The CISO Platform is introduced as the world's largest collaboration platform for CISOs, with over 3000 members. It has created several decision tools to help with security technology buying, including the CPSMM benchmarking model, security taxonomy, CISO Platform Index for product ratings, and community RFP checklists. The agenda for SACON includes learning various security models in the first half and applying them through group activities and a wargame in the second half.

ATP Technology PillarsPriyanka Aash

NIST Critical Security Framework (CSF) Priyanka Aash

From Business Architecture to Security ArchitecturePriyanka Aash

This document discusses transitioning from business architecture to security architecture. It provides an overview of key aspects of digital architecture like technology adoption, infrastructure management, threat modeling, and security solutions. It then discusses how a typical business architecture in the banking/finance sector (BFSI) can involve many threats across various areas. These threats need to be addressed through proper security architecture and controls. Finally, it analyzes security options for transactions and how they can help protect, defend, deter, limit exposure, detect issues, monitor activities, respond to incidents, contain damage, investigate problems, and aid recovery.

Efficient software development with heterogeneous devicesArm

Network Forensics and Practical Packet AnalysisPriyanka Aash

Practical Applications of Block Chain Technologies Priyanka Aash

Workshop on Endpoint Memory ForensicsPriyanka Aash

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash

Risk Analysis using open FAIR and Adoption of right Security ControlsPriyanka Aash

Application Security Architecture and Threat ModellingPriyanka Aash

Keynote Session : Kill The PasswordPriyanka Aash

Keynote Session : The Non - Evolution of SecurityPriyanka Aash

Keynote Session : Emerging Healthcare Tech & Future Security ImpactPriyanka Aash

Enterprise Security ArchitecturePriyanka Aash

Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Priyanka Aash

Keynote Session : NIST - Cyber Security Framework Measuring SecurityPriyanka Aash

Practical Enterprise Security Architecture Priyanka Aash

Enterprise Security ArchitecturePriyanka Aash

SACON OrientationPriyanka Aash

ATP Technology PillarsPriyanka Aash

NIST Critical Security Framework (CSF) Priyanka Aash

From Business Architecture to Security ArchitecturePriyanka Aash

Efficient software development with heterogeneous devicesArm

Similar to SOC Architecture - Building the NextGen SOC (20)

SACON16 - SOC ArchitectureShomiron Das Gupta

This document discusses building a next-generation security operations center (SOC) to better detect advanced persistent threats (APTs). It recommends taking a process-oriented approach to detection by visualizing engagement with threats, identifying detection phases, and connecting use cases for multi-phase threats. An advanced SOC (ASOC) model is presented that separates hunters to actively look for threats from SOC operations teams to react, respond, and resolve incidents, with metrics and continuous improvement. The document encourages building a threat mind map and playbook of use cases tailored to an organization's highest probability threats to anticipate attacks. It emphasizes focusing on indicators of compromise or attempt to compromise over individual events and iterating the SOC process weekly.

SACON17 - Detecting Threats with Analytics and Machine LearningShomiron Das Gupta

Threat Detection using Analytics & Machine LearningPriyanka Aash

This document discusses using analytics and machine learning for threat detection. It covers different types of detection systems like signature-based, anomaly-based and learning systems. It explains why analytics are needed given challenges like the speed of attacks. Various machine learning techniques are described, including heuristics, anomaly detection, time series analysis and classifiers. Examples of when machine learning works well include DNS-based detection and traffic anomalies. Common failures are also discussed, such as the stale dataset problem and variance challenges.

AI on Spark for Malware Analysis and Anomalous Threat DetectionDatabricks

At Avast, we believe everyone has the right to be safe. We are dedicated to creating a world that provides safety and privacy for all, not matter where you are, who you are, or how you connect. With over 1.5 billion attacks stopped and 30 million new executable files monthly, big data pipelines are crucial for the security of our customers. At Avast we are leveraging Apache Spark machine learning libraries and TensorflowOnSpark for a variety of tasks ranging from marketing and advertisement, through network security to malware detection. This talk will cover our main cybersecurity usecases of Spark. After describing our cluster environment we will first demonstrate anomaly detection on time series of threats. Having thousands of types of attacks and malware, AI helps human analysts select and focus on most urgent or dire threats. We will walk through our setup for distributed training of deep neural networks with Tensorflow to deploying and monitoring of a streaming anomaly detection application with trained model. Next we will show how we use Spark for analysis and clustering of malicious files and large scale experimentation to automatically process and handle changes in malware. In the end, we will give comparison to other tools we used for solving those problems.

Navy security contest-bigdataforsecuritystelligence

This document discusses using machine learning for security monitoring. It begins with an overview of why machine learning is useful for security monitoring and provides a high-level overview of machine learning concepts. It then discusses applying machine learning to practical security use cases like fraud detection, network anomaly detection, and predicting attack behaviors. Specific machine learning techniques like supervised learning, unsupervised learning, and anomaly detection are also discussed. Finally, it provides an example workflow for using machine learning in a security data science process.

AppSec in an Agile WorldDavid Lindner

In the ever-evolving, fast-paced Agile development world, application security has not scaled well. Incorporating application security and testing into the current development process is difficult, leading to incomplete tooling or unorthodox stoppages due to the required manual security assessments. Development teams are working with a backlog of stories—stories that are typically focused on features and functionality instead of security. Traditionally, security was viewed as a prevention of progress, but there are ways to incorporate security activities without hindering development. There are many types of security activities you can bake into your current development lifecycles—tooling, assessments, stories, scrums, iterative reviews, repo and bug tracking integrations—every organization has a unique solution and there are positives and negatives to each of them. In this slide deck, we go through the various solutions to help build security into the development process.

How i'm going to own your organization v2RazorEQX

This document discusses cyber attack methodology using the Cyber Kill Chain model and provides lessons learned. The Cyber Kill Chain model outlines the stages an attacker goes through from initial reconnaissance to actions on objectives. These stages include weaponization, delivery, exploit installation, command and control, and actions on objectives. The document emphasizes the importance of understanding egress traffic, collaborating with other organizations, and having an incident response plan to disrupt attacks at various stages of the Cyber Kill Chain.

Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24

DevSecOps : an IntroductionPrashanth B. P.

DevSecOps is a cultural change that incorporates security practices into software development through people, processes, and technologies. It aims to address security without slowing delivery by establishing secure-by-design approaches, automating security tools and processes, and promoting collaboration between developers, security engineers, and operations teams. As software and connected devices continue proliferating, application security must be a central focus of the development lifecycle through a DevSecOps methodology.

Synopsys Security Event Israel Presentation: Value Driven Threat ModelingSynopsys Software Integrity Group

Threat Modeling All Day!Steven Carlson

This talk will demo one threat modeling methodology and how an engineering team is appending it to their Secure Software Development Life Cycle.   The goal is to create a single platform for communicating architectural risk and planning mitigations within sprints. This will not only address security concerns sooner in a product's lifecycle but establish a trusting relationship between engineering and security teams. As an ever-evolving space, to reduce risk and deploy products to market, this is one additional step any software-focused team can quickly adapt to their practices.

DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon

This document discusses how security practices need to shift left to keep up with faster development processes. It suggests that security teams should establish a baseline of their processes, continuously assess findings and provide feedback, and automate testing as much as possible. This will help integrate security earlier in development cycles. It also addresses how security tools need to change to support faster development by making scans nearly instantaneous and improving the user experience. Automating security policies and configurations is important as applications move to microservices architectures. Overall it argues for more collaboration between security and development teams.

HouSecCon 2019: Offensive Security - Starting from ScratchSpencer Koch

HouSecCon 2019 Offensive Security - Starting from Scratch. Learn from Spencer Koch and Altaz Valani about how to build an offensive security program from scratch, incorporating application security, infrastructure vulnerability management, hardening, devsecops, security champions, and red teaming. Be able to organize these capabilities to tell a story and build maturity to help your organization be more secure. Includes gotchas and lessons learned from industry experience.

Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker

Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle. We will present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.

Collaborative security : Securing open source softwarePriyanka Aash

The document discusses improving security in open source software. It notes that while open source software is not inherently less secure, the collaborative development process and lack of market pressure can sometimes result in security being a lower priority. It recommends applying standard security best practices like threat modeling, code reviews, testing and tracking dependencies. It also stresses the importance of fostering a security-focused culture within open source projects and encouraging contributions from users of open source software to help support projects.

Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeEmerasoft, solutions to collaborate

This document discusses securing the software supply chain. It notes that 90% of services use third-party components which can increase security risks if not properly reviewed. The speaker recommends automating security and legal reviews of open source components used in software to address this issue, rather than relying on manual reviews. The benefits of automation include faster and more comprehensive reviews that can occur continuously rather than just during development phases. Automation is presented as key to effectively securing the modern software supply chain.

Deepfence.pdfVishwas N

Vishwas Narayan discusses application security and the need to shift security left in the software development lifecycle. Some key points discussed include: - Application security professionals deal with vulnerabilities in connections, users, content, files and more. Firewalls, authentication, authorization, and other tools are used to address security. - As software grows, security becomes more difficult as new vulnerabilities are found daily. Shifting security left to earlier stages makes remediation less costly than fixing issues after deployment. - However, shifting left is not a perfect strategy as some vulnerabilities may remain, third party components are harder to control, and unknown issues can still be found post-deployment. The ultimate strategy is to both shift left

Building an Open Source AppSec Pipeline - 2015 Texas Linux FestMatt Tesauro

Introduction to Software Security InitiativeSudarshan Narayanan

Application development in today's day and age involves building Scalable and Reliable software in an Agile manner. The challenge is in incorporating security controls without throttling down the speed of application delivery. Individual activities like threat modeling, static code analysis and penetration testing though might add value, are currently performed in silos. Product and Security engineering teams need to leverage these piecemeal activities and bring them under one robust framework - The Software Security Initiative (SSI) This webinar on Software Security Initiative aims to create awareness on what constitutes an SSI, the various security gates and their corresponding integration points in the application development lifecycle and how companies can benefit by adopting a software security initiative to continuously assess their security posture and maturity over time. The webinar aims to cover some of the most popular Secure SDLC frameworks such as BSIMM and OpenSAMM how companies stand to gain by adopting these frameworks based on what works best for them

Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.

This document discusses implementing a secure software development lifecycle (SDLC) to improve application security. It outlines why the traditional approach of only involving security experts does not work. Instead, it proposes integrating security practices throughout each phase of the development process, including requirements, design, implementation, verification, and release. This includes training developers, conducting threat modeling and security testing, using security tools in continuous integration, and analyzing results to address issues early. The goal is to reduce security defects over time by changing developer mindsets and integrating security as applications are built.

SACON16 - SOC ArchitectureShomiron Das Gupta

SACON17 - Detecting Threats with Analytics and Machine LearningShomiron Das Gupta

Threat Detection using Analytics & Machine LearningPriyanka Aash

AI on Spark for Malware Analysis and Anomalous Threat DetectionDatabricks

Navy security contest-bigdataforsecuritystelligence

AppSec in an Agile WorldDavid Lindner

How i'm going to own your organization v2RazorEQX

Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24

DevSecOps : an IntroductionPrashanth B. P.

Synopsys Security Event Israel Presentation: Value Driven Threat ModelingSynopsys Software Integrity Group

Threat Modeling All Day!Steven Carlson

DevSecCon London 2017: Shift happens ... by Colin Domoney DevSecCon

HouSecCon 2019: Offensive Security - Starting from ScratchSpencer Koch

Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker

Collaborative security : Securing open source softwarePriyanka Aash

Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeEmerasoft, solutions to collaborate

Deepfence.pdfVishwas N

Building an Open Source AppSec Pipeline - 2015 Texas Linux FestMatt Tesauro

Introduction to Software Security InitiativeSudarshan Narayanan

Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.

More from Priyanka Aash (20)

Keynote : Presentation on SASE TechnologyPriyanka Aash

Secure Access Service Edge (SASE) solutions are revolutionizing enterprise networks by integrating SD-WAN with comprehensive security services. Traditionally, enterprises managed multiple point solutions for network and security needs, leading to complexity and resource-intensive operations. SASE, as defined by Gartner, consolidates these functions into a unified cloud-based service, offering SD-WAN capabilities alongside advanced security features like secure web gateways, CASB, and remote browser isolation. This convergence not only simplifies management but also enhances security posture and application performance across global networks and cloud environments. Discover how adopting SASE can streamline operations and fortify your enterprise's digital transformation strategy.

Keynote : AI & Future Of Offensive SecurityPriyanka Aash

In the presentation, the focus is on the transformative impact of artificial intelligence (AI) in cybersecurity, particularly in the context of malware generation and adversarial attacks. AI promises to revolutionize the field by enabling scalable solutions to historically challenging problems such as continuous threat simulation, autonomous attack path generation, and the creation of sophisticated attack payloads. The discussions underscore how AI-powered tools like AI-based penetration testing can outpace traditional methods, enhancing security posture by efficiently identifying and mitigating vulnerabilities across complex attack surfaces. The use of AI in red teaming further amplifies these capabilities, allowing organizations to validate security controls effectively against diverse adversarial scenarios. These advancements not only streamline testing processes but also bolster defense strategies, ensuring readiness against evolving cyber threats.

Redefining Cybersecurity with AI CapabilitiesPriyanka Aash

In this comprehensive overview of Cisco's latest innovations in cybersecurity, the focus is squarely on resilience and adaptation in the face of evolving threats. The discussion covers the imperative of tackling Mal information, the increasing sophistication of insider attacks, and the expanding attack surfaces in a hybrid work environment. Emphasizing a shift towards integrated platforms over fragmented tools, Cisco introduces its Security Cloud, designed to provide end-to-end visibility and robust protection across user interactions, cloud environments, and breaches. AI emerges as a pivotal tool, from enhancing user experiences to predicting and defending against cyber threats. The blog underscores Cisco's commitment to simplifying security stacks while ensuring efficacy and economic feasibility, making a compelling case for their platform approach in safeguarding digital landscapes.

Demystifying Neural Networks And Building Cybersecurity ApplicationsPriyanka Aash

In today's rapidly evolving technological landscape, Artificial Neural Networks (ANNs) have emerged as a cornerstone of artificial intelligence, revolutionizing various fields including cybersecurity. Inspired by the intricacies of the human brain, ANNs have a rich history and a complex structure that enables them to learn and make decisions. This blog aims to unravel the mysteries of neural networks, explore their mathematical foundations, and demonstrate their practical applications, particularly in building robust malware detection systems using Convolutional Neural Networks (CNNs).

Finetuning GenAI For Hacking and DefendingPriyanka Aash

Generative AI, particularly through the lens of large language models (LLMs), represents a transformative leap in artificial intelligence. With advancements that have fundamentally altered our approach to AI, understanding and leveraging these technologies is crucial for innovators and practitioners alike. This comprehensive exploration delves into the intricacies of GenAI, from its foundational principles and historical evolution to its practical applications in security and beyond.

(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdfPriyanka Aash

(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdfPriyanka Aash

(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdfPriyanka Aash

(CISOPlatform Summit & SACON 2024) Workshop _ Most Dangerous Attack Technique...Priyanka Aash

(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...Priyanka Aash

(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdfPriyanka Aash

(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdfPriyanka Aash

(CISOPlatform Summit & SACON 2024) Incident Response .pdfPriyanka Aash

(CISOPlatform Summit & SACON 2024) GRC.pdfPriyanka Aash

(CISOPlatform Summit & SACON 2024) Orientation by CISO Platform_ Using CISO P...Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash

Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash

The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.

Top 10 Security Risks .pptx.pdfPriyanka Aash

The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.

Simplifying data privacy and protection.pdfPriyanka Aash

1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent. 2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance. 3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.

Generative AI and Security (1).pptx.pdfPriyanka Aash

Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.