Winter Garden - 5th Floor
May 08, 2018 10:45 AM - 11:15 AM(America/New_York)
20180508T1045 20180508T1115 America/New_York Detect & Respond, The Butterfly Effect way!

The butterfly effect is a concept that states that "small causes can have larger effects". Why don't we apply that in our environent and test against it.

Unlike a penetration test that looks for vulnerabilities, we recommend a new breed ot assessments that tests whether your detection and response mechanisms are functioning as you would expect them to. A targeted attack is composed of several stages, known as the ‘kill chain’ (alongside), so we would simulate hacker activity at every stage in the kill chain, with an emphasis on bypassing your existing monitoring systems and staying undetected. These simulations mimic the latest tactics of the most advanced hackers, however they are completely non-invasive.

After each simulation, we evaluate whether the monitoring mechanisms were appropriately configured to detect the attack, and even more importantly — whether a response mechanism activated in a timely fashion. It's the ultimate fire-drill for your security detection and response process, and just like any good drill, we recommend that the monitoring teams are not made aware of the exact time of the assessment. This will give a picture of how detection and response will happen under real conditions. That's why we also suggest using a normal staff workstations which is the most common template across the organizations.

The overall goal of the assessment shoul be to develop and improve the metrics around how each stage of a breach is detected and responded to. There are two metrics of prime importance:-Mean time to identify a threat (MTTI)- Mean time to contain a threat (MTTC)

Each simulation should start in a stealthily manner, and if it is undetected,  the test should increase the noise till such time as the attack is detected a ...

Winter Garden - 5th Floor HACK NYC 2018 events@magegroupe.com

The butterfly effect is a concept that states that "small causes can have larger effects". Why don't we apply that in our environent and test against it.


Unlike a penetration test that looks for vulnerabilities, we recommend a new breed ot assessments that tests whether your detection and response mechanisms are functioning as you would expect them to. A targeted attack is composed of several stages, known as the ‘kill chain’ (alongside), so we would simulate hacker activity at every stage in the kill chain, with an emphasis on bypassing your existing monitoring systems and staying undetected. These simulations mimic the latest tactics of the most advanced hackers, however they are completely non-invasive.


After each simulation, we evaluate whether the monitoring mechanisms were appropriately configured to detect the attack, and even more importantly — whether a response mechanism activated in a timely fashion. It's the ultimate fire-drill for your security detection and response process, and just like any good drill, we recommend that the monitoring teams are not made aware of the exact time of the assessment. This will give a picture of how detection and response will happen under real conditions. That's why we also suggest using a normal staff workstations which is the most common template across the organizations.


The overall goal of the assessment shoul be to develop and improve the metrics around how each stage of a breach is detected and responded to. There are two metrics of prime importance:
-Mean time to identify a threat (MTTI)
- Mean time to contain a threat (MTTC)

Each simulation should start in a stealthily manner, and if it is undetected,  the test should increase the noise till such time as the attack is detected and responded to. Throught the slides, we will cover life scenarios from previous engagements that has been done on large financial institutions and Oil & Gas companies. This presentation will also cover using Threat Intelligence and Deception Techonogies for Detection & Response and also Prevention is some scenarios. 

Detect & Response, The Butterfly Effect way!
,
IOActive
No moderator for this session!
Program Navigator

FAQ

 Code of Conduct  Press Releases
 Get Involved   Report ISSUE / BUG
Tickets  

The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.