Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense...
Transcript of Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense...
![Page 1: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/1.jpg)
![Page 2: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/2.jpg)
Know Your Enemy: Active Defense & Penetration Testing for UtilitiesCybersecurity Summit
November 13, 2018 | Austin, Texas
Brent Heyen & Mark Johnson-BarbierSenior Principle Analysts, Cybersecurity ArchitectureSalt River [email protected] [email protected]
Dan GunterPrincipal Threat AnalystDragos, Inc.d t @d
![Page 3: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/3.jpg)
3
Agenda
• What is Active Defense?• Who is your Enemy?• What is Threat Intelligence?• Applying Knowledge of your Enemy
oOur Story as a Maturity Model: Low, Medium, HighoHelpful ideas for ALL organizations
![Page 4: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/4.jpg)
4
What is Active Defense?• Sliding Scale of Cybersecurity
• Active Defense: process of analysts monitoring for, responding to, and learning form adversaries internal to the network
![Page 5: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/5.jpg)
5
Who is your Enemy?• Enemy, Adversary, Threat
InsidersCompetitorsCrime groupsHacktivistsNation StatesAPTsTerroristsScript-Kiddies
![Page 6: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/6.jpg)
6
How the Enemy Operates
![Page 7: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/7.jpg)
7
What is Threat Intelligence?“evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace” - Gartner
![Page 9: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/9.jpg)
9
Applying Adversary Knowledge
![Page 10: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/10.jpg)
10
Our Story Begins…
$Positive Outcomes
![Page 11: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/11.jpg)
11
Maturity Level: Low
![Page 12: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/12.jpg)
12
Controls To Focus On
Legal Controls
Technical Controls
Procedural Controls
Risk-based framework: What reduces most risk?
Maturity Level: Low
![Page 13: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/13.jpg)
13
• Risk Formula:
RISK = LIKELIHOOD X IMPACT
Maturity Level: Low
![Page 14: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/14.jpg)
14
• Risk Formula:
RISK = LIKELIHOOD X IMPACT
THREAT X VULNERABILTYCONSEQUENCE
Maturity Level: Low
![Page 15: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/15.jpg)
15
• Risk Formula:
RISK =
THREAT X VULNERABILITY X CONSEQUENCE
• Vulnerability-Centric Approach• Automate • Do we ever get to 0?
Maturity Level: Low
![Page 16: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/16.jpg)
16
• Risk Formula:
RISK =
THREAT X VULNERABILITY X CONSEQUENCE
• Consequence-Centric Approach• Often already considered in ICS: Safety Culture
Maturity Level: Low
![Page 17: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/17.jpg)
17
• Risk Formula:
RISK =
THREAT X VULNERABILITY X CONSEQUENCE
• Threat-Centric Approach• Don’t Give Up on
Prevention!
Maturity Level: Low
![Page 18: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/18.jpg)
18
What We Can Detect
Security Tool
Alerts
IOCs
Limited Logs & Visibility
Maturity Level: Low
Run All the IOCs(Manually & Point In Time)
Respond to Security Alerts
Collection Management Framework
![Page 19: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/19.jpg)
19
o Keys to Success Develop asset visibility Understand your defensive posture
Maturity Level: Low
![Page 20: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/20.jpg)
20
o Visibility What is current environment understanding?
―Devices―Protocols
Can "normal" be defined?―Behaviors
Maturity Level: Low
![Page 21: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/21.jpg)
21
oWhat is my current defensive posture?
Maturity Level: Low
![Page 22: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/22.jpg)
22
Maturity Level: Low
Source Location DurationHMI Windows Event Logs Operator Workstation 60 daysDomain Controller Event Logs All Domain Controllers 48 hoursRaw Packet Capture L3/L4 Boundary 72 hoursBro Connection Logs From Raw PCAP 72 hours
Collection Management Framework
oWhat is my current defensive posture?
![Page 23: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/23.jpg)
23
o Success Conditions Asset visibility:
―Can identify protocols and devices―Up to date network map―Can define basics of "normal" behavior
Defensive posture:― Vetted & rehearsed IR plan― Prevent, detect, respond strategy
Maturity Level: Low
![Page 24: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/24.jpg)
24
Our Story Continued…
Ukraine 2015
![Page 25: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/25.jpg)
25
Maturity Level: Medium
Attack Analysis of Ukraine 2015
![Page 26: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/26.jpg)
26
Maturity Level: Medium• The Value of Threat Intelligence & Threat Hunting
Centralized running of specific IOCs
based on context
Fix and mature Collection
Management Framework
Identify blind spots
Threat Hunting dashboards
Begin to focus more heavily on ICS visibility and
hunting
![Page 27: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/27.jpg)
27
Maturity Level: Medium
• Keys to success:oEvaluate effectiveness of defense programoBuilding solid internal & external relationships
![Page 28: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/28.jpg)
28
Maturity Level: Medium• Evaluate effectiveness of defense program
oTechnical aspects: Do defensive efforts counter attacker capabilities? Do defensive efforts counter known vulnerabilities? How do I consume threat intelligence?
oNon-technical aspects: Does my team and enterprise know what to do? Is my defensive plan synced with operational realities? Have I tested my plan beyond the security team?
![Page 29: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/29.jpg)
29
Maturity Level: Medium• Building solid internal & external relationships
o Internally: Find your (current) allies Find your (future) allies
oExternally: Collaborate with other asset owners ISAC, InfraGard Not all vendors are dirty
• Find who you trust• Collaboration is two way street
![Page 30: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/30.jpg)
30
Maturity Level: Medium
https://dragos.com/neighborhood-keeper.html
![Page 31: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/31.jpg)
31
Maturity Level: Medium• Success conditions:
oEvaluate effectiveness of defense program: Areas of improvement identified Investments prioritized Plan thoroughly tested
oBuilding solid internal & external relationships Internal workflows streamlined Reducing internal fires Two way external relationships
![Page 32: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/32.jpg)
32
Our Story Continued…
![Page 33: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/33.jpg)
33
Maturity Level: High (Future)• Better OT Visibility with Passive Monitoring
North/South (Ingress/Egress)East/West (Lateral Movement)
Data Sources:• SPAN ports (current phase)
• Netflow (future as needed)
• Endpoint logs (future as possible)
• Firewall logs (future phase)
• PI data (future phase)
![Page 34: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/34.jpg)
34
Maturity Level: High (Future)• Visualization and Anomaly Detection
![Page 35: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/35.jpg)
35
Maturity Level: High (Future)• Repeatable and scalable processes
o Content Packs – Playbooks, Analytics and Query-Focused Datasets
Threat Hunting
![Page 36: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/36.jpg)
36
Maturity Level: High (future)• Begin with the end in mind: Threat focus
![Page 37: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/37.jpg)
37
Maturity Level: High (future)• Begin with the end in mind: Threat focus
![Page 38: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/38.jpg)
38
Maturity Level: High (Future)• Keys to Success:
oIntegrate threat intel & consequence approachoGo deep
![Page 39: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/39.jpg)
39
Maturity Level: High (Future)• Integrate threat intel & consequence approach
oThreat intel How well understood is attacker? What quality of data am I getting from intel sources?
oConsequence approach: Don't wait for signs of attacker research & development What are most critical parts of progress? What is my visibility around process consequence?
![Page 40: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/40.jpg)
40
Maturity Level: High (Future)• Go deep
Tradeoff of network vs host data―Network data:
» Easier to collect and analyze» Easier for attacker to hide in
―Host data» Harder to collect and analyze at scale» Harder for attacker to cover tracks» Memory vs hard disk
![Page 41: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/41.jpg)
41
Maturity Level: High (Future)• Go deep
Sophisticated attackers will study your defenses
![Page 42: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/42.jpg)
42
Maturity Level: High (Future)• Success conditions:
oIntegrate threat intel & consequence approach Measure defenses against attacker TTP from threat intel Use assessment & threat hunt results proactively
oGo deep Understand host & network forensic capabilities Understand limits of existing DPI Ensure DPI of industrial & high risk protocols
![Page 43: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/43.jpg)
43
Conclusion?• Know Yourselfo Be honest about your maturity
• Know Your Enemyo What is being seeno What is possible
![Page 44: Know Your Enemy: Active Defense - American Public Power ...€¦ · Know Your Enemy: Active Defense & Penetration Testing for Utilities Cybersecurity Summit November 13, 2018 | Austin,](https://reader035.fdocuments.in/reader035/viewer/2022062603/5f0ac69c7e708231d42d489f/html5/thumbnails/44.jpg)
44
Image ReferencesSlide 4: Image Source - https://www.sans.org/reading-room/whitepapers/ActiveDefense/sliding-scale-cyber-security-36240
Slide 5: Image Source - https://researchcenter.paloaltonetworks.com/wp-content/uploads/2015/10/adversaries2-500x329.jpg
Image Source - https://blog.rapid7.com/content/images/post-images/63249/Screen%20Shot%202017-05-15%20at%207.35.41%20PM.png
Slide 6: Image Source - https://www.sans.org/reading-room/whitepapers/ICS/industrial-control-system-cyber-kill-chain-36297
Slide 7: Image Source - https://www.recordedfuture.com/assets/threat-intelligence-data-1.png
Slide 8: Image Source – https://dragos.com/adversaries.html
Slide 9: Image Source - https://memegenerator.net%2Finstance%2F20650993%2Fconfused-jackie-chan-what-does-this-mean-why-does-it-matter&psig=AOvVaw0Z619hHAc3AlaDxJdNhbxm&ust=1540315855082734
Slide 10: Image Source - http://what-when-how.com/wp-content/uploads/2012/03/tmp1954_thumb_thumb.jpg
Image Source - https://www.youtube.com/watch?v=eFmDp0gcl98
Image Source - https://www.50-best.com/images/will_ferrell_memes/overwhelmed.jpg
Image Source - https://bergento.no/wp-content/uploads/2016/02/board_icon.png
Slide 11: Image Source - https://i.imgflip.com/2jb5ji.jpg
Image Source - https://bushcraftusa.com/forum/data/attachments/23/23969-85e0c9e13ca3b49146e7c651a092a838.jpg
Slide 12: Image Source -https://www.nist.gov/sites/default/files/styles/480_x_480_limit/public/images/2018/04/16/framework-01.png?itok=sTmLOvAW
Image Source - https://www.acsc.gov.au/images/acsc_logo.png?
Image Source - https://www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf?
Image Source - https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0-1
Slide 15: Image Source - https://imgflip.com/s/meme/Third-World-Skeptical-Kid.jpg
Slide 17: Image Source - https://i.imgflip.com/1sybsj.jpg
Slide 18: Image Source - https://media.threatpost.com/wp-content/uploads/sites/103/2016/04/07000023/shutterstock_382920931.jpg
Image Source - https://www.fortinet.com/content/dam/fortinet/images/icons/benefits/icon-benefits-multiple-platform-support.svg
Image Source - https://alertcyber.com/wp-content/uploads/2015/12/Advanced_Icon.png
Slide 21: Image Source - https://www.sans.org/reading-room/whitepapers/ActiveDefense/sliding-scale-cyber-security-36240
Slide 24: Image Source - https://www.eenews.net/image_assets/2016/07/image_asset_12194.jpg
Slide 25: Image Source - https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf?
Image Source - https://i1.wp.com/advancedpersistentsecurity.net/wp-content/uploads/2017/01/Triangle.png?ssl=1
Slide 26: Image Source - https://www.fortinet.com/content/dam/fortinet/images/icons/benefits/icon-benefits-multiple-platform-support.svg
Image Source - https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index/_jcr_content/Grid/category_atl/layout-category-atl/blade/bladeContents/spotlight/image.img.png/1531981328095.png
Image Source - https://media.threatpost.com/wp-content/uploads/sites/103/2016/04/07000023/shutterstock_382920931.jpg
Image Source - https://www.siemworks.com/images/Solutions/icons/dashboard-icon.png
Image Source - https://www.nozominetworks.com/wp-content/uploads/2017/12/icons-industrial.jpg
Slide 30: Image Source - https://dragos.com/neighborhood-keeper.html
Slide 32: Image Source - https://coachgeline.files.wordpress.com/2015/10/worksmarter.jpg
Slide 33: Image Source - https://www.controlglobal.com/assets/Uploads/_resampled/ResizedImage661719-cover-fig1-FIN.png
Slide 35: Image Source – The Matrix
Image Source – https://dragos.com
Slide 41: Image Source - https://memegenerator.net/instance/81107451/desk-flip-rage-guy-spend-weekend-imaging-and-analyzing-hard-drive-malware-was-memory-resident