Vajra Cyber Threat Mitigation Service (Vajra CTMS) · 2018. 9. 2. · • All round attack –...

Cyber Security & Privacy Foundation (CSPF)

Vajra Cyber Threat Mitigation

Service (Vajra CTMS)

A Military Grade Cyber Threat Mitigation

Service for Businesses and Governments

Cyber Security & Privacy Foundation Pte. Ltd., Singapore


“ I’m no expert, but I think it’s some kind of cyber attack! “

2


Cyber Threat - A Serious, Live Threat

3

Cyber attacks present financial, operational,

reputational, regulatory, geopolitical and M&A risks

Attacks are an assault on a institution’s strategic

imperatives

• Committed, phenomenally skilled, unconventional and

highly resourceful, Black Hat hackers are an overwhelming problem for conventionally resourced IT setups

No longer just the IT team’s migraine

• Never know when one is around the corner

Cyber attacks are somewhat like a heart attack

CYBER THREATS

NOW A

MAINSTREAM

BUSINESS RISK

THAT DEMAND

CEO AND BOARD

LEVEL ATTENTION


Cyber Threat - A Serious, Live Threat

4

Financial Impact

Non Financial Impact

Revenue losses

Disruption of business systems

Regulatory penalties

Erosion of customers

Reputational damage

Pirating of products

Stolen product designs or

prototypes

Theft of business and manufacturing processes

Diversion of R&D data

Impact on innovation, loss of trade secrets

Loss of sensitive information such as M&A plans and corporate strategy


Major Threats

5

Distributed Denial of Service

• DDoS attacks typically cripple an organisation

• Services like Net banking, Mobile banking, ATMs, Mail servers,

trading/clearing platforms go unavailable for few hours/longer

• Store front is shut down

• Crucial systems needed by hospitals, patients, drug firms,

health insurers are disabled

• SCADA and other control systems failure, power grid collapse,

internet access failure

• Non functional email servers and internet network can lead to

information vacuum internally and with clients, customers,

suppliers, regulators

Hacking

• Black Hat attacks on Web portals, Email servers, Data Base

servers, SCADA systems, App Stores, Routers

• All round attack – Personal, Mobile, Desktop devices &

Firmware

• Results in Leakages – database, personal records, patient

records

• Outages and breakdown in Utilities : power, water, gas,

trading, payment & clearing systems, Tax Information Networks

0 Day & APT Attacks

• Intense, organised attacks on critical sectors & organisations

• -Labeled as Advanced Persistent Threats given their draconian

nature

• -APTs can have long term impact and severely compromise

organisations & their insurers

Interconnected Business Ecosystem Attacks

• Partners, suppliers, supply chains

• -Smaller, less prepared members of ecosystems more tempting

targets to get a foothold into the system


Establishments vs Hackers

6

• Latest security tools

• A CISO

• Antivirus, firewall, Intrusion prevention system - all updated

• Compliance with best security processes

• Top consultants undertaking audits, vulnerability assessments and penetration testing

Establishments Say We Have

• Ha! We don’t look at your certifications or who did it. Or how good your processes are

• We need a single vulnerability to get in!

• We have 0 day vulnerabilities which none is aware of

• We have an Advanced Persistent Threat Team (criminals, hackers, insiders and money) that never

gives up

Hackers Say

7

Vajra Daily

Cloud Scan


Cyber Security Structure

8

Security Technologies – WAF/Firewall/IDS/SIEM is present.

MOST ORGANIZATION ASSUME THEY ARE SECURE.

ISO 270001

Standards are implemented around data center, VAPT is regularly

done to satisfy compliance/regulatory requirement/certification

requirement.

Analysis of SIEM logs

SOC monitors and analyses logs and takes corrective action with

logs from WAF/firewall/IPS. The traffics are blocked which are then

blacklisted. WAF allows signature to be blocked.


Points to be Noted

9

Hacking Incidents

Global hacking incidents include US Gov & Fortune 100 have happened. BFSI organization has been recently compromised and regulators have taken strict action.

Point of infiltration(APT):

• External web application/services/mobile application – insecure

• SQL injection/XSS/IDOR/File upload/Broken authentication

• 0day vulnerabilities on exposed services

• Default passwords on frameworks/applications/devices

• Lateral movement through Pivoting(from exposed interfaces)

• Existing Cyber Security Structure not able to address the above point of infiltration.


Vajra Daily APT Scan Executive Summary

10

APMS

Corporate

Anti-fraud module

extending to Anti –

Phishing, Anti-

Malware and Anti –

Spam (APMS). Protect

against Reputation,

Financial & IP loss.

Secure against Trojan

Horses, Ransom

Demands

Web Reputation

& Security Scan

(WRSS)

Web Security scanner

scans for

vulnerabilities on

webportal/web

services.

Automated

Vulnerability

Assessment

Advanced intrusive

model including

external VA of

network for protective

and compliance

requirements

DF24

defacement monitor

for customer facing

web portals. Includes

Android mobile

app/windows soc

desktop app

(for quick alerts)


APMS (Anti Phishing, Malware & Spam)

11

Non-intrusive monitoring to protect against Reputation,

Financial & IP loss

Sandbox application to browse customers’ site/s and check if

iframe, malware, java drive by can be downloaded to infect

the machines of the end users of a bank’s website or a e-

commerce portal

Exhaustive scan of global phishing and spamming databases

to cross-check potential compromises of customer’s domain/s


Vajra APMS

12

Automated daily scan and report generation

Phishing complaints reporting system

Similar Domain Name - Electronic Eye (EE)

Anti viruses check for web portal infections by

crawling through all known paths

DNS hijack check

Ap24 phish tank, CTL - Feed processing(EE)

13

Vajra WRSS (Web Reputation

& Security Scan)

Anti-Phishing, Malware and Spam

(APMS) scrutiny + scan of web portals

and web services – Human Critical

Index(HCI)

Checks for specific CMS

vulnerabilities

Heuristic Shell detector – identifies

hackers web-shells in web

portals/web app.

Manual entry point adding for

security analyst


Vajra WRSS

14

Machine learning assisted Hacker Entry

Point Mapper(HEP) – Maps entry points

normally discovered by hackers

Root cause analysis of Sensitive

Information Leakages on Internet

False positive marker – handled by

security analyst

Accepted Risk/Ignore – Export for auditors


Vajra WRSS

15

Manual APT bugtrack for

customer.

Automatic report generation

template for thecustomer (used by security analyst)


Automated VA for IP

16

Automated VA for IP

Identification, quantification, and prioritization of

vulnerabilities

Advanced intrusive model including external and

internal vulnerability assessment (VA) of network for

protection and compliance requirements


Automated VA for IP

Scans multiple IP for open ports, enumerates and

identifies vulnerability.

We mark human critical index of the device(CISO of

organization tells us which are most critical in

organization).

17

Automated VA for IP

AVA IP has facility to mark false positive when scanner

identify it wrongly/when not applicable. The security

analyst dedicated to your organization marks it.


Automated VA for IP

18

Exporting accepted risk for

auditing purpose.

Security Analyst can mark

Ignore/Accepted risk.

Manual APT bug-track for

customer.

Automatic report generation

template for the customer

(used by security analyst)


Overall Service

19

Prioritize vulnerability

and work with

SOC/Vendor(network/

application level) to fix

them.

Strive to ensure no

exploitable

vulnerability is there.

Daily APMS report to

customer

Weekly AVA/WRSS

report with Bugtrack

report.

All critical /high

vulnerabilities from

automated wrss/ava

and manual apt

testing to be

addressed are

exported into bug

track in the portal.

20

A not-for-profit foundation, Cyber Security & Privacy

Foundation, formed as a vehicle to create hands on

technical competency, initiate R&D and provide

training in cyber security for individuals and

organisations in India

This non-profit foundation benefits from the wisdom of

former senior practitioners from the Government and

CISOs from Industry and Banks who are Trustees and

Advisors of/to the Foundation. We have agreement with

international pre emptive threat intel organization.

E Hacking News (EHN), a leading Information Security

news portal with more than 1,00,000 readers.

EHN delivers the latest news updates related to security

breaches, cyber crime, vulnerability, cyber security and

penetration testing tools and more

EHN provided media support to several International

Security conferences including NullCon, ClubHack,

OWASP Asia and Hack in Paris, among others

Cyber Security is

our Mission, and

not only a Business

CSPF’s cyber security initiatives are supported by its larger ecosystem including:


[email protected]

Contact We can be reached at the following email id:

21

Vajra Cyber Threat Mitigation Service (Vajra CTMS) · 2018. 9. 2. · • All round attack –...

Documents

Transcript of Vajra Cyber Threat Mitigation Service (Vajra CTMS) · 2018. 9. 2. · • All round attack –...