Upload
marcos-vinicius-cassel
View
218
Download
0
Embed Size (px)
Citation preview
8/8/2019 WEbinar CSI
1/32
Presented by
Robert RichardsonCSI Director
8/8/2019 WEbinar CSI
2/32
8/8/2019 WEbinar CSI
3/32
8/8/2019 WEbinar CSI
4/32
8/8/2019 WEbinar CSI
5/32
8/8/2019 WEbinar CSI
6/32
8/8/2019 WEbinar CSI
7/32
8/8/2019 WEbinar CSI
8/32
8/8/2019 WEbinar CSI
9/32
http://bipartisanpolicy.org/sites/default/files/galleries/_G2_7824.jpg8/8/2019 WEbinar CSI
10/32
http://en.wikipedia.org/wiki/File:Albert-gonzalez.jpg8/8/2019 WEbinar CSI
11/32
8/8/2019 WEbinar CSI
12/32
8/8/2019 WEbinar CSI
13/32
8/8/2019 WEbinar CSI
14/32
8/8/2019 WEbinar CSI
15/32
8/8/2019 WEbinar CSI
16/32
8/8/2019 WEbinar CSI
17/32
8/8/2019 WEbinar CSI
18/32
8/8/2019 WEbinar CSI
19/32
8/8/2019 WEbinar CSI
20/32
8/8/2019 WEbinar CSI
21/32
Thanks!
The 2010/2011 Survey Report is
Available at GoCSI.com, either on itsOwn or as part of a CSI membership.
8/8/2019 WEbinar CSI
22/32
Cyber Forensics:
Insights on Moving Forward
Jim Jaeger
Director, Cyber Defense & Forensics
December 2010
8/8/2019 WEbinar CSI
23/32
Cyber Security
Commercial forensics & incident response
Cyber operations & monitoring
Digital forensics
Indications & warning systems
Network security
Information operations
Department of Defense Cyber Crime Center (DC3)
United States Computer Emergency Readiness Team (US-CERT)
Department of Homeland Security National Infrastructure
Coordinating Center, National Operations Center
National Security Agency signals intelligence and
exploitation
Department of Justice/Federal Bureau of Investigation,
Drug Enforcement Agency
Key Solutions and ProgramsCapabilities
8/8/2019 WEbinar CSI
24/32
Reaching Beyond Compliance Every large enterprise must now
deal with constant cyber attacks
100% of the enterprises weve
investigated were compliant with
some security standard
In their cases, compliance
provided a false sense of security
Every set of compliance standards is understood by hackers
To protect your enterprise the new price of doing business is going
beyond compliance
8/8/2019 WEbinar CSI
25/32
8/8/2019 WEbinar CSI
26/32
Situational Awareness
Often times, our situational awareness is,
indeed, forensics--which means that
something has happened and policing
up after the fact--versus mitigating it in
real time.
We need real-time situationalawareness in our networks, to see
where something bad is happening and
to take action there at that time. We do
not have common-operational picture
for our networks. We need to get there.We need to build that.
General Keith Alexander, Congressional
Testimony, 9/23/2010
8/8/2019 WEbinar CSI
27/32
Cyber Situational Awareness
Know What Normal Is
Knowing your network
Recognize changes
Know the Threat
How they move
What they are after
Where they are going
Share Information
CSI Computer Crime and
Security Report
Industry discussions
US-CERT
8/8/2019 WEbinar CSI
28/32
Key Strategies: Handling of Logs Logging Enabled
Significant 25%
Basic factory settings75%
Log Storage Long term 5%
Moderate 40%
Minimal 55%
Log review/analysis Limited 50%
None 50%
8/8/2019 WEbinar CSI
29/32
Capabilities are being developed in demos and test beds to create
a common operational picture
Evolving Situational Awareness Tool SetIndustry is recognizing the need
8/8/2019 WEbinar CSI
30/32
Evolving Investigative Arena
Requires technology SANs to store and
access the data Strong network and
data security topreventcontamination
Sophisticated datamining andvisualization tools
From one examiner/one case/one box,
to forensics teams using distributed toolsto work large data sets and cross case analysis
8/8/2019 WEbinar CSI
31/32
The Building Blocks: Partners
Computer EmergencyResponse Team
Cyber Forensic
Organization Law Enforcement
Legal Community
The team brings strength beyond
that of an individual organization
8/8/2019 WEbinar CSI
32/32