5. 5 NIST SP 800-53 Security and Privacy Controls for Federal
Information Systems and Organizations NIST SP 800-53A Federal
Information Systems and Organizations: Building Effective
Assessment Plans
15. A T T A C K C O N T I N U U M BEFORE DURING AFTER See it,
Control it Intelligent & Context Aware Retrospective Security
Network | Endpoint | Mobile | Virtual Point-in-Time Continuous 15 :
SourceFire
16. () 16 : PaloAlto Networks
17. () 3 2 1 17 : Damballa
18. () 18 Dynamic Generation Algorithm (DGA) Victim DNS
Recursive DNS Authoritative Firewall Egress C&C Criminal Server
Proxy Filtering TCP/IP Session Configuration File C&C Location
Behaviors Seen & Benefits Malicious DNS queries Domain
fast-fluxing detection New domain queries Unique victim enumeration
Detection prior to egress DNS query termination Behaviors Seen
& Benefits C&C connection behaviors/success URI
identification (incl. HTTPS) Malicious file identification
(Malware) Unique victim enumeration Bytes-in & bytes-out
monitoring Full packet capture Session termination Behaviors Seen
& Benefits C&C connection behaviors/success URI
identification (incl. HTTPS) Malicious file identification
(Malware) Unique victim enumeration Full packet capture Detection
prior to egress Session termination : Damballa
19. () : SourceFire 19
20. 20
21. - 21
22. 22 22 (web)
23. 23 Database Network Appliance Virtual Server Windows/
UNIX/Linux Application Multiple Device Types CA ControlMinder
Secure Password Storage Session Recording
24. 24 () (check-out check-in)
25. 25 WHO WHENWHERE WHAT
26. 26 Contractor / Partner Password Admin Auditor Systems
Admin Applications Folders Data