criminal education: lessons from the criminals and their methods
TRANSCRIPT
![Page 1: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/1.jpg)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Criminal Education Lessons from the Criminals and Their Methods
Rob Greer Vice President & General Manager HP Network Security Products
![Page 2: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/2.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. © Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
© Copyright 1969 Twentieth Century Fox Film Corporation
![Page 3: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/3.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
![Page 4: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/4.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Bank Hack Results in Stunning $45 Million ATM Heist
Experts Marvel At How Cyberthieves Stole $45 Million
Global Network of Hackers Steal $45 Million From ATMs
In Hours, Thieves Took $45 Million in A.T.M. Scheme
The Circuit: Hackers took $45 million in ATM heist
![Page 5: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/5.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
$45M stolen …in a matter of hours
![Page 6: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/6.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
but planned over a number of years…
![Page 7: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/7.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
—Sun Tzu, The Art of War
![Page 8: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/8.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
I follow ISO, PCI and other security standards
Our predictability is well known
I work within budget cycles
I stitch technology together across functions
![Page 9: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/9.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Cloud Big Data Mobile
![Page 10: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/10.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Market with distinct process
Actors organize and specialize
Intelligence is bought and sold
Defining the adversary
Cybercrime
Nation state Hacktivist
The
adversary
![Page 11: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/11.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Using what we know about them to create a more effective response
![Page 12: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/12.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Discovery
Organize our capability to disrupt the market
Research
Our enterprise
Their ecosystem
Infiltration
Capture
Exfiltration
![Page 13: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/13.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Discovery
Rethink our capability investments
Research
Our enterprise
Their ecosystem
Exfiltration
Capture
5X 1X
Infiltration
![Page 14: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/14.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Discovery
Organize our capability to disrupt the market
Research
Our enterprise
Their ecosystem
Infiltration
Capture
Exfiltration
Educating users Counter intel
Blocking access
![Page 15: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/15.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
84% of breaches occur at the application layer
![Page 16: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/16.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
68% Increase in mobile application vulnerability disclosures
![Page 17: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/17.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Discovery
Organize our capability to disrupt the market
Research
Our enterprise
Their ecosystem
Infiltration
Capture
Exfiltration
Finding them
Educating users Counter intel
Blocking access
![Page 18: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/18.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
of breaches are reported by a 3rd party 94%
![Page 19: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/19.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
average time to detect breach 416 days
2012 January February March April May June July August September October November December 2013 January February March April
![Page 20: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/20.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Discovery
Organize our capability to disrupt the market
Research
Our enterprise
Their ecosystem
Infiltration
Capture
Exfiltration Planning damage mitigation
Protecting the target asset
Finding them
Educating users Counter intel
Blocking access
![Page 21: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/21.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
71% Since 2010, time to resolve an attack has grown
![Page 22: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/22.jpg)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Discovery
How Does HP Security Help You Improve Your Capabilities?
Research
Our enterprise
Their ecosystem
Infiltration
Capture
Exfiltration Planning damage mitigation
Protecting the target asset
Finding them
Educating users Counter intel
Blocking access
![Page 23: Criminal Education: Lessons from the Criminals and Their Methods](https://reader033.vdocument.in/reader033/viewer/2022052700/55a0bc181a28ab873b8b46a3/html5/thumbnails/23.jpg)
Make it matter.