SESSION ID:

#RSAC

Kamran Ahsan

Defending the Digital Enterprise: Cyber Threat Visibility and Resolution

SPO1-W06A

Senior Director – Digital Security Etisalat

#RSAC

A new digital world has emerged…

http://www.forbes.com/sites/louiscolumbus/2013/09/28/

2

#RSAC

Organizations have digital footprints

3

#RSAC

Digital footprint has many stakeholders

4

#RSAC

Digital footprint falls beyond security controls

5

#RSAC

Digital footprint has unique risks

6

#RSAC

Identifying risks areas…

Branding & Reputation

Business Disruption

Online Fraud

7

#RSAC

Ignorance is bliss!

• Stolen user credentials of System Administrators

• Information leaks related to profiles of key resources

• Fake job offers with unauthorized use of brands, logos and images

• Suspicious activities of employees on social media

Branding & Reputation

• Stolen credit cards for sale in the Black Market

• Unauthorized and typo squatting domains

• Supply chain vulnerabilities• Suspicious mobile applications• DDoS campaigns

Business Disruption

• Unique malware being developed • Phishing sites• Malware infections related to an

industry vertical • Global fraud • Technical vulnerabilities of critical

systems

Online Fraud

8

#RSAC

..but it puts us into a state of

9

#RSAC

We need to manage through…

… gathering intelligenceabout all activities affecting

organization’s digital footprint - a continuous mechanism of

detection and

resolution supplemented

by human intelligence

10

#RSAC

…which is achieved as…

[{Intelligence on Threat Detection + Remedial Action}]+{Human Intel}

Enrich

Analyze

Process

Scouting Data from Multiple Sources

11

#RSAC

Suspicious Domains

Information Leaks

Breach of Security Controls

Credential Theft

Suspicious Mobile Apps

…having basic coverage of managing risks as…

12

#RSAC

…specific to industry verticals…

Information leaks Online services vulnerabilities

Phishing Malware Pharming Carding

Theft of on-line bank credentials and credit cards information

Sale of products through the “grey market” and brand abuse

Grey Market Fake products Traffic deviation

Intellectual property offence and threats to online media

DDOS AttacksIntellectual property

Relationship with faked brands

Banking & Financial Services

Retail & Wholesale

Media & Entertainment

13

#RSAC

…and available as…

14

#RSAC

You are forearmed if you are forewarned!

Detection

Threat broadest coverage

Actionable intelligence

Investigations

Response

Countermeasures

Cyber threats mitigation

Support & Advisory

Continuous monitoring

Threat evolution analysis

Decision making support

Anticipation

15

#RSAC

Next week you should:Identify assets/ resources of your digital presence and assign criticality

In the first three months following this presentation you should:Understand threat scenarios and qualify as a business need Review and pilot Cyber Threat Intelligence (CTI) services in the market

Within six months you should:Select a service suited to YOUR digital presence & risk appetite Consider multiple internal stakeholders as consumers of this service; this is to best utilize the service and organization’s budget

Apply what you have learned today

16

#RSAC

Thank You