SlideShare a Scribd company logo

Ia15 network situation awareness Lumeta Europe

Bryan Munro-Smith
Bryan Munro-Smith

Vertical scroll overview - how to use Threat Intelligence Information to track and remediate connectivity you don't want on your network.

1 of 10
Download to read offline
Network Situational Awareness © 2015 Lumeta Corporation
In Cybersecurity, The Network Doesn’t Lie Networks are increasingly dynamic and changing causing a 20% gap in network situational awareness • Constant upgrades, moves and changes • Spin-offs, mergers and acquisitions • Call back to TOR exit nodes • Invisible assets turned into malware infrastructure • Unmanaged & Unsecured Devices • Digital economy causing infrastructure transitions to: • Mobile from fixed • Virtual from physical • DevOps in the cloud • Software defined networks & datacenter IP Addresses Awareness 100% 1,000K100K10K
Lumeta Network Situational Awareness
Cybersecurity Analytics Operationalizing Threat Intelligence
Validate No Access to Known Malware C2 Servers • Determine whether or not active security controls prevent call back to known botnet/command and control networks and servers
Validate No Access to Known TOR Exit Nodes • Determine whether or not active security controls prevent call back to TOR exit nodes (TOR – The Onion Router/Dark Web Infrastructure)
Zombie Hunting • Determine whether or not any trusted/enterprise assets are malware infrastructure or part of blacklists/dropnets/ Shadowserver/attacker lists
Internal TOR Relays/Bridges • Determine whether or not any trusted/enterprise assets are/ were acting as TOR relays/ bridges
Use/Accessibility of Trojan/Malware Ports • Determine whether or not any trusted/enterprise assets are utilizing ports associated with Trojans, Malware, and attack lateralization
Network Attack Emulation Solution • Intelligence-led test environment mimics the actions of cyber attackers with full traceability and reporting • Use of Lumeta innocuous malware protects the end user during testing • We are partnering with European PENTEST partners - Please contact us for more information

More Related Content

Ia15 network situation awareness Lumeta Europe

  • 2. In Cybersecurity, The Network Doesn’t Lie Networks are increasingly dynamic and changing causing a 20% gap in network situational awareness • Constant upgrades, moves and changes • Spin-offs, mergers and acquisitions • Call back to TOR exit nodes • Invisible assets turned into malware infrastructure • Unmanaged & Unsecured Devices • Digital economy causing infrastructure transitions to: • Mobile from fixed • Virtual from physical • DevOps in the cloud • Software defined networks & datacenter IP Addresses Awareness 100% 1,000K100K10K
  • 5. Validate No Access to Known Malware C2 Servers • Determine whether or not active security controls prevent call back to known botnet/command and control networks and servers
  • 6. Validate No Access to Known TOR Exit Nodes • Determine whether or not active security controls prevent call back to TOR exit nodes (TOR – The Onion Router/Dark Web Infrastructure)
  • 7. Zombie Hunting • Determine whether or not any trusted/enterprise assets are malware infrastructure or part of blacklists/dropnets/ Shadowserver/attacker lists
  • 8. Internal TOR Relays/Bridges • Determine whether or not any trusted/enterprise assets are/ were acting as TOR relays/ bridges
  • 9. Use/Accessibility of Trojan/Malware Ports • Determine whether or not any trusted/enterprise assets are utilizing ports associated with Trojans, Malware, and attack lateralization
  • 10. Network Attack Emulation Solution • Intelligence-led test environment mimics the actions of cyber attackers with full traceability and reporting • Use of Lumeta innocuous malware protects the end user during testing • We are partnering with European PENTEST partners - Please contact us for more information