defensa centralizada contra amenazas multi-vector - configuración de un centro de respuestas para...

BitDefender: Defensa centralizada contra amenazas multi-vector –Configuración de un centro de respuesta para incidentes de

seguridad informática

Dragos Lungu, BitDefender Consultant

Buzzwords are not enough!

•Stuxnet : digital weapon attacking Siemens' •Stuxnet : digital weapon attacking Siemens'

WinCC / PCS 7 SCADA Systems

•ZeuS/ZBOT Trojan : loots money from bank

accounts

•Spanair Flight JK 502 : malware led to 20

August 2008 tragedy, 154 people died.

CERT / CSIRT

Incident Management

•Early Detection

•Handling & Remediation

•Prevention

Incident Triage

•Incident Triage: What hit me?

•Attacker Profiler : Who is behind this ?

•Sizing the Incident: How hard was I hit ?

Incident Coordination

•Root cause analysis

•Contacting law enforcement, CERTs

•Documenting and reporting the incident

•Public announcements

Incident Resolution

•Removing the Exploits

•Fixing Vulnerabilities •Fixing Vulnerabilities

•Patch Management

•Risk Analysis

•Business Continuity

•Disaster Recovery

•Evidence Collection

•Digital Forensics

Proactive Services - People

www.malwarecity.es

Proactive Services - Technologies

•Managed Networking & Security Devices

•Security Information & Event Management

•Honeypots (SMTP, HTTP, Other)

•Security Assements & Penetration Testing

Proactive Services - Processes

•Procedures, Incident workflow

•Ticket management system

•Affiliations : MSPAlliance, FIRST

WÜtzÉá _âÇzâ

f|ÇvxÜxÜxÄç? f|ÇvxÜxÜxÄç? f|ÇvxÜxÜxÄç? f|ÇvxÜxÜxÄç?