Symantec Internet Security Threat Report (ISTR) 2019

Upcoming 15 May 2019 Chapter Meeting

Symantec’s Internet Security Threat Report (ISTR) 2019, Vol. 24 has been released! If you’re not familiar with the report, it’s a crown jewel of intelligence Symantec publishes each year, which provides an overview and analysis of the year in global threat activity. The report is based on intel from the world’s largest civilian threat network, including 123 million sensors which record thousands of threat events per second from 157 countries and block 142 million threats daily. The 2019 Internet Security Threat Report takes a deep dive into the latest trends in cyber security attacks, including:

Formjacking: The Breakthrough Threat of 2018
Living Off the Land Attacks and Supply Chain Weaknesses are Here to Stay
Cryptojacking Down, But Certainly Not Out
Cloud Security is Organizations’ Achilles Heel
IoT in the Crosshairs of Cyber Criminals and Attack Groups

About our Speaker for May 2019

Scott Parker, CISSP, CISM, SCS Sr Principal Systems Engineer ISSA Distinguished Fellow Symantec Corporation

Scott has been with Symantec for 20 years and is an Information Systems Security Association Distinguished Fellow with over 30 years of tactical and strategic information security experience across multiple control points – data centers, endpoints, and gateways with a focus on threat protection, information protection, cyber security services and security analytics.

April 17, 2019 Recap

We had a full house for our April 2019 Chapter Meeting. Thanks for a great attendance.

Rick Handley, Data Security Manager at Schlumberger, gave an interesting and informative overview on steps to protect data in Microsoft Office 365. He covered licensing, the ecosystem of Office 365, SharePoint, recommended practices and available tools (Azure Rights Management Services, Information Rights Management, Azure Information Protection, and DRM), and leak opportunities and mitigation. Lastly, he went over lessons learned during Schlumberger’s implementation.

ISSA members can download his slides here.

Raffle

Don’t forget that the Austin ISSA chapter meeting has a raffle every month for chapter members. Someone is going to win. Join us next month and it could be you.

Seth Robertson (right), Austin ISSA President, Congratulates Ben Flores (left) on winning this month’s Amazon Gift Certificate!

Protecting Microsoft Office 365 Workloads, Find and Plug Your Data Leaks

Upcoming 17 April 2019 Meeting Topic

Click here to Register today.

Register by April 10, 2019 to avail ISSA member discounts!.

Microsoft Office 365 can represent an excellent opportunity to improve collaboration and productivity in your organization. The myriad of workloads (apps), development tools, connectors and sharing options also represent a great way to leak data.

During this session we’ll explore some of these opportunities to lose control of your data. You will also walk away with practical strategies for maintaining control, even if your budget isn’t big enough to purchase a top tier license.

Rick Handley, CISSP, Data Security Manager, Schlumberger

April 2019 – Speaker: Rick has been an Information Security practitioner for 20 years. Previous roles at Schlumberger include Integration Security Manager and Endpoint Security Manager. Prior to Schlumberger he was Director of Network Security and Integration for Smith International. Rick has also been a speaker at IBM’s Focus Conference and is currently Communications Director for South Texas ISSA having served on the board since 2012. Other interests include a passion for restoring and collecting Pontiac muscle cars, raising funds for wounded veterans, and working on family ancestry.

March 2019, Chapter Meeting Recap

Josh Van Cott was unanimously ratified as the Austin ISSA Sponsorship Director. Congratulations Josh!

Our presentation this month, given by Robert Kern, a Regional Sales Director for Tempered Networks, was called “Segmentation Made Simple, Utilizing Zero Trust via Host Identity Protocol (HIP).” The HIP protocol was developed in 1999 and ratified by the IETF in 2015. Instead of using an IP address for identity, this protocol identifies a device on the network based on a public key security infrastructure to create a provable machine identity. A very interesting presentation! Thank you very much Robert!

Robert Kern, March 2019 Speaker on Host Identity Protocol

If you’re an ISSA member, access the presentation slides from here.

Dietch Dietrich was the winner of the raffle this month. Congratulations!

Seth Robertson (right) Austin ISSA President, congratulates Dietch Dietrich on winning this month’s Amazon Gift Certificate

Segmentation Made Simple

Wednesday March 20, 2019

Learn how the industry is moving from ‘address defined networking’ to ‘identity defined networking’ and using provable machine identities instead of spoof-able IP addresses. Understand how segmentation through zero-trust networking cloaks your network while simplifying your environment. Learn about the Host Identity Protocol (HIP) that combines the powerful attributes of three different protocols (VXLAN, LISP and IPsec) into one -while eliminating their complexity and limitations. INTENDED AUDIENCE(S): IT Director, Network Architect, Security Architect, Enterprise Architect, CIO, CSO, Risk and Compliance Manager

Robert Kern, Director, Regional Sales Tempered Networks

About our speaker for March 2019 : Robert Kern is a Regional Sales Director for Tempered Networks with nearly thirty years of experience providing network and security solutions for customers in multiple market verticals throughout the central United States as well as Mexico. Robert has tenure with several notable and innovative companies, including SynOptics (Bay Networks) and F5 Networks. With his pioneering attitude and keen sense of business, Robert was instrumental in bringing their disruptive solutions to market. Based in Dallas, Robert has cultivated long-standing relationships with Fortune 500 accounts, from oil and gas to global transportation companies, and is well-respected for his ability to map solutions to meet critical business challenges.

Feb 2019, Chapter Meeting Recap

Jason Sheffield, Sr. Sales Engineer at Netskope, made several great points about how enterprises can implement cloud security. Some highlights included:

Data flows like water!
Data exposure from mis-configured settings that does not constitute a breach.
Is that cloud application your enterprise is thinking about using really enterprise ready?
Think about shadow IT:
- Who’s buying it?
- What is the risk exposure?
- From a compliance perspective, how does shadow IT impact audits and compliance?

Larry Moore, Austin, ISSA Past President, thanks Jason Sheffield for this presentation

He suggested three quick wins for Enterprise IT:

DLP policies for downloading sensitive data from the cloud, make sure you scrub test data, and don’t worry about nonsensitive data.
Assess the security of your IaaS environment continuously.
Consider using the same security policies against all your cloud data.

He told us about a great resource to check out – Adrian Grigorof’s article on Peerlyst, Mapping of On-Premises Security Controls vs Major Cloud Providers Version 3.2 Feb 2019.

Thank you, Jason, for a very informative meeting! If you’re an ISSA member, his slides are available here: https://www.issa.org/global_engine/download.aspx?fileid=8ED909AC-BCE6-4DB0-A67B-32DC463DA918&ext=pptx

January 2019, Chapter Meeting Recap

At the ISSA Chapter Meeting on January 16, 2019, William Vastine presented a fascinating overview on “Insider Threat Intelligence: Overview of Nation State-Sponsored Talent Recruitment Platforms.”

Larry Moore, Austin, ISSA Past President, shakes William Vastine’s hand

Our sponsors were Conducive and Splunk. Conducive is a boutique consulting and systems integration firm specializing in Splunk services and focused on solving complex business problems. Splunk was founded to pursue a disruptive new vision: make machine data accessible, usable and valuable to everyone. As well as the Austin ISSA raffle, Splunk and Conducive raffled off an additional $500 in prizes!

December 2018 Austin ISSA Chapter Meeting

For the December Austin ISSA chapter meeting, we had food and fun! The menu consisted of roast turkey breast, house salad, corn bread dressing, green beans, petit fours, pumpkin pie, and ice tea.

Len Noe, CyberArk Global Solutions Engineer, presented “Cyber Kill Chain.”

The Cyber Kill Chain concept, a model developed by Lockheed Martin, consists of seven steps:

Recon
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives

Len demonstrated several attacks in 30 minutes, including:

MouseJack / JackIT, Process Hollowing
WHID cactus / Mimikatz
Hak5 BashBunny- Quick Creds
Responder / MultiRelay

A fascinating presentation! Several of his slide decks are available on SlideShare, such as https://www.slideshare.net/LenNoe/hackers-bag-of-tricks-2019

Why is AI Needed in Cybersecurity?

Tuesday, November 13, 2018

Mark Montgomery presents key trends for using Artificial Intelligence (AI) in various verticals of cybersecurity. Mark’s discussion covers many of the critical breakthroughs and innovations that have helped fight cybercrime, as well as areas ripe for disruption by entrepreneurs. Mark goes beyond the hypes and myths of AI in cybersecurity and covers the practical implications of technologies to provide value to organizations. Mark also presents aspects of how the attackers are innovating using advanced techniques, and in some cases, potential abuse of AI. Attendees will learn:

What is artificial intelligence (AI) and machine learning (ML)?
Why are AI and ML important to cybersecurity, and what are the most critical use cases?
What are the business drives for using AI in the context of cybersecurity?
What’s next? That is, how will AI evolve over the next 5 – 10 years in cybersecurity?

Mark Montgomery is a former US Navy Cryptologic Technician First Class, where he served with the Navy Cyber Defense Operations Command and the US Cyber Command. Since departing military service, Mark worked with the Texas Comptroller of Public Accounts and now SparkCognition. Mark earned his bachelor’s degree in IT System Management and a Master’s degree in Cyber Security Engineering; Mark has over a dozen industry certifications.

Mark specializes in operational security, performing malware analysis, intrusion detection, network analysis, incident response, digital forensics and threat intelligence. His current focus is on developing malicious software and machine learning feature development for the improvement and testing of DeepArmor endpoint anti-malware.

Cyber Threat Response Clinic

FREE Cyber Threat Response Clinic

As part of ISSA Austin’s training program, Cisco is offering free day-long technical training on October 16.

Listen to the podcast interview with Ryan Firth:

NOTE: This free event is limited to the October chapter meeting attendees. Standard chapter meeting fees apply. Click here to register for the October 16 chapter meeting.

Security and Network professionals need to evolve their strategy from a point-in-time approach to pervasive protection across the full attack continuum. Join Cisco and the Capital of Texas ISSA to experience common cybersecurity attack situations in a virtualized lab environment, where you will get to play both the role of attacker and defender. Utilizing an environment that models many enterprise networks, you will learn how environments get compromised, how breaches get discovered, and how to respond most effectively with Cisco Security products and integrated solution architectures.

We look forward to this hands-on experience and sharing the breadth of product and integrated solution offerings provided by Cisco Security.

Class agenda:

CTR Scenario 00: Clinic Overview
CTR Scenario 01: Integrated Threat Defense Solutions
CTR Scenario 02: The Enterprise to Protect: Welcome to HackMDs.com
CTR Scenario 03: Reconnaissance and Vulnerability Discovery
CTR Scenario 04: Smash & Grab: Attacking your Public Network Services
CTR Scenario 05: Pay to Play: Ransomware in the Enterprise
CTR Scenario 06: Insider Threats: Beyond the Perimeter
CTR Scenario 07: The Infected: Compromised Host Systems
CTR Scenario 08: Threat Hunting: Centralized Incident Response
CTR Scenario 09: The Challenge: Capture the Flag!

In order to attend the class you MUST register for the ISSA chapter meeting and you must register for this class separately (link below) so that we will have an accurate headcount. Class registrants who have not registered for the chapter meeting will not be admitted.