Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Aimer

No description
by

Tangara Mail

on 4 December 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Aimer

Secondary resistance and counterattack Module
Starting services with increased level of self-diagnosis
Sending suspicious files and pcaps for forensic-analysis
Generating of infested baits for attacker
Immutability control of system
Callback DDoS:)
Identification Module
Does the attack come from Tor-network?
Does the attacker use a proxy?
Does the host belong to a bot-net?
Does the attacker behave as a bot or as a human?
What is the reputation of the attacker's IP?
What AS the attack bases in?
What network services are running on the attacking host?
Is it possible to determine the coordinates of the attacker?
Does the MitM-attack being used?
Primary resistance Module
Increasing of logging
Sending notifications to the Administrator
Immediate implementation of changes to the network services system (masquerading, etc.)
Detection Module
Network level
Level of a particular host
Filesystem level
Network services level
Web-based applications and Web-based servers level
Determination of user’s anomalous behavior system level
Attack driven proactive security system modules
Detection
Logging and analysis
Primary resistance*
Identification
Secondary resistance* and counterattack
Visualization of data and creating the Knowledge Base
Aimer
Logging and analysis Module
Log analysis with protected systems
Analysis of network traffic
Collection of queries to DNS
Logging custom commands in the system
Correlation of events
Estimating of the entropy for further events
Attack driven proactive security system
*analog of human immune system
Visualization of data and creating the Knowledge Base
Diagrammed and tabular presentation of data received during the incident
Building a "tree" of data relationships
Showing events Timeline
Analysis of traffic and the formation of the events signature
Profiling malware obtained during the event
Usability
Linux Servers and Workstations
Network infrastructure
WWW-sites
Counteracts to these types of threats
Flaws of hardware configuration and network services
Targeted attacks on specific organization
(APT)
Scanning of your network and collecting information before a full-scale attack (DDoS, etc.)
Invisible exploration of 0-day vulnerability by principal staff of your organization
Stealing information from servers in your organization
The exchange of knowledge between us and partners
Ability of integration with vendor’s systems
Integrate with third-party SIEM
Integrated with deep packet inspection (DPI)
Data exchange systems WAF to protect sites
Exchange of information with mail filtering systems
Full transcript