Measuring Cyber Security Controls Effectiveness with Security Validation
Protecting an organization from advanced attacks is no easy task. Year after year, breaches seem to get worse, even as we hear about improvements in security controls. CISOs are left to wonder if they need to spend more on cyber security, or if their tools or personnel are not performing as expected. Understandably, answers are unique to each organization and its security strategy.
According to Ernst and Young’s 2020 paper titled “How does security evolve from bolted on to built-in?”:
- 20% of organizations are extremely confident that cyber security risks and mitigation measures presented to them can protect the organization from major cyber attacks.
- 25% of organizations can financially quantify the effectiveness of their cyber spend.
- 26% of breaches in the past 12 months were detected by the security operations center (SOC).
This paper explores best practices for getting in front of these issues by measuring cyber security control effectiveness. It covers the origin, capabilities and selection criteria for security validation technologies.
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
This past winter, FireEye uncovered a widespread campaign conducted by a threat group we labeled UNC2452. In some of the intrusions linked with this campaign, the attackers used their access to on-premises networks to infiltrate Microsoft 365 environments. An estimated 60,000 organizations have been affected.
Because there is no formal security boundary between on-premises networks and cloud services provided by Microsoft 365, a thorough review of potentially affected cloud environments may be necessary.
This paper can help you understand the nature of this attack and outline steps you can take to detect and protect your potentially compromised environments. You can learn about:
- The four main techniques threat actors are using to exploit Microsoft 365
- Actionable detection and remediation strategies for each threat
- Hardening recommendations for your Microsoft 365 environment
Light in the Dark: Hunting for SUNBURST
This past winter, FireEye uncovered a widespread campaign conducted by a threat group we labeled UNC2452. This group used SolarWinds’ Orion Platform to launch a supply chain attack and deploy a backdoor called SUNBURST that affected organizations around the globe.
Mandiant Managed Defense was hunting down the threat and identifying potential victims before the attack had a name.
In this on-demand webinar, Mandiant’s Matt Bromiley and Andrew Rector share an inside look at how Mandiant addressed the SUNBURST threat with clients. You’ll hear frontline stories, and:
- See how this attack influences the way we view cyber security
- Learn SUNBURST threat actors TTPs
- Discover the techniques used by Mandiant threat hunters
M-Trends 2016
M-Trends 2016では、トレンドや統計情報、事例を紹介しながら、高度な攻撃が過去1年間でどのように進化したかについて解説します。
この年次レポートは、Mandiantのコンサルタントが実際に対応した30以上の業種におけるインシデント数百件に基づいて作成されています。主な内容は、次のとおりです。
- 各種のサイバー攻撃(窃取したデータを人質に身代金を要求、個人を特定可能な情報の窃取、重要システムの破壊)の仕組み
- ルータやスイッチ、ファイアウォールなど、企業のネットワーク・デバイスが標的とされる理由
- 数年前から現在まで続いているトレンド
- 組織が破壊的な攻撃に対処する上で役立つ10の重要な知見
M-Trends 2016 년
M-Trends 2016는 사이버 공격의 트렌드와 통계, 그리고 지난 수년간 위협자들이 어떻게 진화해왔는지에 대한 케이스 스터디를 제공합니다.
본 연간 리포트는 FireEye 계열사인 Mandiant사의 컨설턴트들에 의해 작성 되었으며, 30개 이상의 산업군에서 진행된 수백번의 Mandiant 의 침해 대응 조사를 기반으로 합니다. 본 리포트는 조직이 사이버 공격 방어, 탐지, 분석 및 대응 방법을 향상시킬 수 있도록 제언합니다.
이 보고서를 다운로드하여 다음 사항을 알아보십시오.
- 사이버 공격자들이 어떻게 개인 식별 가능 정보를 훔치고, 중요 시스템을 파괴하고, 랜섬을 위한 정보를 가지고 있는지.
- 왜 라우트, 스위치나 방화벽 같은 기업의 네트워크 장치들이 주요 표적이 되는지.
- 과거부터 시작된 아직까지 강세를 띄는 트렌드
- 조직이 파괴적인 공격에 대응할 수 있도록 하는10가지 핵심 인사이트
사이버 보안 플레이북
사이버 보안에 대한 불편한 트레이드 오프
일반적인 조직은 매주 거의 17,000개에 달하는 보안 경보를 받고, 그 중 4%만을 조사하며, 오류가 있거나 부정확한 경보에 대응하기 위해 매년 127만 달러 이상을 지출합니다1.
사실은 여러분이 아닌 보안 솔루션이 더 열심히 일해야 합니다.
효과적인 보안 플랫폼은 상황 인텔리전스를 제공하여 중요하거나 우선 순위가 높은 경보를 정확하게 생성하고, 신뢰할 수 없는 경보를 조사하는 것과 관련된 시간, 비용 및 자원을 줄입니다. 이 모든 것이 네트워크가 사이버 공격에 취약한 상태로 두지 않고 실행됩니다.
이 백서에서는 다음을 포함하는 경보와 위험을 관리하는 가이드라인을 제공합니다.
- 경보의 양을 줄이는 보안 운영상의 이점을 수량화
- 비효과적인 보안의 실제 비용
- 사이버 보안 솔루션을 평가할 때 고려할 3가지 주요 사항
백서를 다운로드하여 가장 중요한 4%를 식별하는 방법을 알아보십시오.
사실을 확인하십시오.
1 The Cost of Malware Containment(악성코드 억제 비용), 포네몬 연구소, 2015년 1월
이동하는 표적: 위협 범죄자들은 목표를 조정하고 있습니다
돈을 따라가라: 사이버 범죄 그룹 FIN6 완전 해부
사이버 공격 그룹에 대해 많이 알수록, 그들의 공격에 더욱 완벽하게 대처할 수 있게 됩니다. 같은 맥락으로, 최근FireEye 위협 _인텔리전스와 _iSIGHT는 _서로 _협력하여 최근 문제가 커지고 있는 FIN6 공격 그룹의 _활동에 _대해 _밝 _혀내었습니다. FIN6는 금전 취득을 목적으로 결제 카드 데이터를 유출하는 사이버 범죄 그룹입니다.
본 리포트를 다운로드하시고 FIN6 그룹이 카드 데이터 유출해서 이를 암거래 시장에 판매하기까지 전 과정에 자세한 내용을 알아보시기 바랍니다.
본 리포트에서 아래의 내용을 확인하실 수 있습닝다.
- FIN6와 같은 금전 취득을 목적으로 하는 공격 그룹에 대한 이해 – 그들은 누구이고, 원하는 것은 무엇인지.
- GRABNEW와 같은 악성코드를 이용하는 공격 그룹의 공격 사이클및 방법
- FIN6 그룹의 운영을 돕는 범죄 시장 구조
FIN6 의 공격에 대비하시려면, 지금 바로 리포트를 다운로드 하세요.
Beyond the Bottom Line
Cyber security matters. The average consumer puts far more weight on cyber security than you might expect.
Independent technology market research specialist Vanson Bourne conducted 5,500 interviews with consumers around the world in April 2016, to discover how they felt about data breaches, and how they would react to companies that suffered a data breach.
Download it today for details on:
- Which organizations consumers think should be more concerned about security
- How customers react to organizations that have experienced a data breach
- What they expect from a breached organization
- How customers react to organizations that are more attentive to cyber security
効果的なインシデント・レスポンス 体制の構築
セキュリティ関係者のさまざまな努力にもかかわらず、コンピュータやネットワークへの侵入を許して、セキュリティ侵害を受ける組織が後を絶ちません。その結果、数百万ドルもの損失や組織の信用失墜、エンドユーザーの個人情報流出などの深刻な被害が相次いでいます。
今日、「セキュリティ侵害の阻止」を目的にしたセキュリティ対策だけではもはや不十分です。セキュリティ侵害の発生を前提に、効果的なインシデント・レスポンス計画を策定する対応が欠かせません。
インシデント・レスポンス計画を策定する際には、インシデント・レスポンス体制の詳細な評価を実施し、セキュリティ侵害の発生時に実行すべき手順を定めます。これにより、セキュリティ侵害による被害が最小限に食い止められ、迅速な復旧作業の実施が可能となります。
効果的なインシデント・レスポンス体制の構築
このレポートの主な内容は次のとおりです。
- 基幹業務に影響を与えることなく、重要なシステムや情報を保護するためのインシデント・レスポンス計画を策定する方法
- メンバーの役割と責任を明確に規定したコンピュータ・インシデント・レスポンス・チーム(CIRT)を組織し、セキュリティ侵害に素早く対応できる体制を整える方法
- インシデント・レスポンス計画を改善し、ネットワークへの侵入の検知に要する時間、セキュリティ脅威の駆除および被害の復旧に要する時間を短縮する方法
- 組織の成長やネットワーク・エンドポイントの増加、新たなセキュリティ脅威の出現に合わせたインシデント・レスポンス計画の見直しが欠かせない理由
セキュリティ強化の第一歩として、この無料レポートをぜひお役立てください。
自社に最適な セキュリティ水準とは
ネットワークをサイバー攻撃から保護するためにセキュリティ製品やサービスを導入したにもかかわらず、結局はセキュリティ侵害を受けてしまった──。 このような場合には、既存のセキュリティ対策全体を冷静に見直し、評価し直す必要があります。
既存のセキュリティ対策で何が保護でき、何が保護できないのかを評価し、 ネットワーク・アクセス制御やデータ保護、インシデント・レスポンス計画、リソース割り当ての状況を分析します。
一連の評価作業によって、セキュリティ対策のギャップを見つけ出し、ギャップ解消に必要な対策を実施するためのロードマップを策定できます。 そして、対策の優先度と予算の確保状況に応じて、改善計画を作成します。
このホワイトペーパーの主な内容は次のとおりです。
- セキュリティ対策やインシデント・レスポンス計画を定期的に診断して、想定どおりに機能するかどうかを評価する方法
- コンプライアンスとセキュリティは必ずしもイコールではなく、コンプライアンスを徹底していてもセキュリティ侵害が起こりうる理由
- 組織全体の利益になるよう、ビジネス目標、IT 目標、セキュリティ目標をすり合わせる重要性
- テクノロジーの進化や新たなセキュリティ脅威に合わせて、セキュリティを継続的に強化すべき理由
The Total Economic Impact™ Of FireEye: Efficiently Improving Asset Protect with FireEye Network Security
Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6
Cybercrime operations can be intricate and elaborate, with careful planning needed to navigate the various obstacles separating an attacker from a payout. Yet reports on these operations are often fragmentary, as the full scope of attacker activity typically occurs beyond the view of any one group of investigators.
FireEye Threat Intelligence and iSIGHT Partners recently combined our research to provide a unique and extensive look into the activities of one particular threat group: FIN6.
FIN6 is a cyber criminal group that steals payment card data for monetization from targets predominately in the hospitality and retail sectors. The group was observed aggressively targeting and compromising point-of-sale (POS) systems and making off with millions of payment card numbers. These card numbers were later sold on a particular underground “card shop,” potentially earning FIN6 hundreds of millions of dollars.
This report provides wide-ranging, end-to-end visibility into FIN6’s cybercrime operations, detailing initial intrusion, methods used to navigate the victim network, other tactics, techniques, and procedures (TTPs), and the sale of stolen payment card data in an underground marketplace.
M-Trends 2016
M-Trends 2016 provides trends, statistics and case studies to illustrate how advanced threat actors have evolved over the past year.
The annual report was compiled by consultants at Mandiant, a FireEye company, and is based on hundreds of Mandiant incident response investigations in more than 30 industry sectors. It offers recommendations on how organizations can improve the way they prevent, detect, analyze and respond to cyber attacks.
Download the special report to learn:
- How cyber attackers are holding data for ransom, stealing personally identifiable information and destroying critical systems
- Why enterprise networking devices, such as routers, switches and firewalls, are being targeted
- What trends that started years ago are still going strong
- 10 key insights to help organizations deal with disruptive attacks