BRKSEC-2049 - Tracking Down the Cyber Criminals Revealing Malicious Infrastructures with OpenDNS Cisco Live 2016
English | Size: 710.91 MB
Category: Cisco

Cyber Criminals are increasingly exploiting the Internet services to build agile and resilient infrastructures, and consequently to protect themselves from being exposed and taken over. The Internet is an open system, the information to expose those infrastructures is available somewhere. The challenge is that fragments of data broken up and spread across the web are not immediately visible. Connecting the dots, being able to analyze a diverse set of information made of billions of pieces of discrete data gathered from across the Internet, and collected from multiple sources (DNS queries, BGP anomalies, ASN reputation, network prefixes/IP fluctuations), allows us to build the maps that reveal where the malicious infrastructure are hidden and where the attacks are staged. This turns the table of traditional security with a new approach where the defender takes the upper hand on the attacker, being able to pivot through the criminal infrastructure. This session will explain how the correlation of Internet data on multiple levels (DNS, BGP, ASN, Prefixes/IPs) can be used to build and deliver a new model of security that is pervasive and predictive, and that allows us to expose the attackers’ infrastructure. In particular, the first part will focus on the detection models that can be built and applied (such as co-occurrences, NLPRank, and Spike Detectors), and how the different detectors can be integrated to expose malicious infrastructures and advanced persistent threats. The second part will provide a practical use case on how this innovative approach can be used to pivot through the attackers’ infrastructure and protect organizations from advanced threats Finally, the infrastructure as art, an example will be provided on how the information obtained through the DNS analysis can be represented on a multi-dimensional space and visualized with a 3D engine. This Session is targeted at Security Analysts and Security Administrators that want to get familiar with the OpenDNS Technology and how to use it in their networks.
 manhneovn |   Comments (0) | 

eXTReMe Tracker