Cyber threats evolving too fast to catch up with, outdated technique or careless may put organizations at risk.
X-FORT equip with endpoint detection and response (EDR) feature to spot insider or risk more easily, which may mitigate the gap to discover and stop the future insider threat.
A dashboard for visualizing & understanding user behaviors, along with Instant messaging or short messaging might aware internal security risks. Through the information of dashboard, automatically block suspicious or risk events, and use commands to prevent outbreak of disaster.
For the management purpose, top management view the events of particular concern within the organization, and IT members precise respond and react to risks. Depends on your own specific environment, organizations may flexibly design EDR mechanisms to meet the security policies.
Carbon Black 是以雲端科技執行次世代端點安全的領導供應商。Carbon Black 為桌上型電腦及伺服器提供應用控制、裝置控制和進階威脅檢測。Carbon Black 開創了多個端點安全領域,包括應用程式控管、端點偵測與回應(EDR)
SANS 協會的說: 68% 的事件回應者正在或考慮使用 Carbon Black。
基於雲的反病毒解決方案。以 Cb Response 為基礎提供的雲端威脅智慧型和檔案分析服務。服務包括軟體和域名信譽,進階威脅指數,攻擊分類服務等,據報導,Carbon Black Collective Defense Cloud 是世界上最大的雜湊及檔案信譽庫
Every documented threat is also visible to hackers. We can even assume that one of the acceptances of the malware release is to make sure no existing threat intelligence can identify it. In other words, the real threats are hidden in the unknown observables related to anomalies in your environment. Understanding the unknowns is more than just sending the unknown IP , URL and file samples to a threat analytics pipeline. Even though it is useful already but bringing back non-actionable analytic results is an additional overhead to your security operations. Therefore, when we open the door of X-Force Analytics to security analysts, we must also provide tools to help them to comprehend the result and derive actionable insights.
Cloud Office Trend of the Future
Security implications of public vs. private clouds
WPS Cloud Security Solution
The adoption of Artifical Intelligence into WPS Office suites
因應移動裝置、雲端服務、IoT 等網路應用服務環境及類型與日俱增,駭客的攻擊手段及渠道層出不窮且日趨多元,資安防禦儼然成為沒有正解的多選題,如何規劃適合當下、兼顧未來的安全策略?
台灣大哥大資安戰警服務協助提供全新資安營運視角,以最佳適應性為目標客戶建立基於服務且不影響用戶體驗的安全解決方案,打造符合營運策略及業務目標的堅實後盾,開創最佳應用服務及網路環境!
Closed network is frequently used inside high sensitive units to protect their risky system, which seems like a secure architecture. But recent security breaches had proven it's not a guarantee. The closed network is one of the defense mechanisms accompany with other measures, and should not be the only solution. However, information security does not only depend on raising budget and controls but also needs considering the availability and maintenance cost. We need to bear in mind that People, Procedures, and Products should be considerate at the same time.
In this topic, I would like to share my operational experience on how to build a closed network with resilience and shorten the response time to events.
Nowadays, people use the information system to deal with their requirement, store their data, and communicate with each other. They gradually realize the importance of access control to protect the Confidentiality, Integrity, and Availability of system resource.
The concept of access control, which is everywhere in our daily life, including ID card, family, privilege level in company, etc, consists of 3 components, Subject, Object and Access. We can specify explicit rules for these 3 components, and manage to block the unauthorised access.
This agenda shares my leanning experience of access control and SELinux.
By practicing of incident response, you will understand the various TTPs of APT attack. Learn how to resolve the encoded content of script and find the way of persistence, lateral movement and how the shellcode is loaded.
You will be devided into teams and help each other to see the whole scope of incident from an single alert.
By practicing of incident response, you will understand the various TTPs of APT attack. Learn how to resolve the encoded content of script and find the way of persistence, lateral movement and how the shellcode is loaded.
You will be devided into teams and help each other to see the whole scope of incident from an single alert.
By practicing of incident response, you will understand the various TTPs of APT attack. Learn how to resolve the encoded content of script and find the way of persistence, lateral movement and how the shellcode is loaded.
You will be devided into teams and help each other to see the whole scope of incident from an single alert.
By practicing of incident response, you will understand the various TTPs of APT attack. Learn how to resolve the encoded content of script and find the way of persistence, lateral movement and how the shellcode is loaded.
You will be devided into teams and help each other to see the whole scope of incident from an single alert.
This session will provide the board members and senior executives with a philosophical perspective on information security governance.
We have to understand the threat-actor's behaviors to perfect our defense. The speaker in this session will explain threat-actor's behaviors with some cases in plain language. He will also cover the advanced threat reaction and defense planning for enterprises.
After giving a brief introduction to the definition of NG-SOC abroad, the speaker will share the various situations and future plans that will be encountered in the next generation of SOC with Taiwan SOC practical cases
在數位化潮流的衝擊之下,「數位轉型」是現代企業一定要不能忽視,不然,可能在這個巨大的改變大浪下,被競爭者取代或是逐漸衰敗。而在漫長的轉型過程當中,資料如何上雲並且安全,讓雲端各種運用可以安全存取或是連結內部各式資料庫(ERP,ERP,BI 或是其他數據源)則是數位轉型成功與否的重要基礎。除此之外,敏感機密資料需要與外部分享,如何安全分享機密敏感資料符合法規(PCI-DSSG,PDR,HIPPA,ISO27001...)並免資料外洩所造成的巨大賠款與傷癒損失,兩者缺一不可,本議程將說明如何將結構化資料(Database)跟非結構性資料(File)安全上雲,協助您成功數位轉型。
Insider policy violations are a major risk for all companies and can easily go undetected until it is too late. Proactively managing these risks can provide you with a game-changing advantage. Gain an understanding of what these risks are and how to gain visibility into and remediate insider policy violations and data leakage.
The is a research about malware classification using "Graph Hash".
In malware research, threat hunting and security intelligence exchanging, hashes, such as MD5 or SHA256, take a dominant position. Malware researchers search malware on VirusTotal with hashes, exchange security intelligence with IoC (incident of compromise) that include hashes. However, hashes have some characteristics, such as one-to-one relationship between file and its hash, this limit researchers to do files correlation. The purpose of this research is to help to classify malware with consistent and efficient way.
This session contains:
1. What is Graph Hash
- This will detail the background and what graph hash is.
2. Methodology of Graph Hash
- This will detail how to calculate the graph hash from ground up.
3. Testing Results
- This will presents the testing results. We will take the campaign, Operation Orca (https://www.virusbulletin.com/conference/vb2017/abstracts/operation-orca...), as example.
4. The Limitations of Graph Hash
- This will discuss the limitations of graph hash in some conditions.
Reference:
https://blog.trendmicro.com/trendlabs-security-intelligence/malware-clas...
In the research area of computer security, the method to recover key materials by analyzing the information leaked during cryptographic operation on hardware platforms is called Side-Channel Analysis (SCA). In the past two decades, both analysis and defense techniques have been increasing day by day; even hardware products with Secure Element (SE) are facing serious threats and adversaries.
Recently Japan is experiencing series of intense cyber-attack which are suspected to have relations with its geopolitical aspects. This year especially, waves of cyber-attack from Tick targeting defense industry have been observed. The TTP involved in those attacks includes followings techniques
– RLO name trick applied executable files used in “Point of Entry Phase” – Defaced legitimate sites as C&C servers
– Steganography applied to additional payloads to be downloaded.
– Lateral movements with credential dumping
The presentation covers APT activities surrounding Japan and their background, along with details of “Tick” and its operation, began to be actualized from January 2019, referred as ”Operation ENDTRADE“. For more detail please visit the :https://blog.trendmicro.com/trendlabs-security-intelligence/operation-en...
Strategic Plan of National Cyber Security Program (Draft) (2021 to 2024)
Industry Develop program of Cyber Security
Facing the trend of digital transformation, the SEMI industrial control system has been connected with the IT environment and suffers both IT and OT security threats. According to this situation, the semiconductor manufacturing requires lots of efforts to mitigate potential cyber security risks.
Therefore, a SEMI taskforce is developiing the standard of fab equipment computer cyber security specification. Equipment suppliers and their upstream suppliers will benefit from this standard to evaluate whether their products and services can provide the functional security capability to improve the security level of fab equipment and imporve cyber security of semi manufacturing environment.
Who produce disinformation, and who disseminate it? Who are the target audience of disinformation?
1.Vaccine/Antidote and Tracing of Disinformation/Hackers
2.Pandemics and Contagion of Online Information
3.Immunization and the Limits of Influence Campaign
4.Autoimmune Disease and Democratic Societal Polarization/Resilience
Open API has become the main interface standard for various enterprise application systems, which makes its security more prominent. This talk will introduce how to design and formulate secure enterprise Open API specifications from the perspective of Open API Specification (OAS) from the very beginning and the positive security model.
On Sep 14, 2019, PSD2 took effect in the European Union. The talk is an introduction to our ongoing study: What has changed? What was brought by open banking and 3rd party FinTech apps? Is there an impact to privacy and cybersecurity to trust a 3rd party app?
Cybersecurity issues concerning commercially available IoT and embedded systems have impeded the implementation of numerous business proposals. With Linux occupying a significant place in the embedded system, the question as to how economical cybersecurity solutions can be achieved under engineering and commercial considerations (e.g., technologies, resources, and certification requirements) warrants further investigation. Contrary to the traditional cybersecurity solutions of developing antivirus software, we promote Taiwan’s own SELinux from the perspective of open source technologies and share the team’s major transformation and the derived benefits.
Synology's Product Security Incident Response Team (PSIRT) is responsible for reacting to Synology's product security incidents. In this presentation, we will introduce how we embrace the CVE (Common Vulnerabilities and Exposures) ecosystem, how we collaborate with international organizations, and how we design and implement the SBoM (Software Bill of Materials) for automation and day-to-day incident response.
This talk will first explain "Why should vehicle communication take standard rather than blackbox?", then discuss some past works & current researches of attack vectors on car security. After realizing that every new feature will bring new security issue, we will take a deep dive into the protocol which AGL try to assign as standard between endpoint vehicle and vendor factory ─ OMA DM, than a simple Demo to emphasize how important we should reinforce these protocol weaknesses.
- Case Study: Cyber incidents of OT (Operation Technology) environments
- Challenge of security protection in ICS (Industrial Control System) applications
- Comprehensive cybersecurity strategy for OT industries
- Overview for ICS/OT Cybersecurity Framework
- Best practices and use cases of ICS/OT Cybersecurity Framework
1. OT attack scenario at continuous process and discrete manufacturing
2. Factory, shopfloor, and equipment can be protected and prevented from early prevention and insight
* The organizer reserves the rights to amend all agenda and activities.
-