SANS Finance Briefing: Practical Threat Modeling for Financial Organizations

  • Friday, 16 Jun 2017 8:00AM EDT (16 Jun 2017 12:00 UTC)
  • Speaker: NULL
In the NY area? Join us at the Live Event. Register here!

Join the SANS Institute for the latest NYC Financial Briefing for the Financial Community.

Threat modeling has been an extended security practice among mature software development organizations as a mean to identify potential threats and define countermeasures to mitigate their effects on applications. 'However, when it comes to security operations, network and endpoint monitoring, the primary focus is still on vulnerabilities and the exploit 'du jour ', resulting in a vicious cycle that doesn't improve their detection capabilities or their overall ability to improve their defensive posture. '

In this 3rd edition of the NYC Financial Briefings, the SANS Institute will bring you practical advice on how financial organizations can introduce threat modeling practices and strategies that are effective to detect and defend your enterprise against modern adversaries. '


8:00am - 8:30am - Registration & Coffee Networking

8:30am - 9:00am - Welcome & Keynote: 'Detecting Zero Day Threats in the Network - Dave Hoelzer - Owner, EnclaveForensics, SANS Fellow, Dean of Faculty, Program 'Faculty at SANS Technology Institute

  • Antivirus and intrusion detection are only good at detecting known threats. 'Worse, every tool is limited by the need for speed and easily defeated through simple modifications to known signatures. 'How can our security operations up their game? 'In this talk we will walk through two examples of modeling threats and develop detection capabilities using the Bro intrusion detection framework without needing to know what the attacker's actual exploit will look like. 'Based on this discussion, regardless of your technical level, you should be better able to ask good questions and contribute to or sponsor threat modeling discussions that produce useful incident handling and detection capabilities within your enterprise.

9:00am - 9:30am - A Lifecycle of Cybercrime: A Glimpse into the Mindset of a Typical Cybercriminal - Andrei Barysevich, Director of Advanced Collection, Recorded Future

  • The common misperception of cybercriminals as "larger than life," incredibly clever, well-off, and unreachable to law enforcement has created a romanticized modern conception of cybercrime, luring a steady supply of ambitious recruits into various restricted and illicit online communities. In this research, I will introduce the architects of the first major Russian-speaking underground community, who singlehandedly created a framework of criminal collaboration. I will walk you through a day in the life of a typical cybercriminal and introduce the administrator of a popular international forum. Additionally, I will demonstrate some of the prominent fraud marketplaces, various platforms and tools available to criminals, and methodologies applied to perpetrate the crime.

Presenter: Andrei Barysevich, Director of Advanced Collection, Recorded Future

9:30am ' 10:00am - Security Challenges in the Financial Industry - Angelo Bovis, Senior Network Security ArchitectThe financial vertical is a key target of attacks today, using basic attacks, passive attacks, and very specific/targeted attacks. Financials have been pretty mature in building out their security organizations, but due to the ever-changing attack landscape, and complex infrastructures, the risk will always remain. Recently, financial companies have been investing more and more in cloud services, and this introduces new risks such as shadow it, unknown workloads, and new attack vectors. We will learn about these challenges, and what to do to reduce our risk of compromise.

  • Security challenges in the financials
  • What they have been seeing in terms of attacks
  • How we can help reduce the risk of these new and ever-changing attacks

Presenter: Angelo Bovis, Senior Network Security Architect

10:00am ' 10:30am - Networking Break

10:30am - 11:00am - Threat Modeling in the Web and Mobile Application Space - Dave Hoelzer - Owner, EnclaveForensics, SANS Fellow, Dean of Faculty, Program Faculty at SANS Technology Institute

Building on the foundation of the morning talk, David Hoelzer will walk through the most typical failures that are found in today's mobile and web applications and help you to see how to introduce threat modeling into your application development process or acceptance criteria. For each threat discussed, good practices for detection and proactive design advice will be given.

Presenter: Dave Hoelzer - Owner, EnclaveForensics, SANS Fellow, Dean of Faculty, Program Faculty at SANS Technology Institute

11:15am - 12:00pm - Conducting Investigations Intelligently with Hypothesis-Driven Playbooks - Ismael Valenzuela - McAfee, SANS Certified Instructor

As financial organizations continue to mature and formalize their security operations, they focus on improving processes and procedures that allow them to address threats more effectively. However, even with these in place, SOCs report that 25% of the alerts are not triaged and that investigations take too long. Why so? In many cases, this can be attributed to the lack of a standardized, intelligent investigation process and community wide tools that can be applied consistently & repeatedly over time, preventing less experienced analysts and incident responders from doing their job effectively.

In this talk, Ismael Valenzuela (Certified SANS Instructor, GSE #132 and Principal Engineer at McAfee), will showcase how threat investigations are best presented as an iterative process of postulating hypotheses and answering questions in the pursuit of an outcome. Using this approach, Ismael will show how to use Markdown to capture investigation playbooks and how they should be structured so they can be intelligently and effectively used by SOC analysts, incident responders and threat hunters.

Presenter: Ismael Valenzuela - McAfee, SANS Certified Instructor

12:00pm '- 12:15pm - Closing Remarks