Transcription
Leveraging Open-SourceIntelligence (OSINT)How Social Footprints Lead to Cyber RiskChris Coryea International Cyber Intelligence Services Manager 2017 LEIDOS. ALL RIGHTS RESERVED.The wording LEIDOS used throughout is a registered trademark in the U.S. Patent and Trademark Office owned by Leidos, Inc.
I have Defender DNA.I am determined to continuously learn from the past.I leverage my relentless drive to understand the ever-evolving threatlandscape and solve the continuous challenges waged by our cyber enemies.
400Musers1Bposts/day2.5 Exabytesdata/day 2016 LEIDOS. ALL RIGHTS RESERVED. PROPRIETARY500Mtweets/day
2016 LEIDOS. ALL RIGHTS RESERVED. PROPRIETARY
1 Analyst / 5 Hours 2016 LEIDOS. ALL RIGHTS RESERVED. PROPRIETARY
Cybersecurity Footprint: Exposing your StrategyNetwork Implementation EngineerSeptember 2012 – Present (3 years 5 months)Project ManagerJune 2014 – Present (1 year 9 months)Security AnalystMay 2013 – Present (2 years 9 months)Lead ArchitectApril 2010 – Present (5 years 11 months) .FireEyeEmail . 4Mendpoint .Initiative .Global FireEyeMandiant LocationTime Frame . SOC Analyst inLondon BudgetSecurity AnalystJanuary 2016 – Present (1 month) . Joined SOC team in2016 User AwarenessLead ArchitectMiddle EastSecurity ArchitectOctober 2014 – Present (1 years 4 months) . 4Mendpoint .Advanced Email SecurityApril 2010 – Present (5 years 11 months)System ArchitectJanuary 2009 – Present (7 years 1 month) .Global FireEyeMandiant Mobile SecurityEndpoint SecurityProjectManagerGlobal1 year 1.5M1 yearN/AJune 2014 – Present (1 year 9 months)United StatesGlobalSolution EngineerJuly 2011 – Present (5 years 7 months) 2016 endpoint .Human ResourcesMarch 2009 – Present (7 years)Human ResourcesMarch 2009 – Present (7 years)2 years 4M1 year 4M . 2 year, 15M SOC currently working on designing the architecture managing 4m project to roll out newApplicationSecurity endpoint security Global3 yearsfor a global implementation of FireEyeEmailacross the enterprise inThreat Prevention (ETP) solution inline for 2016 2016 the successful candidate will be responsible 8Mforleading a team of 20 analysts located atSOC based in London working as lead architect on deployment of initiative involves a monthly project resource3 yearsFireEye Mandiant solution globally Supply Chain Security budget in excessAsiaPacof 200k, entails managementof a team of 3 other Project Managers andHybrid Cloud Security numerous BusinessN/A2 yearsAnalysts, Architects,Subject Matter Experts and stakeholders overseeing [company’s] 2 year, 15M SOC 5Mtransformation SOC Transformation (20 staff) 2016 Lockheed Martin Corporation. All rights reserved.London2 years 15M 11M
Cybersecurity Footprint: Exposing your TechnologyNetwork Implementation EngineerNetwork Security SpecialistSeptember 2012 – Present (3 years 5 months)April 2012 – Present (3 years 10 months)My role responsibilities are business-a-usual tasks and small projects:– LAN: Small configurations on Cisco switches and routers(access and trunk ports, VLANs with HSRP, VPC)– Small projects such as new switch landing andconfiguration (Nexus 5K, Nexus 2K)– Firewall: Small firewall changes on Juniper, Checkpointand FortiGate firewalls (rules, routes, NAT)– Management of DNS and DHCP services throughInfoblox Grid ManagerAdditionally I take a part in organizing knowledge sharing sessions formy colleagues, interns, apprentices.Working with the Security Operations Centre on a wide range oftechnologies including:– McAfee IDS / IPS product suite– BeCrypt Enterprise Manager– Symantec Scan Engine Products– Checkpoint IPS software blade technology– Juniper IDP Devices
Cybersecurity Footprint: Exposing your Technology Firewalls Antivirus & EndpointACME ProtectionSymantec an Anvil Corporation Symantec EndpointScan/ProtectionProtectionFirewalls:Palo Alto, JuniperEngineLumension SRXAdversaries can:Security Monitoring & Management(1)Juniper NetScreen LogRhythmPalo Alto FirescopeMcAfeeNetbrain learnwherecurrentTTPsLoad Balancing: F5 LTM & GTMCheckpoint RSA EnvisionSidewinder Zabbixwill be most effectiveEmail&MessagingProtection(includes some inMon Traffic Imperva CorvilExternalEngineerProxies: BlueCoat 5GNokia uritySpecialist McAfee IronMail SymantecSecureSphere ObserviumSeptember 2012 – Present (3 years 5 months)April 2012 – Present (3 years10months)FortinetCA eHealth (2)Email MPSBrightMail(WAF) F5 EnterpriseIDS & FireEyeIDP: TippingPointCisco ASAInfoblox constructCentreattacksto avoid FortiGateManagerMy role responsibilitiesare business-a-usual tasks and smallWorking with the SecurityOperationson a widerange ofLucentArcSight projects:technologies including: HuaweiPaloAltoPanorama or subvert known securityAntivirus & Endpoint Protection: FireEye WebMPS – LAN: Small configurations on Cisco switches and– McAfee IDS / IPS product suiteProxies(malware),McAfeeEndpoint Protection– HSRP,BeCrypt Enterprise ManagerLoad BalancingVPC)– Symantec Scan Engine AuthenticationProducts BlueCoat McAfee& ApplicationDelivery– Small projectssuch as new switchand Endpoint Protection– Checkpoint IPSsoftware blade technologyEmails:McAfeeBeCryptWebSenseVMWare SuiteESX landing(3) CatapanF5 BIG-IP:configuration (Nexus 5K, Nexus 2K)– Juniper IDPCisco Identify Devicesexploit vulnerabilities VascoJuniper,LTM/GTM, – Firewall: Small firewall changes onNexusCisco Routers and SwitchesServices EngineCitrixNetScaler CGX tion & PreventionServerIron anager, VIPRION ArcSightthroughfor analysis of external security threats Aruba ClearPass– Management of DNS and DHCP servicesMcAfeeIDS,IPSJuniperIDP (hardware)Infoblox Grid ManagerSuite SourceFire CheckPoint IPSAdditionally I take a part in organizing knowledgesharing TippingPointsessions for my colleagues, interns, apprentices.
Executive Footprint: Exposing your Company & FamilyPrivatesocial media accountsPrivate & publicsocial media accountsPublicsocial media accountsSeparation of work &personal lifeMix of work &personal lifeAssociation betweenwork & personal lifeLOW RISK 2016 Lockheed Martin Corporation. All rights reserved.MEDIUM RISKHIGH RISK
Executive Footprint: Exposing your Company & Family16 Executives, 30 Accounts: 94% LinkedIn 63% Twitter 31% FacebookExposure: Detailed information onconferences and business travel Detailed resume/CV public onLinkedIn Friends public on FacebookLOW RISK 2016 Lockheed Martin Corporation. All rights reserved.MEDIUM RISKHIGH RISK
Executive Footprint: Exposing your Company & FamilyTwitterTwitterJohn @johndoeJane @janedoeFather tweetsdaughter from hiswork accountJane consistentlytweets her locationand activitiesJohn John DoeCEODetailedCV/resumeinformation listedpublicallyYouTubeJane DoeAccount is public,bio list numerousinterests, friendsare also publicFriends list ispublic and usingsame picture asbusiness profileAccount is privatebut links toFacebook accountPinterestJane DoeAccount is publicand links toFacebook accountHIGHLOW RISK 20162016 LockheedLockheed MartinMartin Corporation.Corporation. AllAllrightsrights reserved.reserved.MEDIUM RISKHIGH RISK
Open-Source Intelligence (OSINT): Scope of CapabilitiesTechnology andStrategy upplyChainInternet of Things(IoT)
Know the scope of intelligencepublically available to youradversaries Understand how the aggregationof this intelligence can exposeyour vulnerability landscape Leverage OSINT to monitor andmitigate your exposure
Thank you.Questions and Discussion
Load Balancing: F5 LTM & GTM External Proxies: BlueCoat 5G IDS & IDP: TippingPoint Antivirus & Endpoint Protection: FireEye WebMPS (malware), McAfee Endpoint Protection Suite Emails: McAfee Endpoint Protection Suite Nexus Cisco Routers and Switches ArcSight for analys
