webinar csi

8/8/2019 WEbinar CSI

1/32

Presented by

Robert RichardsonCSI Director


2/32


3/32


4/32


5/32


6/32


7/32


8/32


9/32
http://bipartisanpolicy.org/sites/default/files/galleries/_G2_7824.jpg


10/32
http://en.wikipedia.org/wiki/File:Albert-gonzalez.jpg


11/32


12/32


13/32


14/32


15/32


16/32


17/32


18/32


19/32


20/32


21/32

Thanks!

The 2010/2011 Survey Report is

Available at GoCSI.com, either on itsOwn or as part of a CSI membership.


22/32

Cyber Forensics:

Insights on Moving Forward

Jim Jaeger

Director, Cyber Defense & Forensics

December 2010


23/32

Cyber Security

Commercial forensics & incident response

Cyber operations & monitoring

Digital forensics

Indications & warning systems

Network security

Information operations

Department of Defense Cyber Crime Center (DC3)

United States Computer Emergency Readiness Team (US-CERT)

Department of Homeland Security National Infrastructure

Coordinating Center, National Operations Center

National Security Agency signals intelligence and

exploitation

Department of Justice/Federal Bureau of Investigation,

Drug Enforcement Agency

Key Solutions and ProgramsCapabilities


24/32

Reaching Beyond Compliance Every large enterprise must now

deal with constant cyber attacks

100% of the enterprises weve

investigated were compliant with

some security standard

In their cases, compliance

provided a false sense of security

Every set of compliance standards is understood by hackers

To protect your enterprise the new price of doing business is going

beyond compliance


25/32


26/32

Situational Awareness

Often times, our situational awareness is,

indeed, forensics--which means that

something has happened and policing

up after the fact--versus mitigating it in

real time.

We need real-time situationalawareness in our networks, to see

where something bad is happening and

to take action there at that time. We do

not have common-operational picture

for our networks. We need to get there.We need to build that.

General Keith Alexander, Congressional

Testimony, 9/23/2010


27/32

Cyber Situational Awareness

Know What Normal Is

Knowing your network

Recognize changes

Know the Threat

How they move

What they are after

Where they are going

Share Information

CSI Computer Crime and

Security Report

Industry discussions

US-CERT


28/32

Key Strategies: Handling of Logs Logging Enabled

Significant 25%

Basic factory settings75%

Log Storage Long term 5%

Moderate 40%

Minimal 55%

Log review/analysis Limited 50%

None 50%


29/32

Capabilities are being developed in demos and test beds to create

a common operational picture

Evolving Situational Awareness Tool SetIndustry is recognizing the need


30/32

Evolving Investigative Arena

Requires technology SANs to store and

access the data Strong network and

data security topreventcontamination

Sophisticated datamining andvisualization tools

From one examiner/one case/one box,

to forensics teams using distributed toolsto work large data sets and cross case analysis


31/32

The Building Blocks: Partners

Computer EmergencyResponse Team

Cyber Forensic

Organization Law Enforcement

Legal Community

The team brings strength beyond

that of an individual organization


32/32

webinar csi

Documents