際際滷

際際滷Share a Scribd company logo

Arab Security Conference [2022].pdf

Amgad Magdy
Amgad Magdy

Most enterprises focus on preventing cyber attacks by relying on commercial and close-source security products only. Traditionally, they use the Defence-In-Depth approach to prevent adversaries from accessing critical security controls or assets. In this approach, any time the adversary can bypass any security control or ex-filtrate a piece of data from the network and move laterally, they will win the game!!. While the Defence-In-Depth approach is effective against some types of threats, it fails in advanced threat operations, and defenders need time to adapt these approaches, which will increase cost and disperse technical resources. What if change the game between defenders and adversaries?!. Defenders focus on deceptive controls and data in continuous engagements to improve Defence-In-Depth approaches. It will raise many questions by adversaries; Is the piece of data real? Is the asset critical? Can I move laterally by using this asset? With more rising questions, it will increase the cost of adversarys operation, also increase adversarys dispersion and lead to an unsuccessful operation. The adversary engagement is an iterative process to understand adversary behaviors, adapt defensive controls and get more indicators to improve intelligence abilities. Also, improving security teams critical and active thinking approaches. Security teams use deception technologies only as plug and play decoys to deceive adversaries, but adversaries detect decoys and cut off their management links!!!.. In this talk, I will focus on how to integrate adversary engagement processes and tools to improve defensive approaches practically.

1 of 30
Amgad Magdy Strategist at SnellSec, UAE Cyber Adversaries teach us in times of Austerity 1
2 : Do you know the extent of the geoeconomics impact on the Cybersecurity industry ? Do you know Cyber Adversaries think in graphs not lists ?
3 You Economics Politics Cybersecurity Adversary
4 Aviation Electronics & Communications Engineer [B.Sc.] Cybersecurity Presidential Scholarship [ 9 Months] Cyber Intelligence Consultant CS Postgrad Studies SnellSec Strategist Adversarial Engineer Cyber Communities ? QAE My Bio-Graph:
The Problem 5
6 The Problem: Global Changes Global Changes Geoeconomics Geopolitics Pandemic Remote Work Layoffs Budget Control Anywhere Access Decrease Tasks Security Gap Increased attack surface
7
8 How do I learn from my adversaries effectively ?
9 Clear Objective: Design the actual cyber assets to be difficult to attack, to minimize impact and potential loss when an event happens, and to continuously deliver the intended capabilityno matter what will happen..
10 Sol-[P1]: Strategic Planning Strategic Planning The security Function The business Function Provide management with the information to make informed decisions about investment in security. Crown Jewels Analysis
11 Sol-[P1]: Strategic Planning
12 Sol-[P1]: Strategic Planning [Crown Jewels Analysis Cycle] Define Identify Critical systems. Define Critical Data. Discover Identify Data lifecycle. Identify flows. Draw paths. Baseline Identify requirements. Controls Effectiveness. Analyze Identify Control Gaps. Identify Security Risk. Prioritize Security Gaps. Secure Develop Solutions Stack. Deploy Solutions. Monitor Solutions. BU CJ CO AS SO
13 Sol-[P2]: Drawing Paths C A B 1-F 2-F 3-F 1-2F 2-2F 1-R 2-R
14 Sol-[P3]: Adversary Engagement Operation [Definition] Adversary Engagement Deception Cyber Denial Impair the adversarys ability to conduct their operations. Deceptive facts and fictions to mislead the adversary. Strategic Analysis
15 Sol-[P3]: Adversary Engagement Operation [Elements] Adversary Engagement Narrative Environment Monitor Analysis The Deception Story The Engagement Environment The Collection System The Actions
16 Sol-[P3]: Adversary Engagement Operation [Goals] Expose Adversary on the network Affect Adversarys abilities Elicit Intelligence to learn [TTPs] Adversary Engagement Operation is an iterative and goal driven process that provides opportunities to improve threat models.
17 Sol-[P3]: Adversary Engagement Operation [Real Case] Adversary Engagement Operation is not the deployment of a technology stack Not Fire & Forget Solutions Misconfiguration Unpatched System Unplanned Operation
18 Sol-[P3]: Adversary Engagement Operation [10-Step-Process] Chapter 19: The Process of Deception [From page 147]
19 Sol-[P3]: Adversary Engagement Operation [10-Step-Process] - Define operation objective. - Construct an engagement narrative. - Define acceptable level of operational risk with stakeholders. Implement and deploy your designed activities. - Turn operational outputs into actionable intelligence. - Capture lessons learned. - Refine future engagements.
20 Sol-[P3]: Adversary Engagement [Operationalize The Methodologies] MITRE Engage Matrix A shared reference that bridges the gap between defenders and decision makers when discussing and planning for adversary engagement operation. The matrix empowers you to identify your adversary engagement goals, and then use those goals to shape operational activities. The matrix is divided vertically into two categories of actions; Strategic actions and engagement actions. The matrix is subdivided horizontally into Goals, Approaches, and Activities.
21 Sol-[P3]: Adversary Engagement [MITRE Engage Matrix]
22 Sol-[P3]: Adversary Engagement [MITRE Engage Matrix]
23 Sol-[P3]: Adversary Engagement [MITRE Engage Matrix]
24 Sol-[P3]: Adversary Engagement [Mapping] When Adversaries perform specific actions. ATT&CK Techniques Their actions reveal vulnerabilities Adversary Vulnerability The defender can take advantage for defensive purposes Engagement Activity
25 Sol-[P3]: Adversary Engagement [Mapping]
26 Sol-[P3]: Adversary Engagement [Integration] Active Cyber Defence Strategy
27 Results: - Most Impactful assets To limit your assessment - Risk Reduction by resilient security controls plan. - Shifting from Cybersecurity to Cyber Resilience. - Increasing Investment Efficiency.
28 Recommended Resources:
Q & A 29
Some trees bend but not break under the weight of snow or high winds. 30 Amgad Magdy Strategist at SnellSec, UAE ______________ https://www.arabsecurityconference.com/speaker-2022-amgad-magdy https://www.linkedin.com/in/amgadmagdy/
Ad

Recommended

The Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS
ITPM_11.ppt
ITPM_11.pptITPM_11.ppt
ITPM_11.ppt
AhmedHusseinElmi
Top 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk programTop 5 secrets to successfully jumpstarting your cyber-risk program
Top 5 secrets to successfully jumpstarting your cyber-risk program
Priyanka Aash
Information Technology Risk Management
Information Technology Risk ManagementInformation Technology Risk Management
Information Technology Risk Management
Glen Alleman
Cybersecurity Strategy: Building a Balanced Scorecard with Effective KPIs
Cybersecurity Strategy: Building a Balanced Scorecard with Effective KPIsCybersecurity Strategy: Building a Balanced Scorecard with Effective KPIs
Cybersecurity Strategy: Building a Balanced Scorecard with Effective KPIs
Aleksey Savkin
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.ppt
avisha23
PMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.pptPMI project_risk_management_final_2022.ppt
PMI project_risk_management_final_2022.ppt
DorraLamouchi1
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.ppt
AyidAlmgati
presentation project risk management description
presentation project risk management descriptionpresentation project risk management description
presentation project risk management description
mambojumb
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iii
Jitendra s Rathore
Schwalbe-11ProjectRisk.ppt
Schwalbe-11ProjectRisk.pptSchwalbe-11ProjectRisk.ppt
Schwalbe-11ProjectRisk.ppt
AyidAlmgati
Project Risk Management for computer science.ppt
Project Risk Management for computer science.pptProject Risk Management for computer science.ppt
Project Risk Management for computer science.ppt
bsclmr131922
IT Security Consulting Services CRI Advantage
IT Security Consulting Services CRI Advantage IT Security Consulting Services CRI Advantage
IT Security Consulting Services CRI Advantage
CRI Advantage
project_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptproject_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.ppt
BetshaTizazu2
Software Project Risk Management Practice in Oman
Software Project Risk Management Practice in OmanSoftware Project Risk Management Practice in Oman
Software Project Risk Management Practice in Oman
EECJOURNAL
Agile-Risk-Management in Project Management
Agile-Risk-Management in Project ManagementAgile-Risk-Management in Project Management
Agile-Risk-Management in Project Management
Najmul Hussain
IT Risk managment combined
IT Risk managment combinedIT Risk managment combined
IT Risk managment combined
Glen Alleman
Increasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk ManagementIncreasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk Management
Glen Alleman
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
Nimat Khattak
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
csandit
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
IJCNCJournal
Enhancing Cybersecurity Defenses: A Multicriteria Decision
Enhancing Cybersecurity Defenses: A Multicriteria DecisionEnhancing Cybersecurity Defenses: A Multicriteria Decision
Enhancing Cybersecurity Defenses: A Multicriteria Decision
IJCNCJournal
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
Episode 25 : Project Risk Management
Episode 25 : Project Risk ManagementEpisode 25 : Project Risk Management
Episode 25 : Project Risk Management
SAJJAD KHUDHUR ABBAS
Koopman Prize Presentation
Koopman Prize PresentationKoopman Prize Presentation
Koopman Prize Presentation
Linan Huang
9. Risk.ppt
9. Risk.ppt9. Risk.ppt
9. Risk.ppt
Kameswara Rao Poranki
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
Ad

More Related Content

Similar to Arab Security Conference [2022].pdf (20)

presentation project risk management description
presentation project risk management descriptionpresentation project risk management description
presentation project risk management description
mambojumb
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iii
Jitendra s Rathore
Schwalbe-11ProjectRisk.ppt
Schwalbe-11ProjectRisk.pptSchwalbe-11ProjectRisk.ppt
Schwalbe-11ProjectRisk.ppt
AyidAlmgati
Project Risk Management for computer science.ppt
Project Risk Management for computer science.pptProject Risk Management for computer science.ppt
Project Risk Management for computer science.ppt
bsclmr131922
IT Security Consulting Services CRI Advantage
IT Security Consulting Services CRI Advantage IT Security Consulting Services CRI Advantage
IT Security Consulting Services CRI Advantage
CRI Advantage
project_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptproject_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.ppt
BetshaTizazu2
Software Project Risk Management Practice in Oman
Software Project Risk Management Practice in OmanSoftware Project Risk Management Practice in Oman
Software Project Risk Management Practice in Oman
EECJOURNAL
Agile-Risk-Management in Project Management
Agile-Risk-Management in Project ManagementAgile-Risk-Management in Project Management
Agile-Risk-Management in Project Management
Najmul Hussain
IT Risk managment combined
IT Risk managment combinedIT Risk managment combined
IT Risk managment combined
Glen Alleman
Increasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk ManagementIncreasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk Management
Glen Alleman
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
Nimat Khattak
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
csandit
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
IJCNCJournal
Enhancing Cybersecurity Defenses: A Multicriteria Decision
Enhancing Cybersecurity Defenses: A Multicriteria DecisionEnhancing Cybersecurity Defenses: A Multicriteria Decision
Enhancing Cybersecurity Defenses: A Multicriteria Decision
IJCNCJournal
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
Episode 25 : Project Risk Management
Episode 25 : Project Risk ManagementEpisode 25 : Project Risk Management
Episode 25 : Project Risk Management
SAJJAD KHUDHUR ABBAS
Koopman Prize Presentation
Koopman Prize PresentationKoopman Prize Presentation
Koopman Prize Presentation
Linan Huang
9. Risk.ppt
9. Risk.ppt9. Risk.ppt
9. Risk.ppt
Kameswara Rao Poranki
presentation project risk management description
presentation project risk management descriptionpresentation project risk management description
presentation project risk management description
mambojumb
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
Cloud computing it703 unit iii
Cloud computing it703 unit iiiCloud computing it703 unit iii
Cloud computing it703 unit iii
Jitendra s Rathore
Schwalbe-11ProjectRisk.ppt
Schwalbe-11ProjectRisk.pptSchwalbe-11ProjectRisk.ppt
Schwalbe-11ProjectRisk.ppt
AyidAlmgati
Project Risk Management for computer science.ppt
Project Risk Management for computer science.pptProject Risk Management for computer science.ppt
Project Risk Management for computer science.ppt
bsclmr131922
IT Security Consulting Services CRI Advantage
IT Security Consulting Services CRI Advantage IT Security Consulting Services CRI Advantage
IT Security Consulting Services CRI Advantage
CRI Advantage
project_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptproject_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.ppt
BetshaTizazu2
Software Project Risk Management Practice in Oman
Software Project Risk Management Practice in OmanSoftware Project Risk Management Practice in Oman
Software Project Risk Management Practice in Oman
EECJOURNAL
Agile-Risk-Management in Project Management
Agile-Risk-Management in Project ManagementAgile-Risk-Management in Project Management
Agile-Risk-Management in Project Management
Najmul Hussain
IT Risk managment combined
IT Risk managment combinedIT Risk managment combined
IT Risk managment combined
Glen Alleman
Increasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk ManagementIncreasing the Probability of Success with Continuous Risk Management
Increasing the Probability of Success with Continuous Risk Management
Glen Alleman
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
Nimat Khattak
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
csandit
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
Enhancing Cybersecurity Defenses: A Multicriteria Decision-Making Approach to...
IJCNCJournal
Enhancing Cybersecurity Defenses: A Multicriteria Decision
Enhancing Cybersecurity Defenses: A Multicriteria DecisionEnhancing Cybersecurity Defenses: A Multicriteria Decision
Enhancing Cybersecurity Defenses: A Multicriteria Decision
IJCNCJournal
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
Episode 25 : Project Risk Management
Episode 25 : Project Risk ManagementEpisode 25 : Project Risk Management
Episode 25 : Project Risk Management
SAJJAD KHUDHUR ABBAS
Koopman Prize Presentation
Koopman Prize PresentationKoopman Prize Presentation
Koopman Prize Presentation
Linan Huang
9. Risk.ppt
9. Risk.ppt9. Risk.ppt
9. Risk.ppt
Kameswara Rao Poranki

Recently uploaded (20)

TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Raffi Khatchadourian
TrsLabs - AI Agents for All - Chatbots to Multi-Agents Systems
TrsLabs - AI Agents for All - Chatbots to Multi-Agents SystemsTrsLabs - AI Agents for All - Chatbots to Multi-Agents Systems
TrsLabs - AI Agents for All - Chatbots to Multi-Agents Systems
Trs Labs
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
AI Agents at Work: UiPath, Maestro & the Future of Documents
AI Agents at Work: UiPath, Maestro & the Future of DocumentsAI Agents at Work: UiPath, Maestro & the Future of Documents
AI Agents at Work: UiPath, Maestro & the Future of Documents
UiPathCommunity
The Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdfThe Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdf
Precisely
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptxReimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
John Moore
The Future of Cisco Cloud Security: Innovations and AI Integration
The Future of Cisco Cloud Security: Innovations and AI IntegrationThe Future of Cisco Cloud Security: Innovations and AI Integration
The Future of Cisco Cloud Security: Innovations and AI Integration
Re-solution Data Ltd
TrsLabs - Leverage the Power of UPI Payments
TrsLabs - Leverage the Power of UPI PaymentsTrsLabs - Leverage the Power of UPI Payments
TrsLabs - Leverage the Power of UPI Payments
Trs Labs
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
HCL Nomad Web Best Practices and Managing Multiuser Environments
HCL Nomad Web Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web Best Practices and Managing Multiuser Environments
HCL Nomad Web Best Practices and Managing Multiuser Environments
panagenda
TrsLabs Consultants - DeFi, WEb3, Token Listing
TrsLabs Consultants - DeFi, WEb3, Token ListingTrsLabs Consultants - DeFi, WEb3, Token Listing
TrsLabs Consultants - DeFi, WEb3, Token Listing
Trs Labs
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
James Anderson
MINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PRMINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PR
MIND CTI
Vaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without HallucinationsVaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without Hallucinations
john409870
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
HCL Nomad Web Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
The Microsoft Excel Parts Presentation.pdf
The Microsoft Excel Parts Presentation.pdfThe Microsoft Excel Parts Presentation.pdf
The Microsoft Excel Parts Presentation.pdf
YvonneRoseEranista
AsyncAPI v3 : Streamlining Event-Driven API Design
AsyncAPI v3 : Streamlining Event-Driven API DesignAsyncAPI v3 : Streamlining Event-Driven API Design
AsyncAPI v3 : Streamlining Event-Driven API Design
leonid54
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Raffi Khatchadourian
TrsLabs - AI Agents for All - Chatbots to Multi-Agents Systems
TrsLabs - AI Agents for All - Chatbots to Multi-Agents SystemsTrsLabs - AI Agents for All - Chatbots to Multi-Agents Systems
TrsLabs - AI Agents for All - Chatbots to Multi-Agents Systems
Trs Labs
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
AI Agents at Work: UiPath, Maestro & the Future of Documents
AI Agents at Work: UiPath, Maestro & the Future of DocumentsAI Agents at Work: UiPath, Maestro & the Future of Documents
AI Agents at Work: UiPath, Maestro & the Future of Documents
UiPathCommunity
The Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdfThe Changing Compliance Landscape in 2025.pdf
The Changing Compliance Landscape in 2025.pdf
Precisely
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptxReimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
Reimagine How You and Your Team Work with Microsoft 365 Copilot.pptx
John Moore
The Future of Cisco Cloud Security: Innovations and AI Integration
The Future of Cisco Cloud Security: Innovations and AI IntegrationThe Future of Cisco Cloud Security: Innovations and AI Integration
The Future of Cisco Cloud Security: Innovations and AI Integration
Re-solution Data Ltd
TrsLabs - Leverage the Power of UPI Payments
TrsLabs - Leverage the Power of UPI PaymentsTrsLabs - Leverage the Power of UPI Payments
TrsLabs - Leverage the Power of UPI Payments
Trs Labs
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
HCL Nomad Web Best Practices and Managing Multiuser Environments
HCL Nomad Web Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web Best Practices and Managing Multiuser Environments
HCL Nomad Web Best Practices and Managing Multiuser Environments
panagenda
TrsLabs Consultants - DeFi, WEb3, Token Listing
TrsLabs Consultants - DeFi, WEb3, Token ListingTrsLabs Consultants - DeFi, WEb3, Token Listing
TrsLabs Consultants - DeFi, WEb3, Token Listing
Trs Labs
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
GDG Cloud Southlake #42: Suresh Mathew: Autonomous Resource Optimization: How...
James Anderson
MINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PRMINDCTI revenue release Quarter 1 2025 PR
MINDCTI revenue release Quarter 1 2025 PR
MIND CTI
Vaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without HallucinationsVaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without Hallucinations
john409870
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
HCL Nomad Web Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
The Microsoft Excel Parts Presentation.pdf
The Microsoft Excel Parts Presentation.pdfThe Microsoft Excel Parts Presentation.pdf
The Microsoft Excel Parts Presentation.pdf
YvonneRoseEranista
AsyncAPI v3 : Streamlining Event-Driven API Design
AsyncAPI v3 : Streamlining Event-Driven API DesignAsyncAPI v3 : Streamlining Event-Driven API Design
AsyncAPI v3 : Streamlining Event-Driven API Design
leonid54
Ad

Arab Security Conference [2022].pdf

  • 1. Amgad Magdy Strategist at SnellSec, UAE Cyber Adversaries teach us in times of Austerity 1
  • 2. 2 : Do you know the extent of the geoeconomics impact on the Cybersecurity industry ? Do you know Cyber Adversaries think in graphs not lists ?
  • 4. 4 Aviation Electronics & Communications Engineer [B.Sc.] Cybersecurity Presidential Scholarship [ 9 Months] Cyber Intelligence Consultant CS Postgrad Studies SnellSec Strategist Adversarial Engineer Cyber Communities ? QAE My Bio-Graph:
  • 6. 6 The Problem: Global Changes Global Changes Geoeconomics Geopolitics Pandemic Remote Work Layoffs Budget Control Anywhere Access Decrease Tasks Security Gap Increased attack surface
  • 7. 7
  • 8. 8 How do I learn from my adversaries effectively ?
  • 9. 9 Clear Objective: Design the actual cyber assets to be difficult to attack, to minimize impact and potential loss when an event happens, and to continuously deliver the intended capabilityno matter what will happen..
  • 10. 10 Sol-[P1]: Strategic Planning Strategic Planning The security Function The business Function Provide management with the information to make informed decisions about investment in security. Crown Jewels Analysis
  • 12. 12 Sol-[P1]: Strategic Planning [Crown Jewels Analysis Cycle] Define Identify Critical systems. Define Critical Data. Discover Identify Data lifecycle. Identify flows. Draw paths. Baseline Identify requirements. Controls Effectiveness. Analyze Identify Control Gaps. Identify Security Risk. Prioritize Security Gaps. Secure Develop Solutions Stack. Deploy Solutions. Monitor Solutions. BU CJ CO AS SO
  • 14. 14 Sol-[P3]: Adversary Engagement Operation [Definition] Adversary Engagement Deception Cyber Denial Impair the adversarys ability to conduct their operations. Deceptive facts and fictions to mislead the adversary. Strategic Analysis
  • 15. 15 Sol-[P3]: Adversary Engagement Operation [Elements] Adversary Engagement Narrative Environment Monitor Analysis The Deception Story The Engagement Environment The Collection System The Actions
  • 16. 16 Sol-[P3]: Adversary Engagement Operation [Goals] Expose Adversary on the network Affect Adversarys abilities Elicit Intelligence to learn [TTPs] Adversary Engagement Operation is an iterative and goal driven process that provides opportunities to improve threat models.
  • 17. 17 Sol-[P3]: Adversary Engagement Operation [Real Case] Adversary Engagement Operation is not the deployment of a technology stack Not Fire & Forget Solutions Misconfiguration Unpatched System Unplanned Operation
  • 18. 18 Sol-[P3]: Adversary Engagement Operation [10-Step-Process] Chapter 19: The Process of Deception [From page 147]
  • 19. 19 Sol-[P3]: Adversary Engagement Operation [10-Step-Process] - Define operation objective. - Construct an engagement narrative. - Define acceptable level of operational risk with stakeholders. Implement and deploy your designed activities. - Turn operational outputs into actionable intelligence. - Capture lessons learned. - Refine future engagements.
  • 20. 20 Sol-[P3]: Adversary Engagement [Operationalize The Methodologies] MITRE Engage Matrix A shared reference that bridges the gap between defenders and decision makers when discussing and planning for adversary engagement operation. The matrix empowers you to identify your adversary engagement goals, and then use those goals to shape operational activities. The matrix is divided vertically into two categories of actions; Strategic actions and engagement actions. The matrix is subdivided horizontally into Goals, Approaches, and Activities.
  • 21. 21 Sol-[P3]: Adversary Engagement [MITRE Engage Matrix]
  • 22. 22 Sol-[P3]: Adversary Engagement [MITRE Engage Matrix]
  • 23. 23 Sol-[P3]: Adversary Engagement [MITRE Engage Matrix]
  • 24. 24 Sol-[P3]: Adversary Engagement [Mapping] When Adversaries perform specific actions. ATT&CK Techniques Their actions reveal vulnerabilities Adversary Vulnerability The defender can take advantage for defensive purposes Engagement Activity
  • 26. 26 Sol-[P3]: Adversary Engagement [Integration] Active Cyber Defence Strategy
  • 27. 27 Results: - Most Impactful assets To limit your assessment - Risk Reduction by resilient security controls plan. - Shifting from Cybersecurity to Cyber Resilience. - Increasing Investment Efficiency.
  • 30. Some trees bend but not break under the weight of snow or high winds. 30 Amgad Magdy Strategist at SnellSec, UAE ______________ https://www.arabsecurityconference.com/speaker-2022-amgad-magdy https://www.linkedin.com/in/amgadmagdy/
About
息 2025 際際滷