Cyber Threats Scenarios
and Defense Model Principles
ASSOCHAM Cyber Security Conference
April 2011
Presented by Dr. Nimrod Kozlovski, Chairman, Nimrod@altalsec.com, +972 544 336056
©All Right Reserved to Altal Security Ltd., 2011.
Greece
Interception
Georgia
dDoS
Brazil
Critical
Iran
Stuxnet
Infrastructure
COMODO
Certification
Theft
Australia
Hacking
Korea
2005
2007
Estonia
dDoS
2008
2009
China
Ghostnet
©All Right Reserved to Altal Security Ltd., 2011.
2009
2010
China
DNS
Redirection
2010
NSDQ
Interception
2011
GPS
manipulation
RSA
Algorithm
Theaft
Impersonation of legit
activity in all layers
Not necessarily
immediate effect
Not necessarily
Identifiable destruction
Action
Purpose
Personal
computer
intrusion
Remote
network
intrusion
Computer
and Storage
Theft
Data
Mining
Unintentional
Data Leakage
Network
Social
Engineering
Re-transmission on
existing
infrastructure
External
impersonation
Copy by
Internals
Communication
Re-transmission via
RF
Code Embed/
Manipulation
Hardware Hiding
©All Right Reserved to Altal Security Ltd., 2011.
Monitoring
Threat
Mapping and
analysis
Destruction
Traffic redirection
Voice Interception
Data Interception
Future control
Focused Blockings
Critical Infrastructure
Closed-Garden Networks
(Military, Gov)
Industrial Open Infrastructure
(Water, Transportation, Telecom)
Interconnectivity
Complexity
Openness
©All Right Reserved to Altal Security Ltd., 2011.
(Power, Nuclear)
©All Right Reserved to Altal Security Ltd., 2011.
National Level
Threat Analysis
Synchronization
Technology
Development
Requires National Involvement
Efficient
Enforcement
Traditional passive protection (Enterprise-Based)
Network security Structure and security
standards are known
Does not consider up-to-date attack
scenarios
National Interest not in
focus
Trusted User
IT oriented security
technologies
Protected Asset
Known (standard)
Infrastructure
Perimeter
Security Structure does not dramatically
change (but upgraded)
©All Right Reserved to Altal Security Ltd., 2011.
Technologies are not tailored to be
compatible with new threat model
Shared
Pro-Active
Inter-sector information
sharing (Private-Public
sharing model)
Traps/ Honey-pots
Distributed sensors
system (connecting the
‘dots’)
Research vulnerabilities of
Target systems
Shared monitoring and
analytics of incidents
Initiate attacks to identify
reaction
Hiding capabilities in
target systems
Monitor patterns/Profiles
©All Right Reserved to Altal Security Ltd., 2011.
Integrative
Integrated cross- sectors
analysis
One coordinating entity
for all sectors
Integrated incentive
structure for defense
Central incident
response ”brain”
Shared
Pro-Active
Integrative
Development
Telecom Security
Compliance Management
Electronic Seamless
Segregation
©All Right Reserved to Altal Security Ltd., 2011.
Massive Traffic
Anomaly detection
Telco Firmware
Integrity
Altal Israel
____________________________________________________
Dr. Nimrod Kozlovski Chairman nimrod@altalsec.com +972 544336056
Netanel (Nati) Davidi, CEO
nati@altalsec.com
+972 525406775
Altal India
____________________________________________________
Dr. D.K. Ghosh, Board Member
dkg@altalsec.com
+981 1264849
Avi Gutgold, Country Manager
avi@altalsec.com
+919 953780090