Embed Size (px)
Citation preview
SIMOC PLATFORM
Agenda
o About RustCon
o Introduction to CyberSecurity
o CyberSecurity - Concepts
o SIMOC as a platform to build and manage a cyber safety environment
o DEMO
About RustCon
• Founded on 2011, RustCon is a Brazilian Consulting Company
• Focus on Defense and Security Industry
• We are a Strategic Defense Company (or EED in Portuguese), certified by the Brazilian Ministry of Defense
INTRODUCTION TO CYBERSECURITY
What would happen if the electrical system of this city was shutting down?
... And if all air systems of that country stops?
... and also if the data of Social Security is hacked?
What can we expect if we face situations like these?
CHAOS
ECONOMIC LOSSES
Delivery of a Safety Cybernetic EnvironmentCHALLENGES
It is a LONG process...
require COMPLEX tasks
Manual process is error-prone
and non-repeatable
Safety Cybernetic EnvironmentACTIVITIES
Require multiples IT planning meeting
Define applications, middleware and
budget
Coordination across teams
Design Architecture Design Deployment and Configuration Setup Network
Create VMs Create Applications Assemble Workflow
Generate the traffic Test and qualify Manage the App lifecycle
Several weeks to be complete
Value Proposition
Design Provisioning Execute
provides agility to create a complete Software Defined Environment
Catalog of Scenarios which will support you to perform security tests.
CYBERSECURITY - CONCEPT
Cyber Security Concept
to PROTECT and to ENSURE the availability
of NETWORK SERVICES
in charge to the management and control of
the CRITICAL INFRASTRUCTURE
of an ORGANIZATION
“customized” cyber attack modes for specific
Company.
Current Scenario
Increasing number of cyber incidents against
government organizations
Increasing networks interconnections. 50 Billon de
devices with the Internet of Things till 2020.
GAP of 2.2 Millon security professionals till 2017
source: Websense Security Labs
source: Websense Security Labs
Fast Growth in Number of Incidents
Main Threatso violation of the National Securityo Sabotageo DDOSo Data theft
Energy, Oil&GasTelecommunicationsBanks
Targets
How to Act
Capability It’s all about to build knowledge into the team.
Prevent To define safety process in order to implement new cyber infrastructures
ActionMonitoring cyber infrastructues and put in place the plan for defence, to fix the issues and to recover the disasters
Unsafe environment
Safe Environment
Point-of-View
PreventMonitor Quick Response
Regulation Capability
Infrastructure
Decision Support System
Inteligence
THE SIMOC Simulador de Operações Cibernéticas
What is The SIMOC?It is a platform that allows the creation of cyber environments, with focus on security.
SIMOC
Capability
Assessment
Operations of Security Services
Capability
How to
• Scenarios already designed in Cyber attack and defense
• Real-time monitoring and the possibility of interfering in the progress of the training (pause, fast forward, rewind)
• Possibility of recording the training for further evaluation of students.
Benefits
• Training expertise from an environment that reflects the specifications of your own network
• knowledge Leveling with significant reduction of OPEX and CAPEX
• Capability development Continuously
Its goals are to form, train and update cyber analysts.
AssessmentAssessment of services and network elementsVulnerability and Risk Analysis
How to
• Create of a replica of the TIC infrastructure in a seggregated environment
• Emulate links (ADSL / Satelital / Ethernet / Customized)
• Traffic generation• Automated Cyber attacks and
defence
Benefits
• Support to Change Management• Support to Capacity
Management (Stress Test)• Support to Quality Management
(Regulation/certification)• Agility• OPEX / CAPEX reduction
Operations of Security ServicesCreation of Secure Services to be used in a production environmen
How to• Utilization of pre-configured
secure service packages (Templates)
• Integration with real and virtualized networks
Benefits• OPEX / CAPEX optimization• Services with high-level of
security
23
Catalog of Scenarios
Catalog of ScenariosThe SIMOC platform brings along a list of more than 50 ready-to-use
scenarios. And additionally allows the operator to add new scenarios. Check a few examples of scenarios in the catalog:
o Overcome protections (networks with Snort, Firewall and Squid)o Execute an SQL Injection attacko Modify the content of a web page with an FTP server vulnerable to Buffer Overflowo Obtain access to source code in execution on the web server and find flaws in the codeo Attach a client machine through sending a malicious link in an e-mail. The installed
malware will send files with confidential information from the client via e-mailo Attack a network with DHCP service, depleting the IP addresses of the official DHCP
server to personify the servero Overcome the access control, passing the conection through a DNS tunnel DNS to have
acccess to blocked services
Scenario of a power plant invasion - network
