Information Security Technologies and Markets - by Lawrence Pingree

Information Security Technologies & Markets -
by Lawrence Pingree
Random Knowledge
Detection Methods
File Analysis
Computed Hash
Uniqueness
Metadata Attributes
File Content Inspection
File Headers
Temporal Analysis
Temporal Analysis with Prevalence
How many users and how much time has taken
place.
Time/Date
Certificate and Signature Evaluation (PKI)
Packing Method
Multi-packing Analysis
Packing Method Used
etc.
rar
Arj
Zip
How many times packed?
How many types of packer formats used?
Actual packer format different than file
extension?
Network Specific
Protocol/File/Session Decode & Analysis
File Extraction
Playback (Surveillance)
File/Session Viewing
Correlation
Machine Learning (AI)
Classification, Correlation , Deviance from
Baselines (Heuristics)
Network Flow Analysis
Machine Learning (AI)
Classification, Correlation , Deviance from
Baselines (Heuristics)
Application Layer Analysis
Classification, Correlation , Deviance from
Baselines (Heuristics)
Deep Packet Inspection (DPI)
Application Identification
Application Command and Input Analysis
Normalized session inspection using regular
expressions (REGEX)
Machine Learning (AI)
Classification, Correlation , Deviance from
Baselines (Heuristics)
Regular Expression Blacklist
Application Profiling (Crawl)
Regular Expression Whitelist
IP Layer Analysis
TCP/UDP Ports
Source and Destination Analysis
IP Address
Source and Destination Analysis
Malware Behavioral Evaluations
Persistence
Installs as System Service
Installs Registry Keys in Startup locations
Modifies filesystem in specific locations
Suspicious Behaviors Evaluated
Attempts to login to systems that a
specific user credential is not normally
used on
Becomes another user on the system
CPU of Processes Spawned is high
Connects with a known bad URL or IP Address
Escalates privileges
Examines the Documents Folder or User
Document Folders
File Isn't widely prevalent in user population
Injects data into memory of another running
process
Modifies memory of another process
Opens TCP/IP Connections to other hosts
Performs a network port sweep
Process executes net use DOS command inside
command.exe
Process spawns command.exe
Removes logs/events of application
logs or operating system
Self Delete of files
Self-copy of files
Starts to repeatedly call the crypt function
(ransom sign)
Time of execution is not normal in context of
historical analysis
User
Activity on system when user's employment is
in termination status
Deviates from past user behavior
Device not historically associated to user
Login time anamoly
Login time outside user's home timezone
Privileged data accessed
Volumetric analysis
Deviation from baseline
Cut-paste function used
Remote access and time of day abnormal from
baselines
User authentication failure
User's browser or viewer is not the same as the
baseline
User is logging into system remotely and locally
simultaneously
User is logging into system remotely  (not
expected)
User is logging into system remotely at an
abnormal time
User is abnormally leveraging
applications that are administrative in
nature (Control Panel, Command.exe,
Group Policy Editor, etc)
Risk, Compliance and
Security Management
Firewall Workflow,Modeling &
Change Management
Checkpoint Software
Firemon
ManageEngine
Redseal Networks
Skybox
Tufin
Veriflow
Legal and regulatory
information governance
Privacy
Regulations, Awareness and
Training
Computer Based Training
Aujas
BeOne Development
Digital Defense
Fishnet Security
Inspired eLearning
Junglemap
KnowBe4
MediaPro
PhishMe
Phishline
Popcorn Training
Sans Institute
Scipp International
Secure Mentem
Security Innovation
Security Mentor
The Security Awareness Company
ThreatSim
Wombat Security Technologies
Educational, Awareness & News Outlets
Government Led
Information Sharing and
Analysis Centers (ISACs)
National Council of ISACs
http://www.isaccouncil.org/
Sector Specific ISACs
Communications
NCC
http://www.dhs.gov/national-coordinating-center-communications
Defense Industrial Base
DIB-ISAC
http://www.dibisac.net/
Electricity Sector
ES-ISAC
https://www.esisac.com/SitePages/Home.aspx
Emergency Services
EMR-ISAC
http://www.usfa.fema.gov/operations/ops_cip.html
Financial Services
FS-ISAC
https://www.fsisac.com/
Healthcare and Public Health
NH-ISAC
http://www.nhisac.org/
Higher Education
REN-ISAC
http://www.ren-isac.net/
Information Technology
IT-ISAC
http://www.it-isac.org/
Maritime
MSC
http://www.maritimesecurity.org/
Multi-State
MS-ISAC
https://msisac.cisecurity.org/
Oil and Natural Gas
ONG-ISAC
http://ongisac.org/
Public Transit
PT-ISAC
http://www.apta.com/resources/safetyandsecurity/Pages/ISAC.aspx
Real Estate
RE-ISAC
https://portal.reisac.org/SitePages/Index.aspx
Retail
R-CISC
http://www.rila.org/rcisc/Home/Pages/default.aspx
Supply Chain
SC-ISAC
https://secure.sc-investigate.net/SC-ISAC/ISACHome.aspx
Surface Transportation
ST-ISAC
https://www.surfacetransportationisac.org/
Water
Water-ISAC
https://portal.waterisac.org/home
Periodicals & Target Roles
Channel
Managed Security
MSPMentor
Value Added Reseller
CRN
CISO/CSO
CISO Magazine Indonesia
http://www.ciso.co.id/
CSO Australia
http://www.cso.com.au/
CSO Online
http://www.csoonline.com/
Infosecurity Magazine
http://www.infosecurity-magazine.com/
SC Magazine
http://www.scmagazine.com/
SC Magazine UK
http://www.scmagazineuk.com/
Security Engineers/Analysts
Infosec Island
Infosecurity Magazine
http://www.infosecurity-magazine.com/
SC Magazine
SecurityCurrent
Techtarget
http://searchsecurity.techtarget.com/
re/code
http://recode.net/category/security/
Industry Standards/Groups
Standards
Technical
M3AAWG
MITRE
NIST
IETF
Industry Groups
Audit
ISACA
General Security
Information Security
GIAC
ISC2
ISSA
Physical Security
Security Industry Association
Forensics
Digital Forensics Assocaition (DFA)
Regulations, Public Standards
and Contractual Mandates
Global
Payment Card Industry Data
Security Standards (PCIDSS)
NIST
27001
27002
Country/Region Specific
China
Singapore
European Union
EU Data Protection Act
United States
CIP
FISMA
HIPAA
HITECH
State Data Security Laws
California
SB1386
Security Policy and Response
Orchaestration Platforms
FireEye
Phantom
https://www.phantom.us/
Proofpoint
Security Program and Governance
Governance, Risk and Compliance
eGRC
Software as a Service
Bwise
Software
IT Risk Management
Agiliance
Allgress
Brinqa
ControlCase
Cyber Observer
EMC (RSA)
IBM
LockPath
MetricStream
Modulo
Nasdaq
Rsam
Compliance and Oversight
ACL
Bwise
CMO
Convercent
EMC
Enablon
ICF International
LockPath
MetricStream
Protivity
Resolver
Rivo
Rsam
SAI Global
Sword
Thompson Reuters
Operational Risk Management
Covelant
EMC (RSA)
Enablon
IBM
Mega
MetricStream
Modulo
Nasdaq
Protivity
Resolver
Rivo
SAP
SAS
Sword Group
Thompson Reuters
Wolters Kluwer
Wynyard Group
Vendor Management
Agiliance
Allgress
Brinqa
EMC(RSA)
LockPath
MetricStream
Modulo
Pravelent
Quantivate
Rsam
Audit Management
ACL
CMO Software
EMC
Enablon
IBM
Ideagen
Lockpath
Magique Galileo Software
Mega
MetricStream
Morgan Kai
Nasdaq OMX
ProcessGene
Protiviti
Resolver
Rivo Software
Sword
Thompson Reuters
Wolters Kluwer Audit, Risk & Compliance
Compliance Oriented Private
Cloud Hosting (COPCH)
Note: This list is not an
attestation of compliance
ClearData
HIPAA
Connectria
HIPAA
PCI
DataPipe
FISMA
HIPAA
PCI
SOX
SSAE16
FireHost
HIPAA
ISO 27001
PCI
SSAE16
SOC3
LogicWorks
HIPAA
PCI
SSAE16
RackSpace
ISO27001-2
PCI
SOC1
SOC2
SOC3
SSAE16
SafeHarbor
OnRamp
PCI
HIPAA
SafeHarbor
INETU
PCI
HIPAA
Operational Risk Analytics
Algosec
Cyber Observer
Cytegic
Firemon
IBM
Q1Radar Risk Manager
Redseal Networks
RiskIO
Skybox
Software Development Lifecycle
SD Elements
Solarwinds
Tufin
Cloud & Container Compliance
Assessment
Cavirin
Application Security
Web Application Firewalls
(WAF) & Application Security
Web Threat Disruption Technology
Software
NuCaptcha
NuData
Appliances
Juniper
Web App Secure
Shape Security
Open Source