MALWARE ANALYSIS MANAGEMENT CERN Email Malware Management System SHIVAM KAPOOR IT-DI-CSO IT AMPHI 31/03004 14 -08 -2018
The Problem Statement
Somewhere at CERN few years back. . . IT’s A Malware!!! It’s A Spyware!!!
The SOLUTION
Components In Use Fire. Eye Appliances Incoming Emails Fire. Eye Appliances Joe Security Sandbox Fire. Eye Appliances plays a great role in quarantining malicious email and providing us with basic alerts. MISP Threat Sharing
How do we Make i. T Happen?
Architecture - Part 1 Incoming Emails VM Fire. Eye Appliances CLOUD File System ST PO SHA 256_File. Size POST Alert Email Body MISP Report Malware Artifact Fire. Eye API Calls (UUID) Tables Daemon SQL Database Malware Info Appliance Info Sender’s Info Mail Info
Architecture - Part 2 HUMAN ACTOR Fire. Eye Appliances File System MISP Threat Sharing Platform Fire. Eye API Daemon SQL Database Malware Sandbox 250 API CALLS/MONTH
The RESULTS WE HAVE : )
Dashboard - Command Center
Joe Helps!!!
MISP Report Screenshot
What Have I Learnt?
A 5 Point Evaluation A DIVERSE ENVIRONMENT IMPORTANCE OF THREAT INTELLIGENCE CHANCE TO IMPROVE MY PROGRAMMING WRITING SECURE CODE WORKING WITH INDUSTRIAL INFRASTRUCTURE
Further Work Directions >>>
CONFIGURE MORE MALWARE TYPES INCREASE FUNCTIONALITIES ON DASHBOARD ROUTES FOR AUTOMATION OTHER VENDORS Timeline for further additions/improvements PROCESS FINAL OBJECTIVE MALWARE SAFE CERN
Future Impact At CERN. . .
Coming Back. . . IT’s A Malware!!! It’s A Spyware!!!
THANK YOU Malware Analysis Management SHIVAM KAPOOR IT-DI-CSO IT AMPHI 31/03004 14 -08 -2018