MALWARE ANALYSIS MANAGEMENT CERN Email Malware Management System

MALWARE ANALYSIS MANAGEMENT CERN Email Malware Management System SHIVAM KAPOOR IT-DI-CSO IT AMPHI 31/03004 14 -08 -2018

The Problem Statement

Somewhere at CERN few years back. . . IT’s A Malware!!! It’s A Spyware!!!

The SOLUTION

Components In Use Fire. Eye Appliances Incoming Emails Fire. Eye Appliances Joe Security Sandbox Fire. Eye Appliances plays a great role in quarantining malicious email and providing us with basic alerts. MISP Threat Sharing

How do we Make i. T Happen?

Architecture - Part 1 Incoming Emails VM Fire. Eye Appliances CLOUD File System ST PO SHA 256_File. Size POST Alert Email Body MISP Report Malware Artifact Fire. Eye API Calls (UUID) Tables Daemon SQL Database Malware Info Appliance Info Sender’s Info Mail Info

Architecture - Part 2 HUMAN ACTOR Fire. Eye Appliances File System MISP Threat Sharing Platform Fire. Eye API Daemon SQL Database Malware Sandbox 250 API CALLS/MONTH

The RESULTS WE HAVE : )

Dashboard - Command Center

Joe Helps!!!

MISP Report Screenshot

What Have I Learnt?

A 5 Point Evaluation A DIVERSE ENVIRONMENT IMPORTANCE OF THREAT INTELLIGENCE CHANCE TO IMPROVE MY PROGRAMMING WRITING SECURE CODE WORKING WITH INDUSTRIAL INFRASTRUCTURE

Further Work Directions >>>

CONFIGURE MORE MALWARE TYPES INCREASE FUNCTIONALITIES ON DASHBOARD ROUTES FOR AUTOMATION OTHER VENDORS Timeline for further additions/improvements PROCESS FINAL OBJECTIVE MALWARE SAFE CERN

Future Impact At CERN. . .

Coming Back. . . IT’s A Malware!!! It’s A Spyware!!!

THANK YOU Malware Analysis Management SHIVAM KAPOOR IT-DI-CSO IT AMPHI 31/03004 14 -08 -2018