SlideShare uma empresa Scribd logo

Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps

Skybox Security
Skybox Security

If you’re tasked with keeping your enterprise network infrastructure secure against cyber attacks, then you’d better start thinking like a hacker. Do you know what your network looks like? Where are all the access points? Can you create a short list of the most vital vulnerabilities a hacker could exploit? And how long does it take you to get this info? Days? Weeks? Never? In this webcast, we will discuss a practical game plan to continuously monitor your cyber security status and proactively fix concerns before they become a data breach or attack. Learn how to minimize risks by combining a detailed understanding of your network topology, cyber threats, and likely attack scenarios with everyday security management processes. This webcast is appropriate for firewall and network administrators, IT security managers, and CISOs in medium to large business and government agencies. We will examine: • Network mapping – How to create a virtual network model to use for security architecture planning and policy compliance checks • Access analysis – Ways to identify all network access routes , to block unauthorized access and quickly troubleshoot network availability issues • Securing the perimeter – Enable daily checks of firewalls and network devices to keep them configured securely • Attack simulation – Find and fix the vulnerabilities most likely to be used in an attack – every day

Tecnologia
1 de 29
Baixar para ler offline
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps • Michelle Johnson Cobb • VP, Marketing and BD • March 15, 2012 • SANS webcast © 2012 Skybox Security
Skybox Security Overview Leading Security Risk Management Solutions • Automated Firewall Management • Continuous Network Compliance • Risk and Vulnerability Management Unique, High-Performance Technology • Network Modeling • Access Path Analysis • Attack Simulation Proven in Demanding Network Environments • 6 of the top 10 banks, 5 of the 10 largest NATO members • Financial Services, Retail, Energy, Government, Defense, Retail, Telecommunications, Manufacturing, Technology © 2012 Skybox Security 2
Preventing Attacks is not Trivial • 300 firewalls • 25,000 rules • 250 routers/gateways • 55,000 nodes • 65 daily network changes • 10,000 daily reported vulnerabilities • Infrastructure spanning three continents © 2012 Skybox Security 3
First… Think Like a Hacker Pre-Attack Gather info on Or Find and Fix to network topology Reconnaissance? Prevent Attack? Find access paths Find exploitable vulnerabilities Hacker toolkit: Security Manager Wireshark, nmap, toolkit: Nessus, netcat, Try out attack Snort, Google, John scenarios the Ripper, etc. © 2012 Skybox Security 4
Building a Network Model Gather info on network topology Automatically import data from network devices, management systems Firewall Router Load IPS Vulnerability Patch Balancer Scanner © 2012 Skybox Security 5
Feeding the Network Model Gather info on network topology Must be imported, normalized, correlated © 2012 Skybox Security 6
How is the Model Created? Gather info on network topology • Import topology data • Device configs • Routing tables • Automatically create a hierarchical model tree, grouping hosts by TCP/IP network • Add function, location, type • Analyze model to detect missing info – hosts, ACLs, routing rules for gateways © 2012 Skybox Security 7
Comprehensive Network Model Gather info on network topology • Normalized view of the network security situation • Visualize entire network • Updated continuously • 3 models: Live, Forensic, and What-if © 2012 Skybox Security
Virtual “Sandbox” for Complex Security Analysis Analyze access paths Prioritize exposed vulnerabilities Find device misconfigurations © 2012 Skybox Security
Now - Check the Firewalls! Find access paths • Analyze firewall rule base against policies/best practices (NIST, PCI…) • Identify risky rules • Uniform policy for all firewalls
Access Analyzer Finds all Paths Find access paths • Complete End-to- End path analysis • Highlighting ACL’s and routing rules • Supports NAT, VPN, Dynamic Routing and Authenticated rules
Determine Rules Allowing Access Find access paths • Find blocking or allowing devices • Show rules involved • View routes
Check for Access Policy Violations Find access paths • Define what is allowed, limited and denied between Security Zones • Compliance Metrics • Violating Rules • Exceptions • Multiple policies • Dashboard
Exploitable Vulnerabilities? Start with the scan… Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490
Add Skybox Vulnerability Dictionary Content Find exploitable vulnerabilities • Collects vulnerability data from multiple sources (scanners, published repositories, threat feeds) • Represent vulnerabilities in standard format • Adds severity, degree of difficulty, commonality of exploit and attack impact (CIA) • Models pre-conditions for exploitation – used in attack simulation © 2012 Skybox Security 15
Look at Potential Threat Origins Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Compromised Partner
Simulate all Possible Attacks Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Attack Compromised Simulations Partner
How Attack Simulation Works Connectivity Path Probable attack vector to Finance servers asset group This attack is a “multi-step” attack, crossing several network zones Business Impact Attack Vector How to Block Potential Attack? © 2012 Skybox Security
Quantify and Prioritize Risks Vulnerability (CVSS Score & CIA Impact) + Exposure (Threat Origins & Network) + Business Impact (CIA Impact and Asset Importance) {Attack Simulation} Risk
Plan Defensive Strategy Most Critical Actions Vulnerabilities Threats © 2012 Skybox Security
Skybox Security Portfolio Firewall Assurance Network Assurance Risk Control Automated firewall Network compliance and Identify exposed analysis and audits access path analysis vulnerabilities Change Manager Threat Manager Complete firewall Workflow to address change workflow new threats © 2012 Skybox Security 21
Remote Buffer Overflow Attack Steps 1. Buffer overflow vulnerability MS11-004 on FTP server in DMZ 2. Exploit to gain root control on the FTP server 3. FTP server trust relations with DNS server in core network 4. DNS server running Free BSD has BIND vulnerability - enables control of DNS server 5. Finance server compromised. Significant damage or data loss
Prevent a Buffer Overflow Attack • Skybox Risk Control identifies attack paths Buffer Overflow Attack • Attack simulation reveals a small number of exposed vulnerabilities • Skybox issues urgent ticket request to patch the FTP server • Security team patches a single vulnerability to block potential attack and reduce high risk of Financial Server compromise © 2012 Skybox Security 23
Firewall Bypass Attack Steps 1. DMZ firewall allowed access through TCP port Firewall Bypass 443 to internal network (which might be okay) 2. A misconfigured load balancer rule performed NAT to TCP port 80 3. Allowing port 80 access to the development network – a very risky situation © 2012 Skybox Security 24
Preventing the Firewall Bypass Attack • Skybox Firewall Assurance automatically finds risky rules and configs in firewalls • Skybox Network Assurance creates up-to-date network model and checks rest of layer 3 devices - load balancers, switches, routers • Skybox checks policy rules such as: “No access from Internet to Internal except …” • End-to-end access path analysis – every possible path • Skybox issues tickets to address violations reported
Client-Side Attack Steps User opens infected email attachment or clicks link to a A vulnerability or misconfig malicious or hacked website on desktops is exploited and malware is installed Malware enables attacker to collect data from machine, continue attack within the network, and send data back to attacker Source: SANS Tutorial: HTTP Client-side Exploit
Preventing a Client-Side Attack EMEA region at highest risk Retrieve exact list of vulnerable hosts Remediate in order Adobe Reader 9.x and of risk impact 8.x contribute the majority of the risk (76%)
Best Practices to Prevent Attacks Get the comprehensive Find security gaps network view every day Prioritize by Validate changes Automate security risk level in advance processes © 2012 Skybox Security 28
Time for Questions Thank You! www.skyboxsecurity.com © 2012 Skybox Security

Recomendados

Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its typesMohammed Maajidh
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
02.security systems
02.security systems02.security systems
02.security systemsSri Lanka Institute of Information Technology
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 

Recomendados

Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
Modern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeModern Network Security Issue and Challenge
Modern Network Security Issue and ChallengeIkhtiar Khan Sohan
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its typesMohammed Maajidh
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
02.security systems
02.security systems02.security systems
02.security systemsSri Lanka Institute of Information Technology
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Duo Security
Duo Security Duo Security
Duo Security Amy Shah
 
GRE Tunnel Configuration
GRE Tunnel ConfigurationGRE Tunnel Configuration
GRE Tunnel ConfigurationNetProtocol Xpert
 
Ch 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsCh 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsSam Bowne
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
Gsm
GsmGsm
GsmBala V
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS BasicsMahendra Pratap Singh
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesCisco Mobility
 
CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1Nil Menon
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
CS6551 COMPUTER NETWORKS
CS6551 COMPUTER NETWORKSCS6551 COMPUTER NETWORKS
CS6551 COMPUTER NETWORKSKathirvel Ayyaswamy
 
Kablosuz Ağlarda Güvenlik
Kablosuz Ağlarda GüvenlikKablosuz Ağlarda Güvenlik
Kablosuz Ağlarda GüvenlikBGA Cyber Security
 
CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5Nil Menon
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
Firewall
FirewallFirewall
FirewallMudasser Afzal
 
Subnetting
SubnettingSubnetting
Subnettingselvakumar_b1985
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 

Mais conteúdo relacionado

Mais procurados

Duo Security
Duo Security Duo Security
Duo Security Amy Shah
 
Ch 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsCh 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsSam Bowne
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesCisco Mobility
 
CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1Nil Menon
 
CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5Nil Menon
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture InnoTech
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 

Mais procurados (20)

Aircrack
AircrackAircrack
Aircrack
 
Duo Security
Duo Security Duo Security
Duo Security
 
GRE Tunnel Configuration
GRE Tunnel ConfigurationGRE Tunnel Configuration
GRE Tunnel Configuration
 
Ch 7: Programming for Security Professionals
Ch 7: Programming for Security ProfessionalsCh 7: Programming for Security Professionals
Ch 7: Programming for Security Professionals
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+
 
Gsm
GsmGsm
Gsm
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 
CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
CS6551 COMPUTER NETWORKS
CS6551 COMPUTER NETWORKSCS6551 COMPUTER NETWORKS
CS6551 COMPUTER NETWORKS
 
Kablosuz Ağlarda Güvenlik
Kablosuz Ağlarda GüvenlikKablosuz Ağlarda Güvenlik
Kablosuz Ağlarda Güvenlik
 
CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5CCNA 2 Routing and Switching v5.0 Chapter 5
CCNA 2 Routing and Switching v5.0 Chapter 5
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
 
Firewall
FirewallFirewall
Firewall
 
Subnetting
SubnettingSubnetting
Subnetting
 
Network Security Architecture
Network Security Architecture Network Security Architecture
Network Security Architecture
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 

Semelhante a Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps

Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Khazret Sapenov
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6Irsandi Hasan
 
Security best practices
Security best practicesSecurity best practices
Security best practicesAVEVA
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App AttacksAlert Logic
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web AttacksAlert Logic
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Apostolos Giannakidis
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Skybox Security
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidOpen Data Center Alliance
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLiphonepentest
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 

Semelhante a Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps (20)

Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6
 
Security best practices
Security best practicesSecurity best practices
Security best practices
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 

Mais de Skybox Security

Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceSkybox Security
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskSkybox Security
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
 
Secure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual IntelligenceSecure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual IntelligenceSkybox Security
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...Skybox Security
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewSkybox Security
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Skybox Security
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Skybox Security
 
Infosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementInfosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementSkybox Security
 
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability DiscoveryInfosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability DiscoverySkybox Security
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesSkybox Security
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Skybox Security
 
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline SecurityInfosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline SecuritySkybox Security
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkSkybox Security
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply Skybox Security
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewSkybox Security
 

Mais de Skybox Security (20)

Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
Secure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual IntelligenceSecure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual Intelligence
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security?
 
Infosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementInfosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change Management
 
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability DiscoveryInfosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
 
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline SecurityInfosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics Overview
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps

  • 1. Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps • Michelle Johnson Cobb • VP, Marketing and BD • March 15, 2012 • SANS webcast © 2012 Skybox Security
  • 2. Skybox Security Overview Leading Security Risk Management Solutions • Automated Firewall Management • Continuous Network Compliance • Risk and Vulnerability Management Unique, High-Performance Technology • Network Modeling • Access Path Analysis • Attack Simulation Proven in Demanding Network Environments • 6 of the top 10 banks, 5 of the 10 largest NATO members • Financial Services, Retail, Energy, Government, Defense, Retail, Telecommunications, Manufacturing, Technology © 2012 Skybox Security 2
  • 3. Preventing Attacks is not Trivial • 300 firewalls • 25,000 rules • 250 routers/gateways • 55,000 nodes • 65 daily network changes • 10,000 daily reported vulnerabilities • Infrastructure spanning three continents © 2012 Skybox Security 3
  • 4. First… Think Like a Hacker Pre-Attack Gather info on Or Find and Fix to network topology Reconnaissance? Prevent Attack? Find access paths Find exploitable vulnerabilities Hacker toolkit: Security Manager Wireshark, nmap, toolkit: Nessus, netcat, Try out attack Snort, Google, John scenarios the Ripper, etc. © 2012 Skybox Security 4
  • 5. Building a Network Model Gather info on network topology Automatically import data from network devices, management systems Firewall Router Load IPS Vulnerability Patch Balancer Scanner © 2012 Skybox Security 5
  • 6. Feeding the Network Model Gather info on network topology Must be imported, normalized, correlated © 2012 Skybox Security 6
  • 7. How is the Model Created? Gather info on network topology • Import topology data • Device configs • Routing tables • Automatically create a hierarchical model tree, grouping hosts by TCP/IP network • Add function, location, type • Analyze model to detect missing info – hosts, ACLs, routing rules for gateways © 2012 Skybox Security 7
  • 8. Comprehensive Network Model Gather info on network topology • Normalized view of the network security situation • Visualize entire network • Updated continuously • 3 models: Live, Forensic, and What-if © 2012 Skybox Security
  • 9. Virtual “Sandbox” for Complex Security Analysis Analyze access paths Prioritize exposed vulnerabilities Find device misconfigurations © 2012 Skybox Security
  • 10. Now - Check the Firewalls! Find access paths • Analyze firewall rule base against policies/best practices (NIST, PCI…) • Identify risky rules • Uniform policy for all firewalls
  • 11. Access Analyzer Finds all Paths Find access paths • Complete End-to- End path analysis • Highlighting ACL’s and routing rules • Supports NAT, VPN, Dynamic Routing and Authenticated rules
  • 12. Determine Rules Allowing Access Find access paths • Find blocking or allowing devices • Show rules involved • View routes
  • 13. Check for Access Policy Violations Find access paths • Define what is allowed, limited and denied between Security Zones • Compliance Metrics • Violating Rules • Exceptions • Multiple policies • Dashboard
  • 14. Exploitable Vulnerabilities? Start with the scan… Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490
  • 15. Add Skybox Vulnerability Dictionary Content Find exploitable vulnerabilities • Collects vulnerability data from multiple sources (scanners, published repositories, threat feeds) • Represent vulnerabilities in standard format • Adds severity, degree of difficulty, commonality of exploit and attack impact (CIA) • Models pre-conditions for exploitation – used in attack simulation © 2012 Skybox Security 15
  • 16. Look at Potential Threat Origins Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Compromised Partner
  • 17. Simulate all Possible Attacks Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Attack Compromised Simulations Partner
  • 18. How Attack Simulation Works Connectivity Path Probable attack vector to Finance servers asset group This attack is a “multi-step” attack, crossing several network zones Business Impact Attack Vector How to Block Potential Attack? © 2012 Skybox Security
  • 19. Quantify and Prioritize Risks Vulnerability (CVSS Score & CIA Impact) + Exposure (Threat Origins & Network) + Business Impact (CIA Impact and Asset Importance) {Attack Simulation} Risk
  • 20. Plan Defensive Strategy Most Critical Actions Vulnerabilities Threats © 2012 Skybox Security
  • 21. Skybox Security Portfolio Firewall Assurance Network Assurance Risk Control Automated firewall Network compliance and Identify exposed analysis and audits access path analysis vulnerabilities Change Manager Threat Manager Complete firewall Workflow to address change workflow new threats © 2012 Skybox Security 21
  • 22. Remote Buffer Overflow Attack Steps 1. Buffer overflow vulnerability MS11-004 on FTP server in DMZ 2. Exploit to gain root control on the FTP server 3. FTP server trust relations with DNS server in core network 4. DNS server running Free BSD has BIND vulnerability - enables control of DNS server 5. Finance server compromised. Significant damage or data loss
  • 23. Prevent a Buffer Overflow Attack • Skybox Risk Control identifies attack paths Buffer Overflow Attack • Attack simulation reveals a small number of exposed vulnerabilities • Skybox issues urgent ticket request to patch the FTP server • Security team patches a single vulnerability to block potential attack and reduce high risk of Financial Server compromise © 2012 Skybox Security 23
  • 24. Firewall Bypass Attack Steps 1. DMZ firewall allowed access through TCP port Firewall Bypass 443 to internal network (which might be okay) 2. A misconfigured load balancer rule performed NAT to TCP port 80 3. Allowing port 80 access to the development network – a very risky situation © 2012 Skybox Security 24
  • 25. Preventing the Firewall Bypass Attack • Skybox Firewall Assurance automatically finds risky rules and configs in firewalls • Skybox Network Assurance creates up-to-date network model and checks rest of layer 3 devices - load balancers, switches, routers • Skybox checks policy rules such as: “No access from Internet to Internal except …” • End-to-end access path analysis – every possible path • Skybox issues tickets to address violations reported
  • 26. Client-Side Attack Steps User opens infected email attachment or clicks link to a A vulnerability or misconfig malicious or hacked website on desktops is exploited and malware is installed Malware enables attacker to collect data from machine, continue attack within the network, and send data back to attacker Source: SANS Tutorial: HTTP Client-side Exploit
  • 27. Preventing a Client-Side Attack EMEA region at highest risk Retrieve exact list of vulnerable hosts Remediate in order Adobe Reader 9.x and of risk impact 8.x contribute the majority of the risk (76%)
  • 28. Best Practices to Prevent Attacks Get the comprehensive Find security gaps network view every day Prioritize by Validate changes Automate security risk level in advance processes © 2012 Skybox Security 28
  • 29. Time for Questions Thank You! www.skyboxsecurity.com © 2012 Skybox Security