In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated.
Catch the full on-demand webinar here:
https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1
Simplifying Microservices & Apps - The art of effortless development - Meetup...
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
1. The Hacker Playbook: How to Think
Like a Cybercriminal to Reduce Risk
@paulacqure
@CQUREAcademy
CONSULTING
Greg Tworek
CQURE Consulting: Director
CQURE Academy: Trainer
Mike Jankowski - Lorek
CQURE: Cloud Solutions & Machine Learning Expert
CQURE Academy: Trainer
2. What does CQURE Team do?
Consulting services
High quality penetration tests with useful reports
Applications
Websites
External services (edge)
Internal services
+ configuration reviews
Incident response emergency services
– immediate reaction!
Security architecture and design advisory
Forensics investigation
Security awareness
For management and employees
info@cqure.us
Trainings
Security Awareness trainings for executives
CQURE Academy: over 40 advanced security
trainings for IT Teams
Certificates and exams
Delivered all around the world only by a CQURE
Team: training authors
3.
4. by Paula Januszkiewicz
Discounts for Beyond Trust webinar attendees!
Interested? Drop us quick email at: info@cqure.us
More info: https://cqureacademy.com/trainings
8. According to the industry’s statistics, by 2019 the
market will need 6 mln security professionals.
But only 4 to 5 million of them will have the needed
qualifications.
*Source: Financial Times
24. Reason 1: Security is both a Reality and Feeling
For End User
Security is a feeling
Success lies in influencing the “feeling” of security
25. Reason 2: Not every attack(er) is that smart
Control efficiency
Risk
severity/
Attacker
Smartness/
Attack
Efficiency
Technology & Processes
Awareness & Competence
Automatic security controls – AV, Updates
Technology + Human – Firewall configuration,
Choosing a secure Wifi
Human – Recognizing a zero day attack,
Phishing mails, Not posting business
information in social media
The very smart attacker
1
2
3
4
People exaggerate risks
that are spectacular or
uncommon
26. Technology…yes, but humans… of course!
Aircrafts have become more advanced,
but does it mean that pilot training
requirements have reduced?
Medical technology has become more
advanced, but will you choose a hospital
for it’s machines or the doctors?
28. Summary: Introducing 12 Skills
Understanding is the key to security
Continuous vulnerability discovery
Context-Aware Analysis
Prioritization
Remediation and Tracking
Configuration reviews
Put on the Hacker’s Shoes
Prevention is the key to success
29. #1 Skill: Machine Learning for Threat Protection Implementation of
the process execution prevention (AppLocker etc.)
#2A Skill: Incident Response Plan
#2B Skill: Malware Analysis Sandbox
#3 Skill: Whitelisting
#4 Skill: Privileged Access Management (+password management)
#5 Skill: Working PKI Implementation
#6 Skill: Hardware-based Credentials Protection
1 - 6
30. #7 Skill: PowerShell Level Master
#8 Skill: Learn How to Talk Security to Employees
#9 Skill: Event Tracing For Windows
#10 Skill: Log Centralization
#11 Skill: Mastered Newest Technologies (example: Windows 10
solutions)
#12 Skill: Testing Yourself When You Can
7 - 12
31. Additional Resources
Websites
Ars Technica
The Register
The Hacker News
Dark Reading
Krebs on Security
Computer World
Threat Post
Beta News
Tech News World
Tech Crunch
ZDNetSecurity Affairs
Computer Weekly
Network World
SC Magazine
Wired
Schneier on Security
32.
33.
34. by Paula Januszkiewicz
Discounts for Beyond Trust webinar attendees!
Interested? Drop us quick email at: info@cqure.us
More info: https://cqureacademy.com/trainings
36. BeyondTrust delivers cyber security software that keeps
the most powerful users and assets in an organization
under control so there is less risk from a data breach.
Our platform unifies the most effective technologies for
addressing internal and external risk:
Privileged Access Management
Vulnerability Management
Threat & Behavioral Analytics
37. Privilege abuse was behind 81% of insider misuse incidents.
Source: Verizon 2017 Data Breach Investigations Report
INSIDER
THREATS
• Excessive privileges
• Unmanaged passwords
• Accounts hijacked by attackers
38. In 75% of cases, attackers compromised the organization from outside
and within minutes.
Source: Verizon 2015 Data Breach Investigations Report
EXTERNAL
HACKING
• Nation states
• Crime rings
• Hactivists
39. Average time to discover an attacker has breached a system:
256 days
Source: Ponemon and IBM, “2015 Cost of Data Breach Study: Global Analysis”
HIDDEN
THREATS
• Users & assets demonstrating risky behavior
• Disparate evidence buried in data feeds
• Advanced Persistent Threats
40. EMPLOYEES AND OTHER INSIDERS
HAVE UNNECESSARY ACCESS
Employees, vendors and other insiders are often given
excessive access to systems and data – and that access
can go unmonitored.
Source: Verizon 2017 Data Breach Investigations Report
88% of cases, attackers compromise an organization using
definable patterns established as early as 2014
41. Privilege abuse was behind 81% of insider misuse incidents.
Source: Verizon 2017 Data Breach Investigations Report
CREDENTIALS ARE SHARED
AND UNMANAGED
Passwords are created and shared, but aren’t audited,
monitored or managed with discipline or accountability.
42. IT ASSETS COMMUNICATE
UNCHECKED
Desktops, laptops, servers and applications communicate and
open paths to sensitive assets and data.
Source: Verizon 2015 Data Breach Investigations Report
99% of successful attacks leverage known vulnerabilities
43. • Attackers look to exploit a user or
system
• Subsequently seek users with elevated
credentials
• Excessive Privileges
• Unmanaged Passwords
• Accounts Hijacked by Attackers
External Hacking
Insider Threats
• Increasing frequency & sophistication
• Users & assets demonstrating risky
behavior
• Disparate evidence buried in data feeds
Hidden Threats
Threats
• Discover, manage and monitor all privileged accounts and SSH keys
• Enforce least privilege across all Windows and Mac endpoints
• Gain control and visibility over Privileged Activities
• Dynamically adjust access policies based on user and asset risk
• Aggregate users & asset data to centrally baseline and track behavior
• Correlate diverse asset, user and threat activity to reveal critical risks
• Identify potential malware threats buried in asset activity data
• Notify BeyondTrust and Partner solutions of suspect activities
Vulnerability Management
Threat Analytics
• Discover network, web, mobile, cloud and virtual infrastructure
• Remediate vulnerabilities through prescriptive reporting
• Protect endpoints against client-side attacks
Privileged Access Management
Asset and Privilege Vulnerabilities BeyondInsight
Delivery
1 Reconnaissance
3
5 Installation
7
Action on Objectives
6Command &
Control (C2)
4Exploitation
2
Weaponization
Sample Kill Chain
BeyondTrust Strategic Portfolio
44. RETINA
VULNERABILITY MANAGEMENT
POWERBROKER
PRIVILEGED ACCOUNT MANAGEMENT
PRIVILEGE
MANAGEMENT
ACTIVE DIRECTORY
BRIDGING
PRIVLEGED
PASSWORD
MANAGEMENT
AUDITING &
PROTECTION
ENTERPRISE
VULNERABILITY
MANAGEMENT
BEYONDSAAS
CLOUD-BASED
SCANNING
NETWORK SECURITY
SCANNER
WEB SECURITY
SCANNER
BEYONDINSIGHT CLARITY THREAT ANALYTICS
BEYONDINSIGHT IT RISK MANAGEMENT PLATFORM
EXTENSIVE
REPORTING
CENTRAL DATA
WAREHOUSE
ASSET
DISCOVERY
ASSET
PROFILING
ASSET SMART
GROUPS
USER
MANAGEMENT
WORKFLOW &
NOTIFICATION
THIRD-PARTY
INTEGRATION
45. Quick Poll + Q&A
Thank you for attending today’s
webinar!