SlideShare uma empresa Scribd logo

Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021

T
Teemu Tiainen

The great cyber security expert Sami Laiho returned as a keynote speaker with the theme of Zero Trust, but this time from the point of view of securing endpoint applications. Sami Laiho is an internationally renowned and recognized specialist in access rights and endpoint security. In this webinar, Laiho and Centero's Juha Haapsaari discussed the Zero Trust model and securing endpoint applications – even in environments of over 100,000 workstations. These are some of the themes we covered: • How to ease your workload with allow-listing. • Is allow-listing difficult? (A hint: it is not.) • Implementing AppLocker to trim down your application portfolio. • Restricting admin rights to control your IT environment. • Managing and updating applications after allow-listing operations. Zero Trust is a new paradigm for cyber security in organizations. Modern IT environments are complex by nature, and both users and devices are constantly on the move. Traditional methods are not sufficient to properly secure this kind of environment, and that’s where Zero Trust comes in.

Software
1 de 68
Baixar para ler offline
1 Zero Trust And Best Practices for Securing Endpoint Apps Webinar starting soon… Speakers: ⬅ Sami Laiho (Adminize) and Juha Haapsaari (Centero) ➡ 💬 Present questions in the chat.
2 Results of Survey Zero Trust Allow- listing AppLocker Keeping apps up to date Q & A Agenda 💬 Present questions in the chat.
3 Results of the survey in the LinkedIn event 💬 Present questions in the chat.
4 Special Guest ⭐ 💬 Present questions in the chat.
5 Sami’s Agenda • How to ease your workload with allow-listing. • Is allow-listing difficult? • Implementing AppLocker to trim down your application portfolio. • Restricting admin rights to control your IT environment. • Managing and updating applications after allow-listing operations.
6 Sami Laiho Senior Technical Fellow adminize.com / Sulava • IT Admin since 1996 • MCT since 2001 • MVP in Windows OS since 2011 • ”100 Most Influencal people in IT in Finland” – TiVi’2019,2020 • Specializes in and trains: • Troubleshooting • Windows Internals • Security, Social Engineering, Auditing • Centralized Management, Active Directory • Trophies: • Ignite 2018 – Session #1 and #2 (out of 1708) ! • Best Speaker at NIC, Oslo 2016, 2017, 2019 and 2020 • Best External Speaker at Ignite 2017 • TechDays Sweden 2016, 2018 – Best Speaker • Best Session at AppManagEvent 2017, 2018, Utrecht • Best Sessions (#1 and #2) at TechTalks 2017, Helsinki • TechEd Europe and North America 2014 - Best session, Best speaker • TechEd Australia 2013 - Best session, Best speaker • TechEd Europe 2013 - Best Session by an external speaker
7 What I do day to day…
8 8
9 If you’re not on Twitter get on Twitter! @samilaiho
10 Big Concepts to Harden Security
11 ”An ounce of prevention is worth a pound of cure” Benjamin Franklin
12 Why Zero Trust? • Empower your users to work more securely anywhere and anytime, on any device • Enable digital transformation with intelligent security for today’s complex environment • Close security gaps and minimize risk of lateral movement
13 Zero Trust principles Verify explicitly Use least privileged access Assume breach
14 https://centero.fi/en/centero-webinar- ft-sami-laiho-feb-2021/ If you missed the previous webinar…
15 My Take on Secure Environment • Up to date hardware and software inventory • BitLocker • Principle of Least Privilege • Allow listing • Tier Model for AD • Using PAW-model • Authenticating/Encrypting all network traffic • MFA, strong authentication • Monitoring (SIEM & SOC)
16 This time we will focus on
17 Allow-listing (aka Whitelisting)
18 Mythbusting Time!
19 Myth 1: More Manpower Needed
20 Myth 2: Allow-listing is difficult because of thousands of apps
21 Myth 3: Allow-listing requires Enterprise version of Windows
22 About the Project
23 Every Project Starts with Logging
24
25 Choose your Allow-listing solution
26 Allow-Listing options • Windows NT4 • User Policy driven whitelist for exe names • Windows XP/2003 • Software Restriction Policy • Windows 7 Enterprise+ / Server 2008 r2+ • AppLocker • Windows 10 Enterprise+ / Server 2016+ • Hypervisor-based Code Integrity (HVCI) • Third Party…
27 Common things about Allow-listing • Allow-listing is the most effective way to increase a companys security! • Effective Allow-listing works only when combined with the Principle of Least Privilege • Windows Defender Application Control works for admins as well… if it works… • No builtin reporting in native options • Allow-listing is a security barrier – Deny-listing is not! • For servers things are a little different (RDS vs others)
28 Software Restriction Policy SRPv1
29 SRPv1 – Software Restriction Policy • Allow-list or Deny-list • One ruleset • Executables • Dlls • Scripts • Windows Installers • Extensible list of filetypes • Targeted at the computer level • Can rule out admins • SRP supports four types of rules: • Hash • Path • Signature • Internet zone • No support for Universal Apps • No Audit mode • No rule exceptions • No import/export
30 DEMO
31 AppLocker SRPv2
32 AppLocker • Blacklisting and Whitelisting • Can target computers, users or groups • All software needs to be preapproved in some way • Location, hash or signature based • Is based on a native function of the Windows OS since Windows 7 • Requires Enterprise version of Windows (unless you have inTune) • Requires the AppIDSvc-service and uses a Kernel Mode driver for enforcement
33 Inheritance
34 File/Folder Rules • You can allow a Folder as c:folder* • You can allow a certain file like c:folderfile.exe • You can also use wildcard * like c:users*appdatalocalSoftware1* • AppLocker doesn’t support Windows variables • Sysvol or NETLOGON require all DC’s to be added separately • dc1SYSVOL* • dc2SYSVOL* • dc3SYSVOL* • UNC-paths might need to be added in three different formats • Server1Share* • server1.domain.localShare* • 172.16.0.21Share* • R:*
35 Publisher-rules • Best option after Path-rules • Try to stick to Company-level instead of certain filenames or versions • *-rule says that any file signed by a trusted signer is OK to run • Trust your own certificate or buy an externally trusted certificate
36 Hash-rules • Don’t use unless you can’t use Path-rules or Publisher-rules • Usable exception if the binary doesn’t change often
37 AppLocker HOW TO • Keep to containers not items – Folders vs Files, Publishers vs Hashes • Remember to audit your installation with AccessChk! • Remember NO ADMIN RIGHTS!!
38 Simplest AppLocker • Relies on the knowledge of the user
39 Simplest AppLocker for Service Providers
40 Signing • 95% of Malware is not signed – just something to think about • You can sign apps yourself • Use Timestamp if possible! • If you have the cert on your computer installed: • Signtool sign /v /s MY /n MyPrivateCert /t http://timestamp.verisign.com/scripts/timstamp.dll FileToSign.exe • If not: • Guide: https://blogs.msdn.microsoft.com/winsdk/2009/11/13/steps-to- sign-a-file-using-signtool-exe/
41 AppLocker Example Policies
42 AppLocker example • My current • Replace Matti Laiho with you companies own cert • Replace HP with your UEFI provider
43 PowerShell Denied from Limited Users That’s what I do
44 MS Recommendations for PowerShell
45 PowerShell for AppLocker in production
46 Notification when something fails • https://cloudrobots.net/2014/08/24/trig ger-a-powershell-script-from-a-windows- event/ • https://clusteringformeremortals.com/20 18/10/28/step-by-step-how-to-trigger- an-email-alert-from-a-windows-event- that-includes-the-event-details-using- windows-server-2016/
47 Hardening
48 Twitter • @Oddvarmoe • @subTee • @mattifestation • @enigma0x3 • @aionescu • @tifkin_ • @bohops • @PhilipTsukerman • @samilaiho ;)
49 Hardening Whitelisting Make sure your containers don’t leak (this is one batch file) – CHECK THE LATEST FROM GITHUB! https://gist.github.com/api0cradle/95cd51fa1aa735d93311 86f934df4df9#file-accesschk-bat
50 Higher level GPO for Hardening
51 Tools to help • Oddvar Moe’s • Ultimate AppLocker ByPass List • https://github.com/api0cradle/UltimateAppLockerByPassList • PowerAL • https://github.com/api0cradle/PowerAL • AaronLocker • https://blogs.msdn.microsoft.com/aaron_margosis/2019/01/28/aaronlocker- moved-to-github/ • Microsoft’s list of what to block: https://docs.microsoft.com/en- us/windows/security/threat-protection/windows-defender- application-control/microsoft-recommended-block-rules
52 Firewall
53 AppLocker via Intune
54 Device Guard aka Windows Defender Application Control
55 Device Guard • Single purpose machines • Currently for example Office is super difficult • No user exceptions • VERY HARDCORE!! • Especially with Hypervisor level enforcement • Drivers need to support it • Some really don’t… • IO-MMU to make it bulletproof
56 “DeviceGuard is like AppLocker on Steroids!”
57
58
59 Allow-Listing can stabilize what you have… But now that you have a strict list of what you allow you still need to keep those up to date!
60 Installed apps are always up to date without distracting users Initial app deployment Forced by admins Available for users Available apps are allow-listed by organization policies User friendly application deployment
61 End-users New features and bug fixes to applications Don’t need to worry about installations, updating etc. Always up-to-date tools IT department Standartized and managed endpoint environment is easier to maintain. It also produces less support requests to contact center License management is simpler Organization Saves end users’ and IT derpartment’s time Improves cybersecurity a lot Why endpoint applications should be managed? 💬 Present questions in the chat.
62 Installation Updating / patching apps Removal Application lifecycle management? 💬 Present questions in the chat.
63 What annoys end users on app updates? 40 % Confusion 40 % Lost time 20 % Wrong time 20 % Too much 💬 Present questions in the chat.
64 Keeping applications up to date ”manually” Monitoring software versions and vulnerabilities Repeats every working day. Downloading an installation package Packaging Testing Upload to a management system Configuring a deployment Repeats for every new application version. 💬 Present questions in the chat.
65 Installed apps are always up to date without distracting user Centero Software Manager Initial app deployment Forced by admins Silently on background Available for users Self-service (Company Portal, Software Center etc.) Available apps are allow-listed by organization policies AppLocker User friendly application deployment
66 CSM is built to automatize your application management 💬 Present questions in the chat.
67 It’s a demo time! 💬 Present questions in the chat.
68 Q & A Start a CSM trial: http://bit.ly/ csm-trial 💬 Present questions in the chat.

Recomendados

ITIL Version 4 Presentation for self reading
ITIL Version 4 Presentation for self readingITIL Version 4 Presentation for self reading
ITIL Version 4 Presentation for self readinggurunath29
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoNCCOMMS
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
The 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudThe 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudJoaquin Marques
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Improve monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsImprove monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsNilesh Gule
 

Recomendados

ITIL Version 4 Presentation for self reading
ITIL Version 4 Presentation for self readingITIL Version 4 Presentation for self reading
ITIL Version 4 Presentation for self readinggurunath29
 
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoCSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami LaihoNCCOMMS
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
The 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudThe 15 ITIL Steps to DBaaS in the Cloud
The 15 ITIL Steps to DBaaS in the CloudJoaquin Marques
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureKarthikeyan Dhayalan
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Improve monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsImprove monitoring and observability for kubernetes with oss tools
Improve monitoring and observability for kubernetes with oss toolsNilesh Gule
 
Cism course ppt
Cism course pptCism course ppt
Cism course pptsophiarock123
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top TenChristian Heinrich
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)Sam Bowne
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Data Design for Microservices
Data Design for MicroservicesData Design for Microservices
Data Design for MicroservicesAmazon Web Services
 
Wallix AdminBastion - Privileged User Management & Access Control
Wallix AdminBastion - Privileged User Management & Access ControlWallix AdminBastion - Privileged User Management & Access Control
Wallix AdminBastion - Privileged User Management & Access Controlzayedalji
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
ITIL Foundation ITIL 4 Edition
ITIL Foundation ITIL 4 EditionITIL Foundation ITIL 4 Edition
ITIL Foundation ITIL 4 EditionAndy Juan Sarango Veliz
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
ITIL Basic concepts
ITIL Basic conceptsITIL Basic concepts
ITIL Basic conceptsSpyros Ktenas
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementChristian F. Nissen
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 

Mais conteúdo relacionado

Mais procurados

Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringbartblaze
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)Sam Bowne
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityKarthikeyan Dhayalan
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Wallix AdminBastion - Privileged User Management & Access Control
Wallix AdminBastion - Privileged User Management & Access ControlWallix AdminBastion - Privileged User Management & Access Control
Wallix AdminBastion - Privileged User Management & Access Controlzayedalji
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onJustin Henderson
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueWill Schroeder
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementChristian F. Nissen
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 

Mais procurados (20)

Cism course ppt
Cism course pptCism course ppt
Cism course ppt
 
Malware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineeringMalware analysis, threat intelligence and reverse engineering
Malware analysis, threat intelligence and reverse engineering
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Data Design for Microservices
Data Design for MicroservicesData Design for Microservices
Data Design for Microservices
 
Wallix AdminBastion - Privileged User Management & Access Control
Wallix AdminBastion - Privileged User Management & Access ControlWallix AdminBastion - Privileged User Management & Access Control
Wallix AdminBastion - Privileged User Management & Access Control
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overview
 
ITIL Foundation ITIL 4 Edition
ITIL Foundation ITIL 4 EditionITIL Foundation ITIL 4 Edition
ITIL Foundation ITIL 4 Edition
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability Management
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
 
EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
 
ITIL Basic concepts
ITIL Basic conceptsITIL Basic concepts
ITIL Basic concepts
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Catch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs BlueCatch Me If You Can: PowerShell Red vs Blue
Catch Me If You Can: PowerShell Red vs Blue
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 

Semelhante a Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021

Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks Ulf Mattsson
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...Mike Spaulding
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERPScan
 
Kill Administrator: Fighting Back Against Admin Rights
Kill Administrator: Fighting Back Against Admin RightsKill Administrator: Fighting Back Against Admin Rights
Kill Administrator: Fighting Back Against Admin RightsScriptLogic
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches Jim Kaplan CIA CFE
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A PentesterNorthBayWeb
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Simon Storm
 
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious ServersRaleigh ISSA
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?conjur_inc
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2DianaGray10
 

Semelhante a Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021 (20)

Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, Solutions
 
Kill Administrator: Fighting Back Against Admin Rights
Kill Administrator: Fighting Back Against Admin RightsKill Administrator: Fighting Back Against Admin Rights
Kill Administrator: Fighting Back Against Admin Rights
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
So Your Company Hired A Pentester
So Your Company Hired A PentesterSo Your Company Hired A Pentester
So Your Company Hired A Pentester
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
Agile and Continuous Delivery for Audits and Exams - DC Continuous Delivery M...
 
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
2010-03 Yesterday's Trusted Web Sites are Today's Malicious Servers
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
Is DevOps Braking Your Company?
Is DevOps Braking Your Company?Is DevOps Braking Your Company?
Is DevOps Braking Your Company?
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
 

Mais de Teemu Tiainen

Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaariPikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaariTeemu Tiainen
 
Taistelu mobiililaitteiden uhkia vastaan alkakoon
Taistelu mobiililaitteiden uhkia vastaan alkakoonTaistelu mobiililaitteiden uhkia vastaan alkakoon
Taistelu mobiililaitteiden uhkia vastaan alkakoonTeemu Tiainen
 
Torju uhkat salaamalla datasi
Torju uhkat salaamalla datasiTorju uhkat salaamalla datasi
Torju uhkat salaamalla datasiTeemu Tiainen
 
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?Teemu Tiainen
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeemu Tiainen
 
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...Teemu Tiainen
 
Tietoturvallinen tulostaminen säästää rahaa
Tietoturvallinen tulostaminen säästää rahaaTietoturvallinen tulostaminen säästää rahaa
Tietoturvallinen tulostaminen säästää rahaaTeemu Tiainen
 
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...Teemu Tiainen
 
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaariEU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaariTeemu Tiainen
 
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?Teemu Tiainen
 
Sovellusvirtualisointi - Mitä missä milloin 2015
Sovellusvirtualisointi - Mitä missä milloin 2015Sovellusvirtualisointi - Mitä missä milloin 2015
Sovellusvirtualisointi - Mitä missä milloin 2015Teemu Tiainen
 

Mais de Teemu Tiainen (11)

Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaariPikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
Pikkusovellusten päivittämisen parhaat käytännöt SCCM-maailmassa -webinaari
 
Taistelu mobiililaitteiden uhkia vastaan alkakoon
Taistelu mobiililaitteiden uhkia vastaan alkakoonTaistelu mobiililaitteiden uhkia vastaan alkakoon
Taistelu mobiililaitteiden uhkia vastaan alkakoon
 
Torju uhkat salaamalla datasi
Torju uhkat salaamalla datasiTorju uhkat salaamalla datasi
Torju uhkat salaamalla datasi
 
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
Miten FINCSC-kyberturvallisuussertifikaatti auttaa GDPR:n kanssa?
 
Teknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimuksetTeknisen tietoturvan minimivaatimukset
Teknisen tietoturvan minimivaatimukset
 
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
Tietoturvallisen toimintakulttuurin rakentaminen EUn tietosuoja-asetus huomio...
 
Tietoturvallinen tulostaminen säästää rahaa
Tietoturvallinen tulostaminen säästää rahaaTietoturvallinen tulostaminen säästää rahaa
Tietoturvallinen tulostaminen säästää rahaa
 
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
Miten voit valmistautua EU:n tietosuoja-asetukseen tietotilinpäätöstä hyödynt...
 
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaariEU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
EU:n uuden tietosuoja-asetuksen vaikutukset yrityksiin -webinaari
 
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
Miten käyttäjäkokemus virtualisoidaan Microsoft UE-V:n avulla?
 
Sovellusvirtualisointi - Mitä missä milloin 2015
Sovellusvirtualisointi - Mitä missä milloin 2015Sovellusvirtualisointi - Mitä missä milloin 2015
Sovellusvirtualisointi - Mitä missä milloin 2015
 

Último

CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 

Último (20)

CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 

Zero Trust And Best Practices for Securing Endpoint Apps on May 24th 2021

  • 1. 1 Zero Trust And Best Practices for Securing Endpoint Apps Webinar starting soon… Speakers: ⬅ Sami Laiho (Adminize) and Juha Haapsaari (Centero) ➡ 💬 Present questions in the chat.
  • 2. 2 Results of Survey Zero Trust Allow- listing AppLocker Keeping apps up to date Q & A Agenda 💬 Present questions in the chat.
  • 3. 3 Results of the survey in the LinkedIn event 💬 Present questions in the chat.
  • 4. 4 Special Guest ⭐ 💬 Present questions in the chat.
  • 5. 5 Sami’s Agenda • How to ease your workload with allow-listing. • Is allow-listing difficult? • Implementing AppLocker to trim down your application portfolio. • Restricting admin rights to control your IT environment. • Managing and updating applications after allow-listing operations.
  • 6. 6 Sami Laiho Senior Technical Fellow adminize.com / Sulava • IT Admin since 1996 • MCT since 2001 • MVP in Windows OS since 2011 • ”100 Most Influencal people in IT in Finland” – TiVi’2019,2020 • Specializes in and trains: • Troubleshooting • Windows Internals • Security, Social Engineering, Auditing • Centralized Management, Active Directory • Trophies: • Ignite 2018 – Session #1 and #2 (out of 1708) ! • Best Speaker at NIC, Oslo 2016, 2017, 2019 and 2020 • Best External Speaker at Ignite 2017 • TechDays Sweden 2016, 2018 – Best Speaker • Best Session at AppManagEvent 2017, 2018, Utrecht • Best Sessions (#1 and #2) at TechTalks 2017, Helsinki • TechEd Europe and North America 2014 - Best session, Best speaker • TechEd Australia 2013 - Best session, Best speaker • TechEd Europe 2013 - Best Session by an external speaker
  • 7. 7 What I do day to day…
  • 8. 8 8
  • 9. 9 If you’re not on Twitter get on Twitter! @samilaiho
  • 10. 10 Big Concepts to Harden Security
  • 11. 11 ”An ounce of prevention is worth a pound of cure” Benjamin Franklin
  • 12. 12 Why Zero Trust? • Empower your users to work more securely anywhere and anytime, on any device • Enable digital transformation with intelligent security for today’s complex environment • Close security gaps and minimize risk of lateral movement
  • 13. 13 Zero Trust principles Verify explicitly Use least privileged access Assume breach
  • 15. 15 My Take on Secure Environment • Up to date hardware and software inventory • BitLocker • Principle of Least Privilege • Allow listing • Tier Model for AD • Using PAW-model • Authenticating/Encrypting all network traffic • MFA, strong authentication • Monitoring (SIEM & SOC)
  • 16. 16 This time we will focus on
  • 19. 19 Myth 1: More Manpower Needed
  • 20. 20 Myth 2: Allow-listing is difficult because of thousands of apps
  • 21. 21 Myth 3: Allow-listing requires Enterprise version of Windows
  • 23. 23 Every Project Starts with Logging
  • 24. 24
  • 26. 26 Allow-Listing options • Windows NT4 • User Policy driven whitelist for exe names • Windows XP/2003 • Software Restriction Policy • Windows 7 Enterprise+ / Server 2008 r2+ • AppLocker • Windows 10 Enterprise+ / Server 2016+ • Hypervisor-based Code Integrity (HVCI) • Third Party…
  • 27. 27 Common things about Allow-listing • Allow-listing is the most effective way to increase a companys security! • Effective Allow-listing works only when combined with the Principle of Least Privilege • Windows Defender Application Control works for admins as well… if it works… • No builtin reporting in native options • Allow-listing is a security barrier – Deny-listing is not! • For servers things are a little different (RDS vs others)
  • 29. 29 SRPv1 – Software Restriction Policy • Allow-list or Deny-list • One ruleset • Executables • Dlls • Scripts • Windows Installers • Extensible list of filetypes • Targeted at the computer level • Can rule out admins • SRP supports four types of rules: • Hash • Path • Signature • Internet zone • No support for Universal Apps • No Audit mode • No rule exceptions • No import/export
  • 32. 32 AppLocker • Blacklisting and Whitelisting • Can target computers, users or groups • All software needs to be preapproved in some way • Location, hash or signature based • Is based on a native function of the Windows OS since Windows 7 • Requires Enterprise version of Windows (unless you have inTune) • Requires the AppIDSvc-service and uses a Kernel Mode driver for enforcement
  • 34. 34 File/Folder Rules • You can allow a Folder as c:folder* • You can allow a certain file like c:folderfile.exe • You can also use wildcard * like c:users*appdatalocalSoftware1* • AppLocker doesn’t support Windows variables • Sysvol or NETLOGON require all DC’s to be added separately • dc1SYSVOL* • dc2SYSVOL* • dc3SYSVOL* • UNC-paths might need to be added in three different formats • Server1Share* • server1.domain.localShare* • 172.16.0.21Share* • R:*
  • 35. 35 Publisher-rules • Best option after Path-rules • Try to stick to Company-level instead of certain filenames or versions • *-rule says that any file signed by a trusted signer is OK to run • Trust your own certificate or buy an externally trusted certificate
  • 36. 36 Hash-rules • Don’t use unless you can’t use Path-rules or Publisher-rules • Usable exception if the binary doesn’t change often
  • 37. 37 AppLocker HOW TO • Keep to containers not items – Folders vs Files, Publishers vs Hashes • Remember to audit your installation with AccessChk! • Remember NO ADMIN RIGHTS!!
  • 38. 38 Simplest AppLocker • Relies on the knowledge of the user
  • 39. 39 Simplest AppLocker for Service Providers
  • 40. 40 Signing • 95% of Malware is not signed – just something to think about • You can sign apps yourself • Use Timestamp if possible! • If you have the cert on your computer installed: • Signtool sign /v /s MY /n MyPrivateCert /t http://timestamp.verisign.com/scripts/timstamp.dll FileToSign.exe • If not: • Guide: https://blogs.msdn.microsoft.com/winsdk/2009/11/13/steps-to- sign-a-file-using-signtool-exe/
  • 42. 42 AppLocker example • My current • Replace Matti Laiho with you companies own cert • Replace HP with your UEFI provider
  • 43. 43 PowerShell Denied from Limited Users That’s what I do
  • 46. 46 Notification when something fails • https://cloudrobots.net/2014/08/24/trig ger-a-powershell-script-from-a-windows- event/ • https://clusteringformeremortals.com/20 18/10/28/step-by-step-how-to-trigger- an-email-alert-from-a-windows-event- that-includes-the-event-details-using- windows-server-2016/
  • 48. 48 Twitter • @Oddvarmoe • @subTee • @mattifestation • @enigma0x3 • @aionescu • @tifkin_ • @bohops • @PhilipTsukerman • @samilaiho ;)
  • 49. 49 Hardening Whitelisting Make sure your containers don’t leak (this is one batch file) – CHECK THE LATEST FROM GITHUB! https://gist.github.com/api0cradle/95cd51fa1aa735d93311 86f934df4df9#file-accesschk-bat
  • 50. 50 Higher level GPO for Hardening
  • 51. 51 Tools to help • Oddvar Moe’s • Ultimate AppLocker ByPass List • https://github.com/api0cradle/UltimateAppLockerByPassList • PowerAL • https://github.com/api0cradle/PowerAL • AaronLocker • https://blogs.msdn.microsoft.com/aaron_margosis/2019/01/28/aaronlocker- moved-to-github/ • Microsoft’s list of what to block: https://docs.microsoft.com/en- us/windows/security/threat-protection/windows-defender- application-control/microsoft-recommended-block-rules
  • 54. 54 Device Guard aka Windows Defender Application Control
  • 55. 55 Device Guard • Single purpose machines • Currently for example Office is super difficult • No user exceptions • VERY HARDCORE!! • Especially with Hypervisor level enforcement • Drivers need to support it • Some really don’t… • IO-MMU to make it bulletproof
  • 56. 56 “DeviceGuard is like AppLocker on Steroids!”
  • 57. 57
  • 58. 58
  • 59. 59 Allow-Listing can stabilize what you have… But now that you have a strict list of what you allow you still need to keep those up to date!
  • 60. 60 Installed apps are always up to date without distracting users Initial app deployment Forced by admins Available for users Available apps are allow-listed by organization policies User friendly application deployment
  • 61. 61 End-users New features and bug fixes to applications Don’t need to worry about installations, updating etc. Always up-to-date tools IT department Standartized and managed endpoint environment is easier to maintain. It also produces less support requests to contact center License management is simpler Organization Saves end users’ and IT derpartment’s time Improves cybersecurity a lot Why endpoint applications should be managed? 💬 Present questions in the chat.
  • 62. 62 Installation Updating / patching apps Removal Application lifecycle management? 💬 Present questions in the chat.
  • 63. 63 What annoys end users on app updates? 40 % Confusion 40 % Lost time 20 % Wrong time 20 % Too much 💬 Present questions in the chat.
  • 64. 64 Keeping applications up to date ”manually” Monitoring software versions and vulnerabilities Repeats every working day. Downloading an installation package Packaging Testing Upload to a management system Configuring a deployment Repeats for every new application version. 💬 Present questions in the chat.
  • 65. 65 Installed apps are always up to date without distracting user Centero Software Manager Initial app deployment Forced by admins Silently on background Available for users Self-service (Company Portal, Software Center etc.) Available apps are allow-listed by organization policies AppLocker User friendly application deployment
  • 66. 66 CSM is built to automatize your application management 💬 Present questions in the chat.
  • 67. 67 It’s a demo time! 💬 Present questions in the chat.
  • 68. 68 Q & A Start a CSM trial: http://bit.ly/ csm-trial 💬 Present questions in the chat.