SlideShare uma empresa Scribd logo

Regaining the Defensive Advantage in Cybersecurity

D
danb02

In military doctrine from Sun Tzu to Clausewitz, defenders had the advantage over attackers. But in the cyberspace realm, we’ve lost our edge. What can we do? As security breaches proliferate, this question become critical. This webinar covers how organizations can prevent large-scale breaches to core IT environments, delay or confuse cyberattackers, and improve situational awareness and rapid response capabilities.

Internet
1 de 21
Regaining the Defensive Advantage By Dan Blum, Principal Consultant May 21, 2015 1Copyright (c) 2015 Security Architects, LLC
About Us • We are a consulting firm dedicated to helping organizations plan, specify and develop security programs, policies and technology solutions. Copyright (c) 2015 Security Architects, LLC 2 About Us Clients Enterprise Security Teams Cloud service providers (CSPs) Other Audiences Areas of Expertise Cloud Security Identity and Privacy Endpoint Security Cyber Security
Our Services Security Assessments Security Architectures Custom Consulting Security Workshops Consulting Services 3Copyright (c) 2015 Security Architects, LLC
Special Guests Copyright (c) 2015 Security Architects, LLC 4 Guest Organization Topic Doug Simmons Security Architects Prevention Fred Cohen Fearless Security Deception Chris Blask Fearless Security, ICS ISAC Situational awareness Link to recorded webinar http://security-architect.com/webinars
Problem Statement Cyber-attackers have been successful. Organizations are being told they’re in a state of “continuous compromise” and that “prevention is futile.” Does this have to become “the new normal” or should security architects buck the trend? 5Copyright (c) 2015 Security Architects, LLC
Metaphors for the Cybersecurity Problem • Military: Advantage goes to the defense, if its in a fortified position • NFL football: Advantage goes to the offense, because it knows what it is going to do • Immunology: Advantage goes to the world of diseases, but can be mitigated by good personal and public health practices Copyright (c) 2015 Security Architects, LLC 6
Questions to Consider • How can we raise overall assurance to minimize “statistical” likelihood of compromised users and devices? • How can we prevent large-scale breaches from striking our core IT environments? • How can we slow down attackers using innovative but practical techniques? • How can we improve situational awareness and rapid response capabilities? Copyright (c) 2015 Security Architects, LLC 7
Raising Overall Assurance • Table stakes – Maintain some minimum security baseline (e.g. SANS Critical Controls) • No brainer? – Two factor authentication for general authentication, remote access and wherever risk- appropriate or convenient Copyright (c) 2015 Security Architects, LLC 8
Protecting the Core • If its true that some level of “continuous compromise” is unavoidable, how do we cope? Copyright (c) 2015 Security Architects, LLC 9 Intelligence Gathering Social Engineering Compromise Credentials Dump Database Exfiltrate Data Trawl Linked In and social media to find key staff Send phishing messages to key staff Plant malware on devices, or capture data Access database using super-user credentials Via Pwned PC or staging system 1 2 3 4 5
Protecting the Core Copyright (c) 2015 Security Architects, LLC 10 RECOMMENDED PREVENTION TECHNIQUES OTHER IDEAS Privileged account management (PAM) Risk disaggregation Network segmentation, or zoning Risk transfer or avoidance Data masking Audience-supplied answer Database audit and protection (DAP) Audience-supplied answer Server-based change monitoring Audience-supplied answer Audience-supplied answer Audience-supplied answer
Confusing and Delaying Attackers • “Hence, when able to attack, we must seem unable; • When using our forces, we must seem inactive; • When we are near, we must make the enemy believe we are far away; • When far away, we must make him believe we are near.” Sun Tzu Copyright (c) 2015 Security Architects, LLC 11
Deception Concepts Copyright (c) 2015 Security Architects, LLC 12 Human attacker 00010010 11010011 11011110 00010010 11010011 11011110 Program Induce false signal Suppress true signal Manipulate signal Deception technique Intended result Confused, misdirected Delayed Discouraged Detected / understood Misdirected Delayed Detected / understood
Deception Concepts Copyright (c) 2015 Security Architects, LLC 13 Source: Fred Cohen
Confusing and Delaying Attackers Copyright (c) 2015 Security Architects, LLC 14 RECOMMENDED TECHNIQUES OTHER IDEAS Information hiding Information substituion Honey pots Audience-supplied answer Use of non-standard ports or protocols Audience-supplied answer Specialized response services Audience-supplied answer Source: Fred Cohen
How Can We Improve Situational Awareness and Response? • Tactical – Understanding inventory and identity – Monitoring the IT environment – Detecting yesterday’s (known) threats • Strategic – Correlating events with context to detect incidents, attacks or risk indicators – Anticipating tomorrow’s threats and attacks – Plugging into shared knowledge across the industry, leveraging the power of many Copyright (c) 2015 Security Architects, LLC 15 Source: https://km4meu.wordpress.com/2014/03/03/scaling- pacing-staging-and-patterning-navigating-fractal- change-through-space-and-time/
Situational Awareness: Industry Timeline • 2014: The Year of the Pipes – How to we automate sharing? • 2015: The Year of Sources/Policies/Analytics – Where from? Who to? How to? • 2016: The Year of Intel Application – Automation in defensive systems Copyright (c) 2015 Security Architects, LLC 16 Source: Chris Blask
Security Analytics Copyright (c) 2015 Security Architects, LLC 17
Promoting Situational Awareness Copyright (c) 2015 Security Architects, LLC 18 RECOMMENDED FOR SITUATION AWARENESS Develop monitoring policies and technologies Consume STIX/TAXII feeds (share if appropriate) Integrate monitoring with local context: Assets, identities, behaviors and transactions Emerging cyber-insurance ecosystem for actuarial learning and risk management Integrate monitoring with global context: threat intelligence and knowledge Audience-supplied answer Deploy security analytics Audience-supplied answer Join your industry ISAC(s) Audience-supplied answer Favor security solutions that support STIX/TAXII, usable integration points and taxonomies Audience-supplied answer
Putting this All Together Copyright (c) 2015 Security Architects, LLC 19 Question Metaphor Security Posture How can we raise overall assurance to minimize “statistical” likelihood of compromised users and devices? Immunological Preventive How can we prevent large-scale breaches from to our core IT environments? Military Preventive How can we slow down attackers using innovative but practical techniques? NFL football Deterrence How can we improve situational awareness and rapid response capabilities? NFL football Detective
Final Thought from the Master Copyright (c) 2015 Security Architects, LLC 20 Security is a people challenge, as much as a technology challenge. “The Way means inducing the people to have the same aims as the leadership, so that they will share death and share life, without fear of danger.” Security is about governance as well as technology Security is everyone’s business Security should be baked into products
Open Q&A Security Architects, LLC http://security-architects.com info@security-architects.com +1 (301) 585-4717 Copyright (c) 2015 Security Architects, LLC 21

Recomendados

From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
accenture
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
Jason Luttrell, CISSP, CISM
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
Vladimir Jirasek
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
Dawn Yankeelov
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 

Recomendados

From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
accenture
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
Christophe Foulon, CISSP
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
Jason Luttrell, CISSP, CISM
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
Erik Van Buggenhout
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
Vladimir Jirasek
 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
Dawn Yankeelov
 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Aaron Clark-Ginsberg
 
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE - ATT&CKcon
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
F-Secure Corporation
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
Priyanka Aash
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
Peter Wood
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
Christian Have
 
Enumerating your shadow it attack surface
Enumerating your shadow it attack surfaceEnumerating your shadow it attack surface
Enumerating your shadow it attack surface
Priyanka Aash
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
Priyanka Aash
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster Company
Priyanka Aash
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT Infrastructure
Scalar Decisions
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
Fidelis Cybersecurity
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
OCTF Industry Engagement
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
centralohioissa
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
Sounil Yu
 
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss ProtectionGabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
centralohioissa
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your Decision
Cylance
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Trish McGinity, CCSK
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud Services
Hugo Rodrigues
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
patmisasi
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
EnterpriseGRC Solutions, Inc.
 
Grammar as-if
Grammar as-ifGrammar as-if
Grammar as-if
Ronald Marroquin
 
Resume_linoy zrihan3
Resume_linoy zrihan3Resume_linoy zrihan3
Resume_linoy zrihan3
linoy zrihan
 

Mais conteúdo relacionado

Mais procurados

Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss ProtectionGabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
centralohioissa
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
patmisasi
 

Mais procurados (20)

MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
MITRE ATT&CKcon 2.0: Keynote Address - The Friends We Made Along the Way; Ton...
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
 
Enumerating your shadow it attack surface
Enumerating your shadow it attack surfaceEnumerating your shadow it attack surface
Enumerating your shadow it attack surface
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Security Program Development for the Hipster Company
Security Program Development for the Hipster CompanySecurity Program Development for the Hipster Company
Security Program Development for the Hipster Company
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT Infrastructure
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You Buy
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
 
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss ProtectionGabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your Decision
 
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa versionLarry Whiteside - Optiv Cloud ready or steam rolled csa version
Larry Whiteside - Optiv Cloud ready or steam rolled csa version
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud Services
 
Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016Scalar_Managed_Security_Services_2016
Scalar_Managed_Security_Services_2016
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 

Destaque

Resume_linoy zrihan3
Resume_linoy zrihan3Resume_linoy zrihan3
Resume_linoy zrihan3
linoy zrihan
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
Carlos Gyga
 
India trade-unions-and-collective-bargaining
India trade-unions-and-collective-bargainingIndia trade-unions-and-collective-bargaining
India trade-unions-and-collective-bargaining
Chavali Phani
 

Destaque (13)

Grammar as-if
Grammar as-ifGrammar as-if
Grammar as-if
 
Resume_linoy zrihan3
Resume_linoy zrihan3Resume_linoy zrihan3
Resume_linoy zrihan3
 
Harvard University The energy implications of a nuclear deal between the p51 ...
Harvard University The energy implications of a nuclear deal between the p51 ...Harvard University The energy implications of a nuclear deal between the p51 ...
Harvard University The energy implications of a nuclear deal between the p51 ...
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
 
Solomon (2)
Solomon (2)Solomon (2)
Solomon (2)
 
A fainting case in a fm clinic
A fainting case in a fm clinicA fainting case in a fm clinic
A fainting case in a fm clinic
 
Advert analysis (the stone roses)
Advert analysis (the stone roses)Advert analysis (the stone roses)
Advert analysis (the stone roses)
 
Wellborn Settlement Commercial Rezoning
Wellborn Settlement Commercial RezoningWellborn Settlement Commercial Rezoning
Wellborn Settlement Commercial Rezoning
 
Communication skill games
Communication skill gamesCommunication skill games
Communication skill games
 
Adjectives with prepositions
Adjectives with prepositionsAdjectives with prepositions
Adjectives with prepositions
 
India trade-unions-and-collective-bargaining
India trade-unions-and-collective-bargainingIndia trade-unions-and-collective-bargaining
India trade-unions-and-collective-bargaining
 
Reksadana NSProfit
Reksadana NSProfitReksadana NSProfit
Reksadana NSProfit
 
Stasney and Nagle Easement Abandonments
Stasney and Nagle Easement AbandonmentsStasney and Nagle Easement Abandonments
Stasney and Nagle Easement Abandonments
 

Semelhante a Regaining the Defensive Advantage in Cybersecurity

The Future of Security Architecture Certification
The Future of Security Architecture CertificationThe Future of Security Architecture Certification
The Future of Security Architecture Certification
danb02
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
Capgemini
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
patmisasi
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
IBM Security
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
Cloud Expo
 

Semelhante a Regaining the Defensive Advantage in Cybersecurity (20)

The Future of Security Architecture Certification
The Future of Security Architecture CertificationThe Future of Security Architecture Certification
The Future of Security Architecture Certification
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
Security: Enabling the Journey to the Cloud
Security: Enabling the Journey to the CloudSecurity: Enabling the Journey to the Cloud
Security: Enabling the Journey to the Cloud
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012Top 9 Data Security Trends for 2012
Top 9 Data Security Trends for 2012
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Embracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptxEmbracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptx
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Security Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital EconomySecurity Everywhere: A Growth Engine for the Digital Economy
Security Everywhere: A Growth Engine for the Digital Economy
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
Security, Compliance and Cloud - Jelecos
Security, Compliance and Cloud - JelecosSecurity, Compliance and Cloud - Jelecos
Security, Compliance and Cloud - Jelecos
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
The Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny HeaberlinThe Secure Path to Value in the Cloud by Denny Heaberlin
The Secure Path to Value in the Cloud by Denny Heaberlin
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 

Último

Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Último (20)

best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 

Regaining the Defensive Advantage in Cybersecurity

  • 1. Regaining the Defensive Advantage By Dan Blum, Principal Consultant May 21, 2015 1Copyright (c) 2015 Security Architects, LLC
  • 2. About Us • We are a consulting firm dedicated to helping organizations plan, specify and develop security programs, policies and technology solutions. Copyright (c) 2015 Security Architects, LLC 2 About Us Clients Enterprise Security Teams Cloud service providers (CSPs) Other Audiences Areas of Expertise Cloud Security Identity and Privacy Endpoint Security Cyber Security
  • 4. Special Guests Copyright (c) 2015 Security Architects, LLC 4 Guest Organization Topic Doug Simmons Security Architects Prevention Fred Cohen Fearless Security Deception Chris Blask Fearless Security, ICS ISAC Situational awareness Link to recorded webinar http://security-architect.com/webinars
  • 5. Problem Statement Cyber-attackers have been successful. Organizations are being told they’re in a state of “continuous compromise” and that “prevention is futile.” Does this have to become “the new normal” or should security architects buck the trend? 5Copyright (c) 2015 Security Architects, LLC
  • 6. Metaphors for the Cybersecurity Problem • Military: Advantage goes to the defense, if its in a fortified position • NFL football: Advantage goes to the offense, because it knows what it is going to do • Immunology: Advantage goes to the world of diseases, but can be mitigated by good personal and public health practices Copyright (c) 2015 Security Architects, LLC 6
  • 7. Questions to Consider • How can we raise overall assurance to minimize “statistical” likelihood of compromised users and devices? • How can we prevent large-scale breaches from striking our core IT environments? • How can we slow down attackers using innovative but practical techniques? • How can we improve situational awareness and rapid response capabilities? Copyright (c) 2015 Security Architects, LLC 7
  • 8. Raising Overall Assurance • Table stakes – Maintain some minimum security baseline (e.g. SANS Critical Controls) • No brainer? – Two factor authentication for general authentication, remote access and wherever risk- appropriate or convenient Copyright (c) 2015 Security Architects, LLC 8
  • 9. Protecting the Core • If its true that some level of “continuous compromise” is unavoidable, how do we cope? Copyright (c) 2015 Security Architects, LLC 9 Intelligence Gathering Social Engineering Compromise Credentials Dump Database Exfiltrate Data Trawl Linked In and social media to find key staff Send phishing messages to key staff Plant malware on devices, or capture data Access database using super-user credentials Via Pwned PC or staging system 1 2 3 4 5
  • 10. Protecting the Core Copyright (c) 2015 Security Architects, LLC 10 RECOMMENDED PREVENTION TECHNIQUES OTHER IDEAS Privileged account management (PAM) Risk disaggregation Network segmentation, or zoning Risk transfer or avoidance Data masking Audience-supplied answer Database audit and protection (DAP) Audience-supplied answer Server-based change monitoring Audience-supplied answer Audience-supplied answer Audience-supplied answer
  • 11. Confusing and Delaying Attackers • “Hence, when able to attack, we must seem unable; • When using our forces, we must seem inactive; • When we are near, we must make the enemy believe we are far away; • When far away, we must make him believe we are near.” Sun Tzu Copyright (c) 2015 Security Architects, LLC 11
  • 12. Deception Concepts Copyright (c) 2015 Security Architects, LLC 12 Human attacker 00010010 11010011 11011110 00010010 11010011 11011110 Program Induce false signal Suppress true signal Manipulate signal Deception technique Intended result Confused, misdirected Delayed Discouraged Detected / understood Misdirected Delayed Detected / understood
  • 13. Deception Concepts Copyright (c) 2015 Security Architects, LLC 13 Source: Fred Cohen
  • 14. Confusing and Delaying Attackers Copyright (c) 2015 Security Architects, LLC 14 RECOMMENDED TECHNIQUES OTHER IDEAS Information hiding Information substituion Honey pots Audience-supplied answer Use of non-standard ports or protocols Audience-supplied answer Specialized response services Audience-supplied answer Source: Fred Cohen
  • 15. How Can We Improve Situational Awareness and Response? • Tactical – Understanding inventory and identity – Monitoring the IT environment – Detecting yesterday’s (known) threats • Strategic – Correlating events with context to detect incidents, attacks or risk indicators – Anticipating tomorrow’s threats and attacks – Plugging into shared knowledge across the industry, leveraging the power of many Copyright (c) 2015 Security Architects, LLC 15 Source: https://km4meu.wordpress.com/2014/03/03/scaling- pacing-staging-and-patterning-navigating-fractal- change-through-space-and-time/
  • 16. Situational Awareness: Industry Timeline • 2014: The Year of the Pipes – How to we automate sharing? • 2015: The Year of Sources/Policies/Analytics – Where from? Who to? How to? • 2016: The Year of Intel Application – Automation in defensive systems Copyright (c) 2015 Security Architects, LLC 16 Source: Chris Blask
  • 17. Security Analytics Copyright (c) 2015 Security Architects, LLC 17
  • 18. Promoting Situational Awareness Copyright (c) 2015 Security Architects, LLC 18 RECOMMENDED FOR SITUATION AWARENESS Develop monitoring policies and technologies Consume STIX/TAXII feeds (share if appropriate) Integrate monitoring with local context: Assets, identities, behaviors and transactions Emerging cyber-insurance ecosystem for actuarial learning and risk management Integrate monitoring with global context: threat intelligence and knowledge Audience-supplied answer Deploy security analytics Audience-supplied answer Join your industry ISAC(s) Audience-supplied answer Favor security solutions that support STIX/TAXII, usable integration points and taxonomies Audience-supplied answer
  • 19. Putting this All Together Copyright (c) 2015 Security Architects, LLC 19 Question Metaphor Security Posture How can we raise overall assurance to minimize “statistical” likelihood of compromised users and devices? Immunological Preventive How can we prevent large-scale breaches from to our core IT environments? Military Preventive How can we slow down attackers using innovative but practical techniques? NFL football Deterrence How can we improve situational awareness and rapid response capabilities? NFL football Detective
  • 20. Final Thought from the Master Copyright (c) 2015 Security Architects, LLC 20 Security is a people challenge, as much as a technology challenge. “The Way means inducing the people to have the same aims as the leadership, so that they will share death and share life, without fear of danger.” Security is about governance as well as technology Security is everyone’s business Security should be baked into products
  • 21. Open Q&A Security Architects, LLC http://security-architects.com info@security-architects.com +1 (301) 585-4717 Copyright (c) 2015 Security Architects, LLC 21