SlideShare a Scribd company logo

Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn

North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems. However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways. My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty. In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas: – Weaknesses in Physical Security – Susceptibility to Phishing – Vulnerability Management Immaturity – Weaknesses in Authentication – Poor Network Segmentation – Loose Data Access Control – Terrible Host / Network Visibility – Unwise Procurement & Security Spending Decisions

Technology
1 of 78
Download to read offline
The Dirty Secrets of Enterprise Security Eight things that plague (almost) all companies!
The Dirty Secrets of Enterprise Security • Working in security consultancy for over 12 years, I’ve had the pleasure of working with a lot of companies. • In recent years, my focus has been on enterprise risk assessments, penetration tests that look at the company as a whole and Incident Response. The visibility from these projects has been eye-opening.
The Dirty Secrets of Enterprise Security • Common themes exist at nearly every company • (In one form or another) • This talk highlights those themes • Providing guidance on how to address them. Image credit: http://cdn2.hubspot.net/hubfs/264546/playbook.jpeg
Session Overview The Dirty Secrets of Enterprise Security Speaker Introduction 1. Weaknesses in Physical Security 2. Susceptibility to Phishing 3. Vulnerability Management Immaturity 4. Weaknesses in Authentication 5. Poor Network Segmentation 6. Loose Data Access Control 7. Poor Host or Network Visibility 8. Lack of General Incident Response Readiness Image credit: http://cdn2.hubspot.net/hubfs/264546/playbook.jpeg
Speaker Introduction • Technical VP for NCC Group, based in Austin TX. • 15 year career focused on Attack & Penetration techniques & defenses • Prior to that security focused government/military background • Currently Responsible for: oDevelopment of Strategic Technical Practices oStrategic Infrastructure Security (SIS) oSecurity Defense Operations (SDO) • Specialist in Red Team / Black Ops engagements • Physical Security Assessment Kevin Dunn
www.nccgroup.trust/us • Formed in June 1999 showing immense growth over the past 16 years. • 1800 employees, in 32 office locations. • North America, the UK, Europe, Canada, Asia and Australia. • We strive to provide Total Information Assurance for our clients. • Offices: NYC, ATL, CHI, AUS, SEA, SFO, Sunnyvale and Waterloo. • NCC combines US security teams from: oiSEC Partners, Matasano, Intrepidus Group and NGS.
1. Weaknesses in Physical Security Image credit: http://itiscool.be/wp-content/uploads/2014/06/security.jpg
1. Weaknesses in Physical Security • Unguarded and Unmonitored Secondary Entrance Points • Systemic Susceptibility to Tailgating • Camera Monitoring Ineffective at Preventing Physical Breaches • Desk Security Policies Rarely Enforced
1. Weaknesses in Physical Security Unguarded and Unmonitored Secondary Entrance Points (1)
1. Weaknesses in Physical Security Unguarded and Unmonitored Secondary Entrance Points (2)
1. Weaknesses in Physical Security Systemic Susceptibility to Tailgating (1)
1. Weaknesses in Physical Security Systemic Susceptibility to Tailgating (2)
1. Weaknesses in Physical Security Weaknesses in Anti-Tailgating Technologies
1. Weaknesses in Physical Security Camera Monitoring Ineffective at Preventing Physical Breaches • In the very high majority of physical intrusion tests carried out • CCTV monitoring has not hindered the testing in any way • Including when cameras were attacked • Why is that? Image credit: https://www.popularresistance.org/wp-content/uploads/2013/08/Camover-Double.jpg
1. Weaknesses in Physical Security Desk Security Policies Rarely Enforced
Quick Wins - Physical Security • Do not treat it all the same • Put more effort into securing your most important things • Recognize that your employees will not always make the right choices • Sometimes there is no substitute for a security guard presence • Make physical access hard and noisy • Make network access hard and noisy • Make theft of assets hard to achieve • Provide staff incentives to be your eyes and ears
2. Susceptibility to Phishing Image credit: https://www.redhawksecurity.com/images/Phishing.jpg
2. Susceptibility to Phishing • User Awareness Training Only Partially Effective • Technical Security Countermeasures Lacking or Under Developed • Security Team Follow Up on Phishing Events Often Incomplete
2. Susceptibility to Phishing User Awareness Training Only Partially Effective • Many people believe that the way to ‘solve’ the phishing problem is via training of users to spot and report phishing attacks. • By itself, user awareness training does not completely answer the threat of phishing - users will make mistakes! • Most organizations are susceptible to a high degree.
2. Susceptibility to Phishing
2. Susceptibility to Phishing
2. Susceptibility to Phishing
2. Susceptibility to Phishing Technical Security Countermeasures Lacking • Protection against macros or malicious sites are not effective o Users will enable macro content when prompted • Web browsers and content plugins are not kept up-to-date o Internet Explorer, and Adobe Flash are still targets that work • Application whitelisting at the desktop endpoint can be circumvented o Use of VBSCRIPT and PowerShell typically allows bypasses • Domain whitelisting can be bypassed (or not applied) o Use of pre-authorized domains for C2 is easy (GitHub, Twitter etc.)
2. Susceptibility to Phishing Security Team Follow Up on Phishing Events Often Incomplete
Quick Wins - Phishing • Your employees will fall for phishing emails • They will give away their credentials and run malicious payloads • Use MFA for all services that support it • Separate their privileges from other actions • Email and web browsing should be contained away from ‘corp’ desktop • Several ways to achieve this: oVirtual Desktop Infrastructure (VDI) oWorkstation Virtual Machines oServer Virtual Infrastructure
3. Vulnerability Management Immaturity Image credit: https://eatingheavendotcom.files.wordpress.com/2014/04/messy-baby-176-e1396475370535.jpg
3. Vulnerability Management Immaturity • Visibility of Assets is Typically Partial or Incomplete • Investment in Internal Vulnerability Scanning Varies • Depth of System Hardening is Typically Shallow • Vulnerability Remediation Workflows are Under-Developed
3. Vulnerability Management Immaturity Visibility of Assets is Typically Partial or Incomplete • You can’t secure what you don’t know about • Manual, semi-automated and automated discovery • Assets: oFind servers / workstations / printers etc. oThe services they provide… o…and their general purpose within the org. • There are still a lot of firms that don’t have that complete picture.
3. Vulnerability Management Immaturity Investment in Internal Vulnerability Scanning Varies • Software license costs for commercial vulnerability scanners $$$ • Network design may contribute to needing several scanner hosts • Based on this, we see companies forced to prioritize scanning • This is troublesome in a domain environment o‘Low Risk’ hosts can be the entry points to domain compromise oIf they have been de-prioritized in VMP, they may have flaws that are missed
3. Vulnerability Management Immaturity Depth of System Hardening is Typically Shallow • Patching - Where do you get your patches from? oSoftware manufacturers oTypically first party patching • Hardening - Where do you get your hardening guidance from? oSoftware manufacturers - Microsoft, Oracle, Ubuntu etc. oThird party organizations - Center for Internet Security (CIS) oGovernment organizations - NSA, NIST
3. Vulnerability Management Immaturity Hacks that work waaay more than they should! • Poor / No Hardening oMSSQL Weak SA Password oTomcat Manager Weak Password oJenkins Groovy Script Command Execution oPrinter Default Credentials
3. Vulnerability Management Immaturity MSSQL Weak SA Password oA few simple steps to full control of server!
3. Vulnerability Management Immaturity Tomcat Manager Weak Password
3. Vulnerability Management Immaturity Tomcat Manager Weak Password
3. Vulnerability Management Immaturity Jenkins Groovy Script Command Execution oJenkins Integration Manager (source code build env.) Image Credit: www.pentestgeek.com
3. Vulnerability Management Immaturity Jenkins Groovy Script Command Execution oWhen poorly configured visiting /script gets you to a ‘Script Console’ Image Credit: www.pentestgeek.com
3. Vulnerability Management Immaturity Jenkins Groovy Script Command Execution oThat’s OS command execution! You never know how many privs you have!
3. Vulnerability Management Immaturity Printer Default Credentials oPrinters can be useful! o Here we are using a default password on a printer to gain access to LDAP credentials stored as part of the enterprise search function.
3. Vulnerability Management Immaturity Vulnerability Remediation Workflows are Under-Developed • Consider: oA missing patch for Oracle a Windows Server 2012 host oAn internal DB permission flaw for Oracle on Solaris oWeak credentials on Apache Tomcat running on Windows Server 2003 • Who fixes each of these? • Same people or different people in your IT org? • How? When? How frequently? Etc.
Quick Wins - Vulnerability Management • You cannot secure your network 100% • New vulns; missed assets; forgotten things etc. • Patching - as ever! • Don’t neglect hardening - create hardened builds • Plan for failure: o‘Other things’ should prevent access to most critical data oThe security of any one system should not be a single point of failure
4. Weaknesses in Authentication Image credit: https://static.securityintelligence.com/uploads/2014/09/2FA-multi-factor-authentication-defeat-cybercriminals-future-how-to-938x535.jpg
4. Weaknesses in Authentication • Weak Passwords in Use • Passwords Written Down Insecurely by Users and Administrators • No Separation of Duties between Normal & Privileged Accounts • Poor Adoptions of MFA and / or EPV
4. Weaknesses in Authentication Weak Passwords in Use
4. Weaknesses in Authentication Passwords Written Down Insecurely by Users and Admins Whenever a user is asked to remember a password, the potential exists they will write it down. The same is usually also true for admins - because they have more than one password to remember.
4. Weaknesses in Authentication No Separation of Duties between Normal & Privileged Account • The Local Admin Problem o Some users need to be local admin on their own machines to ‘do their job’. • The ‘admin in the Domain’ Problem o Some users are DA or some other kind of privileged user in the domain to ‘do their job’. • The Email, Web Browsing & Day-to-Day Work Problem o Those local or domain admin users need to do regular non-privileged IT things as well
4. Weaknesses in Authentication Poor Adoptions of MFA and / or EPV • Multifactor Authentication (MFA) oCompanies are not using it enough oExternally for cloud services or internally for priv. access • Enterprise Password Vault (EPV) oCompanies are not using it oCompanies are deploying it with domain SSO oCompanies are deploying it without MFA Image credit: http://cdn03.androidauthority.net/wp-content/uploads/2013/09/YubiKey-NEO-smartphone-token-password-google.jpg
Quick Wins - Authentication • Users will continue to pick bad passwords • Even with a complexity filter - Summer2016! • Organizations do this to themselves with ‘company defaults’ • Implement hardware-based MFA wherever possible • Make this mandatory for privileged accounts (admins) • Remove local admin rights / sudo from user’s own workstation • Separate duties and even workstations for highest risk • Use an EPV without SSO / domain auth or single-factor
5. Poor Network Segmentation Image credit: http://www.puppy-training-solutions.com/image-files/dog-jumping-fence-15990511.jpg
5. Poor Network Segmentation • Completely Flat Internal Network • Network or Host Segmentation Governed by AD Memberships • Segmentation of Corporate / Operational Networks via Weak Means
5. Poor Network Segmentation Completely Flat Internal Network • The Domain Controller Connection Challenge! • If you are not an admin on your corporate network… • Try to access a Domain Controller over RDP
5. Poor Network Segmentation
5. Poor Network Segmentation Network or Host Segmentation Governed by AD Memberships • Companies still rely on AD to govern access to systems • If the last 10 years of pentesting has shown you anything: • Microsoft Domains can be compromised by a number of avenues • An attacker / pentester can typically achieve Domain Admin • Based on this, your most critical systems should not be accessible via domain credentials alone, and group membership.
5. Poor Network Segmentation Segmentation via Weak Means • Jump Servers - These seem like a good idea to move between segments, but they are often deployed insecurely. • Consider this common deployment: oJump server is domain joined oAdmins Access it via RDP oNo firewalling of other services oUse of single-factor authentication
Quick Wins - Network Segmentation • There is little justification for a flat network these days • Design your network, like a castle • Implement segmentation internally (consider internal VPNs) • Make every efforts to secure the methods of traversal • If you use a jump box, consider: oSSH access only, with port forwarding into a separate management LAN oMFA using hardware tokens oStrict firewalling
6. Loose Data Access Control Image credit: http://www.lionytics.com/blogposts/images/sri-data-leak.jpg
6. Loose Data Access Control • Internal Data Repositories not Adequately Guarded • Access to Most Critical Data Governed by Active Directory • Data Access Events not Monitored Adequately
6. Loose Data Access Control Internal Data Repositories not Adequately Guarded
6. Loose Data Access Control Internal Data Repositories not Adequately Guarded
6. Loose Data Access Control Access to Most Critical Data Governed by Active Directory • Companies still rely on AD to govern access to systems data • If the last 10 years of pentesting has shown you anything: oMicrosoft Domains can be compromised by a number of avenues oAn attacker / pentester can typically achieve Domain Admin • Based on this, your most critical data should not be accessible via domain credentials alone, and group membership.
6. Loose Data Access Control Data Access Events not Monitored Adequately Image credit: https://blogs.msdn.microsoft.com/johnwpowell/2008/08/14/how-to-update-a-sharepoint-user-account-when-they-leave-the-company-and-return/ Image credit: https://social.microsoft.com/Forums/getfile/35622/
Quick Wins - Data Access Control • Data in shared folders or intranet portals is poorly secured • If data is critical or leaks key info. this makes things easy for an attacker • Create an internal data classification standard - apply it • Create appropriate access control for each classification level • Remember - your most critical data must be away from the Domain • Also Remember - any information is good information for an attacker • Log data access denied events and follow them up quickly.
7. Poor Host or Network Visibility Image credit: http://old.trustport.com/threat-intelligence/sites/default/files/ti/image/intro_network_visibility.jpg
7. Poor Host or Network Visibility • Minimal Endpoint, or Network Monitoring • Lack of Full Packet Inspection for Data Egress • No Monitoring Available for Encrypted Protocols • SIEM / Data Aggregation in Use but Sources are Minimal
7. Poor Host or Network Visibility Minimal Endpoint or Network Monitoring • Examples - most companies cannot: oDetect the creation of a local user or admin on workstations & servers oDetect the creation of a domain user (not admin) oDetect when a machine is added to the domain oDetect a port scan happening on their internal network oDetect specific process creation - e.g. PowerShell or others • Additionally, while the idea has been around for a long time, most companies are not using Honey Pots / Data
7. Poor Host or Network Visibility Lack of Full Packet Inspection for Data Egress • Detecting malicious traffic leaving org. • Key to determining compromises • Most companies: capability not deployed
7. Poor Host or Network Visibility No Monitoring Available for Encrypted Protocols • Public figures quote SSL traffic at 50 - 70% of your total network traffic • Are you inspecting that traffic? • If an attacker or malware was using SSL to exfiltrate data, would you be able to detect that? • What if that was combined with a trusted site? Image credit: https://zeltser.com/bots-command-and-control-via-social-media/
7. Poor Host or Network Visibility SIEM / Data Aggregation in Use but Sources are Minimal • A number of companies are now using data aggregation • THIS IS GREAT - but often not complete • Licensing costs can be a barrier • Ideally, you’d throw everything in your SIEM - but you can’t • Prioritize based on: oWhat are you trying to find out? Image credit: https://www.accumuli.com
Quick Wins - Host or Network Visibility (1) • If you can’t see what’s going on - you can’t secure it • At the very least you need to have visibility of traffic leaving your org. • Implement egress filtering - e.g. traffic to port X is not needed • Force all outbound traffic through an authenticated proxy server • Use domain content filtering to limit simple malicious traffic • Use NETFLOW and full packet capture to drill into outbound data • Consider how to break TLS/SSL to inspect this traffic ($$$) oNon-inline process used for investigations may be appropriate.
Quick Wins - Host or Network Visibility (2) • Moving beyond analyzing egress traffic - consider internal traffic • Most firms cannot detect simple actions - e.g. port scan against server • Instead of looking to deploy additional hardware / pinch points • Consider potentially using the NETFLOW data you already have • NETFLOW analysis from switches and routers will show anomalies • A single host scanning other hosts should be easy to spot • Use data aggregation and alerting via a SIEM to automate
8. Lack of General IR Readiness Image credit: http://www.joegirard.com/wp-content/uploads/2014/06/Be-Prepared-BoyScouts.jpg
8. Lack of General IR Readiness • No Documented IR Plan • Lack of Third Party Support • Lack of Telemetry to Support Investigation • Under-tested IR Plan
8. Lack of General IR Readiness No Documented IR Plan • A large number of companies have no plan, or are under-prepared • Determine: oThreats oLikely Actions / Attacks oPotential Business Impact oCountermeasures to Business Impact oResponse [Detection / Analysis / Containment / Eradication / Recovery] Image credit: http://www.phoenixts.com/wp-content/uploads/2015/01/NIST-incident-response-lifecycle.bmp
8. Lack of General IR Readiness Lack of Third Party Support • Maintaining in-house capabilities are hard • Think of the specialisms you may need: o Disk and Memory Forensics o Log Analysis & Triage o Malware Analysis o Mobile Expertise • Consider Retainer agreements with third parties that can help you. • Consider Legal Privilege.
8. Lack of General IR Readiness Lack of Telemetry to Support Investigation • Incomplete evidence = incomplete conclusions • Example: oMalware infection oMalware has capability to exfiltrate data oNo network telemetry to determine if that happened • Audit Board: “was data exfiltrated?” • Answer: “maybe” :/
8. Lack of General IR Readiness Under-tested IR Plan • Who does what and when during an Incident? • Do all the parties know each other? • Do they know how to communicate? • Do your technical staff know what not to do? • Do you drill your IR plan? Image credit: http://cdn2.hubspot.net/hubfs/264546/playbook.jpeg
Quick Wins - Incident Response Readiness • Planning for the worst is not something we are great at doing! • But like most things in life, you’ll feel better once you do  • Plan: oThreats oLikely Actions / Attacks oPotential Business Impact oCountermeasures to Business Impact oResponse [Detection / Analysis / Containment / Eradication / Recovery] oThird Party Help
Session Close • If your company has some of the things I’ve described (or all of them!) - you are not alone… • But you should work hard to address these issues. • Not doing so, makes you a very easy target. Image credit: https://i.redditmedia.com/S4Mo4iNIPHr87bX6OKSnFg59Wu96CwMw7TbILSUSv7Q.jpg?w=320&s=eafab46adeae0884be88a1eec861796b
Session Close • Kevin Dunn • Technical VP – NCC Group, Security Consulting • E: kevin.dunn@nccgroup.trust • L: https://www.linkedin.com/in/kevdunn Note: all images used, unless otherwise stated, are from Wiki Commons or internal NCC sources. Kevin Dunn

Recommended

IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVIncident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVAlexander Sverdlov
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)eNetSPI
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 

Recommended

IT system security principles practices
IT system security principles practicesIT system security principles practices
IT system security principles practicesgufranresearcher
 
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVIncident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVAlexander Sverdlov
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
 
Declaration of Mal(WAR)e
Declaration of Mal(WAR)eDeclaration of Mal(WAR)e
Declaration of Mal(WAR)eNetSPI
 
Security best practices for regular users
Security best practices for regular usersSecurity best practices for regular users
Security best practices for regular usersGeoffrey Vaughan
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Bh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpBh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpgeeksec80
 
2016 virus bulletin
2016 virus bulletin2016 virus bulletin
2016 virus bulletinAdrian Sanabria
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesChris Nickerson
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
 
2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session TwoFRSecure
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...Adrian Sanabria
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case StudyLastline, Inc.
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Bebar Media - NOAH16 Berlin
Bebar Media - NOAH16 BerlinBebar Media - NOAH16 Berlin
Bebar Media - NOAH16 BerlinNOAH Advisors
 
CS100.1x_Certificate
CS100.1x_CertificateCS100.1x_Certificate
CS100.1x_CertificateMohammad Yusuf Ghazi
 

More Related Content

What's hot

Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...CODE BLUE
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Bh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpBh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpgeeksec80
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesChris Nickerson
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
 
2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session TwoFRSecure
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...Adrian Sanabria
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 

What's hot (20)

Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Bh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wpBh us 11_tsai_pan_weapons_targeted_attack_wp
Bh us 11_tsai_pan_weapons_targeted_attack_wp
 
2016 virus bulletin
2016 virus bulletin2016 virus bulletin
2016 virus bulletin
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
Increasing Value Of Security Assessment Services
Increasing Value Of Security Assessment ServicesIncreasing Value Of Security Assessment Services
Increasing Value Of Security Assessment Services
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
 
2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
 
Benchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR OrganizationBenchmarking Web Application Scanners for YOUR Organization
Benchmarking Web Application Scanners for YOUR Organization
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten
 
Lastline Case Study
Lastline Case StudyLastline Case Study
Lastline Case Study
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 

Viewers also liked

Bebar Media - NOAH16 Berlin
Bebar Media - NOAH16 BerlinBebar Media - NOAH16 Berlin
Bebar Media - NOAH16 BerlinNOAH Advisors
 
SplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunk
 
Bjørnegård school visit @ Simuladagen 2015
Bjørnegård school visit @ Simuladagen 2015Bjørnegård school visit @ Simuladagen 2015
Bjørnegård school visit @ Simuladagen 2015Phu H. Nguyen
 
CA Technologies Customer Presentation
CA Technologies Customer PresentationCA Technologies Customer Presentation
CA Technologies Customer PresentationSplunk
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT TroubleshootingSplunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT TroubleshootingSplunk
 
Как организовать процесс дизайна в небольшой компании?
Как организовать процесс дизайна в небольшой компании?Как организовать процесс дизайна в небольшой компании?
Как организовать процесс дизайна в небольшой компании?CEE-SEC(R)
 
Устойчивая привязка к синтаксическим конструкциям в изменяющемся коде
Устойчивая привязка к синтаксическим конструкциям в изменяющемся кодеУстойчивая привязка к синтаксическим конструкциям в изменяющемся коде
Устойчивая привязка к синтаксическим конструкциям в изменяющемся кодеCEE-SEC(R)
 
appinio - NOAH16 Berlin
appinio - NOAH16 Berlinappinio - NOAH16 Berlin
appinio - NOAH16 BerlinNOAH Advisors
 
C++14 reflections
C++14 reflections C++14 reflections
C++14 reflections corehard_by
 
Splunk Search Optimization
Splunk Search OptimizationSplunk Search Optimization
Splunk Search OptimizationSplunk
 
Быстрый онлайн-доступ к огромному количеству оффлайн-данных в LinkedIn
Быстрый онлайн-доступ к огромному количеству оффлайн-данных в LinkedInБыстрый онлайн-доступ к огромному количеству оффлайн-данных в LinkedIn
Быстрый онлайн-доступ к огромному количеству оффлайн-данных в LinkedInCEE-SEC(R)
 
Level Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk EnterpriseLevel Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk EnterpriseSplunk
 
The final girl theory
The final girl theoryThe final girl theory
The final girl theoryBrandon_H
 
Mixing d ps building architecture on the cross cutting example
Mixing d ps building architecture on the cross cutting exampleMixing d ps building architecture on the cross cutting example
Mixing d ps building architecture on the cross cutting examplecorehard_by
 
Проверка для DMN: проектирование мультиагентной интеллектуальной системы
Проверка для DMN: проектирование мультиагентной интеллектуальной системыПроверка для DMN: проектирование мультиагентной интеллектуальной системы
Проверка для DMN: проектирование мультиагентной интеллектуальной системыCEE-SEC(R)
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 

Viewers also liked (20)

Bebar Media - NOAH16 Berlin
Bebar Media - NOAH16 BerlinBebar Media - NOAH16 Berlin
Bebar Media - NOAH16 Berlin
 
CS100.1x_Certificate
CS100.1x_CertificateCS100.1x_Certificate
CS100.1x_Certificate
 
SplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom DirectSplunkLive! Customer Presentation - Satcom Direct
SplunkLive! Customer Presentation - Satcom Direct
 
Bjørnegård school visit @ Simuladagen 2015
Bjørnegård school visit @ Simuladagen 2015Bjørnegård school visit @ Simuladagen 2015
Bjørnegård school visit @ Simuladagen 2015
 
Energear solutions
Energear solutionsEnergear solutions
Energear solutions
 
CA Technologies Customer Presentation
CA Technologies Customer PresentationCA Technologies Customer Presentation
CA Technologies Customer Presentation
 
Splunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT TroubleshootingSplunk Enterprise for IT Troubleshooting
Splunk Enterprise for IT Troubleshooting
 
Dsl for c++
Dsl for c++Dsl for c++
Dsl for c++
 
Как организовать процесс дизайна в небольшой компании?
Как организовать процесс дизайна в небольшой компании?Как организовать процесс дизайна в небольшой компании?
Как организовать процесс дизайна в небольшой компании?
 
Устойчивая привязка к синтаксическим конструкциям в изменяющемся коде
Устойчивая привязка к синтаксическим конструкциям в изменяющемся кодеУстойчивая привязка к синтаксическим конструкциям в изменяющемся коде
Устойчивая привязка к синтаксическим конструкциям в изменяющемся коде
 
appinio - NOAH16 Berlin
appinio - NOAH16 Berlinappinio - NOAH16 Berlin
appinio - NOAH16 Berlin
 
Cover officina 1 copia 1
Cover officina 1 copia 1Cover officina 1 copia 1
Cover officina 1 copia 1
 
C++14 reflections
C++14 reflections C++14 reflections
C++14 reflections
 
Splunk Search Optimization
Splunk Search OptimizationSplunk Search Optimization
Splunk Search Optimization
 
Быстрый онлайн-доступ к огромному количеству оффлайн-данных в LinkedIn
Быстрый онлайн-доступ к огромному количеству оффлайн-данных в LinkedInБыстрый онлайн-доступ к огромному количеству оффлайн-данных в LinkedIn
Быстрый онлайн-доступ к огромному количеству оффлайн-данных в LinkedIn
 
Level Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk EnterpriseLevel Up Your Security Skills in Splunk Enterprise
Level Up Your Security Skills in Splunk Enterprise
 
The final girl theory
The final girl theoryThe final girl theory
The final girl theory
 
Mixing d ps building architecture on the cross cutting example
Mixing d ps building architecture on the cross cutting exampleMixing d ps building architecture on the cross cutting example
Mixing d ps building architecture on the cross cutting example
 
Проверка для DMN: проектирование мультиагентной интеллектуальной системы
Проверка для DMN: проектирование мультиагентной интеллектуальной системыПроверка для DMN: проектирование мультиагентной интеллектуальной системы
Проверка для DMN: проектирование мультиагентной интеллектуальной системы
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 

Similar to Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn

Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011securityaegis
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
FUEL_USERS_GROUP
FUEL_USERS_GROUPFUEL_USERS_GROUP
FUEL_USERS_GROUPWill Pearce
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the LibrariesEoin Woods
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applicationseightbit
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issuesErnest Staats
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 

Similar to Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn (20)

Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
FUEL_USERS_GROUP
FUEL_USERS_GROUPFUEL_USERS_GROUP
FUEL_USERS_GROUP
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
System Security Beyond the Libraries
System Security Beyond the LibrariesSystem Security Beyond the Libraries
System Security Beyond the Libraries
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Assessing Your security
Assessing Your securityAssessing Your security
Assessing Your security
 
Tsc2021 cyber-issues
Tsc2021 cyber-issuesTsc2021 cyber-issues
Tsc2021 cyber-issues
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection
 

More from North Texas Chapter of the ISSA

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNorth Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNorth Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNorth Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNorth Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNorth Texas Chapter of the ISSA
 

More from North Texas Chapter of the ISSA (20)

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 

Recently uploaded

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn

  • 1. The Dirty Secrets of Enterprise Security Eight things that plague (almost) all companies!
  • 2. The Dirty Secrets of Enterprise Security • Working in security consultancy for over 12 years, I’ve had the pleasure of working with a lot of companies. • In recent years, my focus has been on enterprise risk assessments, penetration tests that look at the company as a whole and Incident Response. The visibility from these projects has been eye-opening.
  • 3. The Dirty Secrets of Enterprise Security • Common themes exist at nearly every company • (In one form or another) • This talk highlights those themes • Providing guidance on how to address them. Image credit: http://cdn2.hubspot.net/hubfs/264546/playbook.jpeg
  • 4. Session Overview The Dirty Secrets of Enterprise Security Speaker Introduction 1. Weaknesses in Physical Security 2. Susceptibility to Phishing 3. Vulnerability Management Immaturity 4. Weaknesses in Authentication 5. Poor Network Segmentation 6. Loose Data Access Control 7. Poor Host or Network Visibility 8. Lack of General Incident Response Readiness Image credit: http://cdn2.hubspot.net/hubfs/264546/playbook.jpeg
  • 5. Speaker Introduction • Technical VP for NCC Group, based in Austin TX. • 15 year career focused on Attack & Penetration techniques & defenses • Prior to that security focused government/military background • Currently Responsible for: oDevelopment of Strategic Technical Practices oStrategic Infrastructure Security (SIS) oSecurity Defense Operations (SDO) • Specialist in Red Team / Black Ops engagements • Physical Security Assessment Kevin Dunn
  • 6. www.nccgroup.trust/us • Formed in June 1999 showing immense growth over the past 16 years. • 1800 employees, in 32 office locations. • North America, the UK, Europe, Canada, Asia and Australia. • We strive to provide Total Information Assurance for our clients. • Offices: NYC, ATL, CHI, AUS, SEA, SFO, Sunnyvale and Waterloo. • NCC combines US security teams from: oiSEC Partners, Matasano, Intrepidus Group and NGS.
  • 7. 1. Weaknesses in Physical Security Image credit: http://itiscool.be/wp-content/uploads/2014/06/security.jpg
  • 8. 1. Weaknesses in Physical Security • Unguarded and Unmonitored Secondary Entrance Points • Systemic Susceptibility to Tailgating • Camera Monitoring Ineffective at Preventing Physical Breaches • Desk Security Policies Rarely Enforced
  • 9. 1. Weaknesses in Physical Security Unguarded and Unmonitored Secondary Entrance Points (1)
  • 10. 1. Weaknesses in Physical Security Unguarded and Unmonitored Secondary Entrance Points (2)
  • 11. 1. Weaknesses in Physical Security Systemic Susceptibility to Tailgating (1)
  • 12. 1. Weaknesses in Physical Security Systemic Susceptibility to Tailgating (2)
  • 13. 1. Weaknesses in Physical Security Weaknesses in Anti-Tailgating Technologies
  • 14. 1. Weaknesses in Physical Security Camera Monitoring Ineffective at Preventing Physical Breaches • In the very high majority of physical intrusion tests carried out • CCTV monitoring has not hindered the testing in any way • Including when cameras were attacked • Why is that? Image credit: https://www.popularresistance.org/wp-content/uploads/2013/08/Camover-Double.jpg
  • 15. 1. Weaknesses in Physical Security Desk Security Policies Rarely Enforced
  • 16. Quick Wins - Physical Security • Do not treat it all the same • Put more effort into securing your most important things • Recognize that your employees will not always make the right choices • Sometimes there is no substitute for a security guard presence • Make physical access hard and noisy • Make network access hard and noisy • Make theft of assets hard to achieve • Provide staff incentives to be your eyes and ears
  • 17. 2. Susceptibility to Phishing Image credit: https://www.redhawksecurity.com/images/Phishing.jpg
  • 18. 2. Susceptibility to Phishing • User Awareness Training Only Partially Effective • Technical Security Countermeasures Lacking or Under Developed • Security Team Follow Up on Phishing Events Often Incomplete
  • 19. 2. Susceptibility to Phishing User Awareness Training Only Partially Effective • Many people believe that the way to ‘solve’ the phishing problem is via training of users to spot and report phishing attacks. • By itself, user awareness training does not completely answer the threat of phishing - users will make mistakes! • Most organizations are susceptible to a high degree.
  • 23. 2. Susceptibility to Phishing Technical Security Countermeasures Lacking • Protection against macros or malicious sites are not effective o Users will enable macro content when prompted • Web browsers and content plugins are not kept up-to-date o Internet Explorer, and Adobe Flash are still targets that work • Application whitelisting at the desktop endpoint can be circumvented o Use of VBSCRIPT and PowerShell typically allows bypasses • Domain whitelisting can be bypassed (or not applied) o Use of pre-authorized domains for C2 is easy (GitHub, Twitter etc.)
  • 24. 2. Susceptibility to Phishing Security Team Follow Up on Phishing Events Often Incomplete
  • 25. Quick Wins - Phishing • Your employees will fall for phishing emails • They will give away their credentials and run malicious payloads • Use MFA for all services that support it • Separate their privileges from other actions • Email and web browsing should be contained away from ‘corp’ desktop • Several ways to achieve this: oVirtual Desktop Infrastructure (VDI) oWorkstation Virtual Machines oServer Virtual Infrastructure
  • 26. 3. Vulnerability Management Immaturity Image credit: https://eatingheavendotcom.files.wordpress.com/2014/04/messy-baby-176-e1396475370535.jpg
  • 27. 3. Vulnerability Management Immaturity • Visibility of Assets is Typically Partial or Incomplete • Investment in Internal Vulnerability Scanning Varies • Depth of System Hardening is Typically Shallow • Vulnerability Remediation Workflows are Under-Developed
  • 28. 3. Vulnerability Management Immaturity Visibility of Assets is Typically Partial or Incomplete • You can’t secure what you don’t know about • Manual, semi-automated and automated discovery • Assets: oFind servers / workstations / printers etc. oThe services they provide… o…and their general purpose within the org. • There are still a lot of firms that don’t have that complete picture.
  • 29. 3. Vulnerability Management Immaturity Investment in Internal Vulnerability Scanning Varies • Software license costs for commercial vulnerability scanners $$$ • Network design may contribute to needing several scanner hosts • Based on this, we see companies forced to prioritize scanning • This is troublesome in a domain environment o‘Low Risk’ hosts can be the entry points to domain compromise oIf they have been de-prioritized in VMP, they may have flaws that are missed
  • 30. 3. Vulnerability Management Immaturity Depth of System Hardening is Typically Shallow • Patching - Where do you get your patches from? oSoftware manufacturers oTypically first party patching • Hardening - Where do you get your hardening guidance from? oSoftware manufacturers - Microsoft, Oracle, Ubuntu etc. oThird party organizations - Center for Internet Security (CIS) oGovernment organizations - NSA, NIST
  • 31. 3. Vulnerability Management Immaturity Hacks that work waaay more than they should! • Poor / No Hardening oMSSQL Weak SA Password oTomcat Manager Weak Password oJenkins Groovy Script Command Execution oPrinter Default Credentials
  • 32. 3. Vulnerability Management Immaturity MSSQL Weak SA Password oA few simple steps to full control of server!
  • 33. 3. Vulnerability Management Immaturity Tomcat Manager Weak Password
  • 34. 3. Vulnerability Management Immaturity Tomcat Manager Weak Password
  • 35. 3. Vulnerability Management Immaturity Jenkins Groovy Script Command Execution oJenkins Integration Manager (source code build env.) Image Credit: www.pentestgeek.com
  • 36. 3. Vulnerability Management Immaturity Jenkins Groovy Script Command Execution oWhen poorly configured visiting /script gets you to a ‘Script Console’ Image Credit: www.pentestgeek.com
  • 37. 3. Vulnerability Management Immaturity Jenkins Groovy Script Command Execution oThat’s OS command execution! You never know how many privs you have!
  • 38. 3. Vulnerability Management Immaturity Printer Default Credentials oPrinters can be useful! o Here we are using a default password on a printer to gain access to LDAP credentials stored as part of the enterprise search function.
  • 39. 3. Vulnerability Management Immaturity Vulnerability Remediation Workflows are Under-Developed • Consider: oA missing patch for Oracle a Windows Server 2012 host oAn internal DB permission flaw for Oracle on Solaris oWeak credentials on Apache Tomcat running on Windows Server 2003 • Who fixes each of these? • Same people or different people in your IT org? • How? When? How frequently? Etc.
  • 40. Quick Wins - Vulnerability Management • You cannot secure your network 100% • New vulns; missed assets; forgotten things etc. • Patching - as ever! • Don’t neglect hardening - create hardened builds • Plan for failure: o‘Other things’ should prevent access to most critical data oThe security of any one system should not be a single point of failure
  • 41. 4. Weaknesses in Authentication Image credit: https://static.securityintelligence.com/uploads/2014/09/2FA-multi-factor-authentication-defeat-cybercriminals-future-how-to-938x535.jpg
  • 42. 4. Weaknesses in Authentication • Weak Passwords in Use • Passwords Written Down Insecurely by Users and Administrators • No Separation of Duties between Normal & Privileged Accounts • Poor Adoptions of MFA and / or EPV
  • 43. 4. Weaknesses in Authentication Weak Passwords in Use
  • 44. 4. Weaknesses in Authentication Passwords Written Down Insecurely by Users and Admins Whenever a user is asked to remember a password, the potential exists they will write it down. The same is usually also true for admins - because they have more than one password to remember.
  • 45. 4. Weaknesses in Authentication No Separation of Duties between Normal & Privileged Account • The Local Admin Problem o Some users need to be local admin on their own machines to ‘do their job’. • The ‘admin in the Domain’ Problem o Some users are DA or some other kind of privileged user in the domain to ‘do their job’. • The Email, Web Browsing & Day-to-Day Work Problem o Those local or domain admin users need to do regular non-privileged IT things as well
  • 46. 4. Weaknesses in Authentication Poor Adoptions of MFA and / or EPV • Multifactor Authentication (MFA) oCompanies are not using it enough oExternally for cloud services or internally for priv. access • Enterprise Password Vault (EPV) oCompanies are not using it oCompanies are deploying it with domain SSO oCompanies are deploying it without MFA Image credit: http://cdn03.androidauthority.net/wp-content/uploads/2013/09/YubiKey-NEO-smartphone-token-password-google.jpg
  • 47. Quick Wins - Authentication • Users will continue to pick bad passwords • Even with a complexity filter - Summer2016! • Organizations do this to themselves with ‘company defaults’ • Implement hardware-based MFA wherever possible • Make this mandatory for privileged accounts (admins) • Remove local admin rights / sudo from user’s own workstation • Separate duties and even workstations for highest risk • Use an EPV without SSO / domain auth or single-factor
  • 48. 5. Poor Network Segmentation Image credit: http://www.puppy-training-solutions.com/image-files/dog-jumping-fence-15990511.jpg
  • 49. 5. Poor Network Segmentation • Completely Flat Internal Network • Network or Host Segmentation Governed by AD Memberships • Segmentation of Corporate / Operational Networks via Weak Means
  • 50. 5. Poor Network Segmentation Completely Flat Internal Network • The Domain Controller Connection Challenge! • If you are not an admin on your corporate network… • Try to access a Domain Controller over RDP
  • 51. 5. Poor Network Segmentation
  • 52. 5. Poor Network Segmentation Network or Host Segmentation Governed by AD Memberships • Companies still rely on AD to govern access to systems • If the last 10 years of pentesting has shown you anything: • Microsoft Domains can be compromised by a number of avenues • An attacker / pentester can typically achieve Domain Admin • Based on this, your most critical systems should not be accessible via domain credentials alone, and group membership.
  • 53. 5. Poor Network Segmentation Segmentation via Weak Means • Jump Servers - These seem like a good idea to move between segments, but they are often deployed insecurely. • Consider this common deployment: oJump server is domain joined oAdmins Access it via RDP oNo firewalling of other services oUse of single-factor authentication
  • 54. Quick Wins - Network Segmentation • There is little justification for a flat network these days • Design your network, like a castle • Implement segmentation internally (consider internal VPNs) • Make every efforts to secure the methods of traversal • If you use a jump box, consider: oSSH access only, with port forwarding into a separate management LAN oMFA using hardware tokens oStrict firewalling
  • 55. 6. Loose Data Access Control Image credit: http://www.lionytics.com/blogposts/images/sri-data-leak.jpg
  • 56. 6. Loose Data Access Control • Internal Data Repositories not Adequately Guarded • Access to Most Critical Data Governed by Active Directory • Data Access Events not Monitored Adequately
  • 57. 6. Loose Data Access Control Internal Data Repositories not Adequately Guarded
  • 58. 6. Loose Data Access Control Internal Data Repositories not Adequately Guarded
  • 59. 6. Loose Data Access Control Access to Most Critical Data Governed by Active Directory • Companies still rely on AD to govern access to systems data • If the last 10 years of pentesting has shown you anything: oMicrosoft Domains can be compromised by a number of avenues oAn attacker / pentester can typically achieve Domain Admin • Based on this, your most critical data should not be accessible via domain credentials alone, and group membership.
  • 60. 6. Loose Data Access Control Data Access Events not Monitored Adequately Image credit: https://blogs.msdn.microsoft.com/johnwpowell/2008/08/14/how-to-update-a-sharepoint-user-account-when-they-leave-the-company-and-return/ Image credit: https://social.microsoft.com/Forums/getfile/35622/
  • 61. Quick Wins - Data Access Control • Data in shared folders or intranet portals is poorly secured • If data is critical or leaks key info. this makes things easy for an attacker • Create an internal data classification standard - apply it • Create appropriate access control for each classification level • Remember - your most critical data must be away from the Domain • Also Remember - any information is good information for an attacker • Log data access denied events and follow them up quickly.
  • 62. 7. Poor Host or Network Visibility Image credit: http://old.trustport.com/threat-intelligence/sites/default/files/ti/image/intro_network_visibility.jpg
  • 63. 7. Poor Host or Network Visibility • Minimal Endpoint, or Network Monitoring • Lack of Full Packet Inspection for Data Egress • No Monitoring Available for Encrypted Protocols • SIEM / Data Aggregation in Use but Sources are Minimal
  • 64. 7. Poor Host or Network Visibility Minimal Endpoint or Network Monitoring • Examples - most companies cannot: oDetect the creation of a local user or admin on workstations & servers oDetect the creation of a domain user (not admin) oDetect when a machine is added to the domain oDetect a port scan happening on their internal network oDetect specific process creation - e.g. PowerShell or others • Additionally, while the idea has been around for a long time, most companies are not using Honey Pots / Data
  • 65. 7. Poor Host or Network Visibility Lack of Full Packet Inspection for Data Egress • Detecting malicious traffic leaving org. • Key to determining compromises • Most companies: capability not deployed
  • 66. 7. Poor Host or Network Visibility No Monitoring Available for Encrypted Protocols • Public figures quote SSL traffic at 50 - 70% of your total network traffic • Are you inspecting that traffic? • If an attacker or malware was using SSL to exfiltrate data, would you be able to detect that? • What if that was combined with a trusted site? Image credit: https://zeltser.com/bots-command-and-control-via-social-media/
  • 67. 7. Poor Host or Network Visibility SIEM / Data Aggregation in Use but Sources are Minimal • A number of companies are now using data aggregation • THIS IS GREAT - but often not complete • Licensing costs can be a barrier • Ideally, you’d throw everything in your SIEM - but you can’t • Prioritize based on: oWhat are you trying to find out? Image credit: https://www.accumuli.com
  • 68. Quick Wins - Host or Network Visibility (1) • If you can’t see what’s going on - you can’t secure it • At the very least you need to have visibility of traffic leaving your org. • Implement egress filtering - e.g. traffic to port X is not needed • Force all outbound traffic through an authenticated proxy server • Use domain content filtering to limit simple malicious traffic • Use NETFLOW and full packet capture to drill into outbound data • Consider how to break TLS/SSL to inspect this traffic ($$$) oNon-inline process used for investigations may be appropriate.
  • 69. Quick Wins - Host or Network Visibility (2) • Moving beyond analyzing egress traffic - consider internal traffic • Most firms cannot detect simple actions - e.g. port scan against server • Instead of looking to deploy additional hardware / pinch points • Consider potentially using the NETFLOW data you already have • NETFLOW analysis from switches and routers will show anomalies • A single host scanning other hosts should be easy to spot • Use data aggregation and alerting via a SIEM to automate
  • 70. 8. Lack of General IR Readiness Image credit: http://www.joegirard.com/wp-content/uploads/2014/06/Be-Prepared-BoyScouts.jpg
  • 71. 8. Lack of General IR Readiness • No Documented IR Plan • Lack of Third Party Support • Lack of Telemetry to Support Investigation • Under-tested IR Plan
  • 72. 8. Lack of General IR Readiness No Documented IR Plan • A large number of companies have no plan, or are under-prepared • Determine: oThreats oLikely Actions / Attacks oPotential Business Impact oCountermeasures to Business Impact oResponse [Detection / Analysis / Containment / Eradication / Recovery] Image credit: http://www.phoenixts.com/wp-content/uploads/2015/01/NIST-incident-response-lifecycle.bmp
  • 73. 8. Lack of General IR Readiness Lack of Third Party Support • Maintaining in-house capabilities are hard • Think of the specialisms you may need: o Disk and Memory Forensics o Log Analysis & Triage o Malware Analysis o Mobile Expertise • Consider Retainer agreements with third parties that can help you. • Consider Legal Privilege.
  • 74. 8. Lack of General IR Readiness Lack of Telemetry to Support Investigation • Incomplete evidence = incomplete conclusions • Example: oMalware infection oMalware has capability to exfiltrate data oNo network telemetry to determine if that happened • Audit Board: “was data exfiltrated?” • Answer: “maybe” :/
  • 75. 8. Lack of General IR Readiness Under-tested IR Plan • Who does what and when during an Incident? • Do all the parties know each other? • Do they know how to communicate? • Do your technical staff know what not to do? • Do you drill your IR plan? Image credit: http://cdn2.hubspot.net/hubfs/264546/playbook.jpeg
  • 76. Quick Wins - Incident Response Readiness • Planning for the worst is not something we are great at doing! • But like most things in life, you’ll feel better once you do  • Plan: oThreats oLikely Actions / Attacks oPotential Business Impact oCountermeasures to Business Impact oResponse [Detection / Analysis / Containment / Eradication / Recovery] oThird Party Help
  • 77. Session Close • If your company has some of the things I’ve described (or all of them!) - you are not alone… • But you should work hard to address these issues. • Not doing so, makes you a very easy target. Image credit: https://i.redditmedia.com/S4Mo4iNIPHr87bX6OKSnFg59Wu96CwMw7TbILSUSv7Q.jpg?w=320&s=eafab46adeae0884be88a1eec861796b
  • 78. Session Close • Kevin Dunn • Technical VP – NCC Group, Security Consulting • E: kevin.dunn@nccgroup.trust • L: https://www.linkedin.com/in/kevdunn Note: all images used, unless otherwise stated, are from Wiki Commons or internal NCC sources. Kevin Dunn