Cyber Security. Our part of the journey

Transcription

1 Cyber Security Our part of the journey

2 The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward

3 The Privileged How to make enemies quickly Ask before acting makes us think Started initial thinking on safety of software

4 The Closets Network Equipment Controlled Focused on High Traffic Areas Centralized Shampoo, Rinse and Repeat

5 The Networks Started as a Single Class C Number of Devices caused first expansion Split out for security but wide open initially Tightened down protocols and access over time Further Tightening by granting rather then blocking

6 The Assessments First Internal and External Validation by outside source Introduction to the unknown Open ports (netbios) System Patches No Passwords Provide General and Specific Recommendations

7 The Assessments The Second External Pen Test Only Vendor software is vulnerable Focus on most critical machine New exploits constantly being exposed

8 The Assessments The Third External and Internal Test Vendors slow to resolve issues Did see improvements on computers Other network devices vulnerable

9 The Audits Part of Financial Audits starting in 2012 Each year significantly harder Focus becomes more on process and procedure Tie into Cyber Security is the ability to recover

10 The Other Developed a DR site Updated Physical Security Access Restrictions to Server Rooms Earlier in Projects

11 The People 1 person IT now IT and OT departments Dedicated Cyber Security Employee Management and the Board NEO Training Spam Campaigns News letter reminders Cyber Security Awareness Web page

12 The Community SANS Training APPA and TPPA TAGITM E-ISAC DHS

13 Where are we today. Managed Service Provider Supplements Sec Admin and need for personnel 24 / 7 coverage on covered infrastructure Automatic analysis of event

14 MSP - Services Next Gen Antivirus Monitor 5 critical Infrastructure points Firewall monitoring Intrusion Prevention System Server log storage Qualys Vulnerability Scanner

15 IPS Intrusion Prevention System Appliance outside firewall IPS or IDS Signature based Snort (Software free; rule subscription $399) -- Complex

16 Firewall monitoring Logs sent to MSP for analysis Trigger incidents for further analysis Only as good as the logs Pay for your firewall licensing; low cost of entry in sec world

17 5 Key/Critical Infrastructure points monitored Domain Controllers DB server Billing system Mail server

18 Next Gen Anti-virus Activity record of endpoint All files on the system used and touched Records MD5 hashes of file (File fingerprints) Manual blocking of files Visualize process trees and timelines to find threats (dlls, etc) Secure shell to endpoints Isolate infected system and remove malicious files Forensic data

19 Next Gen Anti-Virus Advance predictive models to stop attacks Analyze endpoint data and uncover malicious actors Watch's network activity Prevents attacks automatically, online or offline Blocks emerging, never-before-seen attacks Blacklist apps / Terminate processes Secure shell off network

20 Log Storage (PCI compliance) Long term server log storage PCI compliance Data for forensics investigation Data for compliance proof

21 Log Storage Scan your infrastructure for known vulnerabilities Scan your infrastructure for configuration issues Help prove infrastructure is not vulnerable to items in the wild Help prove compliance is met Reports CVE numbers and potential fixes

22 CVE database Common Vulnerabilities and Exposures (The Known) Supported by DHS Search this Database for the products you use Ex: Allen Bradly 28 CVE entries that match Anyone use Allen Bradly controllers?

23 CVE search

24 Vulnerability

25

26 Firewalls In / out bound rules GEO IP fencing Content filter Botnet Filters Segment Networks VPN Gateway AV checks Real Time Black List Filters

27 Endpoint Antivirus Signature based blocking of: Some behavior based network blocking Firewall built in if you want to use it Device control policies (USBs)

28 Phishing Phish campaign s test employees 91% of data breaches start with phishing attack Phish alert button for mail client Report metrics Training materials Free tools Domain lookalikes; Breached passwords; USB beacon test 45% of your users will plug them in

29 Reporting (Campaign level)

30 Browsers Used

31 Phishing Campaigns

32 Phish Templates

33 Custom Landing Page

34 Organization Risk Score

35 Testing results (90 days)

36 Shodan.io (Free) Search engine for IoT; web cams, refrigerators, power plants, etc Run your public IPs through it Watch what you expose to the internet

37 Shodan.io search for Allen Bradley

38 Default Passwords?

39 Identify Theft Resource Center 2017 Stats Companies Breached (known and reported) 172,582,517 Records Exposed $24,334,134,897 (Average Cost per a record breached $141) Average cost of Breach $4 Million (up 29% since 2013) 48% breaches are malicious in nature 26% likelihood breached in the next 24 months

40 What can you do Start by reviewing the NIST Cyber sec framework Review the SANS 20 Critical Security Controls Layers of security