Nuo 0 iki minios From 0 to Crowd

Transcription

1 Nuo 0 iki minios From 0 to Crowd Atea X Andrius Januta, Senior Cyber Security Engineer

2 Agenda :~$ whoami Intro To Adform Adform Global Infrastructure Challenges and Solutions Q&A 2

3 :~ $ Whoami? Andrius Januta 10+ years in Cyber Security InfoSec & IT Sec Penetration Testing Product Security Vulnerability Management 3

4 Introduction To Adform 4

5 The Most Complete Independent Advertising Technology Platform Platform Combines Data, Creativity and Trading for Enhanced Results Demand Side Platform Supply Side Platform Automated Guaranteed DEMAND Advertiser Edge Ad Server DMP Publisher Ad Server SUPPLY Publisher Edge 5

6 Global Adform Infrastructure 6

7 Global Infrastructure 9 Datacenters 2,4+ Mil Aerospike TPS x Physical Servers OpenStack VMs 5+ PB Hadoop Storage 800+ Hyper-V VMs 2+ Mil Kafka Messages per Second 620+ Gb/s Traffic via core 130+ Gb/s Incoming Network Traffic 3,6+ Mil Nginx QPS 7

8 Challenges and Solutions 8

9 Challenges and Solutions 9

10 Challenge #1 10

11 Challenge #2 /r/darknetmarkets/ Google, bing, Yandex etc. Signal, Telegram etc. 11

12 Challenge #2 12

13 Challenge #3 DEV&IT 350+ Finance&Legal 50 HR, Comms, Admin - 50 Product management - 30 Revenue & Operations 340+ Operating Systems - Windows - MacOS - Linux 13

14 Difficulty Challenge #4 Proactive Threat hunting SIEM Correlation Behavioral Analysis Threat Hunting Exploit Blocking Host IPS Sandbox Machine Learning Whitelisting Signatures IOCs / Blacklisting 14

15 Challenges and Solutions 15

16 Text 16

17 Phase 1 - Select 17

18 Phase 2 Analyze - External Forums, reddit, expert reviews, industry reviews Come up with requirements: - Protect without causing conflicts (performance, usability, support etc.) - All-inclusive protection - Vendor reputation - Be cost-aware - Movement beyond signature-based protection 18

19 Phase 2 Analyze - Internal Involve your people! Make it as a challenge 1 PoC at a time Specific testing slot (2 weeks) Gather feedback Ask for product roadmap 19

20 20

21 DISCLAIMER THIS IS VERY SUBJECTIVE EVALUATION THAT WAS DONE IN 2018 Q1 21

22 Phase 3 Evaluate Complicated reporting The workflow requires multiple clicks to get a full understanding Works better with vendor specific products Do not cover all OS s NG functionality only on Windows Limited functionality for MacOS Behaves as regular AV on Linux Difficult to to fully utilize NG functionality CPU performance issues Do not have prevention mode for Linux More expensive than other EPP solutions Overall bad feedback from users Browser plugin is irritating Kaspersky as AV engine Overcomplicated platform usability and endpoint management EDR functionality requires skilled technical staff Needs additional products or is limited to utilize EDR capabilities No integrated deployment solution 22

23 23

24 The one 24

25 25

26 Crowdstrike Fully operational in seconds No reboot required No performance impact on endpoints No need for AV signature updates No need for fine-tuning or configuration Cloud-based architecture provides an extensible platform that enables additional security services Falcon OverWatch - managed threat hunting, alerting, response and investigation assistance Integration with existing security products 26

27