Premediation. The Art of Proactive Remediation. Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.
|
|
- Dale Grant
- 5 years ago
- Views:
Transcription
1 Premediation The Art of Proactive Remediation Matthew McWhirt, Senior Manager Manfred Erjak, Principal Consultant OCTOBER 1 4, 2018 WASHINGTON, D.C.
2 Overview Case Study Remediation Overview Premediation Q&A
3 Introductions Matthew McWhirt Senior Manager Mandiant Security Transformation Services (STS) linkedin.com/in/matthew-mcwhirt / Manfred Erjak Principal Consultant Mandiant Security Transformation Services (STS) linkedin.com/in/itsecuritysolutions
4 While Breaches are Inevitable.
5 .Impactful Breaches are Preventable
6 Case Study What Happens During a Breach Phishing Credential Compromise Backdoor Implanted on VDI (Persistence) Internal Reconnaissance Credential Dumping Webshell Placed on a DMZ Server Lateral Movement to specific systems Maintain Presence Move Laterally Initial Recon Initial Compromise Est ablish Foothold Escalat e Privileg es Internal Recon Complete Mission
7 Case Study Quick Eradication Blocked NBIs Removed Backdoors Removed Webshells Rebuilt VDI servers Implemented MFA for external VDI and OWA Access Targeted Password Reset Local Administrator Password Solution (LAPS)
8 2 Months later
9 Case Study Re-Compromised Access to OWA (bypassing MFA) Incomplete password reset Another wave of phishing VDI OTP sent via Accessed by an attacker using OWA Login to VDI (username/password/otp) Credential Dumping Lateral Movement to specific systems
10 Case Study Full Remediation Enterprise Password Reset Enhanced visibility and detection Endpoint Network Network architecture review and hardening Internal External
11 Case Study Full Remediation Privileged Account Management and Usage Tiered Architecture for Privileged Account Usage Reduction in scope of Privileged Accounts MFA Implementation Review and Redesign Full LAPS Implementation
12 /pre me di a tion/
13 Remediation Stage Posturing Visibility and Detection enhancements Asset Management Critical Data and Asset Mapping Hardening Preparation and Planning Planning for execution of next stages Strategic Enhancements Eradication Posturing Containment
14 Remediation Stage Containment Tactical Short-term mitigation actions Critical system and data isolation Strategic Enhancements Posturing Eradication Containment
15 Remediation Stage Eradication Removing the attacker from the environment Hardening the environment Preventing the attacker from regaining access Strategic Enhancements Posturing Eradication Containment
16 Remediation Stage Strategic Enhancements Longer-term security enhancements Additional technical and process improvements Adaptive Risk Management Strategic Enhancements Posturing Eradication Containment
17 Premediation General Posturing Visibility and Detection Identify Gaps Endpoint Network Crown Jewels Asset Management Critical Asset and Data Mapping Ingress / Egress Points Scanning and Enumeration
18 Premediation General Posturing Vulnerability Management / Patching Logging Domain Controllers / Servers End-user devices PowerShell DNS VPN Network Proxy Servers Load Balancers
19 Premediation Network Segmentation Segmenting the network based on the label or classification level of the information Systems containing PCI, PII, or HIPAA data Servers of different security classifications Servers and Workstations Workstations within different regions, offices, or business units Classical Segmentation VLANs, L3 ACLs, Firewalls SDN Micro-Segmentation VMWare NSX, Cisco ACI
20 Premediation Network Segmentation Protect critical intellectual property from unauthorized applications or users Reduce the exposure of vulnerable systems Prevent lateral movement throughout the network Attackers Automated Malware (WannaCry)
21 Premediation Endpoint Review and Hardening Scope of OS Endpoint Technologies Deployment of Endpoint Protection/Detection Tools System-to-System Communication Restrictions Firewalls Layer 3 ACLs RDP Restrictions MS Office Hardening Controls Macros and OLE DDE / Auto-download of content
22 Premediation Endpoint Review and Hardening Egress Restrictions Workstation / Laptops Servers / DCs / Critical Assets Local Administrative Permissions KB S : NT AUTHORITY\Local account and member of Administrators group Local Administrator Passwords Remote Access Application Whitelisting
23 Premediation Active Directory Review and Hardening Forest Architecture and Trusts Types of Trusts Scope of services in each domain Trust Protections RODCs vs Writable DCs RODC Password Replication Group Operational Processes and Monitoring GPOs Administration Models Remote Administration Logging / Monitoring / Alerting
24 Premediation Active Directory Review and Hardening Account and Credential Management Password Policies Privileged Accounts Service Accounts SPNs Delegated Accounts Kerberos Authentication Policies WDigest (KB ) / TokenLeakDetectDelaySecs LSA Protected Process / Credential Guard MFA / PAM KRBTGT Resets*
25 Premediation Privileged Account Management Tier 0 Tiered Architecture Model Forest/Domain Admins Admin Workstation Domain Controllers Same Tier Logon Jump Boxes / PAWS Tier 1 Higher Tier Logon MFA Server Admins Admin Workstation Servers Lower Tier Logon GPOs to restrict Privileged Account Usage Tier 2 Blocked Protected Users Group Workstation Admin Admin Workstation Workstations Only as required by role Restricted Admin RDP Cached Credentials DSRM (Writable vs RODCs) Separate VPN Profiles for Admins
26 Credential Artifacts on Endpoints When are credentials stored in Memory on Destination Endpoints? Interactive Logon Remote Desktop (RDP) Logon PSExec with explicit credentials Batch logon (scheduled tasks) Running Services RunAs (New Credentials) PowerShell CredSSP Can be controlled via GPO settings
27 Premediation Azure / O365 Review and Hardening On-Prem / Azure Synchronization ADFS Security Configuration Privileged Management for Azure MFA Requirements Users and Administrators AZUREADSSOACC Decryption Key Change Seamless SSO Conditional Access (Users and Admins) Logging and Monitoring O365 mailbox logging
28 Premediation Containment and Eradication Posturing Playbooks and Tested Process to Support Common Containment and Eradication Actions Containing and Isolating key systems Blocking of network indicators IP addresses Domains Searching and blocking for host-based indicators EDR AV Rebuilding / Reconstituting Systems SLAs for Third Party Assistance
29 Premediation in Action Case Study Environment Hardening, Network Segmentation, Proactive Scanning and Enumeration, Process Review Hardened Trust Relationships, GPOs, LAPS, Credential Management, Kerberos, WDigest Tiered Architecture, Restricted Admin RDP, Protected Groups Local Admin, Logon Restrictions General Posturing Network Segmentation Active Directory Hardening Privileged Account Management Endpoint Hardening Reconnaissance Lateral Movement Webshell Placement OWA Bypass MFA / OTP Issuance Lateral Movement Endpoint Exploitation Malware Spreading Credential Dumping Lateral Movement Endpoint Exploitation Credential Dumping Lateral Movement Phishing Exploitation Credential Dumping Lateral Movement Implanted Backdoors Establish Foothold Internal Recon Initial Compromise Escalate Privileges Initial Compromise Internal Recon Move Laterally Escalate Privileges Internal Recon Establish Foothold Maintain Presence Internal Recon Move Laterally Escalate Privileges Move Laterally Internal Recon Move Laterally Maintain Presence
30 Premediation Continuous Process Continuous Premediation Cycle Premediation is a continuous process Integrate this methodology as part of your risk management framework Test and verify the effectiveness of the processes and controls Continue to adapt and enhance
31 Q&A
Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection
Securing Privileged Access Securing High Value Assets Datacenter Security Information Protection Information Worker and Device Protection Azure Active Directory 3 rd Party IaaS IaaS Rights Management Services
More informationSecuring Active Directory Administration
Securing Active Directory Administration April 18, 2019 Sponsored by @BlackHatEvents / #BlackHatWebcasts Agenda On-Prem AD vs Azure AD Evolution of Administration Exploiting Typical Administration Methods
More informationPass-the-Hash Attacks
Pass-the-Hash Attacks Mgr. Michael Grafnetter www.dsinternals.com Agenda PtH Attack Anatomy Mitigation Proactive Reactive Windows 10 + Windows Server 2016 Microsoft Advanced Threat Analytics PtH Attack
More informationCritical Hygiene for Preventing Major Breaches
SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos
More informationFuture Forests: Realistic Strategies for AD Security & Red Forest Architecture
SESSION ID: STR-R02 Future Forests: Realistic Strategies for AD Security & Red Forest Architecture Katie Knowles Security Consultant MWR InfoSecurity @_sigil Introduction: Why AD Matters How AD is Targeted
More informationComputers Gone Rogue. Abusing Computer Accounts to Gain Control in an Active Directory Environment. Marina Simakov & Itai Grady
Computers Gone Rogue Abusing Computer Accounts to Gain Control in an Active Directory Environment Marina Simakov & Itai Grady Motivation Credentials are a high value target for attackers No need for 0-day
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationPass-the-Hash Attacks. Michael Grafnetter
Pass-the-Hash Attacks Michael Grafnetter www.dsinternals.com Agenda PtH Attack Anatomy Mitigation Proactive Reactive Windows 10 + Windows Server 2016 PtH History and Future 1988 Microsoft releases Lan
More informationAUTHENTICATION. Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response
AUTHENTICATION Do You Know Who You're Dealing With? How Authentication Affects Prevention, Detection, and Response Who we are Eric Scales Mandiant Director IR, Red Team, Strategic Services Scott Koller
More informationIncident Scale
SESSION ID: SOP-T07 Incident Response @ Scale Salah Altokhais Incident Response Consultant National Cyber Security Center (NCSC),KSA @salah.altokhais Khalid Alsuwaiyel Incident Response Specialist National
More informationRemediating Targeted-threat Intrusions
Remediating Targeted-threat Intrusions Jim Aldridge Introduction Successfully remediating a targeted intrusion by a persistent adversary requires a different approach from that applied to non-targeted
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationActive Directory Security: The Journey. Sean Metcalf s e a n TrimarcSecurity.com TrimarcSecurity.
Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com www.adsecurity.org TrimarcSecurity.com ABOUT Founder Trimarc, a security company. Microsoft Certified Master
More informationFrom Workstation to Domain. Sean Metcalf s e a n TrimarcSecurity.com TrimarcSecurity.com
From Workstation to Domain Admin Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com www.adsecurity.org TrimarcSecurity.com ABOUT Founder Trimarc (Trimarc.io), a professional services company that
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationDeploy and Configure Microsoft LAPS. Step by step guide and useful tips
Deploy and Configure Microsoft LAPS Step by step guide and useful tips 2 Table of Contents Challenges today... 3 What is LAPS... 4 Emphasis and Tips... 5 How LAPS Work... 6 Components... 6 Prepare, Deploy
More information10 Active Directory Misconfigurations That Lead to Total Compromise Austin, TX 201 W 5th St.
10 Active Directory Misconfigurations That Lead to Total Compromise hello@javelin-networks.com +1-888-867-5179 Austin, TX 201 W 5th St. 1. Group Policy Preferences Visible Passwords Group Policy Preferences
More informationSecuring Active Directory Administration. Sean Metcalf s e a n TrimarcSecurity.com TrimarcSecurity.
Securing Active Directory Administration Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com www.adsecurity.org TrimarcSecurity.com ABOUT Founder Trimarc (Trimarc.io), a professional services company
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationTips for Passing an Audit or Assessment
Tips for Passing an Audit or Assessment Rob Wayt CISSP-ISSEP, HCISPP, CISM, CISA, CRISC, CEH, QSA, ISO 27001 Lead Auditor Senior Security Engineer Structured Communication Systems Who likes audits? Compliance
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationModern Realities of Securing Active Directory & the Need for AI
Modern Realities of Securing Active Directory & the Need for AI Our Mission: Hacking Anything to Secure Everything 7 Feb 2019 Presenters: Dustin Heywood (EvilMog), Senior Managing Consultant, X-Force Red
More informationSecuring Windows Server 2016
Course 20744C: Securing Windows Server 2016 Page 1 of 7 Securing Windows Server 2016 Course 20744C: 4 days; Instructor-Led Introduction This four-day, instructor-led course teaches IT professionals how
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationNews and Updates June 1, 2017
Microsoft Azure News and Updates June 1, 2017 Azure Backup for Windows Server System State Modern Backup Storage with Azure Backup Server v2 vcenter/esxi 6.5 support for Azure Backup Server Larger Disk
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationOne Hospital s Cybersecurity Journey
MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital
More informationActive Directory Attacks and Detection
Active Directory Attacks and Detection #Whoami Working as an Information Security Executive Blog : www.akijosberryblog.wordpress.com You can follow me on Twitter: @AkiJos This talk is Based on Tim Madin
More informationBack to Basics: Basic CIS Controls
Back to Basics: Basic CIS Controls Chad Waddell Enterprise Consultant Center for Internet Security 2 https://www.cisecurity.org/ Non-profit organization founded in 2000 Employs closed crowdsourcing model
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More information"Charting the Course... MOC C: Securing Windows Server Course Summary
Course Summary Description This five-day, instructor-led course teaches IT professionals how they can enhance the security of the IT infrastructure that they administer. This course begins by emphasizing
More informationT22 - Industrial Control System Security
T22 - Industrial Control System Security PUBLIC Copyright 2017 Rockwell Automation, Inc. All Rights Reserved. 1 Holistic Approach A secure application depends on multiple layers of protection and industrial
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationCYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO
CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO INFORMATION SECURITY PAINS CISO RESPONSIBILITY WITHOUT AUTHORITY INVENTORY TO MANAGE ALERTS WITHOUT MEANING ASSETS SPREAD ACROSS
More informationSegmentation for Security
Segmentation for Security Do It Right Or Don t Do It At All Vidder, Inc. Segmentation for Security 1 Executive Summary During the last 30 years, enterprises have deployed large open (flat) networks to
More informationWindows Server Security Guide
Windows Server Security Guide August 2017 Contents Windows Server 2016 Security Guide... 3 Why is Windows Server 2016 security important?... 3 How does Windows Server 2016 help prevent and detect compromise?...
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationPENETRATION TESTING EXTREME VERSION 1
PENETRATION TESTING EXTREME VERSION 1 The world s most advanced network penetration testing course elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations
More informationDatacenter Security: Protection Beyond OS LifeCycle
Section Datacenter Security: Protection Beyond OS LifeCycle 1 Not so fun Facts from the Symantec ISTR 2017 Report Zero-Day Vulnerability, annual total Legitimate tools, annual total 6,000 5 5,000 4,000
More information[ Sean TrimarcSecurity.com ]
Securing the Microsoft Cloud (Office 365 & Azure AD) Sean Metcalf Founder, Trimarc Presenter bio Sean Metcalf Founder & CTO, Trimarc One of ~100 people globally who holds the Microsoft Certified Master
More informationCourse Outline 20744B
Course Outline 20744B Module 1: Attacks, breach detection, and Sysinternals tools In this module, students will learn about breach detection, attack types and vectors, cybercrime, and how you can analyse
More informationAttacking and Defending Active Directory July, 2017
Attacking and Defending Active Directory July, 2017 About: Adam Steed - @aboy 20 years of experience in IAM, working for financial, websites, and healthcare organizations Associate Director Protiviti Security
More informationTOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION
INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationActive Directory Security: The Journey. Sean Metcalf s e a n TrimarcSecurity.com TrimarcSecurity.
Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com www.adsecurity.org TrimarcSecurity.com ABOUT Founder Trimarc (Trimarc.io), a professional services company
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationTransforming Security Part 2: From the Device to the Data Center
SESSION ID: SP01-R11 Transforming Security Part 2: From the Device to the Data Center John Britton Director, EUC Security VMware @RandomDevice The datacenter as a hospital 3 4 5 Digital transformation
More informationPLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY
PAGE 2 IN CEE PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY MAR 2017 IGOR SHASTITKO About Consalta Every business deserves an opportunity to grow! We
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationThe Evolution of Data Center Security, Risk and Compliance
#SymVisionEmea #SymVisionEmea The Evolution of Data Center Security, Risk and Compliance Taha Karim / Patrice Payen The Adoption Curve Virtualization is being stalled due to concerns around Security and
More informationHybrid Identity de paraplu in de cloud
EXPERTS LIVE SUMMER NIGHT Hybrid Identity de paraplu in de cloud Robbert van der Zwan TSP EM+S Netherlands EXPERTS LIVE SUMMER NIGHT Robbert van der Zwan Robbert works as an Enterprise Mobility and Security
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationIMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP
IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP North America Latin America Europe 877.224.8077 info@coalfire.com coalfire.com Coalfire sm and CoalfireOne sm are registered service
More informationCourse Outline 20742B
Course Outline 20742B Module 1: Installing and configuring domain controllers This module describes the features of AD DS and how to install domain controllers (DCs). It also covers the considerations
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCompTIA SY CompTIA Security+
CompTIA SY0-501 CompTIA Security+ https://killexams.com/pass4sure/exam-detail/sy0-501 QUESTION: 338 The help desk is receiving numerous password change alerts from users in the accounting department. These
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationMETHODOLOGY This program will be conducted with interactive lectures, PowerPoint presentations, discussions and practical exercises.
CENTER OF KNOWLEDGE, PATH TO SUCCESS Website: IDENTITY WITH WINDOWS SERVER 2016 Course 20742: 5 days; Instructor-Led INTRODUCTION This five-day instructor-led course teaches IT Pros how to deploy and configure
More informationElectronic Access Controls June 27, Kevin B. Perry Director, Critical Infrastructure Protection
Electronic Access Controls June 27, 2017 Kevin B. Perry Director, Critical Infrastructure Protection kperry.re@spp.org 501.614.3251 1 Electronic Access Point 2 What does your access control look like?
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationCSC - DRAFT - VER6c FOR PUBLIC COMMENT ONLY
The Center for Internet Security Critical Security Controls Version 6.1 Family Control Control Description SecureTheVillage Critical Security Control #1: Inventory of Authorized and Unauthorized Devices
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationSailPoint IdentityIQ Integration with the BeyondInsight Platform. Providing Complete Visibility and Auditing of Identities
SailPoint IdentityIQ Integration with the BeyondInsight Platform Providing Complete Visibility and Auditing of Identities Table of Contents Executive Summary... 3 Identity and Access Management... 5 BeyondTrust
More informationM20742-Identity with Windows Server 2016
M20742-Identity with Windows Server 2016 Course Number: M20742 Category: Technical Microsoft Duration: 5 days Certification: 70-742 Overview This five-day instructor-led course teaches IT Pros how to deploy
More informationMapping BeyondTrust Solutions to
TECH BRIEF Taking a Preventive Care Approach to Healthcare IT Security Table of Contents Table of Contents... 2 Taking a Preventive Care Approach to Healthcare IT Security... 3 Improvements to be Made
More informationIdentity with Windows Server 2016
Identity with Windows Server 2016 20742B; 5 days, Instructor-led Course Description This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain Services (AD
More informationAdvanced Security Measures for Clients and Servers
Advanced Security Measures for Clients and Servers Wayne Harris MCSE Senior Consultant Certified Security Solutions Importance of Active Directory Security Active Directory creates a more secure network
More informationBecoming the Adversary
SESSION ID: CIN-R06 Becoming the Adversary Tyrone Erasmus Managing Security Consultant MWR InfoSecurity @metall0id /usr/bin/whoami Most public research == Android Something different today 2 Overview Introduction
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationCyber Defense Operations Center
Cyber Defense Operations Center Providing world-class security protection, detection, and response Marek Jedrzejewicz Principal Security Engineering Manager Microsoft Corporation 1 Cybersecurity. In the
More informationACTIVE DIRECTORY DOMAIN STIG REVISION HISTORY. Version 2, Release January Developed by DISA for the DoD
ACTIVE DIRECTORY DOMAIN STIG Version 2, Release 8 27 January 2017 Developed by for the DoD Active History, V2R8 V2R8 V2R7 - V-8548 - Removed Enterprise and Domain Admins - accounted for in other requirements.
More informationLive Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationPractical Network Defense Labs
Practical Network Defense Labs ABOUT This document showcases my practical hands-on engagements in the elearnsecurity HERA labs environment for the Network Defense Professional certification course. I utilized
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationPrecisionAccess Trusted Access Control
Data Sheet PrecisionAccess Trusted Access Control Defeats Cyber Attacks Credential Theft: Integrated MFA defeats credential theft. Server Exploitation: Server isolation defeats server exploitation. Compromised
More information20742: Identity with Windows Server 2016
Course Content Course Description: This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain Services (AD DS) in a distributed environment, how to implement
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationTestBraindump. Latest test braindump, braindump actual test
TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationIdentity with Windows Server 2016
Identity with Windows Server 2016 Course 20742B - 5 Days - Instructor-led, Hands on Introduction This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain
More information70-742: Identity in Windows Server Course Overview
70-742: Identity in Windows Server 2016 Course Overview This course provides students with the knowledge and skills to install and configure domain controllers, manage Active Directory objects, secure
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationCrash course in Azure Active Directory
Crash course in Azure Active Directory Crash course in Azure Active Directory Competing today requires a focus on digital transformation and empowering everyone to be creative and work together securely.
More informationSecurity Fundamentals for your Privileged Account Security Deployment
Security Fundamentals for your Privileged Account Security Deployment February 2016 Copyright 1999-2016 CyberArk Software Ltd. All rights reserved. CAVSEC-PASSF-0216 Compromising privileged accounts is
More informationSAS and F5 integration at F5 Networks. Updates for Version 11.6
SAS and F5 integration at F5 Networks Updates for Version 11.6 Managing access based on Identity Employees Partner Customer Administrator IT challenges: Control access based on user-type and role Unify
More informationCyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016
Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016 Agenda Overview What s new in PI Security Demo What s coming next Call to Action 2 Cyber Security is more of a Marathon than
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationSecuring Office 365 & Other SaaS
Securing Office 365 & Other SaaS PrecisionAccess Vidder, Inc. Securing Office 365 & Other SaaS 1 Executive Summary Securing Office 365 means securing Email, SharePoint, OneDrive, and a number of other
More information