Cyber Security. Our part of the journey

Similar documents
The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Cyber security tips and self-assessment for business

Building Resilience in a Digital Enterprise

Cyber Security Stress Test SUMMARY REPORT

How Breaches Really Happen

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

ANATOMY OF AN ATTACK!

June 2 nd, 2016 Security Awareness

Carbon Black PCI Compliance Mapping Checklist

Cyber Risks in the Boardroom Conference

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

AT&T Endpoint Security

NetDefend Firewall UTM Services

Security Gaps from the Field

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Designing and Building a Cybersecurity Program

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Endpoint Protection : Last line of defense?

Symantec Ransomware Protection

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

hidden vulnerabilities

Cybersecurity The Evolving Landscape

Simple and Powerful Security for PCI DSS

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Qualys Cloud Platform

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Cybersecurity Today Avoid Becoming a News Headline

Getting over Ransomware - Plan your Strategy for more Advanced Threats

External Supplier Control Obligations. Cyber Security

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Automating the Top 20 CIS Critical Security Controls

Becoming the Adversary

Assessing Your Incident Response Capabilities Do You Have What it Takes?

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Computer Security: Cyber Essentials KAMI VANIEA 1

Practical SCADA Cyber Security Lifecycle Steps

K12 Cybersecurity Roadmap

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Illinois Cyber Navigator Program

HIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Cisco Firepower NGFW. Anticipate, block, and respond to threats

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

CloudSOC and Security.cloud for Microsoft Office 365

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

10 FOCUS AREAS FOR BREACH PREVENTION

RSA Security Analytics

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Process System Security. Process System Security

Compliance Audit Readiness. Bob Kral Tenable Network Security

Security Gap Analysis: Aggregrated Results

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

PT Unified Application Security Enforcement. ptsecurity.com

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

MODERN DESKTOP SECURITY

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Dynamic Datacenter Security Solidex, November 2009

TestBraindump. Latest test braindump, braindump actual test

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Reinvent Your 2013 Security Management Strategy

Next Generation Enduser Protection

Onapsis: The CISO Imperative Taking Control of SAP

Information Security Controls Policy

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

AGILE AND CONTINUOUS THREAT MODELS

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

ACM Retreat - Today s Topics:

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Synchronized Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Automated Threat Management - in Real Time. Vectra Networks

Security Audit What Why

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

THE TRIPWIRE NERC SOLUTION SUITE

Transcription:

Cyber Security Our part of the journey

The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward

The Privileged How to make enemies quickly Ask before acting makes us think Started initial thinking on safety of software

The Closets Network Equipment Controlled Focused on High Traffic Areas Centralized Shampoo, Rinse and Repeat

The Networks Started as a Single Class C Number of Devices caused first expansion Split out for security but wide open initially Tightened down protocols and access over time Further Tightening by granting rather then blocking

The Assessments First Internal and External Validation by outside source Introduction to the unknown Open ports (netbios) System Patches No Passwords Provide General and Specific Recommendations

The Assessments The Second External Pen Test Only Vendor software is vulnerable Focus on most critical machine New exploits constantly being exposed

The Assessments The Third External and Internal Test Vendors slow to resolve issues Did see improvements on computers Other network devices vulnerable

The Audits Part of Financial Audits starting in 2012 Each year significantly harder Focus becomes more on process and procedure Tie into Cyber Security is the ability to recover

The Other Developed a DR site Updated Physical Security Access Restrictions to Server Rooms Earlier in Projects

The People 1 person IT now IT and OT departments Dedicated Cyber Security Employee Management and the Board NEO Training Spam Campaigns News letter reminders Cyber Security Awareness Web page

The Community SANS Training APPA and TPPA TAGITM E-ISAC DHS

Where are we today. Managed Service Provider Supplements Sec Admin and need for personnel 24 / 7 coverage on covered infrastructure Automatic analysis of event

MSP - Services Next Gen Antivirus Monitor 5 critical Infrastructure points Firewall monitoring Intrusion Prevention System Server log storage Qualys Vulnerability Scanner

IPS Intrusion Prevention System Appliance outside firewall IPS or IDS Signature based Snort (Software free; rule subscription $399) -- Complex

Firewall monitoring Logs sent to MSP for analysis Trigger incidents for further analysis Only as good as the logs Pay for your firewall licensing; low cost of entry in sec world

5 Key/Critical Infrastructure points monitored Domain Controllers DB server Billing system Mail server

Next Gen Anti-virus Activity record of endpoint All files on the system used and touched Records MD5 hashes of file (File fingerprints) Manual blocking of files Visualize process trees and timelines to find threats (dlls, etc) Secure shell to endpoints Isolate infected system and remove malicious files Forensic data

Next Gen Anti-Virus Advance predictive models to stop attacks Analyze endpoint data and uncover malicious actors Watch's network activity Prevents attacks automatically, online or offline Blocks emerging, never-before-seen attacks Blacklist apps / Terminate processes Secure shell off network

Log Storage (PCI compliance) Long term server log storage PCI compliance Data for forensics investigation Data for compliance proof

Log Storage Scan your infrastructure for known vulnerabilities Scan your infrastructure for configuration issues Help prove infrastructure is not vulnerable to items in the wild Help prove compliance is met Reports CVE numbers and potential fixes

CVE database Common Vulnerabilities and Exposures (The Known) Supported by DHS Search this Database for the products you use https://cve.mitre.org/ Ex: Allen Bradly 28 CVE entries that match Anyone use Allen Bradly controllers?

CVE search

Vulnerability

Firewalls In / out bound rules GEO IP fencing Content filter Botnet Filters Segment Networks VPN Gateway AV checks Real Time Black List Filters

Endpoint Antivirus Signature based blocking of: Some behavior based network blocking Firewall built in if you want to use it Device control policies (USBs)

Phishing Phish campaign emails test employees 91% of data breaches start with phishing attack Phish alert button for mail client Report metrics Training materials Free tools Domain lookalikes; Breached passwords; USB beacon test 45% of your users will plug them in

Reporting (Campaign level)

Browsers Used

Phishing Campaigns

Phish Templates

Custom Landing Page

Organization Risk Score

Testing results (90 days)

Shodan.io (Free) Search engine for IoT; web cams, refrigerators, power plants, etc Run your public IPs through it Watch what you expose to the internet

Shodan.io search for Allen Bradley

Default Passwords?

Identify Theft Resource Center 2017 Stats https://www.ibm.com/security/infographics/data-breach/ 1253 Companies Breached (known and reported) 172,582,517 Records Exposed $24,334,134,897 (Average Cost per a record breached $141) Average cost of Breach $4 Million (up 29% since 2013) 48% breaches are malicious in nature 26% likelihood breached in the next 24 months

What can you do Start by reviewing the NIST Cyber sec framework https://www.nist.gov/cyberframework Review the SANS 20 Critical Security Controls https://www.cisecurity.org/controls/ Layers of security

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback