Cyber Security Our part of the journey
The Journey Evolved Built on the past Will be continued Not always perfect Small Steps moving forward
The Privileged How to make enemies quickly Ask before acting makes us think Started initial thinking on safety of software
The Closets Network Equipment Controlled Focused on High Traffic Areas Centralized Shampoo, Rinse and Repeat
The Networks Started as a Single Class C Number of Devices caused first expansion Split out for security but wide open initially Tightened down protocols and access over time Further Tightening by granting rather then blocking
The Assessments First Internal and External Validation by outside source Introduction to the unknown Open ports (netbios) System Patches No Passwords Provide General and Specific Recommendations
The Assessments The Second External Pen Test Only Vendor software is vulnerable Focus on most critical machine New exploits constantly being exposed
The Assessments The Third External and Internal Test Vendors slow to resolve issues Did see improvements on computers Other network devices vulnerable
The Audits Part of Financial Audits starting in 2012 Each year significantly harder Focus becomes more on process and procedure Tie into Cyber Security is the ability to recover
The Other Developed a DR site Updated Physical Security Access Restrictions to Server Rooms Earlier in Projects
The People 1 person IT now IT and OT departments Dedicated Cyber Security Employee Management and the Board NEO Training Spam Campaigns News letter reminders Cyber Security Awareness Web page
The Community SANS Training APPA and TPPA TAGITM E-ISAC DHS
Where are we today. Managed Service Provider Supplements Sec Admin and need for personnel 24 / 7 coverage on covered infrastructure Automatic analysis of event
MSP - Services Next Gen Antivirus Monitor 5 critical Infrastructure points Firewall monitoring Intrusion Prevention System Server log storage Qualys Vulnerability Scanner
IPS Intrusion Prevention System Appliance outside firewall IPS or IDS Signature based Snort (Software free; rule subscription $399) -- Complex
Firewall monitoring Logs sent to MSP for analysis Trigger incidents for further analysis Only as good as the logs Pay for your firewall licensing; low cost of entry in sec world
5 Key/Critical Infrastructure points monitored Domain Controllers DB server Billing system Mail server
Next Gen Anti-virus Activity record of endpoint All files on the system used and touched Records MD5 hashes of file (File fingerprints) Manual blocking of files Visualize process trees and timelines to find threats (dlls, etc) Secure shell to endpoints Isolate infected system and remove malicious files Forensic data
Next Gen Anti-Virus Advance predictive models to stop attacks Analyze endpoint data and uncover malicious actors Watch's network activity Prevents attacks automatically, online or offline Blocks emerging, never-before-seen attacks Blacklist apps / Terminate processes Secure shell off network
Log Storage (PCI compliance) Long term server log storage PCI compliance Data for forensics investigation Data for compliance proof
Log Storage Scan your infrastructure for known vulnerabilities Scan your infrastructure for configuration issues Help prove infrastructure is not vulnerable to items in the wild Help prove compliance is met Reports CVE numbers and potential fixes
CVE database Common Vulnerabilities and Exposures (The Known) Supported by DHS Search this Database for the products you use https://cve.mitre.org/ Ex: Allen Bradly 28 CVE entries that match Anyone use Allen Bradly controllers?
CVE search
Vulnerability
Firewalls In / out bound rules GEO IP fencing Content filter Botnet Filters Segment Networks VPN Gateway AV checks Real Time Black List Filters
Endpoint Antivirus Signature based blocking of: Some behavior based network blocking Firewall built in if you want to use it Device control policies (USBs)
Phishing Phish campaign emails test employees 91% of data breaches start with phishing attack Phish alert button for mail client Report metrics Training materials Free tools Domain lookalikes; Breached passwords; USB beacon test 45% of your users will plug them in
Reporting (Campaign level)
Browsers Used
Phishing Campaigns
Phish Templates
Custom Landing Page
Organization Risk Score
Testing results (90 days)
Shodan.io (Free) Search engine for IoT; web cams, refrigerators, power plants, etc Run your public IPs through it Watch what you expose to the internet
Shodan.io search for Allen Bradley
Default Passwords?
Identify Theft Resource Center 2017 Stats https://www.ibm.com/security/infographics/data-breach/ 1253 Companies Breached (known and reported) 172,582,517 Records Exposed $24,334,134,897 (Average Cost per a record breached $141) Average cost of Breach $4 Million (up 29% since 2013) 48% breaches are malicious in nature 26% likelihood breached in the next 24 months
What can you do Start by reviewing the NIST Cyber sec framework https://www.nist.gov/cyberframework Review the SANS 20 Critical Security Controls https://www.cisecurity.org/controls/ Layers of security