1 Innovate or die!? Modern IT Workplace Security Alex Verboon Cyber Security Consultant Alex.verboon@basevision.ch Daniel Buehlmann Principal Workplace Consultant daniel.buehlmann@basevision.ch
About Alex 2 Alex Verboon Principal Cyber Security Consultant, basevision AG Contact Me Twitter: https://twitter.com/alexverboon Blog: https://www.verboon.info Mail: alex.verboon@basevision.ch
About Daniel 3 Daniel Bühlmann Principal Consultant, basevision AG Informatiker HF Kommunikations- und Informationsmanagement NDS Contact Me Mail: Daniel.lbuehlmann@basevision.ch
Workplace Client Windows OS Timeline 4 1983 1987 1990 1992 1995 1996 2000 2001 2006 2009 2012 29 Years 11 Releases 3 Years 7 Releases 1507 2015 1511 2015 1607 2016 1703 2017 1709 2017 1803 2018 1809 2018
Workplace Clients Client Security Software Timeline 5 1990 1991 1993 Around the year 2000, many Security Software vendors started to introduce complete Security Suites that included Antivirus, Personal Firewall, AntiSpyWare, File/Disk Encryption etc. Machine learning, Behavioral Analysis, Detonation technologies. Today traditional signature-based AV can t keep up with nowadays threats. For those interested in IT history: http://www.wildlist.org/papers.htm 2018
Workplace Security Configuration Baselines Timeline 6 Microsoft Security Baseline Toolkit
Workplace Environments 7 1 Person = 1 Device used in 1 location 1 Person = Multiple Devices used in many locations
IT Workplace Skillsets 8 Traditional IT Workplace Management MS-DOS Batch Scripting Software Installation Automation OS Installation, Deployment OS Upgrades, Migration Group Policy Management Patch Deployment Desktop Management Suites Antivirus Personal Firewall Updates Hardware Support / Driver Management Security is usually with Someone else or No one PowerShell Modern Secure IT Workplace Secure Configuration Baselines Windows 10, Windows Defender Security Stack Vulnerability Assessment of all in use software Patch Deployment Mobile Device Management and Configuration (Phones, Tables, Notebooks) AzureAD Identity Management Office 365 Security OS Provisioning, Autopilot SaaS Security Cloud Services (Azure, Amazon, Google) Continuous Build and Deployment Version Control (Git) Security is included in IT Workplace
While I was at a conference this year. 9
The cost of cloud expertise report 10 http://www.lse.ac.uk/business-and-consultancy/consulting/assets/documents/the-cost-of-cloud-expertise.pdf
11
Use of Cloud Applications 12 1,181 different cloud services are used by enterprises on average 75% of companies consider SaaS tools essentials to their business 61% 80% of cloud applications IT isn t aware of of workers use nonsanctioned cloud apps What about your Company?
Capability Stay ahead of threats 13 Attackers take advantage of periods between releases. Stay ahead of threats with continual Windows 10 updates. Protection gap Keep users up to date with the latest productivity features.* What about your Company? Product release Time Threat sophistication
Cyberthreats by the numbers across 3 key attack zones 14 Email User Device Within 4 minutes 63% 53 seconds 286 days 80 days 58% 80% 55,000 200,000 It takes hackers 4 min to get into networks through Email attacks and 286 days for detection followed by an additional 80 days for damage control 90% Data leakage: 90% caused by user mistakes $1 Billion What about your Company?
Traditional security management doesn t scale 15 + What about your Company?
Conclusion 16 We need to rethink how we do IT Workplace Security to secure a modern IT workplace where people access data using several devices, from several locations at any time. We can no longer only protect the corporate network perimeter We will need different solutions, processes, products We need different, additional skillsets
Innovation 17 You can t buy it You can t force it There s no defined timeline to get it BUT You can stimulate, foster an environment where Innovation is happening It s all about People
Modern Secure IT Workplace Skills and Solutions 18 Skillset PowerShell Version Control (Git repositories) Continuous Build and Release Pipelines Secure Configuration Baselines Vulnerability Management Patch Management Cyber Security Frameworks Details Drive Automation Share script code among peers Share Knowledge Understand Cloud development patterns Adopt the same for internal systems Adopt industry best practices Secure systems against nowadays threats Identify software vulnerabilities (not just the Microsoft Stack) Deploy patches within weeks not months NIST CIS Controls Minimum ICT standard (Swiss Government)
Modern Secure IT Workplace Skills and Solutions 19 Skillset Windows 10 Security Feature Stack Office 365 Security AzureAD Data Protection Details Windows Defender, Advanced Threat Protection, Exploit Guard, Secure Boot, SmartScreen. Office Secure Score, Office 365 Advanced Threat Protection Identify protection, Conditional Access, Azure Advanced Threat Protection Labelling and Classification (Azure AIP), DLP, Cloud App Security
Call to Action 20 People Define the required skills within your organization Assess current skillset Invest in acquiring additional skills Cyber Security Posture Assess current Cyber Security Posture Develop a Roadmap Drive continuous improvements
Minimum ICT Standard 21 Cyber Security Threats don t stop at the Swiss border In 2016 14,033 cybercrime cases were reported to police in Switzerland, compared to 11,575 in 2015 and 5,330 in 2011. A survey from the firm KPMG found that 88% of Swiss companies have experienced cyber-attacks in the past year compared to 54% in 2016. Based on a more recent case study from 2017 conducted by ICT Switzerland, ISB, ISSS and SQS More than a third of SMEs are affected by cyberattacks: The risk of cyber-attacks is strongly underestimated: Protection against cyber-attacks is insufficient:
Minimum ICT Standard 22 In August 2018 The Swiss Government released the minimum standard for improving ICT resilience. Serves as a recommendation Based on international recognized standards, NIST Cybersecurity Framework Core Can be used by any small business or enterprise (FREE) What techniques can restore capabilities? What processes and assets need protection? What techniques can contain impact of incidents? What safeguards are available? What techniques can identify incidents?
Minimum ICT Standard 23 It s not that complicated Mapping the framework to real world activities Function Example Identify Hardware Inventory: Asset Management / AD/AzureAD, ConfigMgr/Intune Protect Detect Respond Recover Make use of Security Configuration Baselines Windows Defender Advanced Threat Protection, Vulnerability Scanning Define a Cyber Security Incident response plan. Define processes how to recover from an incident Assessing Microsoft 365 security solutions using the NIST Cybersecurity Framework https://aka.ms/assessingm365securityusingnist
Minimum ICT Standard Minimum ICT standard 24 Conduct a self assessment https://www.bwl.admin.ch/dam/bwl/en/dokumente/themen/ikt/excelblatt_mini malstandard.xlsx.download.xlsx/ict.minimum.standard.assessment.tool- 2018.xlsx
BaseVISION Cyber Security Services 25 IT Workplace Security Workshops Security Proof of Concept Services Security Implementation Services Proactive Security Posture Improvement Service Get an in depth understanding of IT Workplace Security. Identify improvement areas Learn about Microsoft Security Solutions Assess current cyber security posture Quick and pragmatic proof of concepts for Microsoft Security Solutions Identify benefits Fast results for decision making Acquire expertise from specialists Adopt Microsoft Security Solutions with ease Train employees on the job Proactive continuous Review of IT workplace cyber security posture. security@basevision.ch