Catching up with today's malicious actors. Current security posture and future possible actions. OWASP EEE Bucharest Event 2015 Adrian Ifrim

Similar documents
ANATOMY OF AN ATTACK!

K12 Cybersecurity Roadmap

ACM Retreat - Today s Topics:

How Breaches Really Happen

OPERATIONS CENTER. Keep your client s data safe and business going & growing with SOC continuous protection

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Endpoint Protection : Last line of defense?

Retail Security in a World of Digital Touchpoint Complexity

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Cybersecurity Today Avoid Becoming a News Headline

align security instill confidence

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

ABB Ability Cyber Security Services Protection against cyber threats takes ability

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

COMPLETING THE PAYMENT SECURITY PUZZLE

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Designing and Building a Cybersecurity Program

Beyond the F.U.D. How to start securing your DCS network today.

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Put an end to cyberthreats

RSA Advanced Security Operations Richard Nichols, Director EMEA. Copyright 2015 EMC Corporation. All rights reserved. 1

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Building Resilience in a Digital Enterprise

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

LOGmanager and PCI Data Security Standard v3.2 compliance

Designing an Adaptive Defense Security Architecture. George Chiorescu FireEye

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

CIT 480: Securing Computer Systems. Putting It All Together

OA Cyber Security Plan FY 2018 (Abridged)

Introduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013

Building a Threat-Based Cyber Team

Ethical Hacking and Countermeasures: Attack Phases, Second Edition. Chapter 1 Introduction to Ethical Hacking

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

The Value of Automated Penetration Testing White Paper

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Sophos. Allan Widell Channel Account Executive. 24. August 2017

10 FOCUS AREAS FOR BREACH PREVENTION

Business Strategy Theatre

Penetration Testing! The Nitty Gritty. Jeremy Conway Partner/CTO

Cyber Security Stress Test SUMMARY REPORT

locuz.com SOC Services

CIRT: Requirements and implementation

Cyber Attacks & Breaches It s not if, it s When

Ready for a Technology Disaster? Really? Let s Get Ready! Michael Price, President of MPA Networks, Silicon Valley

Verizon Software Defined Perimeter (SDP).

LAB2 R12: Optimize Your Supply Chain Cyber Security

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

CYBER SECURITY AND MITIGATING RISKS

Carbon Black PCI Compliance Mapping Checklist

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

Next-generation Endpoint Security and Cybereason

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Securing Industrial Control Systems

2017 Annual Meeting of Members and Board of Directors Meeting

CA Security Management

Aligning with the Critical Security Controls to Achieve Quick Security Wins

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

Design your network to aid forensics investigation

Combating Cyber Risk in the Supply Chain

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Protecting your data. EY s approach to data privacy and information security

Cybersecurity Survey Results

ConnectWise Automate. What is ConnectWise Automate?

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

Cybersecurity Panel: Cutting through Cybersecurity Hype with Practical Tips to Protect your Bank

.NET JAVA C ASE. Certified. Certified. Application Security Engineer.

Governance Ideas Exchange

PCI Compliance Updates

Evolution of Spear Phishing. White Paper

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Make security part of your client systems refresh

Recognizing Fraud Staying Safe 2018 Information/Cyber Security Training

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

CIS Controls Measures and Metrics for Version 7

CyberSecurity: Top 20 Controls

BUILDING AND MAINTAINING SOC

Certified Ethical Hacker (CEH)

CEH: CERTIFIED ETHICAL HACKER v9

Security Solutions. Overview. Business Needs

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cyber Security. June 2015

Endpoint Security. How to improve the security of your endpoints thanks to the innovative egambit Endpoint Security agent

Security Architecture

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Transcription:

Catching up with today's malicious actors Current security posture and future possible actions OWASP EEE Bucharest Event 2015 Adrian Ifrim

Disclaimer The content of this presentation does not reflect the official opinion of the my current employer or former employers. Responsibility for the information and views expressed in the presentation lies entirely with the author.

id -un Adrian Ifrim cat.bash_history grep jobs - Helpdesk/Network Administrator - Junior System Administrator - Support Engineer - IS Analyst - IT Auditor - Tech Security Lead

uname -a cat /proc/cpuinfo grep hobbies - Information Security - Information Security - Information Security - Information Security

Chapter 1 Current state

Who are we dealing with? State sponsored attacks Organized Hacking Teams State-sponsored hackers: hybrid armies Terrorist organizations One-man-show Internal disgruntled employees Malicious vendors Software/Hardware Trusted Third Party

What are their strengths? Time Unlimited budget Open source tools Open Knowledge base (the Internet) No bureaucratic approvals New tricks up their sleeves (0days) Strong Motive (financial, political, patriotic, fun)

Who do we usually have? Small teams of security professionals Limited time Limited budgets Limited tools (if you don't have support you cant use it) Bureaucratic approvals Security testing requirements

Losing the war - Tools Anti-Virus veil framework backdoor factory mitmf metasploit powershell wmic vbscript Cost to make an undetected virus ~ 0

Losing the war More tools Maintained by people for the people Firewalls/Routers/Switches ) Web Site filtering Data Leakage Protection Web Application Firewalls Database Activity Monitoring SIEMs Vulnerability scanners IDS/IPS Anti Malware etc

Losing the war: Monitoring those tools Maintained by people for the people Various time formats Various log formats Alert/parsing configuration Huge number of events

The hype: Stagefright bug Scary but not working on latest version of Android Other countries may be affected :) Heartbleed http://siui.casan.ro/cnas/ is protected btw (no certificate) introduced in 2012 and publicly disclosed in 2014 Various 0days: flash,adobe reader, windows, osx, android, php, anti-virus

Start being afraid of the right things Your real problems: Your assets. The inventory Personnel ~6000days Everyone's a coder Availability Did you know you use IPv6? Yeah you do Tools Old mindsets Credentials everywhere No two factor No encryption Wireless Monitoring APT (Antivirus Fail) Unauthorized tools

Various questions and answers received over the years Why would I need security advisory in change management? I know all my systems But we do vulnerability scanning If its internal they can't get in and we should not use encryption Our anti-virus definitions are up-to-date

Chapter 2 Future State of Security

It's over Traditional ways of protecting our networks are not working anymore The victory of 300 Spartans is a not quite true: 300 Spartans 700 Thespians 400 Thebans and perhaps a few hundred others most of whom were killed.

But people say Waving the white flag means you've lost You're compromised and you don't even know it. Are you a target?

Start being afraid of the right things 80%+ percent of you problems come from 20% of you issues Exploiting the 20% problems left would require some skills It's OK to fail. It's NOT OK not to know that you have failed or failing over and over again

Understand what you are trying to protect

Next steps Artificial intelligence Self-protecting mechanism just like the human immune system Shape-shifting networks Big Data Advanced Honeypots On the fly patching

Next steps Listening Learning Doing

The future is here Checkout DARPA Cyber Grand Challenge The challenge: Systems will autonomously create network defenses, deploy patches and mitigations, monitor the network, and evaluate the defenses of competitors. Sounds like something the US would do

What we will need to do Gather all information From all devices Process that information Identify malicious events and patterns Establish automated alerts Establish automated decisions and actions

What we will need to do Establish correct incident response plans Create production like environments Add this layer on top of the old layers Automate as much as you can

Q&A Wait, what are you trying to say?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback