EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Similar documents
CLOUD SECURITY: PROTECTING YOUR CLOUD-BASED IT INFRASTRUCTURE. Stephen Coty Chief Security Evangelist

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

IC32E - Pre-Instructional Survey

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

CompTIA CSA+ Cybersecurity Analyst

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

CS 356 Operating System Security. Fall 2013

Microsoft Security Management

2017 Annual Meeting of Members and Board of Directors Meeting

locuz.com SOC Services

About NitroSecurity. Application Data Monitor. Log Mgmt Database Monitor SIEM IDS / IPS. NitroEDB

CIS Controls Measures and Metrics for Version 7

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

CIS Controls Measures and Metrics for Version 7

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Cyber Security Technologies

Incident Response. Is Your CSIRT Program Ready for the 21 st Century?

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Not your Father s SIEM

May the (IBM) X-Force Be With You

SIEM (Security Information Event Management)

Designing and Building a Cybersecurity Program

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

PT Unified Application Security Enforcement. ptsecurity.com

Copyright 2011 Trend Micro Inc.

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

THE TRIPWIRE NERC SOLUTION SUITE

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Security by Default: Enabling Transformation Through Cyber Resilience

How AlienVault ICS SIEM Supports Compliance with CFATS

WHO AM I? Been working in IT Security since 1992

ANATOMY OF AN ATTACK!

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Stopping Advanced Persistent Threats In Cloud and DataCenters

CYBERSECURITY RISK LOWERING CHECKLIST

securing your network perimeter with SIEM

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

SECURITY PRACTICES OVERVIEW

A practical guide to IT security

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Aligning with the Critical Security Controls to Achieve Quick Security Wins

BUILDING AND MAINTAINING SOC

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Education Network Security

Payment Card Industry (PCI) Data Security Standard

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Security Principles for Stratos. Part no. 667/UE/31701/004

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Security+ SY0-501 Study Guide Table of Contents

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Cisco Cyber Range. Paul Qiu Senior Solutions Architect June 2016

CloudSOC and Security.cloud for Microsoft Office 365

RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS

Cyber Defense Operations Center

RSA Security Analytics

ACM Retreat - Today s Topics:

Information Security Controls Policy

CNIT 50: Network Security Monitoring. 9 NSM Operations

Cybersecurity Auditing in an Unsecure World

Carbon Black PCI Compliance Mapping Checklist

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Compare Security Analytics Solutions

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Dynamic Datacenter Security Solidex, November 2009

ICS Security Monitoring

Integrated, Intelligence driven Cyber Threat Hunting

CCISO Blueprint v1. EC-Council

SECURITY IN MICROSOFT AZURE. Marija Strazdas Sr. Solutions Engineer

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Service Provider View of Cyber Security. July 2017

Ethical Hacking and Prevention

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

CIH

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Arbor Networks Spectrum. Wim De Niel Consulting Engineer EMEA

align security instill confidence

RSA NetWitness Suite Respond in Minutes, Not Months

Ransomware A case study of the impact, recovery and remediation events

Total Security Management PCI DSS Compliance Guide

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Data Privacy and Protection GDPR Compliance for Databases

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

CyberSecurity: Top 20 Controls

Transcription:

EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher

Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack Application Attack 5.29% 0.03% 0.02% application-attack Application Attack 10.60% brute-force Brute Force 7.40% brute-force Brute Force 18.75% 40.55% suspicious-activity recon 15.67% 40.79% trojan-activity suspicious-activity trojan-activity recon 28.01% denial-of-service 22.36% denial-of-service other other Source: Alert Logic CSR 2015

Threats by Customer Industry Vertical Suspicious Activity Recon DoS Brute Force 100% 90% 80% 70% 60% 50% Application Attack 40% 30% 20% 10% 0% Source: Alert Logic CSR 2015

Global Analysis

Internet of Things Planes, Trains and Automobiles

Internet of Things Keyfobs and Garage Doors

Latest News Update as needed

Latest Activity Darkode taken down on July 15, 2015 Arrests made in 20 countries Despite Coordinated law enforcement efforts BotNet takedowns are more effective

HOW DO WE DEFEND AGAINST THESE ATTACKS

Security Architecture Firewall/ACL Intrusion Detection Deep Packet Forensics Netflow Analysis Network NAC DDOS Scanner Vulnerabilities Log Mgmt SDLC Patch Mgmt Server/App Mail/Web Filter Scanner Backup Anti-Virus Encryption GPG/PGP FIM Host Anti Malware IAM Central Storage

Data Correlation is the Key

Enterprise Cyber Security Teams

24x7 Security Operations Center and Intelligence Monitor intrusion detection and vulnerability scan activity Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Search for Industry trends and deliver intelligence on lost or stolen data Identify and implement required policy changes Cross product correlate data sources to find anomalies Monitor for Zero-Day and New and Emerging attacks Collect data from OSINT and Underground Sources to deliver Intelligence and Content

SECURITY BEST PRACTICES

10 Best Practices of Cloud Security 1. Secure your code 2. Create access management policies 3. Data Classification 4. Adopt a patch management approach 5. Review logs regularly 6. Build a security toolkit 7. Stay informed of the latest vulnerabilities that may affect you 8. Understand your cloud service providers security model 9. Understand the shared security responsibility 10. Know your adversaries

1. Secure Your Code Test inputs that are open to the Internet Add delays to your code to confuse bots Use encryption when you can Test libraries Scan plugins Scan your code after every update Limit privileges Stay informed

2. Create Access Management Policies Identify data infrastructure that requires access Define roles and responsibilities Simplify access controls (KISS) Continually audit access Start with a least privilege access model

3. Data Classification Identify data repositories and mobile backups Identify classification levels and requirements Analyze data to determine classification Build Access Management policy around classification Monitor file modifications and users

4. Adopt a Patch Management Approach Inventory all production systems Devise a plan for standardization, if possible Compare reported vulnerabilities to production infrastructure Classify the risk based on vulnerability and likelihood Test patches before you release into production Setup a regular patching schedule Keep informed, follow bugtraqer Follow a SDLC

5. Importance of Log Management and Review Monitoring for malicious activity Forensic investigations Compliance needs System performance All sources of log data is collected Data types (Windows, Syslog) Review process Live monitoring Correlation logic

6. Build a Security Toolkit Recommended Security Solutions Antivirus IP tables/firewall Backups FIM Intrusion Detection System Malware Detection Web Application Firewalls Forensic Image of hardware remotely Future Deep Packet Forensics Web Filters Mail Filters Encryption Solutions Proxies Log collection SIEM Monitoring and Escalation Penetration Testing

7. Stay Informed of the Latest Vulnerabilities Websites to follow http://www.securityfocus.com http://www.exploit-db.com http://seclists.org/fulldisclosure/ http://www.securitybloggersnetwork.com/ http://cve.mitre.org/ http://nvd.nist.gov/ https://www.alertlogic.com/weekly-threat-report/

8. Understand Your Service Providers Security Model Understand the security offerings from your provider Probe into the Security vendors to find their prime service Hypervisor Example Questions to use when evaluating cloud service providers

9. Service Provider & Customer Responsibility Summary Apps Secure coding and best practices Software and virtual patching Configuration management Access management Application level attack monitoring Hosts Hardened hypervisor System image library Root access for customer Access management Patch management Configuration hardening Security monitoring Log analysis Customer Responsibility Cloud Service Provider Responsibility Networks Logical network segmentation Perimeter security services External DDoS, spoofing, and scanning prevented Network threat detection Security monitoring Provider Services Compute Storage DB Network

10. Understand your Adversaries

To Follow our Research Twitter: - @AlertLogic - @StephenCoty - @_PaulFletcher Blog: - https://www.alertlogic.com/resources/blog Newsletter: - https://www.alertlogic.com/weekly-threat-report/ Websites to follow http://www.securityfocus.com http://www.exploit-db.com http://seclists.org/fulldisclosure/ http://www.securitybloggersnetwork.com/ http://cve.mitre.org/ http://nvd.nist.gov/ https://www.alertlogic.com/weekly-threat-report/ Cloud Security Report - https://www.alertlogic.com/resources/cloud-security-report/ Zero Day Magazine - http://www.alertlogic.com/zerodaymagazine/

Thank you.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback