Security Gaps from the Field

Similar documents
Office 365: Modern Workplace

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Windows 10. scalable IT services & solutions. October 25, Bruce Ward, VP of Business Strategy. Dan Sharp, Senior Consultant

EMPLOYEE SKILLS TRAINING PLATFORM. On-access skills training and measurement for all employees

2017 Annual Meeting of Members and Board of Directors Meeting

Easy Activation Effortless web-based administration that can be activated in as little as one business day - no integration or migration necessary.

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Enterprise Ransomware Mitigations

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Synchronized Security

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Sage Data Security Services Directory

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Cyber Security. Our part of the journey

Designing and Building a Cybersecurity Program

Symantec Ransomware Protection

ANATOMY OF AN ATTACK!

Critical Hygiene for Preventing Major Breaches

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Cyber Insurance: What is your bank doing to manage risk? presented by

Personal Cybersecurity

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

ACM Retreat - Today s Topics:

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

The security challenge in a mobile world

Ransomware A case study of the impact, recovery and remediation events

Assessing Your Incident Response Capabilities Do You Have What it Takes?

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

with Advanced Protection

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

MODERN DESKTOP SECURITY

Competitive Matrix - IRONSCALES vs Alternatives

Managing Microsoft 365 Identity and Access

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Securing the SMB Cloud Generation

Hello! we are here to share some stories

Go mobile. Stay in control.

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

How Breaches Really Happen

Compliance Audit Readiness. Bob Kral Tenable Network Security

Train employees to avoid inadvertent cyber security breaches

How to Prepare a Response to Cyber Attack for a Multinational Company.

PLANNING AZURE INFRASTRUCTURE SECURITY - AZURE ADMIN ACCOUNTS PROTECTION & AZURE NETWORK SECURITY

2016 Tri-State CF Partnership Webinar Series. Cyber Crime Trends a State of the Union April 7, 2016

The GenCyber Program. By Chris Ralph

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

BRING SPEAR PHISHING PROTECTION TO THE MASSES

Cyber Security Risk Management and Identity Theft

A practical guide to IT security

CipherCloud CASB+ Connector for ServiceNow

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Cyber Liability Preventive Services & Tools Specific & Pre-Emptive Considerations BEFORE the Inevitable Cyber Event.

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

EBOOK. Stopping Fraud. How Proofpoint Helps Protect Your Organization from Impostors, Phishers and Other Non-Malware Threats.

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Building a Complete Program around Data Loss Prevention

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Automated Context and Incident Response

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Cybersecurity The Evolving Landscape

Click to edit Master title style. DIY vs. Managed SIEM

Cyber Risks in the Boardroom Conference

PRACTICING SAFE COMPUTING AT HOME

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Ransomware A case study of the impact, recovery and remediation events

CloudSOC and Security.cloud for Microsoft Office 365

Security and Compliance for Office 365

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Microsoft Security Management

LAB2 R12: Optimize Your Supply Chain Cyber Security

Update on new Microsoft Cloud Technology

Introduction to Threat Deception for Modern Cyber Warfare

BEST PRACTICES FOR PERSONAL Security

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Moving Beyond Prevention: Proactive Security with Integrity Monitoring

hidden vulnerabilities

Security. The DynaSis Education Series for C-Level Executives

SOCIAL NETWORKING IN TODAY S BUSINESS WORLD

FAQ. Usually appear to be sent from official address

Identity & Access Management

Take Risks in Life, Not with Your Security

ISE North America Leadership Summit and Awards

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Protecting from Attack in Office 365

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

locuz.com SOC Services

Annexure E Technical Bid Format

Security & Phishing

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Transcription:

Security Gaps from the Field Reconnaissance, Theft, and Looking Them in the Eye Helping you grow your business with scalable IT services & solutions Bruce Ward, CISM, Vice President for today s challenges & tomorrow s vision. Adam Gassensmith, Manager of Client Experience 2017 Peters & Associates, Inc. All rights reserved.

Agenda Security Gaps from the Field Watch Movies Tell Jokes Give Away Prizes 1. Background (Case the Joint) 2. Stealing Data (Valuables) 3. Identity (Who s at the Door)

Raffle Prizes

1) Background (Case the Joint) Recon 101

Technology Change 2005 2013

Common Misconceptions Cyber crime only happens to large companies like Chase, Target and Home Depot. 31% - incidents of losses at organizations with <100 employees 61% - incidents of losses at organizations with <250 employees Source: Symantec Internet Threat Report

Security Program: Loss by device Loss by method www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Looming Risk Offset Sources:2017 Reports: Ponemon and Deloitte

Movie Time

Information Security Industry

Cyber Security Framework Data Protection

Peters & Associates Security Wheel A lot of moving parts DATA

2) Stealing Data (Valuables) Theft 101

Peters & Associates Security Wheel A lot of moving parts DATA

Significant Data

Cloud App Security

Cloud App Security

Intune Mobile Application Management (MAM)

Intune MAM / MDM Managed apps Multi-identity policy Corporate data User Personal data IT Personal apps

Mobile application management Managed apps User Personal apps

Azure Information Protection

Info Protection: User-driven classification Business Intelligence 2016 Peters & Associates, Inc. All rights reserved.

Info Protection: Reclassification Business Intelligence 2016 Peters & Associates, Inc. All rights reserved.

Info Protection - Recommended classification Business Intelligence 2016 Peters & Associates, Inc. All rights reserved.

Info Protection: Automatic classification Business Intelligence 2016 Peters & Associates, Inc. All rights reserved.

Data Loss Prevention (DLP)

Conditions Actions Exceptions 27

Raffle Prizes

3) IDENTITY (Who s at the Door?) Identity 101

Peters & Associates Security Wheel A lot of moving parts DATA

How do they do it?

HOW do I protect my business? Security Training Periodic Testing Backup/Restore Patch Management Mail Filter Next-gen Firewall Incident Response Plans

Email Scam = Big Business

Movie #2! Fraudulent Instruction

3. Azure Identity Protection

Azure Identity Protection Users with leaked credentials Sign-ins from anonymous IP addresses Impossible travel to atypical locations Sign-ins from infected devices Sign-ins from IP addresses with suspicious activity Sign-ins from unfamiliar locations

Phishing & Spearphishing

Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) Sender Safe Attachments detonation chamber (sandbox) Behavioral analysis with machine learning Executable? Registry call? Elevation? Unsafe Safe Attachment Supported file type Clean by AV/AS filters Not in Reputation list Safe Links rewrite Exchange Online Protection Multiple filters Three anti-virus engines Links Continuously updated lists of malicious URLs Recipient

Technology

What To Do Next? Solution 101

People 24x7 Access to Security Awareness Training Schedule Social Engineering Evaluation Baseline testing phishing email templates and landing pages Train your users with on-demand or interactive resources Scenario-based training exercises Ongoing security hints and tips email subscription Training assessments & reporting on results Training course examples: Intro security awareness training Handling sensitive information securely Basics of credit card security Ransomware Mobile data security PCI & GLBA compliance Strong passwords Safe web browsing Financial institution physical security 42

O365 Multi-factor Authentication (MFA)

Advisory Services People 24x7 Support Access Certified and Skilled Professionals 3 Escalation Tiers & Vendor Management Strategic Planning Process Automated Alerting and Reporting Incident Response Management Forensic Services Security Awareness Training Technology Performance, Health, User/Entity Behavior + Security Endpoint Device Monitoring Managed Endpoint Protection, Firewalls, & Backups Regular Network, Server, and Workstation Patching System Hardening Health Checks and Vulnerability Scanning

Knowledge is Power

Webinars and Blogs To register for these events, visit: http://www.peters.com/events To recap these events, visit: http://www.peters.com/blog/

Raffle Prizes

2015 Peters & Associates, Inc. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback