Abstract image of a woman sitting on books and studying on a laptop

Keynote Information Security days Luxembourg 2015

Download as PPTX, PDF
Claus Cramon Houmann, profile picture
Claus Cramon Houmann

The document discusses the current state of cybersecurity, highlighting the limitations of existing tools and the importance of a strategic approach to defense. It emphasizes the need for enterprises to enhance their security posture through better awareness, compliance with regulations, and by leveraging actionable threat intelligence. Various tools and practices are recommended for securing infrastructure, monitoring networks, and managing data in transit, while suggesting that real security can also facilitate compliance.

Technology
1 of 43
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Keynote Information Security days Luxembourg 2015
World’s biggest Hack? • Was their security ”make believe”?
Me • Father of 3, happily married. • I work for a Bank. Am also independent IT/Infosec consultant. Any opinions presented here are my own and do not represent my employer. • Contributor to ”@TheAnalogies project” making IT and Infosec understandable outside the echo chambers • Member of the I am the Cavalry movement – trying to make connected devices worthy of our trust • @ClausHoumann • I present on security a lot at conferences -> Find my work on slideshare
What is a keynote? • Painting the big picture • Strategic views -> Not Tactical view
The big picture • Existing tools, and even Next- Generation APT tools have limits/are broken: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_20 14.pdf – He created the stupidest malware imaginiable. No one detected it. – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf – Paul Jung -> Present here today -> shows how easily malware can detect sandboxes
The big picture • No silver bullets exist. Beware of the phrases: – ”Counter any threat” – ”Detect any malware” – ”You only need our solution” – Proceed with caution – VPT (vendor persistent threat)
The big picture • That being said, many awesome vendors and products are present today! There is no #Infosec without them • They have my respect
Solar Eclipse?
Doing it wrong (Source: Stefan Esser)
Source: With permission from Daniel Miessler @danielmiessler
And my own version
Doing it right • EURODNS in Luxembourg has just made it possible for each client to get an SSL certificate for their website for free • This simple change makes a difference
The job of the enterprise defender: • Trying to not purchase crappy products (Lemons -> Source: Haroon Meer @wearetroopers • While trying to build a real skilled defense
Keynote Information Security days Luxembourg 2015
It’s an assymetrical conflict X-wing
Compliance • Is • NOT • Security • Compliance is preparing to fight a war • Using antiquated weapons • Against enemies of decades past
Why worry now? • Companies that get hacked are fine...look at Sony, Target, Apple etc. -> stock prices not affected, end users don’t care. – Breaches and lawyer expenses following these are an acceptable cost of doing business – Right? – No, maybe not anymore...next slide
Board Level Attention required, NOW! • EU Data protection regulation: – Mandatory breach reporting within 72 hours – 5% of revenue as fine possible • Threat level increasing sharply • Attack surface increasing (think IoT, BYOD)
Want to beat assymetricality? Here’s how: • A strategic approach to security leveraging methods that work
Pyramids - This one is Joshua Corman’s. Defensible Infrastructure Operational Excellence Situational Awareness Counter- measures
The Foundation Defensible Infrastructure Software and Hardware built as ”secure by default” is ideal here. Rugged DevOps. Your choices of tech impacts you ever after You must assemble carefully, like Lego Without backdoors or Golden Keys!
Mastery Operational Excellence Master all aspects of your Development, Operations and Outsourcing. Train like the Ninjas! DevOps (Rugged DevOps) Change Management Patch Management Asset Management Information classification & localization Basically, all the cornerstones of ITIL You name it. Master it.
Gain the ability to handle situations correctly – Floodlights ON Situational Awareness ”People don’t write software anymore, they assemble it” Quote Joshua Corman. -> Know which lego blocks you have in your infrastructure -> Actionable threat intelligence -> Automate as much as you can, example: IOC’s automatically fed from sources into SIEM with alerting on matches Are we affected by Poodle? Shellshock? WinShock? Heartbleed? Should we patch now? Next week? Are we under attack? Do we have compromised endpoint? Are there anomalies in our LAN traffic?
Counter that which you profit from countering • Decrease attacker ROI below critical threshold by applying countermeasures • Most Security tools fall within this category • Limit spending until you’re laid the foundational levels of the pyramid Counter- measures Footnote: Cyber kill chain is patented by Lockheed Martin.
Mapping to other strategic approaches Defensible Infrastructure Operational Excellence Situational Awareness Counter- measures Lockheed Martin patented Nigel Wilson -> @nigesecurityguy
Defensive hot zones • Basketball and other sports analysis -> • – FIND the HOT zones of your opponents. • Defend there.
Defensive hot zones • Basketball and other sports analysis -> • – FIND the HOT zones of your opponents. • Defend there.
Hot zones! • You need to secure: – The (Mobile) user/ endpoints – The networks – Data in transit – The Cloud – Internal systems Sample protections added only, not the complete picture of course
Best Practices – High level • Create awareness – Security awareness training • Increase the security budget – Justify investments BEFORE the breach. – It’s easier when you’re actually being attacked. But too late. • Use the Cyber Kill Chain model or Nigel Wilsons ”Defensible Security Posture” to gain capability to thwart attackers • Training, skills and people!
Hot zone 1: A real world PC • Microsoft EMET 5.2 • Java • Adobe Flash Player/Reader • AV • Executable files kill you, so use: – Adblocking extension in browser – Advanced endpoint protection solutions – Secure Web Gateway – White listing, black listing – No admin credentials left behind And then cross your fingers
Hot zone 1, more • PC defense should include: – Whitelisting – Blacklisting – Sandboxing – Registry defenses – Change roll-backs – HIPS – Domain policies – Log collection and review – MFA – ACL’s/Firewall rules – Heuristics detection/prevention – DNS audit and protection
Hot zone 2: The networks • Baselining everything • Spot anomalies • Monitor, observe, record • Advanced network level tools • Test your network resilience/security with Ixia BreakingPoint. Ask me for free test licenses. • Network Security Monitoring (NSM) • Don’t forget the insider threat
Hot zone 3+4: Data in Transit/Cloud • Trust in encryption • Remember you secure what you put in the cloud. The Cloud provider doesn’t • Great new mobile collaboration tools exist • SaaS monitoring and DLP tools exist -> ”CloudWalls” • Cloudcrypters • CloudTrail, CloudWatch, Config-log/change-trackers, vuln.mgmt • Story about the Vulnerability patched during Bash/Shellshock public confusion period • And this for home study: https://securosis.com/blog/security-best- practices-for-amazon-web-services
Cloud • Segmentation • Compartmentalisation • Need to know
Cloud • Concentration risk • Secure the administrative credentials and APIs • ENISA: – https://www.enisa.europa.eu/activities/risk- management/files/deliverables/cloud-computing-risk- assessment – https://resilience.enisa.europa.eu/cloud-computing- certification • A funny story about cloud certification providers hacking me
Best practices • Use EMET • Use ad-blockers • Use advanced endpoint threat prevention solutions • Use ”Adversary mind-set” and threat modeling
A more defensible infrastructure • Avoid expense in depth • Research and find the best counter measures • Open Source tools can be awesome • Full packet capture and Deep packet inspection/Proxies for visibility • KNOW WHAT’S GOING ON IN YOUR NETWORKS • Watch and learn from attack patterns
Best practices - Mitigate risks Source: Dave Sweigert
Automate Threat Intelligence IOC • Use multiple IOC feeds • Automate daily: – IOC feed retrival, – Insertion into SIEM, – Correlation against all-time logfiles, – Alerting on matches – Manual follow-up on alerts
You need to ally up! • Security and Infrastructure aren’t enemies • Security and the office of the CIO aren’t enemies • Ally up & Bromance!
And the unexpected extra win • Real security will actually make you compliant in many areas of compliance
Q & A • Ask me question, or I’ll ask you questions
Sources used – http://www.itbusinessedge.com – Heartbleed.com – https://nigesecurityguy.wordpress.com/ – Lockheed Martins ”Cyber Kill Chain” – Joshua Corman and David Etue from RSAC 2014 ”Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome” – Lego

More Related Content

PPTX
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
PPTX
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
PPTX
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
PDF
Common WebApp Vulnerabilities and What to Do About Them
Eoin Woods
 
PDF
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Rui Miguel Feio
 
PDF
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
PDF
How to Protect Your Mainframe from Hackers (v1.0)
Rui Miguel Feio
 
PDF
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
Common WebApp Vulnerabilities and What to Do About Them
Eoin Woods
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Rui Miguel Feio
 
Event Presentation: Cyber Security for Industrial Control Systems
Infonaligy
 
How to Protect Your Mainframe from Hackers (v1.0)
Rui Miguel Feio
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 

What's hot (20)

PPTX
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 
PPTX
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Claus Cramon Houmann
 
PDF
Managing Next Generation Threats to Cyber Security
Priyanka Aash
 
PDF
Cyber security and the mainframe (v1.3)
Rui Miguel Feio
 
PDF
12 Simple Cybersecurity Rules For Your Small Business
NSUGSCIS
 
PDF
2019 FRSecure CISSP Mentor Program: Class Ten
FRSecure
 
PDF
2019 FRSecure CISSP Mentor Program: Class Eleven
FRSecure
 
PDF
The Cloud is in the details webinar - Rothke
Ben Rothke
 
PPTX
Security challenges in 2017
Etienne Liebetrau
 
PDF
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
Rui Miguel Feio
 
PDF
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
TISA
 
PDF
2019 FRecure CISSP Mentor Program: Session Two
FRSecure
 
PDF
Mainframe Security - It's not just about your ESM v2.2
Rui Miguel Feio
 
PPTX
Mind the gap
Roger Hagedorn
 
PPT
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
PDF
2019 FRSecure CISSP Mentor Program: Class One
FRSecure
 
PPT
Cultivating security in the small nonprofit
Roger Hagedorn
 
PDF
Current & Emerging Cyber Security Threats
NCC Group
 
PPTX
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
PPTX
Threat Modeling Lessons from Star Wars
Adam Shostack
 
IT Security Management -- People, Procedures and Tools
Andrew S. Baker (ASB)
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Claus Cramon Houmann
 
Managing Next Generation Threats to Cyber Security
Priyanka Aash
 
Cyber security and the mainframe (v1.3)
Rui Miguel Feio
 
12 Simple Cybersecurity Rules For Your Small Business
NSUGSCIS
 
2019 FRSecure CISSP Mentor Program: Class Ten
FRSecure
 
2019 FRSecure CISSP Mentor Program: Class Eleven
FRSecure
 
The Cloud is in the details webinar - Rothke
Ben Rothke
 
Security challenges in 2017
Etienne Liebetrau
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
Rui Miguel Feio
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
TISA
 
2019 FRecure CISSP Mentor Program: Session Two
FRSecure
 
Mainframe Security - It's not just about your ESM v2.2
Rui Miguel Feio
 
Mind the gap
Roger Hagedorn
 
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
2019 FRSecure CISSP Mentor Program: Class One
FRSecure
 
Cultivating security in the small nonprofit
Roger Hagedorn
 
Current & Emerging Cyber Security Threats
NCC Group
 
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Threat Modeling Lessons from Star Wars
Adam Shostack
 
Ad

Viewers also liked (14)

PDF
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
PPTX
600.412.Lecture06
ragibhasan
 
PPT
SOAP Overview
elliando dias
 
PDF
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware
 
PPTX
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
PDF
Cloud Breach – Preparation and Response
Priyanka Aash
 
PDF
Targeted attacks
Rahul
 
PDF
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
nullowaspmumbai
 
PDF
Certificate_eWPT
Dmytro Korzhevin
 
PPTX
Demonstrate the defense and attack strategies
Mohamed Mousa
 
PDF
Présentation #Wallcode
Agence du Numérique (AdN)
 
DOCX
Antivirus Bypass Techniques - 2016
Raghav Bisht
 
PDF
Alphorm.com support de la formation programmer en C# 6
Alphorm
 
PDF
Alphorm.com Support de la formation Programmer en C# avec visual studio 2015
Alphorm
 
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
600.412.Lecture06
ragibhasan
 
SOAP Overview
elliando dias
 
Radware DefensePipe: Cloud-Based Attack Mitigation Solution
Radware
 
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Cloud Breach – Preparation and Response
Priyanka Aash
 
Targeted attacks
Rahul
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
nullowaspmumbai
 
Certificate_eWPT
Dmytro Korzhevin
 
Demonstrate the defense and attack strategies
Mohamed Mousa
 
Présentation #Wallcode
Agence du Numérique (AdN)
 
Antivirus Bypass Techniques - 2016
Raghav Bisht
 
Alphorm.com support de la formation programmer en C# 6
Alphorm
 
Alphorm.com Support de la formation Programmer en C# avec visual studio 2015
Alphorm
 
Ad

Similar to Keynote Information Security days Luxembourg 2015 (20)

PPTX
NZISF Talk: Six essential security services
Hinne Hettema
 
PPT
Commercial and government cyberwarfare
Nicholas Davis
 
PPT
Commercial And Government Cyberwarfare
Nicholas Davis
 
PDF
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
PDF
Corona| COVID IT Tactical Security Preparedness: Threat Management
RedZone Technologies
 
PPTX
Intro to INFOSEC
Sean Whalen
 
PPTX
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
PDF
Mickey pacsec2016_final
PacSecJP
 
PDF
Big Bang Theory: The Evolution of Pentesting High Security Environments
Chris Gates
 
PDF
Users awarness programme for Online Privacy
Kazi Sarwar Hossain
 
PDF
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
PPT
Lecture 4 presentation of cyber security
jitendrachettri894
 
PDF
110307 cloud security requirements gourley
GovCloud Network
 
PDF
Rothke - A Pragmatic Approach To Purchasing Information Security Products
Ben Rothke
 
PDF
C days2015
Nuno Loureiro
 
PPTX
Presentation 10.pptx
mishogelashvili28
 
PPTX
Privacies are Coming
Ernest Staats
 
PDF
Infosec russia cnemeth_v1.2.ppt
Christophe Németh (CISSP / CISM)
 
PDF
terry-gilsenan-pie-operating.10433
Terry Gilsenan
 
PPTX
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
hforhassan101
 
NZISF Talk: Six essential security services
Hinne Hettema
 
Commercial and government cyberwarfare
Nicholas Davis
 
Commercial And Government Cyberwarfare
Nicholas Davis
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
RedZone Technologies
 
Intro to INFOSEC
Sean Whalen
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Mickey pacsec2016_final
PacSecJP
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Chris Gates
 
Users awarness programme for Online Privacy
Kazi Sarwar Hossain
 
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
Lecture 4 presentation of cyber security
jitendrachettri894
 
110307 cloud security requirements gourley
GovCloud Network
 
Rothke - A Pragmatic Approach To Purchasing Information Security Products
Ben Rothke
 
C days2015
Nuno Loureiro
 
Presentation 10.pptx
mishogelashvili28
 
Privacies are Coming
Ernest Staats
 
Infosec russia cnemeth_v1.2.ppt
Christophe Németh (CISSP / CISM)
 
terry-gilsenan-pie-operating.10433
Terry Gilsenan
 
SAL-DR-01-ELC 10 Understanding the SOC Audience.pptx
hforhassan101
 

More from Claus Cramon Houmann (6)

PPTX
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann
 
PPTX
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
Claus Cramon Houmann
 
PPTX
The unspeakable-pitfalls of mobile security
Claus Cramon Houmann
 
PPTX
Defensive strategies
Claus Cramon Houmann
 
PPTX
Mitigating the clicker
Claus Cramon Houmann
 
PPTX
Css 2013 claushoumann Building comprehensively for IT Security
Claus Cramon Houmann
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
Claus Cramon Houmann
 
The unspeakable-pitfalls of mobile security
Claus Cramon Houmann
 
Defensive strategies
Claus Cramon Houmann
 
Mitigating the clicker
Claus Cramon Houmann
 
Css 2013 claushoumann Building comprehensively for IT Security
Claus Cramon Houmann
 

Recently uploaded (20)

PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PPTX
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PDF
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
PDF
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 
Configure Apache Mutual Authentication
Antonino Piraino
 
Module 1 Introduction to Web Programming .pptx
kamleshkc191
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
Consumable AI The What, Why & How for Small Teams.pdf
Vivek Sai
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Convolutional neural network based encoder-decoder for efficient real-time ob...
IAESIJAI
 
CXOs-Are-you-still-doing-manual-DevOps-in-the-age-of-AI.pdf
Kalilur Rahman
 

Keynote Information Security days Luxembourg 2015

  • 2. World’s biggest Hack? • Was their security ”make believe”?
  • 3. Me • Father of 3, happily married. • I work for a Bank. Am also independent IT/Infosec consultant. Any opinions presented here are my own and do not represent my employer. • Contributor to ”@TheAnalogies project” making IT and Infosec understandable outside the echo chambers • Member of the I am the Cavalry movement – trying to make connected devices worthy of our trust • @ClausHoumann • I present on security a lot at conferences -> Find my work on slideshare
  • 4. What is a keynote? • Painting the big picture • Strategic views -> Not Tactical view
  • 5. The big picture • Existing tools, and even Next- Generation APT tools have limits/are broken: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_20 14.pdf – He created the stupidest malware imaginiable. No one detected it. – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf – Paul Jung -> Present here today -> shows how easily malware can detect sandboxes
  • 6. The big picture • No silver bullets exist. Beware of the phrases: – ”Counter any threat” – ”Detect any malware” – ”You only need our solution” – Proceed with caution – VPT (vendor persistent threat)
  • 7. The big picture • That being said, many awesome vendors and products are present today! There is no #Infosec without them • They have my respect
  • 9. Doing it wrong (Source: Stefan Esser)
  • 10. Source: With permission from Daniel Miessler @danielmiessler
  • 11. And my own version
  • 12. Doing it right • EURODNS in Luxembourg has just made it possible for each client to get an SSL certificate for their website for free • This simple change makes a difference
  • 13. The job of the enterprise defender: • Trying to not purchase crappy products (Lemons -> Source: Haroon Meer @wearetroopers • While trying to build a real skilled defense
  • 15. It’s an assymetrical conflict X-wing
  • 16. Compliance • Is • NOT • Security • Compliance is preparing to fight a war • Using antiquated weapons • Against enemies of decades past
  • 17. Why worry now? • Companies that get hacked are fine...look at Sony, Target, Apple etc. -> stock prices not affected, end users don’t care. – Breaches and lawyer expenses following these are an acceptable cost of doing business – Right? – No, maybe not anymore...next slide
  • 18. Board Level Attention required, NOW! • EU Data protection regulation: – Mandatory breach reporting within 72 hours – 5% of revenue as fine possible • Threat level increasing sharply • Attack surface increasing (think IoT, BYOD)
  • 19. Want to beat assymetricality? Here’s how: • A strategic approach to security leveraging methods that work
  • 20. Pyramids - This one is Joshua Corman’s. Defensible Infrastructure Operational Excellence Situational Awareness Counter- measures
  • 21. The Foundation Defensible Infrastructure Software and Hardware built as ”secure by default” is ideal here. Rugged DevOps. Your choices of tech impacts you ever after You must assemble carefully, like Lego Without backdoors or Golden Keys!
  • 22. Mastery Operational Excellence Master all aspects of your Development, Operations and Outsourcing. Train like the Ninjas! DevOps (Rugged DevOps) Change Management Patch Management Asset Management Information classification & localization Basically, all the cornerstones of ITIL You name it. Master it.
  • 23. Gain the ability to handle situations correctly – Floodlights ON Situational Awareness ”People don’t write software anymore, they assemble it” Quote Joshua Corman. -> Know which lego blocks you have in your infrastructure -> Actionable threat intelligence -> Automate as much as you can, example: IOC’s automatically fed from sources into SIEM with alerting on matches Are we affected by Poodle? Shellshock? WinShock? Heartbleed? Should we patch now? Next week? Are we under attack? Do we have compromised endpoint? Are there anomalies in our LAN traffic?
  • 24. Counter that which you profit from countering • Decrease attacker ROI below critical threshold by applying countermeasures • Most Security tools fall within this category • Limit spending until you’re laid the foundational levels of the pyramid Counter- measures Footnote: Cyber kill chain is patented by Lockheed Martin.
  • 25. Mapping to other strategic approaches Defensible Infrastructure Operational Excellence Situational Awareness Counter- measures Lockheed Martin patented Nigel Wilson -> @nigesecurityguy
  • 26. Defensive hot zones • Basketball and other sports analysis -> • – FIND the HOT zones of your opponents. • Defend there.
  • 27. Defensive hot zones • Basketball and other sports analysis -> • – FIND the HOT zones of your opponents. • Defend there.
  • 28. Hot zones! • You need to secure: – The (Mobile) user/ endpoints – The networks – Data in transit – The Cloud – Internal systems Sample protections added only, not the complete picture of course
  • 29. Best Practices – High level • Create awareness – Security awareness training • Increase the security budget – Justify investments BEFORE the breach. – It’s easier when you’re actually being attacked. But too late. • Use the Cyber Kill Chain model or Nigel Wilsons ”Defensible Security Posture” to gain capability to thwart attackers • Training, skills and people!
  • 30. Hot zone 1: A real world PC • Microsoft EMET 5.2 • Java • Adobe Flash Player/Reader • AV • Executable files kill you, so use: – Adblocking extension in browser – Advanced endpoint protection solutions – Secure Web Gateway – White listing, black listing – No admin credentials left behind And then cross your fingers
  • 31. Hot zone 1, more • PC defense should include: – Whitelisting – Blacklisting – Sandboxing – Registry defenses – Change roll-backs – HIPS – Domain policies – Log collection and review – MFA – ACL’s/Firewall rules – Heuristics detection/prevention – DNS audit and protection
  • 32. Hot zone 2: The networks • Baselining everything • Spot anomalies • Monitor, observe, record • Advanced network level tools • Test your network resilience/security with Ixia BreakingPoint. Ask me for free test licenses. • Network Security Monitoring (NSM) • Don’t forget the insider threat
  • 33. Hot zone 3+4: Data in Transit/Cloud • Trust in encryption • Remember you secure what you put in the cloud. The Cloud provider doesn’t • Great new mobile collaboration tools exist • SaaS monitoring and DLP tools exist -> ”CloudWalls” • Cloudcrypters • CloudTrail, CloudWatch, Config-log/change-trackers, vuln.mgmt • Story about the Vulnerability patched during Bash/Shellshock public confusion period • And this for home study: https://securosis.com/blog/security-best- practices-for-amazon-web-services
  • 35. Cloud • Concentration risk • Secure the administrative credentials and APIs • ENISA: – https://www.enisa.europa.eu/activities/risk- management/files/deliverables/cloud-computing-risk- assessment – https://resilience.enisa.europa.eu/cloud-computing- certification • A funny story about cloud certification providers hacking me
  • 36. Best practices • Use EMET • Use ad-blockers • Use advanced endpoint threat prevention solutions • Use ”Adversary mind-set” and threat modeling
  • 37. A more defensible infrastructure • Avoid expense in depth • Research and find the best counter measures • Open Source tools can be awesome • Full packet capture and Deep packet inspection/Proxies for visibility • KNOW WHAT’S GOING ON IN YOUR NETWORKS • Watch and learn from attack patterns
  • 38. Best practices - Mitigate risks Source: Dave Sweigert
  • 39. Automate Threat Intelligence IOC • Use multiple IOC feeds • Automate daily: – IOC feed retrival, – Insertion into SIEM, – Correlation against all-time logfiles, – Alerting on matches – Manual follow-up on alerts
  • 40. You need to ally up! • Security and Infrastructure aren’t enemies • Security and the office of the CIO aren’t enemies • Ally up & Bromance!
  • 41. And the unexpected extra win • Real security will actually make you compliant in many areas of compliance
  • 42. Q & A • Ask me question, or I’ll ask you questions
  • 43. Sources used – http://www.itbusinessedge.com – Heartbleed.com – https://nigesecurityguy.wordpress.com/ – Lockheed Martins ”Cyber Kill Chain” – Joshua Corman and David Etue from RSAC 2014 ”Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome” – Lego

Editor's Notes

  • #2: Or join these
  • #6: Paul Jung present & presenting
  • #7: Paul Jung present & presenting
  • #8: Paul Jung present & presenting
  • #9: No, that’s not a moon. Perspective matters. Things are not as they seem.
  • #21: The Egyptians built their pyramids from the bottom up. Because, that’s how you build pyramids. Start there!
  • #22: Laying a secure foundation matters supremely. History proves this
  • #23: As with any art, practice makes master. So, Practice!
  • #24: Automation is key for threat intelligence, threat detection and threat remediation
  • #26: Dont start by blindly buying tools, do the basics, master it and work from there
  • #31: In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables
  • #33: In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables
  • #34: In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables