SlideShare a Scribd company logo

Defensive strategies

Download as PPTX, PDF
Claus Cramon Houmann
Claus Cramon Houmann

How to build a defense in depth and promotion for www.defense-in-depth.com Free advise for all

TechnologyBusiness
1 of 18
Banque Öhman Defensive strategies How to build a defense-in-depth Claus Cramon Houmann 2013-10-23
Banque Öhman 2013-10-23 Key take aways: • • • • Never ever rely on a single solution Defense in depth. In Depth... Both threat prevention and threat detection are important If the bad guys want to get in bad enough, they will – be able to reduce the ”dwell time” they have inside your systems • The ”CLICKER” is the colleague who clicks on that ”interesting link or attachment” in a suspicious e-mail... 2 Öhman
Banque Öhman 1 Single 0-day or unpatched system is all ”they” need 3 Öhman 2013-10-23
Banque Öhman Breach methods – – – – Hacking (Fx SQL injection against DB servers) Malware (fx phishing) Social engineering Physical 4 Öhman 2013-10-23
Banque Öhman 2013-10-23 Source: Verizon’s 2012 Data Breach investigations report 5 Öhman
Banque Öhman Defense-in-depth. Isnt is simple and beatiful? 6 Öhman 2013-10-23
Banque Öhman 7 Öhman
Banque Öhman Where to start a defense-in-depth? • First establish where you are as an IT-security organization today, then find out where you want to be • Get the right people. • As your organizations “Infosec level” matures – you may be able to pass or almost pass a pentest. Most low hanging fruits have been “picked” already • This makes it very hard for “them” to get in via hacking methods • -> they will try malware next 8 Öhman 2013-10-23
Advanced targetted Malware leveraging 0-days or recently patched vulnerabilities = CIO/CISO nightmare • The CLICKER becomes your biggest external threat! 9 Öhman Banque Öhman 2013-10-23
Banque Öhman 2013-10-23 Mitigating the “CLICKER” • There are now innovative next-generation tools available for advanced threat prevention and/or detection = AMP’s – Microvirtualization – Advanced code handling/analysis/reverse-engineering tools – Network level Sandboxing or detection based on behavioural analysis/packet inspection – System and registry level lockdown of process/user-rights – Cloud based Big Data analytical/defense tools – Whitelisting tech – Others – this “market segment” is booming right now 10 Öhman
Banque Öhman 2013-10-23 Risk assessments match? • The approach to pick the lowest hanging apples first should be identical to the approach your IT risk management would recommend • Mitigating the easy-value-for-money threats first 11 Öhman
Banque Öhman 2013-10-23 Why is the AMP market booming? • The AV industry in the traditional sense has declared their tools insufficient and the war on malware lost • Hacking is increasing supported by big budgets – think nationstate-sponsored APT’s • 0-days abound in the Wild – being purchased by “hackers” – unofficial hackers or nation-state sponsored hackers alike • The black market cyber-industry is a huge! economy 12 Öhman
Banque Öhman 2013-10-23 The future of defense strategies • Whatever the name (Defense-in-depth, layered defense, defensible security posture) – almost everyone in IT/Infosec agree that you need to think in security at all levels • Defenders are always behind attackers – Defenders need to share knowledge, experience and methodologies better and faster • Develop capabilities to stop attackers at several points in the cyber kill chain 13 Öhman
Banque Öhman 2013-10-23 Conclusion • To build a defense-in-depth you want to: – Have capabilities within Threat Prevention, Detection, Alerting, Incident Response, some kind of IOC / Threat sharing community. AMP’s + more. • To be able to this way both block+detect known and unknown attacks/payloads, and when penetrated, regain control and limit losses 14 Öhman
Banque Öhman Can I help? Can you help? • There are people trying to help us: on twitter #wearethecavalry for example • In the UK: Strategic security advisors alliance • My plan: – Turn www.defense-in-depth.com into the WIKIPEDIA of ITsecurity/Infosec 15 Öhman 2013-10-23
Banque Öhman 2013-10-23 About me • Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids • CISSP, ITIL Certified Expert, Prince2 practitioner • You can contact me anytime: – Skype: Claushj0707 – Twitter: @claushoumann or @improveitlux • Sources used: – Verizon: Data Breach investigations report 2012 – @gollmann from IOactive Blog posts – http://nigesecurityguy.wordpress.com/2013/10/02/advanced-threatdefense-part-1/ and other blog posts – @RobertMLee 16 Öhman
Banque Öhman Questions? 17 Öhman 2013-10-23
Banque Öhman More questions? 18 Öhman 2013-10-23

Recommended

Stu w23 b
Stu w23 bStu w23 b
Stu w23 b
SelectedPresentations
 
Keeping web servers safe and profitable with Imunify360
Keeping web servers safe and profitable with Imunify360Keeping web servers safe and profitable with Imunify360
Keeping web servers safe and profitable with Imunify360
CloudLinux
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
Yogesh Kumar
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
Pace IT at Edmonds Community College
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
Syed Maniruzzaman Pabel
 
Diversification and Defensive Strategies
Diversification and Defensive StrategiesDiversification and Defensive Strategies
Diversification and Defensive Strategies
Sheetal Narkar
 
Defensive Strategies in Strategic Management - Karim Virani
Defensive Strategies in Strategic Management - Karim ViraniDefensive Strategies in Strategic Management - Karim Virani
Defensive Strategies in Strategic Management - Karim Virani
Karim Virani
 
Strategic Management: Types of Strategy
Strategic Management: Types of StrategyStrategic Management: Types of Strategy
Strategic Management: Types of Strategy
Antoniette Marcellita
 

Recommended

Stu w23 b
Stu w23 bStu w23 b
Stu w23 b
SelectedPresentations
 
Keeping web servers safe and profitable with Imunify360
Keeping web servers safe and profitable with Imunify360Keeping web servers safe and profitable with Imunify360
Keeping web servers safe and profitable with Imunify360
CloudLinux
 
First Union Bank Report
First Union Bank ReportFirst Union Bank Report
First Union Bank Report
Yogesh Kumar
 
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 1)
Pace IT at Edmonds Community College
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
Syed Maniruzzaman Pabel
 
Diversification and Defensive Strategies
Diversification and Defensive StrategiesDiversification and Defensive Strategies
Diversification and Defensive Strategies
Sheetal Narkar
 
Defensive Strategies in Strategic Management - Karim Virani
Defensive Strategies in Strategic Management - Karim ViraniDefensive Strategies in Strategic Management - Karim Virani
Defensive Strategies in Strategic Management - Karim Virani
Karim Virani
 
Strategic Management: Types of Strategy
Strategic Management: Types of StrategyStrategic Management: Types of Strategy
Strategic Management: Types of Strategy
Antoniette Marcellita
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clicker
Claus Cramon Houmann
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
Chris Gates
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
Quick Heal Technologies Ltd.
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
VOROR
 
Improve Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasImprove Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These Ideas
Recorded Future
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
MuhammadRehan856177
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
Community IT Innovators
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
AlienVault
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
Joe McCray
 
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
BeyondTrust
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdf
infosec train
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
Meg Weber
 
Module 10 e security-en
Module 10 e security-enModule 10 e security-en
Module 10 e security-en
Institute of Entrepreneurship Development
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
SurfWatch Labs
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Understanding Endpoint Security: A Guide For Everyone
Understanding Endpoint Security: A Guide For EveryoneUnderstanding Endpoint Security: A Guide For Everyone
Understanding Endpoint Security: A Guide For Everyone
AKGVG & ASSOCIATES Chartered Accountants
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
Binod Rimal
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
Claus Cramon Houmann
 

More Related Content

Similar to Defensive strategies

Similar to Defensive strategies (20)

Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clicker
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
 
Improve Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasImprove Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These Ideas
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
IT Security for Nonprofits
IT Security for NonprofitsIT Security for Nonprofits
IT Security for Nonprofits
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat Intelligence
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk
 
SOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdfSOC Analyst Interview Questions & Answers.pdf
SOC Analyst Interview Questions & Answers.pdf
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
Module 10 e security-en
Module 10 e security-enModule 10 e security-en
Module 10 e security-en
 
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
Connecting the Dots Between Your Threat Tntelligence Tradecraft and Business ...
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Understanding Endpoint Security: A Guide For Everyone
Understanding Endpoint Security: A Guide For EveryoneUnderstanding Endpoint Security: A Guide For Everyone
Understanding Endpoint Security: A Guide For Everyone
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 

More from Claus Cramon Houmann

More from Claus Cramon Houmann (6)

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile security
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT Security
 

Recently uploaded

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Defensive strategies

  • 1. Banque Öhman Defensive strategies How to build a defense-in-depth Claus Cramon Houmann 2013-10-23
  • 2. Banque Öhman 2013-10-23 Key take aways: • • • • Never ever rely on a single solution Defense in depth. In Depth... Both threat prevention and threat detection are important If the bad guys want to get in bad enough, they will – be able to reduce the ”dwell time” they have inside your systems • The ”CLICKER” is the colleague who clicks on that ”interesting link or attachment” in a suspicious e-mail... 2 Öhman
  • 3. Banque Öhman 1 Single 0-day or unpatched system is all ”they” need 3 Öhman 2013-10-23
  • 4. Banque Öhman Breach methods – – – – Hacking (Fx SQL injection against DB servers) Malware (fx phishing) Social engineering Physical 4 Öhman 2013-10-23
  • 5. Banque Öhman 2013-10-23 Source: Verizon’s 2012 Data Breach investigations report 5 Öhman
  • 6. Banque Öhman Defense-in-depth. Isnt is simple and beatiful? 6 Öhman 2013-10-23
  • 8. Banque Öhman Where to start a defense-in-depth? • First establish where you are as an IT-security organization today, then find out where you want to be • Get the right people. • As your organizations “Infosec level” matures – you may be able to pass or almost pass a pentest. Most low hanging fruits have been “picked” already • This makes it very hard for “them” to get in via hacking methods • -> they will try malware next 8 Öhman 2013-10-23
  • 9. Advanced targetted Malware leveraging 0-days or recently patched vulnerabilities = CIO/CISO nightmare • The CLICKER becomes your biggest external threat! 9 Öhman Banque Öhman 2013-10-23
  • 10. Banque Öhman 2013-10-23 Mitigating the “CLICKER” • There are now innovative next-generation tools available for advanced threat prevention and/or detection = AMP’s – Microvirtualization – Advanced code handling/analysis/reverse-engineering tools – Network level Sandboxing or detection based on behavioural analysis/packet inspection – System and registry level lockdown of process/user-rights – Cloud based Big Data analytical/defense tools – Whitelisting tech – Others – this “market segment” is booming right now 10 Öhman
  • 11. Banque Öhman 2013-10-23 Risk assessments match? • The approach to pick the lowest hanging apples first should be identical to the approach your IT risk management would recommend • Mitigating the easy-value-for-money threats first 11 Öhman
  • 12. Banque Öhman 2013-10-23 Why is the AMP market booming? • The AV industry in the traditional sense has declared their tools insufficient and the war on malware lost • Hacking is increasing supported by big budgets – think nationstate-sponsored APT’s • 0-days abound in the Wild – being purchased by “hackers” – unofficial hackers or nation-state sponsored hackers alike • The black market cyber-industry is a huge! economy 12 Öhman
  • 13. Banque Öhman 2013-10-23 The future of defense strategies • Whatever the name (Defense-in-depth, layered defense, defensible security posture) – almost everyone in IT/Infosec agree that you need to think in security at all levels • Defenders are always behind attackers – Defenders need to share knowledge, experience and methodologies better and faster • Develop capabilities to stop attackers at several points in the cyber kill chain 13 Öhman
  • 14. Banque Öhman 2013-10-23 Conclusion • To build a defense-in-depth you want to: – Have capabilities within Threat Prevention, Detection, Alerting, Incident Response, some kind of IOC / Threat sharing community. AMP’s + more. • To be able to this way both block+detect known and unknown attacks/payloads, and when penetrated, regain control and limit losses 14 Öhman
  • 15. Banque Öhman Can I help? Can you help? • There are people trying to help us: on twitter #wearethecavalry for example • In the UK: Strategic security advisors alliance • My plan: – Turn www.defense-in-depth.com into the WIKIPEDIA of ITsecurity/Infosec 15 Öhman 2013-10-23
  • 16. Banque Öhman 2013-10-23 About me • Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids • CISSP, ITIL Certified Expert, Prince2 practitioner • You can contact me anytime: – Skype: Claushj0707 – Twitter: @claushoumann or @improveitlux • Sources used: – Verizon: Data Breach investigations report 2012 – @gollmann from IOactive Blog posts – http://nigesecurityguy.wordpress.com/2013/10/02/advanced-threatdefense-part-1/ and other blog posts – @RobertMLee 16 Öhman