Learning from History

576 views

Published on

Security breaches are becoming a regular occurrence with many creating headlines. Yet, despite this publicity the details of breaches are often not disclosed so other organisations cannot learn from them. IRISSCERT has been contributing data on incidents in Ireland to the Verizon Data Breach Incident Report and will use this data to outline to those attending what types of attacks are happening to Irish organisations, what steps they can take to prevent becoming a victim of those same attacks and the lessons learnt to better improve their own incident response capabilities

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
576
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • 2004 I identified that Ireland had no CERT. I felt that this was a major weakness in our security infrastructure at both an economic and national security point of view. In 2004 I took the decision to pursue the reasons why we had no CERT and based on the responses determine if we needed one. If it was determined we should have one then outline a way forward for Ireland to have a CERT
  • I met with the various stakeholders;Department of Communications responsible for Internet securitySubsequent meetings withAn Garda Siochana (Irish Police)Chambers IrelandIrish Business and Employers Confederation Enterprise IrelandIrish Small & Medium Enterprises Association Internet Service Provider Association of Ireland Science Foundation IrelandHEAnet CERTCenter for Cybercrime Investigation - University College Dublin ISSA IrelandIrish Information Systems Security ForumThe SANS Institute EuropeENISA (the European Network and Information Security Agency )Numerous Organisations of Varying Sizes
  • So I set up IRISS.IRISS is a registered not for profit company. Business Day coverageContactable by email & web.Part Time Volunteer StaffIrish Focused Security Information
  • The three certainties with regards to information securityDeath and TaxesYou will have an incident.How you respond to an incident will have a direct influence on the impact that incident may have to your costs, reputation and ability to conduct business.
  • Improved Response provides;Positive Security PostureIncidents Dealt with Quickly, Efficiently and EffectivelyRapid and Accurate Assessment of IncidentsChoosing Most Appropriate Response.Shortened Recovery Times.Minimised Business Disruption.Confidence to Proceed with a Court Case.Regulatory and Legal Compliance.Potential Reduction in Incidents.Accurate Reporting and Metrics
  • Impossible to monitor everything – add intelligence and automation
  • Behavioural patternsWhat anonamilies
  • RSASocial Engineer
  • Veris from Verizon
  • Learning from History

    1. 1. Helping You Piece IT Togetherhttp://www.bhconsulting.ie info@bhconsulting.ieLearning From History
    2. 2. Who is Brian Honan?
    3. 3. Who is Brian Honan?
    4. 4. What is IRISS-CERT? Ireland’s First CSIRT(Computer Security Incident Response Team) Provide Services On Information Security Services Provided Free of Charge Not For Profit Organisation
    5. 5. Services Offered Irish Focused Alerts and WarningsVulnerability AwarenessIncident AwarenessSanitised Attack NotificationsCoordination Service Irish Focused ResearchTrends and MetricsGeneral Awareness Knowledge SharingInformal discussionInformation Sharing & Dissemination
    6. 6. 2004 – The Journey Began
    7. 7. What’s Missing?
    8. 8. Not a Fair Fight !
    9. 9. Stakeholders
    10. 10. 2008 IRISS Is Born
    11. 11. IRISSCERT Team
    12. 12. Affiliations
    13. 13. Affiliations
    14. 14. IRISSCERT AchievementsFinalist in Best InformationSecurity Team Category
    15. 15. IRISSCERT SmileIreland
    16. 16. IRISSCERT SmileIreland
    17. 17. Other Key Achievements Verizon Databreach Investigations Report(DBIR) 2012 & 2013 Assisted NHTCU In Bredolab Cleanup Hosted Transits Training for 35 CERT PersonnelFrom Around Europe DNS Changer Cleanup Participated in A CERT Exercises Coordinated Vulnerability Disclosures (CNI,vendors, & websites)
    18. 18. Infosec Certainties
    19. 19. Recognised Threat
    20. 20. Recognised Threat“the cyber threat to our nationis one of the most seriouseconomic and nationalsecurity challenges we face.”"industrial-scale processesinvolving many thousands ofpeople lying behind both statesponsored cyber espionage andorganised cyber crime".
    21. 21. Traditional IT Security
    22. 22. Ancient Security
    23. 23. Ancient Security
    24. 24. Fortified Perimeter
    25. 25. Ingress/Egress Points
    26. 26. Layered Security
    27. 27. Perimeter Defences
    28. 28. Good Against
    29. 29. And
    30. 30. But Not Against
    31. 31. Or
    32. 32. Or
    33. 33. So In Reality Is Like
    34. 34. Crack the Outer Shell
    35. 35. Verizon DBIR
    36. 36. Breach Detection69%22%9%Detected by 3rd PartyDetected by OrgDetected by CustomerSource: Verizon DBIR 2013
    37. 37. Time To Discover Breach34%4%62%Less than A monthYears or MoreMonths or MoreSource: Verizon DBIR 2013
    38. 38. Difficulty78%22%Not DifficultModerate to DifficultSource: Verizon DBIR 2013
    39. 39. 2012 - Incidents
    40. 40. 2012 - IncidentsPhishing, 74%Malware, 19%Other, 7%
    41. 41. 2012 - IncidentsOrgCrime, 95%Other, 5%
    42. 42. 2012 - Incidents Increase in Targeted Attacks Increase in DDOS Attacks Increase in Activism Ransomware Attacks
    43. 43. 2012 - Incidents Root Cause Poor Passwords Missing Patches Vulnerabilities Web Platforms Out of Data Anti-Virus Software Lack of Monitoring
    44. 44. Learning from The Past
    45. 45. Understand Your Business
    46. 46. Don’t Forget The Basics
    47. 47. Patching
    48. 48. Strong Passwords (2FA?)
    49. 49. Anti-Virus
    50. 50. Monitor Logs
    51. 51. Harden Systems
    52. 52. Use Security Tools
    53. 53. Segment Your Information
    54. 54. Analyse Network Patterns
    55. 55. Train Staff & Partners
    56. 56. Use Open Source Data
    57. 57. Set Traps
    58. 58. Share with Peershttp://www.veriscommunity.net/doku.php
    59. 59. Questions ?

    ×