SlideShare a Scribd company logo

How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication

Duo Security
Duo Security

Presenters: Rick Holland, Principal Analyst
, Forrester Research Brian Kelly, Principal PMM, Duo Security Bob Hillhouse, Associate CIO and CISO
, University of Tennessee, Knoxville

Technology
1 of 51
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication Presented by Duo Security with guests Forrester Research and University of Tennessee, Knoxville September 25, 2014 #duowebinar
Agenda Rick Holland, Forrester Research How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication Brian Kelly, Duo Security How Duo Helps You Avoid “Expense In Depth” Bob Hillhouse, University of Tennessee, Knoxville A Case for Multi-factor Authentication #duowebinar
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication Rick Holland, Principal Analyst Forrester Research #duowebinar
Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
APT! © 2014 Forrester Research, Inc. Reproduction Prohibited
Heartbleed OpenSSL vulnerability exploited to compromise SSL VPN © 2014 Forrester Research, Inc. Reproduction Prohibited
Adversaries are on shopping sprees © 2014 Forrester Research, Inc. Reproduction Prohibited
Except the adversary isn’t being timed © 2014 Forrester Research, Inc. Reproduction Prohibited
We are hyper focused on the © 2014 Forrester Research, Inc. Reproduction Prohibited WRONG things
Anything but the data © 2014 Forrester Research, Inc. Reproduction Prohibited Malware sandboxes Alert driven security Perimeter security controls
Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs Need No. 1: An Actual Security Strategy © 2014 Forrester Research, Inc. Reproduction Prohibited
Silver bullets, for investment not defense © 2014 Forrester Research, Inc. Reproduction Prohibited
Expense in Depth © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs Need No. 2: A Dedication To Recruiting And Retaining Staff © 2014 Forrester Research, Inc. Reproduction Prohibited
Lack of staff is a problem © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs Need No. 3: A Focus On The Fundamentals © 2014 Forrester Research, Inc. Reproduction Prohibited
A Focus On The Fundamentals © 2014 Forrester Research, Inc. Reproduction Prohibited
Forrester’s Zero Trust model © 2014 Forrester Research, Inc. Reproduction Prohibited
Forrester’s Zero Trust model © 2014 Forrester Research, Inc. Reproduction Prohibited
Zero Trust is fundamental © 2014 Forrester Research, Inc. Reproduction Prohibited
Strong Authentication › Strong authentication is critical for disrupting attackers © 2014 Forrester Research, Inc. Reproduction Prohibited
Strong Authentication › Strong auth is critical for disrupting attackers › Protect your VPNs and Citrix but don’t forget about SaaS applications › Consider step up authentication for admins © 2014 Forrester Research, Inc. Reproduction Prohibited
Least privilege › Privileged accounts need to be monitored and audited › Don’t share local admin passwords across all hosts › Work towards a data classification program © 2014 Forrester Research, Inc. Reproduction Prohibited
Detecting lateral movement › Segment your network › Deploy visibility to key ingress/egress chokepoints › NETFLOW can be used for lateral movement detection © 2014 Forrester Research, Inc. Reproduction Prohibited
Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
Return on Expense in Depth? © 2014 Forrester Research, Inc. Reproduction Prohibited
Recommendations › Evaluate your potential investments › What provides greatest marginal return on your investment? › What technology reduces the greatest attack surface? © 2014 Forrester Research, Inc. Reproduction Prohibited
Thank you Rick Holland rholland@forrester.com Twitter: @rickhholland
How Duo Helps You Avoid “Expense In Depth” Brian Kelly, Principal Product Marketing Manager Duo Security #duowebinar
Adoption of cloud, mobile, and BYOD is accelerating dramatically    # #  &  ☁#☁# IT 1.0: Mainframe IT 2.0: Client/Server IT 3.0: Cloud/Mobile
   # #  &   &   &  ☁#☁# 1995 2000 2005 2010  &  Data Breaches Along this same timeline we’ve also seen dramatic growth in user-targeted attacks
   # #  &   &   &  ☁#☁# 1995 2000 2005 2010  &  Data Breaches Why?
What’s new in IT 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service  &  ☁#☁#
What’s new in Security 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service Better OS and app security …but, limited endpoint control Better service security …but, limited network visibility
What’s new in Security 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service User-targeted attacks Credentials are easily stolen • Phished • Guessed • Keylogged • Sniffed • Cracked • Reused • Bypassed
100% OF BREACHES involve stolen credentials — Mandiant Source: mandiant.com/threat-landscape and M-Trends annual reports
advanced adversary will compromise your environment and accomplish their goal. The Targeted Attack Figure 2 The Hierarchy Targeted-Attack Hierarchy Of Of Needs Needs Detection and response Prevention An integrated portfolio that enables orchestration A focus on the fundamentals A dedication to recruiting and retaining staff An actual security strategy 107121 Source: Forrester Research,
advanced adversary will compromise your environment and accomplish their goal. The Targeted Attack Figure 2 The Hierarchy Targeted-Attack Hierarchy Of Of Needs Needs Detection and response Prevention An integrated portfolio that enables orchestration A focus on the fundamentals A dedication to recruiting and retaining staff An actual security strategy 107121 Source: Forrester Research, Back to Basics ‣ Patch, harden, update (everything) ‣ Segment data, services, networks ‣ Review access controls (often) ‣ Inspect endpoints, enforce policy ‣ Require strong authentication
Legacy two-factor authentication solutions overlook TCO On boarding Deployment $  #  ✉ $ $ $ Management Login  ⚠  ⏲
Duo Security minimizes cost throughout 2FA lifecycle On boarding Deployment ☁ . Management Login / 
Thousands Getting Better Security, Not Just More duosecurity.com/success-stories
A Case For Multi-Factor Authentication Bob Hillhouse, Associate CIO and CISO University of Tennessee, Knoxville #duowebinar
Cast ▪ The University of Tennessee, Knoxville ▪ 57 merchants across campus ▪ 130 Users; 150 Devices ▪ The UT Office of the Treasurer ▪ The Office of Information Technology (OIT)
Act I - Prelude ▪ PCI-DSS Requirement 8.3 – Incorporate two-factor authentication for remote access to the network by employees, administrators, and third parties… ▪ 150 devices in the PCI-Subnet require Remote Desktop Services (RDP)
Act II – The Timeline ▪ 8:00 AM ▪ 8:15 AM ▪ 8:30 AM ▪ 9:00 AM
Act III – Prologue ▪ 2013 – The end of strong password-only security. – http://duo.sc/utk-vid
Epilogue ▪ Compliance Goal was met ▪ Next: Two-Factor Authentication for all central IT staff using the VPN – 200 additional users ▪ Next: Two-Factor Authentication for all VPN Users – Usage Patterns – Establish scope (Campus-wide? Privileged Users Only?)
Questions + Answers #duowebinar Rick Holland, Forrester Research rholland@forrester.com @rickhholland Brian Kelly, Duo Security bkelly@duosecurity.com @resetbrian Bob Hillhouse, University of Tennessee, Knoxville bob@utk.edu @ut_oit

Recommended

Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerSecuring Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerDuo Security
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesDuo Security
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongDuo Security
 
Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Duo Security
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Brian Kelly
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 

Recommended

Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerSecuring Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerDuo Security
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesDuo Security
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongDuo Security
 
Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Duo Security
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Brian Kelly
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?centralohioissa
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopDavid Sweigert
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021Adrian Sanabria
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanAsad Zaman
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityPriyanka Aash
 
Wines of France
Wines of FranceWines of France
Wines of FranceAshish Gupta
 
Social media bishop haley
Social media bishop haleySocial media bishop haley
Social media bishop haleyHaley Bishop
 

More Related Content

What's hot

Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!centralohioissa
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021Adrian Sanabria
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecuritySounil Yu
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanAsad Zaman
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of CompromiseFireEye, Inc.
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesNCCOMMS
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) MITRE ATT&CK
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityPriyanka Aash
 

What's hot (20)

Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of Security
 

Viewers also liked

Social media bishop haley
Social media bishop haleySocial media bishop haley
Social media bishop haleyHaley Bishop
 
Скидки и акции в универсамах Магнит с 13 по 26 января 2016
Скидки и акции в универсамах Магнит с 13 по 26 января 2016Скидки и акции в универсамах Магнит с 13 по 26 января 2016
Скидки и акции в универсамах Магнит с 13 по 26 января 2016mbych
 
BETT: Educational Change
BETT: Educational ChangeBETT: Educational Change
BETT: Educational ChangeDannno
 
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.Михаил Бычков
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101Jerod Brennen
 

Viewers also liked (9)

Wines of France
Wines of FranceWines of France
Wines of France
 
Social media bishop haley
Social media bishop haleySocial media bishop haley
Social media bishop haley
 
Скидки и акции в универсамах Магнит с 13 по 26 января 2016
Скидки и акции в универсамах Магнит с 13 по 26 января 2016Скидки и акции в универсамах Магнит с 13 по 26 января 2016
Скидки и акции в универсамах Магнит с 13 по 26 января 2016
 
BETT: Educational Change
BETT: Educational ChangeBETT: Educational Change
BETT: Educational Change
 
Online assignment
Online assignmentOnline assignment
Online assignment
 
overdorp_v2
overdorp_v2overdorp_v2
overdorp_v2
 
tello resume
tello resumetello resume
tello resume
 
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
 

Similar to How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication

Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Intelligent Authentication
Intelligent AuthenticationIntelligent Authentication
Intelligent AuthenticationCA Technologies
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesLancope, Inc.
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThreatConnect
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Lancope, Inc.
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentationJoseph Schorr
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...North Texas Chapter of the ISSA
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCCloudflare
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityMighty Guides, Inc.
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
 

Similar to How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication (20)

Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Intelligent Authentication
Intelligent AuthenticationIntelligent Authentication
Intelligent Authentication
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
 
Save Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly BreachesSave Your Network – Protecting Healthcare Data from Deadly Breaches
Save Your Network – Protecting Healthcare Data from Deadly Breaches
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
 
Insider threats webinar 01.28.15
Insider threats webinar 01.28.15Insider threats webinar 01.28.15
Insider threats webinar 01.28.15
 
Retail security-services--client-presentation
Retail security-services--client-presentationRetail security-services--client-presentation
Retail security-services--client-presentation
 
CONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin NystromCONFidence2015: Real World Threat Hunting - Martin Nystrom
CONFidence2015: Real World Threat Hunting - Martin Nystrom
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
 
Carbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint SecurityCarbon Black: 32 Security Experts on Changing Endpoint Security
Carbon Black: 32 Security Experts on Changing Endpoint Security
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern48_How Zero Trust can help your organisation keep safe.pdf
BATbern48_How Zero Trust can help your organisation keep safe.pdf
 

More from Duo Security

A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
A Place to Hang Our Hats: Security Community and Culture by Domenic RizzoloA Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
A Place to Hang Our Hats: Security Community and Culture by Domenic RizzoloDuo Security
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Making Web Development "Secure By Default"
Making Web Development "Secure By Default" Making Web Development "Secure By Default"
Making Web Development "Secure By Default" Duo Security
 
Probing Mobile Operator Networks - Collin Mulliner
Probing Mobile Operator Networks - Collin MullinerProbing Mobile Operator Networks - Collin Mulliner
Probing Mobile Operator Networks - Collin MullinerDuo Security
 
The Real Deal of Android Device Security: The Third Party
The Real Deal of Android Device Security: The Third PartyThe Real Deal of Android Device Security: The Third Party
The Real Deal of Android Device Security: The Third PartyDuo Security
 
No Apology Required: Deconstructing BB10
No Apology Required: Deconstructing BB10No Apology Required: Deconstructing BB10
No Apology Required: Deconstructing BB10Duo Security
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 

More from Duo Security (7)

A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
A Place to Hang Our Hats: Security Community and Culture by Domenic RizzoloA Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Making Web Development "Secure By Default"
Making Web Development "Secure By Default" Making Web Development "Secure By Default"
Making Web Development "Secure By Default"
 
Probing Mobile Operator Networks - Collin Mulliner
Probing Mobile Operator Networks - Collin MullinerProbing Mobile Operator Networks - Collin Mulliner
Probing Mobile Operator Networks - Collin Mulliner
 
The Real Deal of Android Device Security: The Third Party
The Real Deal of Android Device Security: The Third PartyThe Real Deal of Android Device Security: The Third Party
The Real Deal of Android Device Security: The Third Party
 
No Apology Required: Deconstructing BB10
No Apology Required: Deconstructing BB10No Apology Required: Deconstructing BB10
No Apology Required: Deconstructing BB10
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication

  • 1. How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication Presented by Duo Security with guests Forrester Research and University of Tennessee, Knoxville September 25, 2014 #duowebinar
  • 2. Agenda Rick Holland, Forrester Research How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication Brian Kelly, Duo Security How Duo Helps You Avoid “Expense In Depth” Bob Hillhouse, University of Tennessee, Knoxville A Case for Multi-factor Authentication #duowebinar
  • 3. How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication Rick Holland, Principal Analyst Forrester Research #duowebinar
  • 4. Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 5. APT! © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 6. Heartbleed OpenSSL vulnerability exploited to compromise SSL VPN © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 7. Adversaries are on shopping sprees © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 8. Except the adversary isn’t being timed © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 9. We are hyper focused on the © 2014 Forrester Research, Inc. Reproduction Prohibited WRONG things
  • 10. Anything but the data © 2014 Forrester Research, Inc. Reproduction Prohibited Malware sandboxes Alert driven security Perimeter security controls
  • 11. Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 12. Targeted-Attack Hierarchy Of Needs © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 13. Targeted-Attack Hierarchy Of Needs © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 14. Targeted-Attack Hierarchy Of Needs Need No. 1: An Actual Security Strategy © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 15. Silver bullets, for investment not defense © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 16. Expense in Depth © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 17. Targeted-Attack Hierarchy Of Needs Need No. 2: A Dedication To Recruiting And Retaining Staff © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 18. Lack of staff is a problem © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 19. Targeted-Attack Hierarchy Of Needs Need No. 3: A Focus On The Fundamentals © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 20. A Focus On The Fundamentals © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 21. Forrester’s Zero Trust model © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 22. Forrester’s Zero Trust model © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 23. Zero Trust is fundamental © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 24. Strong Authentication › Strong authentication is critical for disrupting attackers © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 25. Strong Authentication › Strong auth is critical for disrupting attackers › Protect your VPNs and Citrix but don’t forget about SaaS applications › Consider step up authentication for admins © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 26. Least privilege › Privileged accounts need to be monitored and audited › Don’t share local admin passwords across all hosts › Work towards a data classification program © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 27. Detecting lateral movement › Segment your network › Deploy visibility to key ingress/egress chokepoints › NETFLOW can be used for lateral movement detection © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 28. Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 29. Return on Expense in Depth? © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 30. Recommendations › Evaluate your potential investments › What provides greatest marginal return on your investment? › What technology reduces the greatest attack surface? © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 31. Thank you Rick Holland rholland@forrester.com Twitter: @rickhholland
  • 32. How Duo Helps You Avoid “Expense In Depth” Brian Kelly, Principal Product Marketing Manager Duo Security #duowebinar
  • 33. Adoption of cloud, mobile, and BYOD is accelerating dramatically    # #  &  ☁#☁# IT 1.0: Mainframe IT 2.0: Client/Server IT 3.0: Cloud/Mobile
  • 34.    # #  &   &   &  ☁#☁# 1995 2000 2005 2010  &  Data Breaches Along this same timeline we’ve also seen dramatic growth in user-targeted attacks
  • 35.    # #  &   &   &  ☁#☁# 1995 2000 2005 2010  &  Data Breaches Why?
  • 36. What’s new in IT 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service  &  ☁#☁#
  • 37. What’s new in Security 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service Better OS and app security …but, limited endpoint control Better service security …but, limited network visibility
  • 38. What’s new in Security 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service User-targeted attacks Credentials are easily stolen • Phished • Guessed • Keylogged • Sniffed • Cracked • Reused • Bypassed
  • 39. 100% OF BREACHES involve stolen credentials — Mandiant Source: mandiant.com/threat-landscape and M-Trends annual reports
  • 40. advanced adversary will compromise your environment and accomplish their goal. The Targeted Attack Figure 2 The Hierarchy Targeted-Attack Hierarchy Of Of Needs Needs Detection and response Prevention An integrated portfolio that enables orchestration A focus on the fundamentals A dedication to recruiting and retaining staff An actual security strategy 107121 Source: Forrester Research,
  • 41. advanced adversary will compromise your environment and accomplish their goal. The Targeted Attack Figure 2 The Hierarchy Targeted-Attack Hierarchy Of Of Needs Needs Detection and response Prevention An integrated portfolio that enables orchestration A focus on the fundamentals A dedication to recruiting and retaining staff An actual security strategy 107121 Source: Forrester Research, Back to Basics ‣ Patch, harden, update (everything) ‣ Segment data, services, networks ‣ Review access controls (often) ‣ Inspect endpoints, enforce policy ‣ Require strong authentication
  • 42. Legacy two-factor authentication solutions overlook TCO On boarding Deployment $  #  ✉ $ $ $ Management Login  ⚠  ⏲
  • 43. Duo Security minimizes cost throughout 2FA lifecycle On boarding Deployment ☁ . Management Login / 
  • 44. Thousands Getting Better Security, Not Just More duosecurity.com/success-stories
  • 45. A Case For Multi-Factor Authentication Bob Hillhouse, Associate CIO and CISO University of Tennessee, Knoxville #duowebinar
  • 46. Cast ▪ The University of Tennessee, Knoxville ▪ 57 merchants across campus ▪ 130 Users; 150 Devices ▪ The UT Office of the Treasurer ▪ The Office of Information Technology (OIT)
  • 47. Act I - Prelude ▪ PCI-DSS Requirement 8.3 – Incorporate two-factor authentication for remote access to the network by employees, administrators, and third parties… ▪ 150 devices in the PCI-Subnet require Remote Desktop Services (RDP)
  • 48. Act II – The Timeline ▪ 8:00 AM ▪ 8:15 AM ▪ 8:30 AM ▪ 9:00 AM
  • 49. Act III – Prologue ▪ 2013 – The end of strong password-only security. – http://duo.sc/utk-vid
  • 50. Epilogue ▪ Compliance Goal was met ▪ Next: Two-Factor Authentication for all central IT staff using the VPN – 200 additional users ▪ Next: Two-Factor Authentication for all VPN Users – Usage Patterns – Establish scope (Campus-wide? Privileged Users Only?)
  • 51. Questions + Answers #duowebinar Rick Holland, Forrester Research rholland@forrester.com @rickhholland Brian Kelly, Duo Security bkelly@duosecurity.com @resetbrian Bob Hillhouse, University of Tennessee, Knoxville bob@utk.edu @ut_oit