SANS Critical Security Controls Summit London 2013
Upcoming SlideShare
Loading in...5
×
 

SANS Critical Security Controls Summit London 2013

on

  • 368 views

Present a hard Target to Attackers

Present a hard Target to Attackers

Statistics

Views

Total Views
368
Views on SlideShare
368
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

SANS Critical Security Controls Summit London 2013 SANS Critical Security Controls Summit London 2013 Presentation Transcript

  • Presenting a Hard TargetTo AttackersWolfgang KandekCTO, Qualys IncSANS Critical Security Controls 2013London, May 1, 2013
  • Defense
  • Threat Intelligence
  • Public Threat Intelligence
  • 2012 – Databreaches in thenews
  • 2012 – Databreaches in thenews
  • 2012 – Databreaches in thenews
  • 2013 – started in asimilar way
  • 2013 – started in asimilar way
  • 2013 – started in asimilar way
  • 2013 – started in asimilar way
  • Industry Reports
  • Industry Reports
  • Industry Reports
  • Industry Reports
  • Industry Reports
  • Industry Reports
  • Industry Reports
  • Industry Reports
  • Traditional ToolsAre Failing
  • AttackerCompetenceIs Rising
  • AttackerCompetenceIs Rising
  • 78 %
  • • Open System Administration Channels• Default and Weak Passwords• End-user has Administrator Privileges• Outdated Software Versions• Non-hardened Configurations=> Flaws in System AdministrationVZ DBIR Background Info
  • “We were getting owned throughour users that were running IE withadmin privileges”
  • 90 %
  • 39
  • 85 %
  • 85 %of past incidents prevented
  • • About 5000 seats• Data Breach• 6 month security project• Fully Patched in 2 weeks• Admin rights controlled• Whitelisting• No Additional Software purchased• No Enduser ImpactDIISRTEDepartment of Industry, Innovation, Science, Research and Tertiary Education
  • 20 %
  • 20 %327 malwares
  • 20 %327 malwares262 bypassed AV
  • 20 %327 malwares262 bypassed AV
  • Implementation
  • Implementation
  • Score: Use a letter grade system
  • Score: Use a letter grade system
  • Score: Use a letter grade systemor other mechanisms
  • Score: Use a letter grade system
  • Results
  • Opportunistic Attackers
  • Opportunistic Attackers✔
  • Targeted Attackers
  • Targeted AttackersDisrupt, Slow Down
  • Targeted AttackersDisrupt, Slow Down,Raise Cost, Force Mistakes
  • Information
  • US DoS, DIISIRTE,NASA, DHHS-CMS,GS, OfficeMax…
  • • Microsoft Security Intelligence Report v14• Verizon Data Breach Investigation Report• Kaspersky Lab – Evaluating the Threat Level ofSoftware Vulnerabilities• Symantec – Empirical Study of Zero-dayattacks• Mandiant Intelligence Center APT1• South Carolina Data Breach Incident Report• FireEye Advanced Threat ReportReferences