SANS Critical Security Controls Summit London 2013

484 views
398 views

Published on

Present a hard Target to Attackers

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
484
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
27
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SANS Critical Security Controls Summit London 2013

  1. 1. Presenting a Hard TargetTo AttackersWolfgang KandekCTO, Qualys IncSANS Critical Security Controls 2013London, May 1, 2013
  2. 2. Defense
  3. 3. Threat Intelligence
  4. 4. Public Threat Intelligence
  5. 5. 2012 – Databreaches in thenews
  6. 6. 2012 – Databreaches in thenews
  7. 7. 2012 – Databreaches in thenews
  8. 8. 2013 – started in asimilar way
  9. 9. 2013 – started in asimilar way
  10. 10. 2013 – started in asimilar way
  11. 11. 2013 – started in asimilar way
  12. 12. Industry Reports
  13. 13. Industry Reports
  14. 14. Industry Reports
  15. 15. Industry Reports
  16. 16. Industry Reports
  17. 17. Industry Reports
  18. 18. Industry Reports
  19. 19. Industry Reports
  20. 20. Traditional ToolsAre Failing
  21. 21. AttackerCompetenceIs Rising
  22. 22. AttackerCompetenceIs Rising
  23. 23. 78 %
  24. 24. • Open System Administration Channels• Default and Weak Passwords• End-user has Administrator Privileges• Outdated Software Versions• Non-hardened Configurations=> Flaws in System AdministrationVZ DBIR Background Info
  25. 25. “We were getting owned throughour users that were running IE withadmin privileges”
  26. 26. 90 %
  27. 27. 39
  28. 28. 85 %
  29. 29. 85 %of past incidents prevented
  30. 30. • About 5000 seats• Data Breach• 6 month security project• Fully Patched in 2 weeks• Admin rights controlled• Whitelisting• No Additional Software purchased• No Enduser ImpactDIISRTEDepartment of Industry, Innovation, Science, Research and Tertiary Education
  31. 31. 20 %
  32. 32. 20 %327 malwares
  33. 33. 20 %327 malwares262 bypassed AV
  34. 34. 20 %327 malwares262 bypassed AV
  35. 35. Implementation
  36. 36. Implementation
  37. 37. Score: Use a letter grade system
  38. 38. Score: Use a letter grade system
  39. 39. Score: Use a letter grade systemor other mechanisms
  40. 40. Score: Use a letter grade system
  41. 41. Results
  42. 42. Opportunistic Attackers
  43. 43. Opportunistic Attackers✔
  44. 44. Targeted Attackers
  45. 45. Targeted AttackersDisrupt, Slow Down
  46. 46. Targeted AttackersDisrupt, Slow Down,Raise Cost, Force Mistakes
  47. 47. Information
  48. 48. US DoS, DIISIRTE,NASA, DHHS-CMS,GS, OfficeMax…
  49. 49. • Microsoft Security Intelligence Report v14• Verizon Data Breach Investigation Report• Kaspersky Lab – Evaluating the Threat Level ofSoftware Vulnerabilities• Symantec – Empirical Study of Zero-dayattacks• Mandiant Intelligence Center APT1• South Carolina Data Breach Incident Report• FireEye Advanced Threat ReportReferences

×