SANS Critical Security Controls Summit London 2013

  • 188 views
Uploaded on

Present a hard Target to Attackers

Present a hard Target to Attackers

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
188
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
15
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Presenting a Hard TargetTo AttackersWolfgang KandekCTO, Qualys IncSANS Critical Security Controls 2013London, May 1, 2013
  • 2. Defense
  • 3. Threat Intelligence
  • 4. Public Threat Intelligence
  • 5. 2012 – Databreaches in thenews
  • 6. 2012 – Databreaches in thenews
  • 7. 2012 – Databreaches in thenews
  • 8. 2013 – started in asimilar way
  • 9. 2013 – started in asimilar way
  • 10. 2013 – started in asimilar way
  • 11. 2013 – started in asimilar way
  • 12. Industry Reports
  • 13. Industry Reports
  • 14. Industry Reports
  • 15. Industry Reports
  • 16. Industry Reports
  • 17. Industry Reports
  • 18. Industry Reports
  • 19. Industry Reports
  • 20. Traditional ToolsAre Failing
  • 21. AttackerCompetenceIs Rising
  • 22. AttackerCompetenceIs Rising
  • 23. 78 %
  • 24. • Open System Administration Channels• Default and Weak Passwords• End-user has Administrator Privileges• Outdated Software Versions• Non-hardened Configurations=> Flaws in System AdministrationVZ DBIR Background Info
  • 25. “We were getting owned throughour users that were running IE withadmin privileges”
  • 26. 90 %
  • 27. 39
  • 28. 85 %
  • 29. 85 %of past incidents prevented
  • 30. • About 5000 seats• Data Breach• 6 month security project• Fully Patched in 2 weeks• Admin rights controlled• Whitelisting• No Additional Software purchased• No Enduser ImpactDIISRTEDepartment of Industry, Innovation, Science, Research and Tertiary Education
  • 31. 20 %
  • 32. 20 %327 malwares
  • 33. 20 %327 malwares262 bypassed AV
  • 34. 20 %327 malwares262 bypassed AV
  • 35. Implementation
  • 36. Implementation
  • 37. Score: Use a letter grade system
  • 38. Score: Use a letter grade system
  • 39. Score: Use a letter grade systemor other mechanisms
  • 40. Score: Use a letter grade system
  • 41. Results
  • 42. Opportunistic Attackers
  • 43. Opportunistic Attackers✔
  • 44. Targeted Attackers
  • 45. Targeted AttackersDisrupt, Slow Down
  • 46. Targeted AttackersDisrupt, Slow Down,Raise Cost, Force Mistakes
  • 47. Information
  • 48. US DoS, DIISIRTE,NASA, DHHS-CMS,GS, OfficeMax…
  • 49. • Microsoft Security Intelligence Report v14• Verizon Data Breach Investigation Report• Kaspersky Lab – Evaluating the Threat Level ofSoftware Vulnerabilities• Symantec – Empirical Study of Zero-dayattacks• Mandiant Intelligence Center APT1• South Carolina Data Breach Incident Report• FireEye Advanced Threat ReportReferences