Your SlideShare is downloading. ×
0
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SANS Critical Security Controls Summit London 2013

253

Published on

Present a hard Target to Attackers

Present a hard Target to Attackers

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
253
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Presenting a Hard TargetTo AttackersWolfgang KandekCTO, Qualys IncSANS Critical Security Controls 2013London, May 1, 2013
  • 2. Defense
  • 3. Threat Intelligence
  • 4. Public Threat Intelligence
  • 5. 2012 – Databreaches in thenews
  • 6. 2012 – Databreaches in thenews
  • 7. 2012 – Databreaches in thenews
  • 8. 2013 – started in asimilar way
  • 9. 2013 – started in asimilar way
  • 10. 2013 – started in asimilar way
  • 11. 2013 – started in asimilar way
  • 12. Industry Reports
  • 13. Industry Reports
  • 14. Industry Reports
  • 15. Industry Reports
  • 16. Industry Reports
  • 17. Industry Reports
  • 18. Industry Reports
  • 19. Industry Reports
  • 20. Traditional ToolsAre Failing
  • 21. AttackerCompetenceIs Rising
  • 22. AttackerCompetenceIs Rising
  • 23. 78 %
  • 24. • Open System Administration Channels• Default and Weak Passwords• End-user has Administrator Privileges• Outdated Software Versions• Non-hardened Configurations=> Flaws in System AdministrationVZ DBIR Background Info
  • 25. “We were getting owned throughour users that were running IE withadmin privileges”
  • 26. 90 %
  • 27. 39
  • 28. 85 %
  • 29. 85 %of past incidents prevented
  • 30. • About 5000 seats• Data Breach• 6 month security project• Fully Patched in 2 weeks• Admin rights controlled• Whitelisting• No Additional Software purchased• No Enduser ImpactDIISRTEDepartment of Industry, Innovation, Science, Research and Tertiary Education
  • 31. 20 %
  • 32. 20 %327 malwares
  • 33. 20 %327 malwares262 bypassed AV
  • 34. 20 %327 malwares262 bypassed AV
  • 35. Implementation
  • 36. Implementation
  • 37. Score: Use a letter grade system
  • 38. Score: Use a letter grade system
  • 39. Score: Use a letter grade systemor other mechanisms
  • 40. Score: Use a letter grade system
  • 41. Results
  • 42. Opportunistic Attackers
  • 43. Opportunistic Attackers✔
  • 44. Targeted Attackers
  • 45. Targeted AttackersDisrupt, Slow Down
  • 46. Targeted AttackersDisrupt, Slow Down,Raise Cost, Force Mistakes
  • 47. Information
  • 48. US DoS, DIISIRTE,NASA, DHHS-CMS,GS, OfficeMax…
  • 49. • Microsoft Security Intelligence Report v14• Verizon Data Breach Investigation Report• Kaspersky Lab – Evaluating the Threat Level ofSoftware Vulnerabilities• Symantec – Empirical Study of Zero-dayattacks• Mandiant Intelligence Center APT1• South Carolina Data Breach Incident Report• FireEye Advanced Threat ReportReferences

×