Your SlideShare is downloading. ×
SANS Critical Security Controls Summit London 2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

SANS Critical Security Controls Summit London 2013

210
views

Published on

Present a hard Target to Attackers

Present a hard Target to Attackers


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
210
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Presenting a Hard TargetTo AttackersWolfgang KandekCTO, Qualys IncSANS Critical Security Controls 2013London, May 1, 2013
  • 2. Defense
  • 3. Threat Intelligence
  • 4. Public Threat Intelligence
  • 5. 2012 – Databreaches in thenews
  • 6. 2012 – Databreaches in thenews
  • 7. 2012 – Databreaches in thenews
  • 8. 2013 – started in asimilar way
  • 9. 2013 – started in asimilar way
  • 10. 2013 – started in asimilar way
  • 11. 2013 – started in asimilar way
  • 12. Industry Reports
  • 13. Industry Reports
  • 14. Industry Reports
  • 15. Industry Reports
  • 16. Industry Reports
  • 17. Industry Reports
  • 18. Industry Reports
  • 19. Industry Reports
  • 20. Traditional ToolsAre Failing
  • 21. AttackerCompetenceIs Rising
  • 22. AttackerCompetenceIs Rising
  • 23. 78 %
  • 24. • Open System Administration Channels• Default and Weak Passwords• End-user has Administrator Privileges• Outdated Software Versions• Non-hardened Configurations=> Flaws in System AdministrationVZ DBIR Background Info
  • 25. “We were getting owned throughour users that were running IE withadmin privileges”
  • 26. 90 %
  • 27. 39
  • 28. 85 %
  • 29. 85 %of past incidents prevented
  • 30. • About 5000 seats• Data Breach• 6 month security project• Fully Patched in 2 weeks• Admin rights controlled• Whitelisting• No Additional Software purchased• No Enduser ImpactDIISRTEDepartment of Industry, Innovation, Science, Research and Tertiary Education
  • 31. 20 %
  • 32. 20 %327 malwares
  • 33. 20 %327 malwares262 bypassed AV
  • 34. 20 %327 malwares262 bypassed AV
  • 35. Implementation
  • 36. Implementation
  • 37. Score: Use a letter grade system
  • 38. Score: Use a letter grade system
  • 39. Score: Use a letter grade systemor other mechanisms
  • 40. Score: Use a letter grade system
  • 41. Results
  • 42. Opportunistic Attackers
  • 43. Opportunistic Attackers✔
  • 44. Targeted Attackers
  • 45. Targeted AttackersDisrupt, Slow Down
  • 46. Targeted AttackersDisrupt, Slow Down,Raise Cost, Force Mistakes
  • 47. Information
  • 48. US DoS, DIISIRTE,NASA, DHHS-CMS,GS, OfficeMax…
  • 49. • Microsoft Security Intelligence Report v14• Verizon Data Breach Investigation Report• Kaspersky Lab – Evaluating the Threat Level ofSoftware Vulnerabilities• Symantec – Empirical Study of Zero-dayattacks• Mandiant Intelligence Center APT1• South Carolina Data Breach Incident Report• FireEye Advanced Threat ReportReferences