Your SlideShare is downloading. ×
0
Presenting a Hard TargetTo AttackersWolfgang KandekCTO, Qualys IncSANS Critical Security Controls 2013London, May 1, 2013
Defense
Threat Intelligence
Public Threat Intelligence
2012 – Databreaches in thenews
2012 – Databreaches in thenews
2012 – Databreaches in thenews
2013 – started in asimilar way
2013 – started in asimilar way
2013 – started in asimilar way
2013 – started in asimilar way
Industry Reports
Industry Reports
Industry Reports
Industry Reports
Industry Reports
Industry Reports
Industry Reports
Industry Reports
Traditional ToolsAre Failing
AttackerCompetenceIs Rising
AttackerCompetenceIs Rising
78 %
• Open System Administration Channels• Default and Weak Passwords• End-user has Administrator Privileges• Outdated Softwar...
“We were getting owned throughour users that were running IE withadmin privileges”
90 %
39
85 %
85 %of past incidents prevented
• About 5000 seats• Data Breach• 6 month security project• Fully Patched in 2 weeks• Admin rights controlled• Whitelisting...
20 %
20 %327 malwares
20 %327 malwares262 bypassed AV
20 %327 malwares262 bypassed AV
Implementation
Implementation
Score: Use a letter grade system
Score: Use a letter grade system
Score: Use a letter grade systemor other mechanisms
Score: Use a letter grade system
Results
Opportunistic Attackers
Opportunistic Attackers✔
Targeted Attackers
Targeted AttackersDisrupt, Slow Down
Targeted AttackersDisrupt, Slow Down,Raise Cost, Force Mistakes
Information
US DoS, DIISIRTE,NASA, DHHS-CMS,GS, OfficeMax…
• Microsoft Security Intelligence Report v14• Verizon Data Breach Investigation Report• Kaspersky Lab – Evaluating the Thr...
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
SANS Critical Security Controls Summit London 2013
Upcoming SlideShare
Loading in...5
×

SANS Critical Security Controls Summit London 2013

255

Published on

Present a hard Target to Attackers

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
255
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "SANS Critical Security Controls Summit London 2013"

  1. 1. Presenting a Hard TargetTo AttackersWolfgang KandekCTO, Qualys IncSANS Critical Security Controls 2013London, May 1, 2013
  2. 2. Defense
  3. 3. Threat Intelligence
  4. 4. Public Threat Intelligence
  5. 5. 2012 – Databreaches in thenews
  6. 6. 2012 – Databreaches in thenews
  7. 7. 2012 – Databreaches in thenews
  8. 8. 2013 – started in asimilar way
  9. 9. 2013 – started in asimilar way
  10. 10. 2013 – started in asimilar way
  11. 11. 2013 – started in asimilar way
  12. 12. Industry Reports
  13. 13. Industry Reports
  14. 14. Industry Reports
  15. 15. Industry Reports
  16. 16. Industry Reports
  17. 17. Industry Reports
  18. 18. Industry Reports
  19. 19. Industry Reports
  20. 20. Traditional ToolsAre Failing
  21. 21. AttackerCompetenceIs Rising
  22. 22. AttackerCompetenceIs Rising
  23. 23. 78 %
  24. 24. • Open System Administration Channels• Default and Weak Passwords• End-user has Administrator Privileges• Outdated Software Versions• Non-hardened Configurations=> Flaws in System AdministrationVZ DBIR Background Info
  25. 25. “We were getting owned throughour users that were running IE withadmin privileges”
  26. 26. 90 %
  27. 27. 39
  28. 28. 85 %
  29. 29. 85 %of past incidents prevented
  30. 30. • About 5000 seats• Data Breach• 6 month security project• Fully Patched in 2 weeks• Admin rights controlled• Whitelisting• No Additional Software purchased• No Enduser ImpactDIISRTEDepartment of Industry, Innovation, Science, Research and Tertiary Education
  31. 31. 20 %
  32. 32. 20 %327 malwares
  33. 33. 20 %327 malwares262 bypassed AV
  34. 34. 20 %327 malwares262 bypassed AV
  35. 35. Implementation
  36. 36. Implementation
  37. 37. Score: Use a letter grade system
  38. 38. Score: Use a letter grade system
  39. 39. Score: Use a letter grade systemor other mechanisms
  40. 40. Score: Use a letter grade system
  41. 41. Results
  42. 42. Opportunistic Attackers
  43. 43. Opportunistic Attackers✔
  44. 44. Targeted Attackers
  45. 45. Targeted AttackersDisrupt, Slow Down
  46. 46. Targeted AttackersDisrupt, Slow Down,Raise Cost, Force Mistakes
  47. 47. Information
  48. 48. US DoS, DIISIRTE,NASA, DHHS-CMS,GS, OfficeMax…
  49. 49. • Microsoft Security Intelligence Report v14• Verizon Data Breach Investigation Report• Kaspersky Lab – Evaluating the Threat Level ofSoftware Vulnerabilities• Symantec – Empirical Study of Zero-dayattacks• Mandiant Intelligence Center APT1• South Carolina Data Breach Incident Report• FireEye Advanced Threat ReportReferences
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×