Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Lessons from the Defensive Security Podcast

1,349 views

Published on

Jerry Bell delivered this presentation at the 2018 Tactical Edge conference in Bogota, Colombia. The focus on the presentation is on the core lessons learned from researching data breaches while running the podcast.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Lessons from the Defensive Security Podcast

  1. 1. Lessons From The Defensive Security Podcast @maliciouslink
  2. 2. I’m Jerry Bell Work @ IBM – I speak for myself only Podcast @ DefensiveSecuirty.org @maliciouslink
  3. 3. “Those who cannot remember the past are condemned to repeat it. - George Santayana
  4. 4. I study how data breaches happen and talk about them on a podcast
  5. 5. Many opportunities to learn
  6. 6. As defenders, we have limited budget, limited time
  7. 7. As defenders, we have limited budget, limited time We must efficiently prioritize
  8. 8. There are many good industry reports that help explain breaches
  9. 9. Most reports segment breaches by attack type or motives of the adversary
  10. 10. Reports are helpful… But they do not explain what to fix.
  11. 11. What I’ve learned
  12. 12. Our people are the key to security
  13. 13. Our people are the key to security Let me explain…
  14. 14. Security researchers have grown adept at manipulating media coverage of vulnerabilities they found
  15. 15. The concept of “least privilege” is not well understood or implemented
  16. 16. Example: NotPetya
  17. 17. Supply chain is a significant emerging threat
  18. 18. Example: NotPetya, Target
  19. 19. IT architectures and software are more a form of individual artistic expression than principled engineering
  20. 20. “Hackers only have to be right once… Defenders have to be right every time.
  21. 21. Attacks shift away from what no longer works to what does work
  22. 22. Attack techniques and tools are getting more complicated
  23. 23. Attack techniques and tools are getting more complicated But opportunistic attacks still work very well
  24. 24. The industry endlessly debates end-user security training
  25. 25. The industry endlessly debates end-user security training But rarely about training the people designing our IT systems
  26. 26. The debate about end user training is a red herring
  27. 27. Business leaders have little idea how much risk they are accepting
  28. 28. Our IT tools are being used against us
  29. 29. Cloud and automation create dramatic opportunities to mitigate risk… and also creates new risks
  30. 30. Indicators that a breach was underway are usually obvious… But only during forensic analysis
  31. 31. The entry point in nearly all breaches seems obvious… After the breach happened
  32. 32. Organizations are judged on their handling of a breach… Possibly more than having the breach
  33. 33. Organizations will have difficulty meeting breach reporting timeframes of new regulations
  34. 34. Security is a people problem… …and the problem start with IT and Security staff.
  35. 35. THANK YOU! @maliciouslink

×