Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Managing the constant stream of new
vulnerabilities
Aaron Hackney, Principal Architect
aaron.hackney@rackspace.com
Major H...
2014 was rough
2www.rackspace.com
Heartbleed
April 2014
Sandworm
October 2014
POODLE
October 2014
Shellshock
September 2014
Vulnerabilities are now mainstream news
3www.rackspace.com
Source: https://twitter.com/mattblaze/status/573938261325844480
OUR MISSION TODAY:
To arm you with a solid strategy
to secure your infrastructure
efficiently.
4www.rackspace.com
Understand cognitive bias
5www.rackspace.com
“...we respond to the feeling of security and
not the reality. Now most of th...
“If I had a dollar to spend on security,
I’d spend 99 cents on detection
and a penny on prevention.”
6www.rackspace.com
• Start with common sense prevention
– Principle of least privilege
• Then spend the bulk of your budget on layers of
dete...
• Every server, network device, and application
generates some type of logs
• Collect your logs in a central location
• Mo...
• Use best practices and hardening standards to set a
minimum security spec for your systems
• Monitor for configuration c...
Detect & Analyze
Gather data from any
available sensors, logs,
or observations.
Determine which
systems are involved
and t...
11
Incident Management
www.rackspace.com
• Communicate about an incident using criteria that
your employees and customers ...
• “What could we have done to prevent incidents like these?”
• Fishbone diagrams help with larger organizations
• Make a l...
Security User Experience
13www.rackspace.com
Business and user
requirements
Security, legal and
compliance
requirements
Cu...
Plan for the unknowns
14www.rackspace.com
“Reports that say...that something hasn't happened are always
interesting to me,...
THANK YOU
RACKSPACE® | 1 FANATICAL PLACE, CITY OF WINDCREST | SAN ANTONIO, TX 78218
US SALES: 1-800-961-2888 | US SUPPORT:...
Upcoming SlideShare
Loading in …5
×

The New Normal: Managing the constant stream of new vulnerabilities

3,437 views

Published on

It’s 3AM. Do you know what your servers are doing? In this age of increased attacks and highly publicized vulnerabilities, deploying your infrastructure in a secure way is mission critical. In this session, Aaron Hackney and Major Hayden from Rackspace will reveal security strategies to focus your spending and reduce your risk.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The New Normal: Managing the constant stream of new vulnerabilities

  1. 1. Managing the constant stream of new vulnerabilities Aaron Hackney, Principal Architect aaron.hackney@rackspace.com Major Hayden, Principal Architect major.hayden@rackspace.com The New Normal
  2. 2. 2014 was rough 2www.rackspace.com Heartbleed April 2014 Sandworm October 2014 POODLE October 2014 Shellshock September 2014
  3. 3. Vulnerabilities are now mainstream news 3www.rackspace.com Source: https://twitter.com/mattblaze/status/573938261325844480
  4. 4. OUR MISSION TODAY: To arm you with a solid strategy to secure your infrastructure efficiently. 4www.rackspace.com
  5. 5. Understand cognitive bias 5www.rackspace.com “...we respond to the feeling of security and not the reality. Now most of the time, that works. Most of the time, feeling and reality are the same…if our feelings match reality, we make better security trade-offs.” Bruce Schneier TEDxPSU, 2010 Video link: http://www.ted.com/talks/bruce_schneier/transcript?language=en#t-53471
  6. 6. “If I had a dollar to spend on security, I’d spend 99 cents on detection and a penny on prevention.” 6www.rackspace.com
  7. 7. • Start with common sense prevention – Principle of least privilege • Then spend the bulk of your budget on layers of detection – Assume incidents will happen • Create a rock-solid response plan – Take feedback from the response process and invest in prevention 7 The Security Life Cycle www.rackspace.com Incident Detection ResponsePrevention
  8. 8. • Every server, network device, and application generates some type of logs • Collect your logs in a central location • Monitor for critical events first – Authentication attempts (successful and failed) – Service/system restarts – Network errors – Configuration changes • Monitoring for events can be cumbersome in busy environments – Graph your log line counts over time and look for unusual peaks or spikes Detection 101: Logging 8www.rackspace.com
  9. 9. • Use best practices and hardening standards to set a minimum security spec for your systems • Monitor for configuration changes with strong change control processes • Use deployment frameworks, like Ansible, Puppet, or Chef – Revision control makes change control easier – Easy to audit large amounts of systems quickly • Network segmentation can be a detection and prevention mechanism – Force attackers to be noisy if they choose to cross a network segment – Trending via NetFlow analysis may reveal attacks in progress Integrity Monitoring & Auditing 9www.rackspace.com Community-driven hardening standards for common systems, including Linux, Windows, and Cisco devices. For more information, visit: http://www. cisecurity.org/
  10. 10. Detect & Analyze Gather data from any available sensors, logs, or observations. Determine which systems are involved and the severity of the breach. Contain & Recover Bring systems offline or remove network connectivity. Provision new systems and carefully restore from clean backups. Root Cause Analysis How could we have prevented the attack or detected it sooner? Turn security failures into solid investments in prevention. • Rely on solid processes so that everyone knows their place during an incident 10www.rackspace.com Incident Response
  11. 11. 11 Incident Management www.rackspace.com • Communicate about an incident using criteria that your employees and customers understand – Reduce anxiety with frequent, concise communications – Using code names or alert levels may help – Example: U.S. Department of Defense’s DEFCON • Ensure everyone knows what’s happening what part they play in the incident Image source: Wikipedia, USAF Public Domain
  12. 12. • “What could we have done to prevent incidents like these?” • Fishbone diagrams help with larger organizations • Make a larger number of smaller changes • Focus on the user experience – Then find security improvements that provide good trade-offs 12 After the incident www.rackspace.com The book you never thought was actually about information security.
  13. 13. Security User Experience 13www.rackspace.com Business and user requirements Security, legal and compliance requirements Customer requirements Review Process Process improvement Technology upgrades Vendor products Communication
  14. 14. Plan for the unknowns 14www.rackspace.com “Reports that say...that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.” —Donald Rumsfeld, Former United States Secretary of Defense Photo source: Wikipedia, Scott Davis US Army Public Domain
  15. 15. THANK YOU RACKSPACE® | 1 FANATICAL PLACE, CITY OF WINDCREST | SAN ANTONIO, TX 78218 US SALES: 1-800-961-2888 | US SUPPORT: 1-800-961-4454 | WWW.RACKSPACE.COM © RACKSPACE LTD. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN THE UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM

×