Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
The New Normal
Managing the constant stream of new vulnerabilities
A a r on H a ck n ey, P r i n ci p a l A r ch i t ect
a...
2
2014 Was Rough
Heartbleed
April 2014
Sandworm
October 2014
POODLE
October 2014
Shellshock
September 2014
3
Vulnerabilities Are Now Mainstream News
Source: https://twitter.com/mattblaze/status/573938261325844480
4
OUR MISSION TODAY:
To a r m y o u w i t h a s o l i d s t r a te g y to
s e c u r e y o u r i n f r a s t r u c t u r e
...
5
Understand
Cognitive Bias
“...we respond to the feeling of security and not the
reality. Now most of the time, that work...
6
If I had a dollar to
spend on security,
I’d spend 99 cents on detection
and a penny on prevention.
7
• Start with common sense prevention
• Principle of least privilege
• Then spend the bulk of your budget on
layers of de...
Image FPO
Detection 101: Logging
• Every server, network device, and application
generates some type of logs
• Collect you...
9
Integrity Monitoring & Auditing
• Use best practices and hardening standardstoset
a minimum security spec for your syste...
10
Incident Response
Detect & Analyze Contain & Recover Root Cause Analysis
Rely on solid processes
so that everyone
knows...
Image FPO
Incident Management
• Communicate about an incident using criteria that your
employees and customers understand
...
12
After the incident
• “What could we have done to prevent incidents like
these?”
• Fishbone diagramshelp with larger org...
13
Security User Experience
Business and
user
requirements
Security, legal
and
compliance
requirements
Customer
requiremen...
14
Plan for the unknowns
“Reports that say...thatsomething hasn't happened are always
interesting to me, because as we kno...
O N E FAN AT I C AL P L AC E | S AN AN T O N I O , T X 7 8 2 1 8
U S S AL ES : 1 - 8 0 0 - 9 6 1 - 2 8 8 8 | U S S U P P O...
Upcoming SlideShare
Loading in …5
×

The New Normal - Rackspace Solve 2015

856 views

Published on

With new vulnerabilities surfacing daily, businesses need a solid strategy and internal plans to deal with them. This vendor-neutral talk helps people discover the things they need to do to get their house in order before considering costly technology purchases.

Published in: Technology
  • Be the first to comment

The New Normal - Rackspace Solve 2015

  1. 1. The New Normal Managing the constant stream of new vulnerabilities A a r on H a ck n ey, P r i n ci p a l A r ch i t ect a a r on . h a ck n ey@r a ck sp a ce. com M a j or H a yd en , P r i n ci p a l A r ch i t ect m a j or. h a yd en @r a ck sp a ce. com
  2. 2. 2 2014 Was Rough Heartbleed April 2014 Sandworm October 2014 POODLE October 2014 Shellshock September 2014
  3. 3. 3 Vulnerabilities Are Now Mainstream News Source: https://twitter.com/mattblaze/status/573938261325844480
  4. 4. 4 OUR MISSION TODAY: To a r m y o u w i t h a s o l i d s t r a te g y to s e c u r e y o u r i n f r a s t r u c t u r e e f f i c i e n t l y.
  5. 5. 5 Understand Cognitive Bias “...we respond to the feeling of security and not the reality. Now most of the time, that works. Most of the time, feeling and reality are the same…if our feelings match reality, we make better security trade-offs.” Bruce Schneier TEDxPSU, 2010 5
  6. 6. 6 If I had a dollar to spend on security, I’d spend 99 cents on detection and a penny on prevention.
  7. 7. 7 • Start with common sense prevention • Principle of least privilege • Then spend the bulk of your budget on layers of detection • Assume incidents will happen • Create a rock-solid response plan • Take feedback from the response process and invest in prevention The Security Life Cycle Incident Detection ResponsePrevention
  8. 8. Image FPO Detection 101: Logging • Every server, network device, and application generates some type of logs • Collect your logs in a central location • Monitor for critical events first • Authentication attempts(successful and failed) • Service/system restarts • Network errors • Configuration changes • Monitoring for events can be cumbersome in busy environments • Graph your log line counts over time and look for unusual peaks or spikes 8
  9. 9. 9 Integrity Monitoring & Auditing • Use best practices and hardening standardstoset a minimum security spec for your systems • Monitor for configuration changes with strong change control processes • Use deployment frameworks, like Ansible, Puppet, or Chef – Revision control makes change control easier – Easy to audit large amounts of systems quickly • Network segmentation can be a detection and prevention mechanism – Force attackers to be noisy if they choose to cross a network segment – Trending via NetFlow analysis may reveal attacks in progress Community-driven hardening standardsfor common systems, including Linux, Windows, and Cisco devices. For more information, visit: http://www.cisecurity.org/
  10. 10. 10 Incident Response Detect & Analyze Contain & Recover Root Cause Analysis Rely on solid processes so that everyone knows their place during an incident • Gather data from any available sensors, logs, or observations. • Determine which systems are involved and the severity of the breach. • Bring systems offline or remove network connectivity. • Provision new systems and carefully restore from clean backups. • How could we have prevented the attack or detected it sooner? • Turn security failures into solid investments in prevention. 10www.rackspace.com
  11. 11. Image FPO Incident Management • Communicate about an incident using criteria that your employees and customers understand – Reduce anxiety with frequent, concise communications – Using code names or alert levels mayhelp – Example: U.S. Department of Defense’s DEFCON • Ensure everyone knows what’shappening what part they play in the incident 11
  12. 12. 12 After the incident • “What could we have done to prevent incidents like these?” • Fishbone diagramshelp with larger organizations • Make a larger number of smaller changes • Focus on the user experience – Then find security improvements that provide good trade-offs The book you never thought was actually about information security.
  13. 13. 13 Security User Experience Business and user requirements Security, legal and compliance requirements Customer requirements Review Process Process improvement Technology upgrades Vendor products Communication
  14. 14. 14 Plan for the unknowns “Reports that say...thatsomething hasn't happened are always interesting to me, because as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.” —Donald Rumsfeld, Former United States Secretary of Defense Photo source: Wikipedia, Scott Davis US Army Public Domain
  15. 15. O N E FAN AT I C AL P L AC E | S AN AN T O N I O , T X 7 8 2 1 8 U S S AL ES : 1 - 8 0 0 - 9 6 1 - 2 8 8 8 | U S S U P P O R T: 1 - 8 0 0 - 9 6 1 - 4 4 5 4 | W W W . R AC KS PAC E. C O M © RAC KS PAC E LTD. | RAC KS PAC E® AND FANATIC AL S UPPORT® ARE S ERVIC E MARKS OF RAC KS PAC E US , INC . REGIS TERED IN THE UNITED S TATES AND OTHER C OUNTRIES . | WWW.RAC KS P AC E.C OM Thank you

×