Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher

117 views

Published on

Elements of the discussion will include:

– Insight into emerging cyber threats
– A profile of today’s evolved hackers: what they are after, why, and how they’re getting what they want
– Strategies and tools you can implement to safeguard against attacks

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher

  1. 1. EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher – Cyber Security Evangelist @_PaulFletcher
  2. 2. Threats by Customer Environment 40.55% 28.01% 18.75% 10.60% 1.96% 0.13% 0.02% application-attack brute-force suspicious-activity recon trojan-activity denial-of-service other 40.79% 22.36% 15.67% 7.40% 5.29% 0.03% 0.02% application-attack brute-force trojan-activity suspicious-activity recon denial-of-service other Cloud Environment On Premise Environment Source: Alert Logic CSR 2015 Brute Force Application Attack Application Attack Brute Force
  3. 3. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Threats by Customer Industry Vertical Source: Alert Logic CSR 2015 Application Attack Brute Force Recon Suspicious Activity DoS
  4. 4. Global Analysis
  5. 5. Internet of Things – Planes, Trains and Automobiles
  6. 6. Internet of Things – Keyfobs and Garage Doors
  7. 7. Latest “News” Update as needed
  8. 8. Latest Activity •  Darkode taken down on July 15, 2015 •  Arrests made in 20 countries •  Despite Coordinated law enforcement efforts •  BotNet takedowns are more effective
  9. 9. HOW DO WE DEFEND AGAINST THESE ATTACKS
  10. 10. Security Architecture Firewall/ACL Intrusion Detection Deep Packet Forensics Network DDOS Netflow Analysis Backup Patch MgmtVulnerabilities Server/App Log Mgmt SDLC Anti-Virus Encryption GPG/PGP Host Anti Malware FIM NAC Scanner Mail/Web Filter Scanner IAM Central Storage
  11. 11. Data Correlation is the Key
  12. 12. Enterprise Cyber Security Teams
  13. 13. 24x7 Security Operations Center and Intelligence Monitor intrusion detection and vulnerability scan activity Search for Industry trends and deliver intelligence on lost or stolen data Collect data from OSINT and Underground Sources to deliver Intelligence and Content Identify and implement required policy changes Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Monitor for Zero-Day and New and Emerging attacks Cross product correlate data sources to find anomalies
  14. 14. SECURITY BEST PRACTICES
  15. 15. 10 Best Practices of Cloud Security 1.  Secure your code 2.  Create access management policies 3.  Data Classification 4.  Adopt a patch management approach 5.  Review logs regularly 6.  Build a security toolkit 7.  Stay informed of the latest vulnerabilities that may affect you 8.  Understand your cloud service providers security model 9.  Understand the shared security responsibility 10.  Know your adversaries
  16. 16. 1. Secure Your Code •  Test inputs that are open to the Internet •  Add delays to your code to confuse bots •  Use encryption when you can •  Test libraries •  Scan plugins •  Scan your code after every update •  Limit privileges •  Stay informed
  17. 17. 2. Create Access Management Policies •  Identify data infrastructure that requires access •  Define roles and responsibilities •  Simplify access controls (KISS) •  Continually audit access •  Start with a least privilege access model
  18. 18. 3. Data Classification •  Identify data repositories and mobile backups •  Identify classification levels and requirements •  Analyze data to determine classification •  Build Access Management policy around classification •  Monitor file modifications and users
  19. 19. 4. Adopt a Patch Management Approach •  Inventory all production systems •  Devise a plan for standardization, if possible •  Compare reported vulnerabilities to production infrastructure •  Classify the risk based on vulnerability and likelihood •  Test patches before you release into production •  Setup a regular patching schedule •  Keep informed, follow bugtraqer •  Follow a SDLC
  20. 20. 5. Importance of Log Management and Review •  Monitoring for malicious activity •  Forensic investigations •  Compliance needs •  System performance •  All sources of log data is collected •  Data types (Windows, Syslog) •  Review process •  Live monitoring •  Correlation logic
  21. 21. 6. Build a Security Toolkit •  Recommended Security Solutions •  Antivirus •  IP tables/Firewall •  Backups •  FIM •  Intrusion Detection System •  Malware Detection •  Web Application Firewalls •  Forensic Image of hardware remotely •  Future Deep Packet Forensics •  Web Filters •  Mail Filters •  Encryption Solutions •  Proxies •  Log collection •  SIEM Monitoring and Escalation •  Penetration Testing
  22. 22. 7. Stay Informed of the Latest Vulnerabilities •  Websites to follow •  http://www.securityfocus.com •  http://www.exploit-db.com •  http://seclists.org/fulldisclosure/ •  http://www.securitybloggersnetwork.com/ •  http://cve.mitre.org/ •  http://nvd.nist.gov/ •  https://www.alertlogic.com/weekly-threat-report/
  23. 23. 8. Understand Your Service Providers Security Model •  Understand the security offerings from your provider •  Probe into the Security vendors to find their prime service •  Hypervisor Example •  Questions to use when evaluating cloud service providers
  24. 24. 9. Service Provider & Customer Responsibility Summary Cloud Service Provider Responsibility Provider Services Hosts •  Logical network segmentation •  Perimeter security services •  External DDoS, spoofing, and scanning prevented •  Hardened hypervisor •  System image library •  Root access for customer •  Access management •  Patch management •  Configuration hardening •  Security monitoring •  Log analysis Apps •  Secure coding and best practices •  Software and virtual patching •  Configuration management •  Access management •  Application level attack monitoring •  Network threat detection •  Security monitoring Networks Customer Responsibility Compute Storage DB Network
  25. 25. 10. Understand your Adversaries
  26. 26. To Follow our Research •  Twitter: -  @AlertLogic -  @StephenCoty -  @_PaulFletcher •  Blog: -  https://www.alertlogic.com/resources/blog •  Newsletter: -  https://www.alertlogic.com/weekly-threat-report/ •  Cloud Security Report -  https://www.alertlogic.com/resources/cloud-security-report/ •  Zero Day Magazine -  http://www.alertlogic.com/zerodaymagazine/ •  Websites to follow •  http://www.securityfocus.com •  http://www.exploit-db.com •  http://seclists.org/fulldisclosure/ •  http://www.securitybloggersnetwork.com/ •  http://cve.mitre.org/ •  http://nvd.nist.gov/ •  https://www.alertlogic.com/weekly-threat-report/
  27. 27. Thank you.

×