SlideShare a Scribd company logo

Corona| COVID IT Tactical Security Preparedness: Threat Management

RedZone Technologies
RedZone Technologies

Work from Home - Practical Advice on Operations and Security Impact and what to do about it. DR and BCP Planning Ideas Widening Attack Surface Solutions Managing Threats Solutions

Technology
1 of 29
Download to read offline
Cloud Security @ Work With James
Coronavirus IT Tactical Security Preparedness Employees Working Remotely: The New Norm
And this was before awfulizing the pandemic escalated distraction and click-bait attacks And a sudden remote work force became prevalent
In the News • TrickBot banking trojan introduces RDP brute forcing module – https://www.scmagazine.com/home/security- news/malware/trickbot-banking-trojan-introduces-rdp-brute- forcing-module • Report: Account takeover and data scraping attacks on e- retailers up as COVID-19 surges – https://www.scmagazine.com/home/security- news/cybercrime/report-account-takeover-and-data-scraping- attacks-on-e-retailers-up-as-covid-19-surges
Escalated Threats • Hackers are taking advantage of the disruption and already have significant mal-vertising as well as hijacked coronavirus infection maps distributing new malware and ransomware. https://futurism.com/the- byte/hackers-coronavirus-maps-spread-malware – This is rising with fake news Click-Bait attacks and social media “alerts” • SaaS and Cloud security systems (as well as the people and processes) are not ready for the additional load. – MultiFactor and Behavioral Analytics are behind, in the rush to disperse staff, the security stance is being weakened. • Split Tunneling makes “Follow Me” security such as Secure endpoint DNS and CFS more critical because the main workforce is now remote. • People who are generally in the office are now working in unfamiliar patterns – ACH and Wire Transfer Fraud – AccountTakeover Attacksare intensifying
Combating Escalated Threats • Hackers have increased compromised Ads, banners, and search hijacking as well as hijacked coronavirus infection maps – Best Defenses: OpenDNS, NextGen-AV, Cloud App Security, SSL Decryption • SaaS and Cloud security concerns – Best Defenses: OpenDNS, Cloud App Security, SSO/MFA • Human Error such as ACH and Wire Transfer Fraud – Address with: MFA/SSO, Cloud App Security and OpenDNS/”Follow Me” security – Validate business processes in this area – Remember - KIDS DELETE FILES!!! Keep in mind a “tunnel all” philosophy will probably take you down
Predicted W.F.H. Concerns My guesses from last week: • Do employees know how (process and habits)? • Is IT ready to support them? • Is anyone actually workingfrom home? How do you know?
Our Top 3 Calls • Overload support calls because users can’t remember how to get it – Grab a hot spot and have people test before they go – Set a conference bridge/WebEx for a specific hour a day to facilitate support • I need more licenses for my VPN and MFA – In Example, RSA has been having issues generating even quotes in under 5 days. Distributors and Manufacturers both have issues, Don’t wait! – Be wary of fake/untrustworthy online sellers • I need a VPN solution for BYOD/Home systems – You can spin up virtual SSLVPN appliances simply and remotely to facilitateor expand this. Good ones like ours have built in MFA.
Working from Home: How To Tips • Remote access options: – SSL-VPN portal systems for non-”node on network” VPNs to restrict risk as well as bandwidth requirements – Azure IaaS using RDP with SSLVPN and one time passwords • Uncontrolledpeople, devices and disparate applications – Implement CAS and OpenDNS for safer (not perfect but safer) direct cloud access. – If you have applications that can only work from the office there are creative ways to use SSLVPNs to resolve this as well
Working from Home: How To Tips • Remote desktop tactics to lessen bandwidth burden and security: – Kill Drive mapping, printers, “pretty” screens, cut and paste, colors, screen resolution. Uncontrolled RDP “low” speed/quality is 256Kbps to 2Mbps. And “high” quality is 10+Mbps. Those numbers are per session. • Remote desktop tactics to lessen bandwidth burden https://docs.microsoft.com/en-us/windows- server/administration/performance-tuning/role/remote-desktop/session- hosts • Restrict local copy and print so you aren’t out of compliance or at increased risk of getting sued later
Impact of Cloud and SaaS is Accelerated by Work from Home 11 Perimeter gateway Share Drive Exchange Server Datacenter Old Thinking – Control, Logs, SIEM New Thinking – distributed access and threats
Working from Home: Planning Recommendations • Firewalls: Can your firewall handle the load? All Security Services? All VPN connections? How do you determine this? – Draw a picture of who needs to get to what from where and when. (we will ignore the why for now) – What machines will they be on? If it is home or uncontrolled systemsyou need to take additional steps. • Identity Access Control – Make 2FA/MFA happen. Don’t budge on it. – Is everyone set up and trained for remote access? If you use tokens do you have enough? • Uncontrolled Endpoint threat management and security (phones, tablets and personal laptops) – Cloud App Security, MFA and Conditional Access, RDP and SSLVPN proxies (with End Point Control and 2FA)
A Few Tips • Have people patch before they leave the office for remote work. • Double check remote access client versions via software inventory. • IT should be on extreme heightened alert for security issues and keep an eye out for oddities. • Do you have the licenses to increase the remote user count?
The Best Bang for your Buck • Cloud App Security: Add account takeover protection, uncontrolleddevice protection, Zero-Day protection for collaborationplatforms. – Remotely implementable. No endpoint touches. No user impact. • OpenDNS Security: “Follow Me” protection on prem and remote. – Requires agent push, No user impact. • Implement an Activity Tracking Solution: Executives are concerned about employee productivity while people react to the pandemic, you can address this issue.
Questions?
SIEM 2020 – care of Splunk’s website In 2020, security information event management (SIEM) solutions will be far more than an information platform, expanding to include compliance reporting and logs from firewalls and other devices, as well as User and Entity Behavior Analytics (UEBA) — now considered an essential capability by Gartner. On top of that, the importance of a SIEM solution in today’s enterprise is magnified by the growing sophisticationof attacks and the use of cloud services which only increases the attack surface
Why does SIEM fail? System Log ingestion Useful Parser Log reviewviaAnalyst and AI Active watchviaAnalyst and AI Carbon Black - CBDefense Yes Yes No No Cylance Protect /Crowd Strike Yes Yes No No Office 365 yes yes No No CentoS Yes No No No WAFS Yes Yes No Yes (Assistance with report building) The above datais an example and not vender specific BehaviorAnalyticsStarts Here
When SIEM is implemented what do you want it to do? • Start with the end in mind and your worst-case scenario. Like anything in IT, there are a dozen options & picking the right one is all about what you want to get out of it, not the marketing feature set analysis. No true SIEM is good at ingesting every type of log. • Don’t leave concerns till the end of the process. In Example, if your concern is people wrongly accessing 365, Account Hijacking, or the website at AWS that got hacked last year. Start with that. It will often lead to traditional SIEMs failing to be the answer. • What do you wish the SIEM system could do? Give 3 objective • Does the system miss (not support) anything that bothers you?
Goals: • Managing logs or managing threats? – Are you trying to find anomalous behaviors & bad actors or archive logs & forensics? • Threat hunting or compliance? – Yes these often are mutually exclusive • Traditional SIEM is an after-the-fact acknowledgement of a previous issue, is this your goal? • The unicorn hunt for a Single Pane of Glass?
SIEM Scoping Once you know your key goals, we need to define the scope. • What key systems need to be ingested: 365, servers, AD. • What secondary systems need SIEM: PC’s, firewalls, security systems, etc. • But what about: AV, CB Defense, OpenDNS, WAFS, etc. • Are you worried about: Salesforce, SaaS apps, JIRA, Cloud systems? • Are you trying to include switches + routers? If yes, why?
IDENTITY Data Center (HQ/Co-Lo) SaaS Apps SIEM Integration: Whereand Why? If you want real SIEM in this picture you need: 1. Authoritative Single Sign on 2. Cloud App Security at least from an attack point of view 3. An integrated security platform. Why? GUIDS Corona Victim
The Proactive Response? 1. Fight Account Takeover attacks 1. This should be addressed with a combination of MFA, SSO, CAS, or CASB style solutions. 2. Secure activities across cloud systems (i.e. magically taking logs from multiple sources and pairing them together) 1. This should be addressed in two proactive ways. Integrated Security Access Control and as a vehicle for malware attacks. 3. Discovering invalid accessing of the system 1. Making this useful and functional requires a combination of MFA/SSO and API driven CAS/CASB security
Why I think CAS is more important than SIEM: UncontrolledPeople, Devices, and Disparate Applications DisparateApplications such as 365, Box, SalesForce, etc. PotentialRisk from - Malware via encrypted channel - Account Takeover BYOD, Mobile,emergency access users/devices: These uncontrolled devices have Encrypted channels into the environment.Think work from home due to Corona Cloud Sharing with external people. - Malware
Cloud App Security - Solution Overview Next-Gen Security for Office 365 Anti-phishing Ransomware & Zero day protection Account Takeover Protection SonicWallCloud App Security
A BetterApproach: API-Based Security ✓ Inspects all email, including internal email ✓ Scans included file sharing and file storage apps ✓ Detects compromised O365 accounts ✓ Removes emails from users' inboxes after delivery ✓ Retroactively scans inboxes Native API Integration
Where to start? • Kick off your precursors: 1. Authoritative Single Sign On 2. Cloud App Security (CAS) at least from an attack point of view 3. An integrated security platform. Why? GUIDs 1. Such as Sonicwall’s CSC 2. RedZone MSSP (managed security (FW/AD), Alert Logic, Event Tracker, BAE) • Choosing Threat Management or SIEM Solution Work with us to properly identify Goals, Scope, and Risks to your SIEM Investment.
Next Defensive Discussion Topics: Threat Hunting And Next Gen AV Email Security Next Gen AV UTM with DPISSL DNS based Security MFA and CA CAS/Cloud App Security “Looking “ SEIM/SOC And Threat Hunting Look Less Block More

Recommended

Panda Cloud Services
Panda Cloud ServicesPanda Cloud Services
Panda Cloud ServicesOzgur Gercek
 
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton ChuvakinAnton Chuvakin
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
Making Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherMaking Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherAnton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 

Recommended

Panda Cloud Services
Panda Cloud ServicesPanda Cloud Services
Panda Cloud ServicesOzgur Gercek
 
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin"You Got That SIEM. Now What Do You Do?"  by Dr. Anton Chuvakin
"You Got That SIEM. Now What Do You Do?"  by Dr. Anton ChuvakinAnton Chuvakin
 
Got SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouGot SIEM? Now what? Getting SIEM Work For You
Got SIEM? Now what? Getting SIEM Work For YouAnton Chuvakin
 
Making Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherMaking Log Data Useful: SIEM and Log Management Together
Making Log Data Useful: SIEM and Log Management TogetherAnton Chuvakin
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
 
Safeguard Your Business
Safeguard Your BusinessSafeguard Your Business
Safeguard Your BusinessDWP Information Architects Inc.
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...Anton Chuvakin
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communicationSnapComms
 
On Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017Anton Chuvakin
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clickerClaus Cramon Houmann
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
IP-guard Catalog
IP-guard CatalogIP-guard Catalog
IP-guard CatalogIP-guard Sys Help Solutions
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enoughCloudAccess
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Safetica Endpoint Security Datasheet by Safetica Benelux - EN
Safetica Endpoint Security Datasheet by Safetica Benelux - ENSafetica Endpoint Security Datasheet by Safetica Benelux - EN
Safetica Endpoint Security Datasheet by Safetica Benelux - ENSafetica Benelux
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksSymantec Security Response
 
Protecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security ServicesProtecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security ServicesAll Covered
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityJoel Cardella
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 

More Related Content

What's hot

Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementTripwire
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...Anton Chuvakin
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communicationSnapComms
 
On Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinAnton Chuvakin
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...Anton Chuvakin
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enoughCloudAccess
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Safetica Endpoint Security Datasheet by Safetica Benelux - EN
Safetica Endpoint Security Datasheet by Safetica Benelux - ENSafetica Endpoint Security Datasheet by Safetica Benelux - EN
Safetica Endpoint Security Datasheet by Safetica Benelux - ENSafetica Benelux
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksSymantec Security Response
 
Protecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security ServicesProtecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security ServicesAll Covered
 

What's hot (20)

Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
 
Safeguard Your Business
Safeguard Your BusinessSafeguard Your Business
Safeguard Your Business
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0
 
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
SIEM: Is It What Is SIEMs? Security Information and Event Management Summit a...
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communication
 
On Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton ChuvakinOn Content-Aware SIEM by Dr. Anton Chuvakin
On Content-Aware SIEM by Dr. Anton Chuvakin
 
Generic siem how_2017
Generic siem how_2017Generic siem how_2017
Generic siem how_2017
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton ChuvakinPractical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
Practical Strategies to Compliance and Security with SIEM by Dr. Anton Chuvakin
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clicker
 
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
How to Gain Visibility and Control: Compliance Mandates, Security Threats and...
 
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton ChuvakinPCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
PCI 2.0 What's Next for PCI DSS by Dr. Anton Chuvakin
 
IP-guard Catalog
IP-guard CatalogIP-guard Catalog
IP-guard Catalog
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough7 Reasons your existing SIEM is not enough
7 Reasons your existing SIEM is not enough
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Safetica Endpoint Security Datasheet by Safetica Benelux - EN
Safetica Endpoint Security Datasheet by Safetica Benelux - ENSafetica Endpoint Security Datasheet by Safetica Benelux - EN
Safetica Endpoint Security Datasheet by Safetica Benelux - EN
 
PowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacksPowerShell: The increased use of PowerShell in cyber attacks
PowerShell: The increased use of PowerShell in cyber attacks
 
Protecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security ServicesProtecting Your Business - All Covered Security Services
Protecting Your Business - All Covered Security Services
 

Similar to Corona| COVID IT Tactical Security Preparedness: Threat Management

INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityJoel Cardella
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Net at Work
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against MalwarePrecisely
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystInfosecTrain
 
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired
 
Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control DBmaestro - Database DevOps
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소GE코리아
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityRohit Kapoor
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP securityERPScan
 

Similar to Corona| COVID IT Tactical Security Preparedness: Threat Management (20)

INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Defending Your IBM i Against Malware
Defending Your IBM i Against MalwareDefending Your IBM i Against Malware
Defending Your IBM i Against Malware
 
SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]SAST Managed Services for SAP [Webinar]
SAST Managed Services for SAP [Webinar]
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analyst
 
ProjectReport_Finalversion
ProjectReport_FinalversionProjectReport_Finalversion
ProjectReport_Finalversion
 
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital World
 
Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control
 
HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소HMI/SCADA 리스크 감소
HMI/SCADA 리스크 감소
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated Cybersecurity
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP security
 

More from RedZone Technologies

RedZone10X: innovation strategy leadership and Transformation
RedZone10X: innovation strategy leadership and TransformationRedZone10X: innovation strategy leadership and Transformation
RedZone10X: innovation strategy leadership and TransformationRedZone Technologies
 
Leadership, Bravery and Courage in Times of Instability and Fear: for CIOs an...
Leadership, Bravery and Courage in Times of Instability and Fear: for CIOs an...Leadership, Bravery and Courage in Times of Instability and Fear: for CIOs an...
Leadership, Bravery and Courage in Times of Instability and Fear: for CIOs an...RedZone Technologies
 
Modern Threat Architecture Landscape: How to Build an Actionable SIEM
Modern Threat Architecture Landscape: How to Build an Actionable SIEMModern Threat Architecture Landscape: How to Build an Actionable SIEM
Modern Threat Architecture Landscape: How to Build an Actionable SIEMRedZone Technologies
 
Enterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipEnterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipRedZone Technologies
 
Presentation for the 2016 National and Chapter Leadership Conference by Bill ...
Presentation for the 2016 National and Chapter Leadership Conference by Bill ...Presentation for the 2016 National and Chapter Leadership Conference by Bill ...
Presentation for the 2016 National and Chapter Leadership Conference by Bill ...RedZone Technologies
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...RedZone Technologies
 
RedZoneCIO Security Scoreboard Profile Presentation
RedZoneCIO Security Scoreboard Profile PresentationRedZoneCIO Security Scoreboard Profile Presentation
RedZoneCIO Security Scoreboard Profile PresentationRedZone Technologies
 
Mobile Device Management Policy Workshop Part 2 | CIO Executive Series
Mobile Device Management Policy Workshop Part 2 | CIO Executive SeriesMobile Device Management Policy Workshop Part 2 | CIO Executive Series
Mobile Device Management Policy Workshop Part 2 | CIO Executive SeriesRedZone Technologies
 
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)RedZone Technologies
 
Move your Data Center to the Cloud
Move your Data Center to the CloudMove your Data Center to the Cloud
Move your Data Center to the CloudRedZone Technologies
 

More from RedZone Technologies (13)

RedZone10X: innovation strategy leadership and Transformation
RedZone10X: innovation strategy leadership and TransformationRedZone10X: innovation strategy leadership and Transformation
RedZone10X: innovation strategy leadership and Transformation
 
Leadership, Bravery and Courage in Times of Instability and Fear: for CIOs an...
Leadership, Bravery and Courage in Times of Instability and Fear: for CIOs an...Leadership, Bravery and Courage in Times of Instability and Fear: for CIOs an...
Leadership, Bravery and Courage in Times of Instability and Fear: for CIOs an...
 
Modern Threat Architecture Landscape: How to Build an Actionable SIEM
Modern Threat Architecture Landscape: How to Build an Actionable SIEMModern Threat Architecture Landscape: How to Build an Actionable SIEM
Modern Threat Architecture Landscape: How to Build an Actionable SIEM
 
Enterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and LeadershipEnterprise IT Security| CIO Innovation and Leadership
Enterprise IT Security| CIO Innovation and Leadership
 
Presentation for the 2016 National and Chapter Leadership Conference by Bill ...
Presentation for the 2016 National and Chapter Leadership Conference by Bill ...Presentation for the 2016 National and Chapter Leadership Conference by Bill ...
Presentation for the 2016 National and Chapter Leadership Conference by Bill ...
 
CIO Scoreboard Overview
CIO Scoreboard OverviewCIO Scoreboard Overview
CIO Scoreboard Overview
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
 
RedZoneCIO Security Scoreboard Profile Presentation
RedZoneCIO Security Scoreboard Profile PresentationRedZoneCIO Security Scoreboard Profile Presentation
RedZoneCIO Security Scoreboard Profile Presentation
 
RedZone Testimonials
RedZone TestimonialsRedZone Testimonials
RedZone Testimonials
 
5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack5 Ways To Fight A DDoS Attack
5 Ways To Fight A DDoS Attack
 
Mobile Device Management Policy Workshop Part 2 | CIO Executive Series
Mobile Device Management Policy Workshop Part 2 | CIO Executive SeriesMobile Device Management Policy Workshop Part 2 | CIO Executive Series
Mobile Device Management Policy Workshop Part 2 | CIO Executive Series
 
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
 
Move your Data Center to the Cloud
Move your Data Center to the CloudMove your Data Center to the Cloud
Move your Data Center to the Cloud
 

Recently uploaded

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Recently uploaded (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Corona| COVID IT Tactical Security Preparedness: Threat Management

  • 1. Cloud Security @ Work With James
  • 2. Coronavirus IT Tactical Security Preparedness Employees Working Remotely: The New Norm
  • 3. And this was before awfulizing the pandemic escalated distraction and click-bait attacks And a sudden remote work force became prevalent
  • 4. In the News • TrickBot banking trojan introduces RDP brute forcing module – https://www.scmagazine.com/home/security- news/malware/trickbot-banking-trojan-introduces-rdp-brute- forcing-module • Report: Account takeover and data scraping attacks on e- retailers up as COVID-19 surges – https://www.scmagazine.com/home/security- news/cybercrime/report-account-takeover-and-data-scraping- attacks-on-e-retailers-up-as-covid-19-surges
  • 5. Escalated Threats • Hackers are taking advantage of the disruption and already have significant mal-vertising as well as hijacked coronavirus infection maps distributing new malware and ransomware. https://futurism.com/the- byte/hackers-coronavirus-maps-spread-malware – This is rising with fake news Click-Bait attacks and social media “alerts” • SaaS and Cloud security systems (as well as the people and processes) are not ready for the additional load. – MultiFactor and Behavioral Analytics are behind, in the rush to disperse staff, the security stance is being weakened. • Split Tunneling makes “Follow Me” security such as Secure endpoint DNS and CFS more critical because the main workforce is now remote. • People who are generally in the office are now working in unfamiliar patterns – ACH and Wire Transfer Fraud – AccountTakeover Attacksare intensifying
  • 6. Combating Escalated Threats • Hackers have increased compromised Ads, banners, and search hijacking as well as hijacked coronavirus infection maps – Best Defenses: OpenDNS, NextGen-AV, Cloud App Security, SSL Decryption • SaaS and Cloud security concerns – Best Defenses: OpenDNS, Cloud App Security, SSO/MFA • Human Error such as ACH and Wire Transfer Fraud – Address with: MFA/SSO, Cloud App Security and OpenDNS/”Follow Me” security – Validate business processes in this area – Remember - KIDS DELETE FILES!!! Keep in mind a “tunnel all” philosophy will probably take you down
  • 7. Predicted W.F.H. Concerns My guesses from last week: • Do employees know how (process and habits)? • Is IT ready to support them? • Is anyone actually workingfrom home? How do you know?
  • 8. Our Top 3 Calls • Overload support calls because users can’t remember how to get it – Grab a hot spot and have people test before they go – Set a conference bridge/WebEx for a specific hour a day to facilitate support • I need more licenses for my VPN and MFA – In Example, RSA has been having issues generating even quotes in under 5 days. Distributors and Manufacturers both have issues, Don’t wait! – Be wary of fake/untrustworthy online sellers • I need a VPN solution for BYOD/Home systems – You can spin up virtual SSLVPN appliances simply and remotely to facilitateor expand this. Good ones like ours have built in MFA.
  • 9. Working from Home: How To Tips • Remote access options: – SSL-VPN portal systems for non-”node on network” VPNs to restrict risk as well as bandwidth requirements – Azure IaaS using RDP with SSLVPN and one time passwords • Uncontrolledpeople, devices and disparate applications – Implement CAS and OpenDNS for safer (not perfect but safer) direct cloud access. – If you have applications that can only work from the office there are creative ways to use SSLVPNs to resolve this as well
  • 10. Working from Home: How To Tips • Remote desktop tactics to lessen bandwidth burden and security: – Kill Drive mapping, printers, “pretty” screens, cut and paste, colors, screen resolution. Uncontrolled RDP “low” speed/quality is 256Kbps to 2Mbps. And “high” quality is 10+Mbps. Those numbers are per session. • Remote desktop tactics to lessen bandwidth burden https://docs.microsoft.com/en-us/windows- server/administration/performance-tuning/role/remote-desktop/session- hosts • Restrict local copy and print so you aren’t out of compliance or at increased risk of getting sued later
  • 11. Impact of Cloud and SaaS is Accelerated by Work from Home 11 Perimeter gateway Share Drive Exchange Server Datacenter Old Thinking – Control, Logs, SIEM New Thinking – distributed access and threats
  • 12. Working from Home: Planning Recommendations • Firewalls: Can your firewall handle the load? All Security Services? All VPN connections? How do you determine this? – Draw a picture of who needs to get to what from where and when. (we will ignore the why for now) – What machines will they be on? If it is home or uncontrolled systemsyou need to take additional steps. • Identity Access Control – Make 2FA/MFA happen. Don’t budge on it. – Is everyone set up and trained for remote access? If you use tokens do you have enough? • Uncontrolled Endpoint threat management and security (phones, tablets and personal laptops) – Cloud App Security, MFA and Conditional Access, RDP and SSLVPN proxies (with End Point Control and 2FA)
  • 13. A Few Tips • Have people patch before they leave the office for remote work. • Double check remote access client versions via software inventory. • IT should be on extreme heightened alert for security issues and keep an eye out for oddities. • Do you have the licenses to increase the remote user count?
  • 14. The Best Bang for your Buck • Cloud App Security: Add account takeover protection, uncontrolleddevice protection, Zero-Day protection for collaborationplatforms. – Remotely implementable. No endpoint touches. No user impact. • OpenDNS Security: “Follow Me” protection on prem and remote. – Requires agent push, No user impact. • Implement an Activity Tracking Solution: Executives are concerned about employee productivity while people react to the pandemic, you can address this issue.
  • 16.
  • 17. SIEM 2020 – care of Splunk’s website In 2020, security information event management (SIEM) solutions will be far more than an information platform, expanding to include compliance reporting and logs from firewalls and other devices, as well as User and Entity Behavior Analytics (UEBA) — now considered an essential capability by Gartner. On top of that, the importance of a SIEM solution in today’s enterprise is magnified by the growing sophisticationof attacks and the use of cloud services which only increases the attack surface
  • 18. Why does SIEM fail? System Log ingestion Useful Parser Log reviewviaAnalyst and AI Active watchviaAnalyst and AI Carbon Black - CBDefense Yes Yes No No Cylance Protect /Crowd Strike Yes Yes No No Office 365 yes yes No No CentoS Yes No No No WAFS Yes Yes No Yes (Assistance with report building) The above datais an example and not vender specific BehaviorAnalyticsStarts Here
  • 19. When SIEM is implemented what do you want it to do? • Start with the end in mind and your worst-case scenario. Like anything in IT, there are a dozen options & picking the right one is all about what you want to get out of it, not the marketing feature set analysis. No true SIEM is good at ingesting every type of log. • Don’t leave concerns till the end of the process. In Example, if your concern is people wrongly accessing 365, Account Hijacking, or the website at AWS that got hacked last year. Start with that. It will often lead to traditional SIEMs failing to be the answer. • What do you wish the SIEM system could do? Give 3 objective • Does the system miss (not support) anything that bothers you?
  • 20. Goals: • Managing logs or managing threats? – Are you trying to find anomalous behaviors & bad actors or archive logs & forensics? • Threat hunting or compliance? – Yes these often are mutually exclusive • Traditional SIEM is an after-the-fact acknowledgement of a previous issue, is this your goal? • The unicorn hunt for a Single Pane of Glass?
  • 21. SIEM Scoping Once you know your key goals, we need to define the scope. • What key systems need to be ingested: 365, servers, AD. • What secondary systems need SIEM: PC’s, firewalls, security systems, etc. • But what about: AV, CB Defense, OpenDNS, WAFS, etc. • Are you worried about: Salesforce, SaaS apps, JIRA, Cloud systems? • Are you trying to include switches + routers? If yes, why?
  • 22. IDENTITY Data Center (HQ/Co-Lo) SaaS Apps SIEM Integration: Whereand Why? If you want real SIEM in this picture you need: 1. Authoritative Single Sign on 2. Cloud App Security at least from an attack point of view 3. An integrated security platform. Why? GUIDS Corona Victim
  • 23. The Proactive Response? 1. Fight Account Takeover attacks 1. This should be addressed with a combination of MFA, SSO, CAS, or CASB style solutions. 2. Secure activities across cloud systems (i.e. magically taking logs from multiple sources and pairing them together) 1. This should be addressed in two proactive ways. Integrated Security Access Control and as a vehicle for malware attacks. 3. Discovering invalid accessing of the system 1. Making this useful and functional requires a combination of MFA/SSO and API driven CAS/CASB security
  • 24. Why I think CAS is more important than SIEM: UncontrolledPeople, Devices, and Disparate Applications DisparateApplications such as 365, Box, SalesForce, etc. PotentialRisk from - Malware via encrypted channel - Account Takeover BYOD, Mobile,emergency access users/devices: These uncontrolled devices have Encrypted channels into the environment.Think work from home due to Corona Cloud Sharing with external people. - Malware
  • 25. Cloud App Security - Solution Overview Next-Gen Security for Office 365 Anti-phishing Ransomware & Zero day protection Account Takeover Protection SonicWallCloud App Security
  • 26. A BetterApproach: API-Based Security ✓ Inspects all email, including internal email ✓ Scans included file sharing and file storage apps ✓ Detects compromised O365 accounts ✓ Removes emails from users' inboxes after delivery ✓ Retroactively scans inboxes Native API Integration
  • 27.
  • 28. Where to start? • Kick off your precursors: 1. Authoritative Single Sign On 2. Cloud App Security (CAS) at least from an attack point of view 3. An integrated security platform. Why? GUIDs 1. Such as Sonicwall’s CSC 2. RedZone MSSP (managed security (FW/AD), Alert Logic, Event Tracker, BAE) • Choosing Threat Management or SIEM Solution Work with us to properly identify Goals, Scope, and Risks to your SIEM Investment.
  • 29. Next Defensive Discussion Topics: Threat Hunting And Next Gen AV Email Security Next Gen AV UTM with DPISSL DNS based Security MFA and CA CAS/Cloud App Security “Looking “ SEIM/SOC And Threat Hunting Look Less Block More