ANDREW GOGARTY
Chief Security Evangelist

3 Stages to Cyber Security Maturity

The Problem
The average business does not know their cyber security vulnerabilities or
if they have been attacked
The cost of building and maintaining a cyber security service inhouse for
the average business is too high

Where to start?
VS
Opportunists Targeted Attack

How do we make it easy for them?
Unpatched operating systems
Unpatched applications (e.g Adobe etc)
Legacy operating systems
Standard users with priviledged accounts
Out of date security tools
Misconfigured Security tools (and network devices)
Using Cloud applications, storage or workloads without controls in place
Non savvy users in front of the keyboard
Weak passwords, using same password multiple times
No controls on sensitive data - DLP, Encryption, Role based access
Poor backup strategy
We dont know they are there until they have done their business
(MONITORING)

Who has set up DMARC?
40%
Do not have a
DMARC record
published
51%
Do not have a DMARC
quarantine/reject policy
enabled
Of the organisations that do have a
DMARC Record Published here
today
Of all the attendees here today

Why the need for monitoring?
● Detect attacks: Either originating from outside the organisation or attacks as a result of
deliberate or accidental user activity.
● React to attacks: An effective response to an attack depends upon first being aware
than an attack has happened or is taking place. A swift response is essential to stop the
attack, and to respond and minimise the impact or damage caused.
● Account for activity: You should have a complete understanding of how systems,
services and information are being used by users. Failure to monitor systems and their
use could lead to attacks going unnoticed and/or non-compliance with legal or
regulatory requirements.

Do you know what to do if you get
hit?

Have a plan!
Incident Scenario definition - Define potential breach scenarios across the organisation
Classification of Data review - Identify the different classes of data within your organisation and determine the response efforts and activities for
each data type
Performance Objectives definition - On a per data classification per scenario basis, define high-level guidelines and timelines for each incident
response
Key Roles & Responsibilities identification - Agree key senior executive and “war room” personnel. List key roles and individuals, including external
stakeholders
Possible Failure Modes - Review areas where the Incident Response Plan could break down. Build-in contingency around areas of weakness e.g.
backup personnel.
Tools & Documentation Review - A review of all documentation and tools including procedures, checklists,
for both eradication and recovery.
Response Plan Testing - Create exercise scenarios and test the plan’s effectiveness.
Ongoing Maintenance and Training - Ensure an executive has overall responsibility of the plan. Integrate the
maintenance of the plain into normal business processes. Ensure the plan is available to all staff and they are aware of the content

Lessons learnt.
CYBERSECURITY BEST PRACTICE
ALWAYS PREPARE FOR THE WORST
VALUE OF MONITORING
SECURITY IS A CONTINUOUS PROCESS - NOT SET
AND FORGET!

GOOD FOR PEOPLE &
GOOD FOR BUSINESS
How to start your least privileged journey
C Y B E R S E C U R I T Y T H A T ’ S
Scott Shields

Protecting privileged accounts has the
greatest impact of any cyber security strategy
of cyber attacks enter through
compromised endpoints
85%
- SANS
of breaches involve
privileged credentials
80%
- 2018 Forrester Wave
Privileged Identity Management

accessing privileged accounts was the
number one choice for the easiest and
fastest way to get at sensitive data
32%
OF HACKERS SAY

PRIVILEGED ACCOUNTS
What is a privileged account?
§ Non-human or user accounts used by IT staff or applications
which often have unfettered access to critical data and systems
i.e. Domain Admin, root.
§ Exist everywhere in nearly every connected device, server,
hypervisor, OS, DB, or application: on-premises & cloud.
§ Represent one of the most vulnerable aspects of an
organization’s IT infrastructure.

PAM
Gartner Ranks
CISO’s #1
Security Priority
On Gartner’s List of Top 6 Security Projects
THYCOTIC ADRESSES 4
§ #1 – Privilege Account Management
§ #3 – Anti-phishing
§ #4 – Application Control
§ #6 – Detection & Response

Why can Privileged Accounts be difficult to
secure?
Unknown:
• Don’t know where service accounts are used (dependent services)
• Multiple accounts used to run services, tasks, applications on multiple
servers, possibly in multiple data centers
Unmanaged:
• Never rotating passwords = manual, tedious process
• Password changes require downtime = need to be done off hours
Unprotected:
• No access control
• No auditing

Secret Server
Privileged Accounts
MSSQL
Oracle
MySQL
Domain Administrators
Windows Local
Administrators
Domain Service Accounts
RedHat
Debian
Fedora
AS400 / OS390
z/OS (RACF)
SSH
Cisco / Juniper
Checkpoint / Palo Alto
Blue Coat / SonicWall
VMware ESX/ESXi
Dell DRAC / HP iLO
SSH/Telnet Compatible
Google / Office365 / Salesforce
SAP / Social Media
AWS / Azure
Config Files
Scripts
DevOps

Two Factor
SAML SSO
IWA
Desktop App /
Smartphone Apps
Web Browser
API
Session
Launcher
Session
Monitoring
+
Workflows
Alerts
Distributed Engine
Password
Rotation Discovery+
Service
Accounts
Discovery+
Secret Server
Secret Server
MS SQL HA/Geo Replication
IIS Cluster
IT Admins
RBAC
Complete DR
Time limited Access
Request & Approval
Requires Ticket
One Time Password
+

Why Privileged Accounts
Are an Attractive Target
• Privileged accounts exist everywhere and used by IT personnel
to access servers, OS, routers, apps, DB….
• Privileged accounts are often unknown, unmanaged, & unprotected
• Attackers target privileged accounts to gain access & cause harm
• 200+ days is average time breaches go undetected
83% of cyber breaches involve privilege accounts
- Verizon 2018 Report

MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
CRITICAL RISK THRESHOLD
Low risk to
architecture &
operations
ADVANCED3
PAM Maturity Model

MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
Low risk to
architecture &
operations
§ Paper-based password
& credential tracking
§ Default password use
§ No password rotation
§ No or minimal
password complexity
requirements
§ Automated privileged
account discovery
§ Password vaulting
§ Non-default password
use
§ Multi-factor
authentication
§ Automated password
rotation &
randomization
§ Password hiding
§ Privileged session
proxying
§ Dual control & 4-eyes
protocols
§ Session monitoring
§ Immutable privileged
activity auditing
§ Endpoint Least Privilege
& application control
§ Automated anomoly
detection &
remediation
account lifecycle
management
§ DevOps workflow
privileged account
management
FEATURES
ADVANCED3
PAM Maturity Model

MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
Low risk to
architecture &
operations
§ No or minimal
password complexity
requirements
account discovery
use
§ Multi-factor
authentication
rotation & randomization
§ Password hiding
proxying
protocols
activity auditing
§ Endpoint Least Privilege
& application control
detection &
remediation
account lifecycle
management
§ DevOps workflow
privileged account
management
FEATURES
ADVANCED3
PAM Maturity Model

MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
Low risk to
architecture &
operations
§ No or minimal
password complexity
requirements
account discovery
use
§ Multi-factor
authentication
§ Password hiding
proxying
protocols
activity auditing
§ Endpoint Least Privilege &
application control
detection &
remediation
account lifecycle
management
§ DevOps workflow
privileged account
management
FEATURES
ADVANCED3
PAM Maturity Model

MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
CRITICAL RISK THRESHOLD
Low risk to
architecture &
operations
§ No or minimal
password complexity
requirements
account discovery
use
§ Multi-factor
authentication
§ Password hiding
proxying
protocols
activity auditing
§ Endpoint Least Privilege &
application control
detection &
remediation
account lifecycle
management
§ DevOps workflow
privileged account
management
FEATURES
ADVANCED3
PAM Maturity Model

Ultimate goal
No more local administrators
Lightweight, clientside service -> Granular Policies ->
Elevate applications, instead of users

THE THREAT: Local Privileged Accounts
Local admin accounts on endpoints can be
used to access other computers, domain
resources, and critical servers unless a least
privilege security model is implemented
They exist everywhere because it’s easier
to give standard domain user accounts more
rights than they actually need, resulting in
humans with privileged access.
The issue is rarely addressed on employee
computers, leaving companies vulnerable to
privileged account escalation and pass-the-
hash attacks
96% of critical vulnerabilities affecting
Windows operating systems could be
mitigated by removing admin rights
60% of all Microsoft vulnerabilities could
be mitigated by removing admin rights
According to

THE Microsoft Solution: UAC
Microsoft recommend that no users
should log in to endpoints with local
admin rights. Instead they should be
issued with two sets of credentials:
• Standard User
• Local Admin
Users should log in with their standard user
account and will receive a UAC prompt
whenever admin privileges are required.
OR
Remove admin accounts from end users and
keep support teams with administrative
accounts
Limitations of UAC
• 2 sets of credentials to remember
• Users just log in with the admin
account or create a new account/s
• Limited application support
• If leaving support team with Admin
accounts this puts HUGE workload on
them

How?
• Elevate (add admin rights) to specific applications (Never the User!)
• Replace Windows UAC with flexible, customized messaging
• Block known-bad applications outright
• Whitelist known-good applications and prevent unknown applications from
executing
• And much more…

PRIVILEGED ACCOUNT MANAGEMENT
SECRET SERVER
ANALYTICS
PRIVILEGED BEHAVIOUR ANALYTICS
ENDPOINT APPLICATION CONTROL
PRIVILEGE MANAGER

RATED #1 in GARTNER PEER REVIEWS
Performance & Ease of Use
We are very pleased with Secret
Server performance and ease of use,
especially compared to the CyberArk
product it will replace.”
CISO, FINANCE INDUSTRY
Requires Less, Covers More
Thycotic is 100% better than
CyberArk at a fraction of the cost.
And requires a smaller footprint and
covers more compliance
requirements.”
IT SPECIALIST, SERVICE INDUSTRY
Adoption Skyrockets
Adoption has been organic without a
need to strongly push the tool. It’s
intuitive, requiring very little training
to get our teams up and running.”
INFOSEC MANAGER, SERVICE INDUSTRY

©2018Yubico
© 2018 Yubico
A New Era for Authentication
Bettina Vahl, EMEA Channel Sales Manager
October 4th, 2019
1

©2018Yubico
● 12 years of Innovation in Security
● 8 of the top 10 technology companies
● 4 of the top 10 US banks
● 2 of the top 3 global retailers
● DOD Approved 2nd Factor
● Millions of users in 160 countries
2
Yubico, Trusted Secure Authentication
Trusted choice for the largest companies in the world.
● Principal Author of U2F authentication
standard
● Principal Author of FIDO 2.0 WEB AuthN
authentication protocol
● Board Member of FIDO Alliance

4
©2019Yubico
#1 IT Security Problem: Stolen Credentials
3.8 Billion stolen credentials
reported in 2018
81% of data breaches from
weak/stolen passwords
$3.92M average cost of a breach
($148/ record)

©2018Yubico
● Multi-Factor Authentication (MFA)
device
● Provides secure login for computers,
phones, online services and servers
● Protects against Phishing, MITM
attacks and Credential Theft
What is a Yubikey?

©2019Yubico
YubiKey Product LineWaterproof Crush Resistant
Easy, Fast & Reliable Authentication
YubiKey does not require a battery or a network connection.

©2019Yubico
7
Authenticate Anywhere...

8
Faster and More Secure
Registration to websites and
applications
Rapid onboarding of new
devices and establishing trusted
devices
{ Easy and Fast
Account Recovery in
the case of a
lost/stolen device
Portable
Root of Trust
High Security with Escalation of
Privileges/Step-up Authentication
A Portable Root of Trust
Simplifies the User Experience and Increases Security

©2019Yubico
9 9
Single Factor: Passwordless
Replaces weak passwords with strong authentication for single
factor authentication.
Multi-Factor: Passwordless + PIN or Biometric
Multi-factor with combination of a YubiKey with touch and a PIN, to
solve high assurance requirements such as financial transactions,
or submitting a prescription
Two Factor: Password + YubiKey
Second factor in a two factor authentication solution
FIDO2 Overview
New open authentication standard offering new authentication choices

©2017Yubico
● Eliminates account takeovers and delivers strong
phishing defence
● Enables secure web and mobile app login across all
major operating systems and all major browsers
● Secures employee-facing, in-house mobile apps
e.g. Retail Point-of-Sale apps
● Secures customer-facing mobile apps
e.g. mobile banking apps
Passwordless Authentication
Secure Login for Web and Mobile Apps

©2018Yubico
Google Eliminated Account Takeovers
Mandated security keys for every employee and contractor.
“We have mandated a hardware
second factor since 2009...we have
not had a single successful phishing
attack against a Google employee
since then.”
- Niels Provos, Distinguished
Engineer at Google
A16z Podcast: The State of Security+50,000 employees in
+70 countries

©2019Yubico
12
Problem:
One Time Password through
Mobile Apps and SMS didn’t
stop phishing
Solution:
Google made YubiKeys
mandatory for all employees,
and optional for end-users
Result:
Zero account takeovers
4X faster to login
92% support reduction
Zero failure rates
Best Total Cost of Ownership

©2018Yubico
13
Ubiquitous: One Key to All IT Systems
Computer
Login
Privileged
Access
CMS
Remote Access
& VPN
Identity Access
Mgmt
Developer
& Encryption
Tools
Password
Mgmt
Online
Services

©2018Yubico
YubiKey: Modern Authentication at Scale

Identity & Access Management
Secon OktCyberFest
IAM Solution
of The Year
IAM Award
International Contribution
to Cyber Security
Best Identity
Management Solution
Leveraging IAM to Protect Against Data Breach Threats

© My1Login Ltd 2007 - 2019
Nobody Wants a Data Breach on Their Watch
The Problem
80% of Data Breaches are Due to
Passwords*
*Source : Verizon Corporate Data Breach Report
Current Identity & Access Management Solutions Don’t Work with All Apps
If a User Needs More than one Password then the Business doesn’t have Single Sign-On
Hacking & Phishing Breaches are
Growing Rapidly
GDPR & Invalidation of ”Safe
Harbour” compliance issues Source : Identity Theft Resource Centre

The Problem – Complex,
Inter-connected Public/Private Environments
Expenses
Active Directory/
Azure AD
TrainingAppraisals
Unknown Apps
Unknown Apps
Thick Client Apps ie. RDP
ie. mainframe
Shadow IT
Unknown Apps
Unknown Apps

The Problem
Gartner/Forrester
20% - 50%
of all help desk calls are for
password resets. Each call
costs £20
Direct Cost
Average cost of corporate
data breach in the UK
£3.6 million
Security Vulnerabilities
Ponemon
Compliance Failures
£Fines
4% of T/O
End users need a solution for all the new
passwords they have to manage
Business Impact
Threats
Insider Threat
Phishing Attacks
Shadow IT
Compliance Obligations
PCI
ICO
FCA
ISO
GDPR

© My1Login Ltd 2007 - 2019
The Ideal SSO Solution
What Would an Ideal Single Sign-On Solution Look Like?
Client-side AES-256 Encryption
ISO 27001 Compliant
PCI Compliant
EU vendor to avoid “safe harbour” risks*
Secure & Compliant
An ideal SSO would work with all applications;
Public Cloud, Private Cloud, Native Mobile and
Legacy (Thick-Client) Apps such as mainframes
Works with ALL Apps
*Safe Harbour Legislation Has Been Ruled Invalid Therefore May Also Need to Consider Sovereignty of Identity Provider & Data
User Only Needs AD Login
System Auto-learns User Logins
Zero Training Or Behavioural Change
Easy to Use
Departments often adopt cloud apps outside of
IT’s awareness. A key requirement for ideal SSO is
for the solution to detect web applications being
accessed by end users, alert IT, and automatically
integrate these with the SSO to reduce resource
demands on the IT team.
Easy to Implement

© My1Login Ltd 2019
Architecture

© My1Login Ltd 2007 - 2019
Multi-Factor Authentication
Canned & Custom Reporting
Patented Technology
Rapid-Deployment Using Auto-detection of Web Apps and Self-enrollment
Products – Modular and Integrated IAM
Privileged Password
Manager
• Permission-based Sharing
• Automatic Secure Password
Generation
• Updating of User Passwords
on Target Applications
• SSO Without Revealing
Credentials
• App Specific Password
Policies
• Temporal (Time bound)
Access to Privileged
Passwords
• For Web and Mobile Apps
• Integrates Target Apps
With Connectors (e.g.
SAML)
• Integrates Target Apps
Without Connectors
• Auto-Detects and Auto-
Integrates Web Apps
• Active Directory
Integration
• Citrix Compatible
Credentials
• AD and External Users
SSO for Cloud & Mobile Multi-Factor
Authentication
• Google Authenticator
• Yubico Devices
• Universal Second Factor
Device Compatible
• Other Integrations
Available On Request
Provisioning Engine
• Account Lifecycle
Management linked to AD
• Just-In-Time Provisioning of
User Accounts on Target
Apps
• AD Group-based Policies can
Automate User Account
Provisioning
Self-service
Password Reset
• AD Self-service
Password Reset
• Reset by Web or
Mobile Access
• Configurable
Challenge Response
• Integrates “fat-client”
apps without connectors
(password vaulting &
forwarding)
• Auto-integrates User’s
Application Credentials
• Active Directory
Integration
• Citrix Compatible
• Mainframe Compatible
Credentials
SSO for Legacy
Desktop

© My1Login Ltd 2007 - 2019
Anti-Phishing
Client-side
Encryption
(most secure)
Integration
with Windows
Desktop Apps
(so all app
types covered)
UK Company
Key Differentiators

IAM Considerations
Encryption Architecture is Paramount – AES 256 is great but it MUST be Client-Side
IAM/IDaaS Vendor (Cloud) Enterprise Environment
IAM Using Server-Side
Encryption
IAM Using Client-Side
Encryption
(My1Login’s approach)

Trust & Security
My1Login are an approved supplier to the UK government under the G-
Cloud 8 framework.
My1Login’s encrypted client data is stored in an ISO27001 environment.
My1Login are Cyber Essentials certified. Cyber Essentials
is a UK government-backed cyber security certification
scheme designed to help organisations protect against
the most-common cyber threats.
Member of the UK Access Management Federation which
complies with standards based software developed by the
Internet 2 community to facilitate the sharing of web
resources that are subject to access control. The architecture
defines a way of exchanging information between an
individual and a provider of digital data resources.
My1Login are a member of the Cloud Security Alliance, a not-for-profit organisation with
a mission to promote the use of best practices for providing security assurance within
Cloud Computing, and to provide education on the uses of Cloud Computing to help
secure all other forms of computing. The Cloud Security Alliance is led by a broad
coalition of industry practitioners, corporations, associations and other key
stakeholders.
Cited as a Global Leader in IAM By
Security Audits of My1Login
applications undertaken regularly
by Qualys & CREST-approved pen
testers.

Return On Investment
Typically Delivers Breakeven in Less Than 3 Months With up to 10x ROI
0
20
40
60
80
100
120
Jan Feb Mar April May Jun
Password
Reset Cost
User
Downtime
Eliminate Helpdesk
Calls
20-50% of helpdesk calls are
reported to be password
related.
Eliminate User
Downtime
Users spend 2-30 minutes
on each password reset.
Eliminate Time
Logging Into Apps
Users can waste up to 10
minutes per day logging into
applications.
Cancel Unused
Software Licenses
My1Login reports on
applications being used enabling
license pool to be reduced.

Sample Report: Software License Pool Utilisation

Award Winning
Multi-award Winning Solution
#1
Most Secure
Client-side Encryption#1
Most Widely-Compatible
Single Sign-on that integrates with Web Apps, Mobile Apps, Legacy Thick-client
Apps, Virtualised Apps, Flash Apps
#1
Best User Experience
Can be Deployed in Background – Seamless UX for Users
#1
Why My1Login?
IAM Solution
of The Year
IAM Award
International
Contribution
to Cyber Security
Best Identity
Management Solution

Thank You
IAM Award International Contribution
to Cyber Security
IAM Solution
of The Year
Best Identity
Management Solution

Paul Ducklin
duck@sophos.com
@duckblog

nakedsecurity.sophos.com
@nakedsecurity

nakedsecurity.sophos.compodcast

! Couldn’t distribute it cheaply
! Couldn’t collect the money easily
! Couldn’t keep out of sight
! Couldn’t get the crypto right

" Couldn’t distribute it cheaply
" Couldn’t collect the money easily
" Couldn’t keep out of sight
" Couldn’t get the crypto right

RYUK BITPAYMER
MEGA-
CORTEX
DRIDEX QBOTTRICKBOT

RYUK BITPAYMER
MEGA-
CORTEX
DRIDEX QBOTTRICKBOT
EMOTET

How do the malware files get in?

MANA GING T HE INSIDER THREAT:
WHY VISIBILITY IS CRITICAL
LE E DUF F, CS S P, TECHNICA L E X PE RT
Company Confidential

PAGE |
WM Morrisons
Supermarkets
99K files
AT A NEW RECORD HIGH…
Amazon
Punjab
National
Bank
Allen &
Hoshall
$425K
Google
19K
Sun Trust
Bank
$1.5M
Nuance
45K
Coca Cola
8K
Delta
DuPont
18K
Boeing
Anthem
80K
NSA
Average days to complete
investigations: 73 days
Source: Ponemon study, 2018
Source: CSOOnline
McKinsey 2018 study:
50% data breaches
with insider threat
2016 2017 2018-19Increase in
BREACHES
AMSC
$1B loss
700 layoffs
Facebook
No public data Number of files affected Value of data affected
General
Electric
19K files
MUIA
$33K

PAGE |
INSIDER
THREATS
3
When an insider intentionally
or unintentionally misuses
access to negatively affect the
confidentiality, integrity, or
availability of the organisation’s
critical information or systems.
COMPROMISED INSIDER
CARELESS INSIDER
MALICIOUS INSIDER

PAGE |
THE VIEW FROM INSIDE TRADITIONAL DEFENCES
BEFORE
The NETWORK was the Perimeter
TODAY
The USER is the new Perimeter
USER

PAGE |
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
Seconds Minutes Hours Days Weeks Months Years
Breach Discovery 1 Year (n=60) 5 Years (n=326)
TIME TO DETECTION IS MONTHS OR YEARS
Since insiders have fewer barriers…and…don’t
require circumventing controls, the time-to-
compromise and time-to-exfiltrate metrics for
insider threat actions are grim
~70% of insider
breaches take
months / years
to detect
Source: Verizon Insider Threat
Report 2018
Breach Time to Discovery within Insider & Privilege Misuse Breaches

PAGE |
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Internal Actor Varieties
1 Year (n=156) 2 Years (n=683)
HIGH RISK USERS ARE BEYOND IT/ADMINS
Regular users: ~60%
Privileged users: <5%
Regular users have access to sensitive and
monetizable data and are behind most internal data
breaches
Source: Verizon Insider Threat
Report 2018

PAGE |
| © 2019 ObserveIT
7
SHRINKING THE “RIGHT OF
BOOM”
Awareness
Mitigation
Training
Abnormal
Behavior
measured in sec/min/hrs/days/mo’s
Reduce MTTD Reduce MTTRPop Up Alerts ObserveIT Intelligence
Predictive Responsive

PAGE |
| © 2019 ObserveIT
8
SHRINKING THE “RIGHT OF
BOOM”
Awareness
Mitigation
Training
Abnormal
Behavior
measured in sec/min/hrs/days/mo’s
Reduce MTTD Reduce MTTRPop Up Alerts ObserveIT Intelligence
Predictive Responsive
InvestigationOIT Alerts Alert TriageOIT Pop Ups OIT Intelligence
Hard ROISoft ROI
HIGHLOW

PAGE |
OBSERVEIT INSIGHTS – TOP USED ALERTS
0 2 4 6 8 10 12 14
Exfiltrating tracked file to the web by uploading
Connecting unlisted USB device
Exfiltrating a file to an unlisted USB device
Installing hacking or spoofing tools
Opening a clear text file that potentially stores passwords
Clearing browsing history in Google Chrome
Running software to enable sharing and access from remote machine
Searching data on monitoring or sniffing
Browsing Adult sites
Browsing Illegal drugs sites
Connecting to a new FTP or SFTP server using FTP application
Downloading file with potentially malicious extension
Installing software on Server
Opening cloud storage sync folder
Performing large file or folder copy during irregular hours
Browsing Gambling sites
Clearing browsing history in IE or Firefox
Installing TOR (The Onion Router) tools
Searching data on password cracking
Num. of Customers

PAGE |
Wait! No ML/AI/Deep Learning/Algorithm?
CERTAINTY
INSIGHT
“I don’t want false positives” “Give me insights to threats I
wouldn’t otherwise know about”
https://blogs.gartner.com/anton-chuvakin/2016/12/08/what-should-your-ueba-show-indications-or-conclusions/

PAGE |
OBSERVEIT AT-A-GLANCE
SERVING 2,000+ CUSTOMERS ACROSS ALL MAJOR VERTICALS
Founded 2006
Headquarter
s
Boston, MA
Locations
Boston, Germany, London, San Francisco, Singapore,
Tel Aviv, Washington, D.C
Investors
Market
Leader
• 5 of top 10 Financial Services Companies
• 10 of top 20 Telecommunications Organizations
• 7 of top 20 Technology Services Providers
Insider Threat Management Platform Highlights
• Visibility across user and data activity
• Real-time detection of data exfiltration attempts
• Contextual insights through timeline-based metadata views
• Easy-to-use and reliable
• Privacy-centric through complete anonymization of user data
We empower organizations
to detect, investigate and stop insider threats.

PAGE |
THE LEADER IN INSIDER THREAT MANAGEMENT
“Most breaches… are only found
months or years later.”
“All companies, regardless of
size, have the risk of malicious
insiders.” “Traditional forms of DLP are not
effectively addressing insider threat
detection…”

Secure Access
For a Zero Trust world
Graham Duthie
EMEA Systems Engineer – gduthie@pulsesecure.net

Delivering secure access solutions —
for people, devices, things and services.

Secure Remote Access
User
App
Pulse
Connect Secure
REMOTE ACCESS

Extending Secure Remote Access
User
Pulse Workspace
App
Pulse
Connect Secure
REMOTE ACCESS
CLOUD ACCESS
MOBILE ACCESS

Secure Access
User
Pulse Workspace
App
Pulse
Connect Secure
REMOTE ACCESS
CLOUD ACCESS
Pulse
Policy Secure
NETWORK ACCESS
MOBILE ACCESS

Multi-Cloud
Secure Access
Market Trends
Proprietary & Confidential
Security perimeter has moved to where the users and
devices are – and they could be anywhere
Public/Private
Cloud Datacenter
SaaS
IoT
• Multi-cloud migration
Applications and Infrastructure migrating to multi-cloud
• Apps accessible from anywhere
No “inside” or “outside” network from user’s perspective
– all apps accessible from anywhere
• Expanded attack surface
• Stringent Access
More stringent access requirements
• No trusted domains
Verify everything before allowing access

Zero Trust Secure Access Principles
Data Center
SaaS
Users, Devices,
Things
Hybrid IT, Apps
IaaS
Single User Client
”Zero Trust” Policy and
Compliance
Centralized Visibility,
Management, & Analytics
Flexible, Scalable,
Reliable

Zero Trust for Hybrid IT Access
Verify
User
• Single sign-on,
Multi-factor
authentication
• Authenticate &
authorize every
user
Verify
Device
• Host checking,
Location awareness
• Validate device
security profile
BEFORE connection
Control
Access
• Centralized policy
management &
enforcement
• Enable access for
mobile workforce to
appropriate
resources only
Protect
Data
• Always-on & on-
demand VPN,
Per-app VPN
• Keep transactions
secure, reduce data
leakage & loss
Pulse Secure provides a Zero Trust model today !

Authenticate everything
before access
Zero Trust Model
No “inside” or “outside”
distinction
Trust established closest
to resource
Policy based access (identity
& device configuration)
Software Defined Perimeter

User
Consumer
App
Secure Access Platform
MOBILE ACCESS
APP ACCESS
REMOTE ACCESS
CLOUD ACCESS
NETWORK ACCESS
Pulse Workspace
Pulse vADC
Pulse
Connect Secure
Pulse
Policy Secure
-
SDP Gateway
SDP Gateway
SDP Gateway
SDP Gateway
SDP Client

Pulse Secure Zero Trust Access Portfolio
Pulse Connect Secure
VPN, Cloud, Endpoint
Compliance
Pulse SDP
Software Defined Perimeter for
Multi-Cloud Access
Pulse Policy Secure
Visibility, IoT
Security, NAC
Pulse Workspace
Mobile VPN,
Corporate Container
Pulse vADC
Virtual Application
Delivery Control and WAF
Pulse One
Centralized Management, Visibility,
Analytics
New

Are you using DMARC Enforcement yet?
Lars Postma
Technical Lead, EMEA
Contact me at: LPostma@agari.com
E-mail Security:
www.agari.com
Agari Brand Protection

DMARC…pardon?
Domain-based Message Authentication Reporting and Conformance
In other words…
It stops your own domains from being spoofed.
basically your customers only get to receive e-mails that are actually coming from your domains with DMARC
Hackers can
freely
impersonate
your brand
DMARC Record
not at enforcement
Vulnerable to
reputation hacking
& email shutdown
Marketing mails
likely sidelined or
blocked
Otherwise risk…
https://tools.ietf.org/html/rfc7489

Are you using DMARC Enforcement yet?
©2019 Agari Data, Inc. All rights reserved. Confidential
and Proprietary.
In case you didn’t know…
- Its baseline E-mail security, essential
really to stop domain abuse
- Mandate by HMRC for the public sector
back in October 2016
- It Prevents Attackers from Using your
Brand to Phish Your Consumer.
(a.k.a Spoofing your domains).
2016!

DMARC Adoption
and Proprietary.
….companies are not taking advantage of the protocol, despite the fact that DMARC has been around for years.
This means that most companies are still vulnerable to business email compromise (BEC) attacks, phishing emails, and
other types of email scams, as hackers can easily make their emails look authentic and pass their scams as legitimate
communications.
Source: https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/
!
Companies find they need help getting towards DMARC Enforcement

DMARC Record Not Found
and Proprietary.

DMARC Record Found
and Proprietary.

DMARC Record found for Microsoft.com
and Proprietary.
Microsoft.com’s DMARC record points to Agari:
• It prevents spoofing of their domain
• It’s a simple DNS entry (txt record)
• Enforcement is essential and turned on: p=reject
• Monitoring alone isn’t enough (p=none)

Agari Brand Protection: In a bit more detail…
Legitimate Email
3rd Party Email
Spoofed Email
Email Receivers/MTAs
Reject by
DMARC
Data
Analytics
Threat and
infrastructure Alerts
SPF DKIM DMARC
Hosted Authentication
DNS for Domain
Your Organization
Imposter
DNS record changes
synchronized directly from
Automation Features
• Autogenerated, error-free DNS records
• Automated SPF/DKIM sender detection
• Automated sender authentication
• One-click enforcement
and Proprietary.
Others

OK, but…what about look-a-like domains?
DMARC won't stop emails from
cousin/look-alike domains though!
Agari adds that, hurray!
All inclusive:
Active Attack Campaigns
Monitors email abuse data from around the world
Contextual Correlation
Creates profiles of your brand based on organization
knowledge, domains you own and typical patterns
Brand Spoofing Alerts
Identifies new brand spoofing threats
Takedown integration
Automatically submits new threats against your
brand to your take down vendor or SOC (Rest APi)
www.y0urbank.com
https://www.y0urbank.com
Online Banking Login
and Proprietary.

Intuitive Workflows, Forensics and Threat Feeds (Rest APi)
136
Agari
Brand Protection
Agari shows what your customers see (receiving your e-mail)

BIMI Adoption on the Rise
and Proprietary.
137
Brand Indicators for Message Identification
(Cross E-mail Platform)
Requires DMARC
Enforcement turned on
P=Reject

Losing the trust of your customers
and Proprietary.
It takes years to build trusted relationships with your customers,
and your email channel takes centre stage in the digital
conversations with them.
Cybercriminals abuse that trust, using your brand name as a
disguise to trick your customers into opening their
malicious emails.
Start building your DMARC Policy with Agari in 3 easy steps…

3 Simple Steps to kick-off and stop phishing
Get a DMARC Record from Agari
(Copy and paste into DNS)
1
Proof of Value
(typically runs 2 weeks)
2
Receive Free Executive Results Presentation
and Package
3
and Proprietary.

What else? - Free Agari Email Phishing Assessments
and Proprietary.
Threats still coming through ?
We provide a free phishing assessment of your e-
mail environment.
Including checks on the hardest threats:
• Brand and Individual Display Name Imposters (BDNI)
• Look-alike Domains
• Domain Spoofs
• Account Takeovers (ATO)
Speak to:
AGARI - Advanced Threat Protection offers:
- Next-Generation E-mail Security
- 360 Degree scanning inside your O365/Exchange/G-Suite
- Insider Impersonation Protection
- REST APIs to provide threat data to your SIEM/Other
- Telemetry/Machine Learning Engine
- Part of the Agari Secure Email Cloud™

Thank You
Lars Postma, Technical Lead EMEA
Lpostma@agari.com
Assessment, Demo, DMARC? Get in touch via Secon
Agari customers
agari.com
Thank you, prost!

Network at the Speed of NOW.
The only SD-WAN architected for the digital business.
Phil Keeling
Regional Director -EMEA

Cato Networks
The Team. The Funding. The Growth.
Shlomo Kramer, CEO
(Check Point, Imperva)
Gur Shatz, CTO
(Incapsula)
$125M 350+
Enterprise Customers
100 countries
3000+Branches and cloud Instances

The WAN is Incompatible with Today’s Business Needs
Can your network deliver optimized and secured access everywhere?
DC
MPLS/VPN
Legacy Network
Branch
Cloud
Global
Branch
Mobile
UsersCostsAgility
Optimization Security

Mobile
Users
Point solutions? You can’t patch your way to a better network
DC
Cloud
Global
Branch
Legacy Network
Branch
MPLS
SD-WAN
Cloud Acceleration Cloud Security
Mobile
VPN/SDP
Network
Security
WAN Optimization
Branch Security
Getting better?

MPLS
Network
Security
Mobile
VPN/SDP
SD-WAN
WAN Optimization
Cloud Acceleration
Cloud Security
Do itYOURSELF
Pay itYOURSELF
“In essence, complexity is
the enemy of availability,
security and agility”
“Avoid These 'Bottom 10' Networking Worst Practices”
By: Andrew Lerner, Bill Menezes, Vivek Bhalla, Danellie Young
MPLS
Network
Security
Mobile
VPN/SDP
SD-WAN
WAN Optimization
Cloud Acceleration
Cloud Security

Cloud-Native Convergence Drives WAN Transformation
ALL-IN-1
Faster Innovation
Better Service
Lower Costs
MPLS
Network
Security
Mobile
VPN/SDP
SD-WAN
WAN Optimization
Cloud Acceleration
Cloud Security

Cato Keeps it Simple
Connect. Secure. Run
Secure.
Protect all traffic with built-in
security as a service
Connect.
End-to-end optimized connectivity for all
locations, clouds, and users
Run.
One console for all network and
security policies and analytics
BranchHQ/DC Cloud Mobile

Cato Cloud PoPs Global Map: 45 PoPs, Network+Security Converged

NG Firewall
Secure Web Gateway
Advanced Threat Prevention
Cloud and Mobile Security
Cloud Optimization
WAN Optimization
Global Route Optimization
Self-healing Architecture
Cato Cloud: the NETWORK for the digital business
Branch
Internet
Datacenter
Edge SD-WAN
• Active / Active / Active
• Dynamic Path Selection
• Application- and User Aware QoS
• Packet Loss Mitigation
IPSec
Internet
MPLS
Hybrid/Multi Cloud
Agentless
Mobile
Client/Clientless
SDP
Flexible Management
• Self-service
• Co-managed
• Fully managed
PoP
Converged
Network &
Security

Cato Managed Services
Rapid Site Deployment
• Remote site setup and configuration
• On-site support available from
partners
Intelligent Last Mile
Management
• Proactive Monitoring of Last Mile ISPs
• Blackout or Brownout detection
• ISP resolution management (LOA is required)
* Last mile provisioning is provided via partners if needed
Hands-free
Management
• Cato service adjustments by Cato NOC
• Setting, changing or removing site
configuration, networking, routing, QoS, and
security policies
Managed Detection and
Response (MDR)
• Monitor the network for compromised end-
points
• Alert for infected machines (human verified)
• Guided remediation until threat is removed

Cato Cloud: In Action
Email from a customer’s IT manager to his team
“ALL {Telco} devices need to be removed.
Cisco routers (both Datanet & Flex if present),
Check Point Firewalls (two at each site),
Blue Coat WAN accelerator (if present).
CPE device provided by local MPLS operator as well…”
“You should install two Cato sockets + rack mount kit”

Experience WAN Transformation
with Cato Networks.

• The insider breach problem
• The hype about AI and machine
learning
• Prevent and protect
• New ways to prevent and protect
• Summary
Agenda

Ponemon Institute:
Survey of 1,700 customers
• Majority cited negligent insiders
(64%) vs. malicious insiders
(23%)
• Employee negligence cost
$283,281/incident vs. malicious
insider cost of $607,745
• Two month average to contain an
insider incident
• Only 16% contained in less than
30 days
The insider breach problem
60%
44%
36%
30%
28%
27%
3%
1%
0% 20% 40% 60% 80%
Employees rushing/making mistakes
Lack of awareness
Lack of training
Employees leaking data
Employees stealing data
Lack of proper security systems
We don't have data breaches
Reasons not listed
Accidental Malicious Others
Insider Data Breach Survey 2019

AI and machine learning: All the hype!
AI start-ups that
don’t have AI:
two in five
AI start-up funding
in 2018:
$9.33 billion

Prevent
• Ensure the right content is sent
to the right person
• “What is the point of sending
an encrypted email to the
wrong person?”
Protect
• Ensure that the right protection
is applied to emails
• ‘“What if you send an email to
the right person, but it is
breached?”
Effective email security: Prevent and protect

Use static rules to detect breaches
• Manage database of rules on what users can and cannot do
• Require regular maintenance and updates
• Do not account for context, past
behavior and relationships
• Cannot prevent against
misdirected emails
Prevent: Older signature-based DLP systems

Machine learning to prevent breaches
• Use parallel processing and cloud to
ingest vast quantities of data
• Link relationships and past behavior to
detect anomalies
• Learn as they go: No need to
maintain static rules
Prevent: The new way

• Outlook auto-complete mistakes
• Mis-typing of recipients
• Sending the wrong attachment to the
wrong person
• Sending sensitive data to the wrong
domains
• Ethical walls
Prevent: Misdirected email use cases

• Breaching ethical walls
• Malicious exfiltration of data
• ‘Leaver watch’
• Emailing sensitive data to
personal / free mail domains
• Anomalies in behavior:
• Time, content, attachment
types and sizes
Prevent: Advanced DLP use cases

• Edge-based solutions block 95% of attacks.
Last 5% cause most damage
• Business email compromise (BEC) scams lost
over $1.6bn in 2018
• Scammer pretending to be a manager,
co-worker or supplier
• Google and Facebook transferred over
$100m to a fake supplier
• Emails do not have links or attachments
Prevent: Advanced anti-phishing use cases

• BEC solutions
• Anomaly detection of the individual mailbox
based on content and recipients
• Domain type squatting detection
www.britishairways.com vs. www.brtishairways.com
• Display name impersonation detection
Bill Gates <thefakebillgates@gmail.com>
Prevent: Advanced anti-phishing use cases

• Insider breaches account for the
vast majority of data breaches
• AI and machine learning do
deliver on specific use cases
• Prevent and protect go hand-in-
hand for comprehensive email
security
Summary

Thank you for your time
E: info@egress.com | T: +44 (0) 2076248500 | W: www.egress.com | Twitter: @EgressSoftware
Our presentations and webinars are for information only and don’t constitute advice. Professional advice should always be obtained. No liability is accepted for the use of the contents (or any errors or
inaccuracies). Please read our privacy policy at www.egress.com/website-privacy. By reading this presentation or attending our webinar you confirm that you’ve read and agree to this disclaimer. All
intellectual property rights in this presentation are retained by Egress Software Technologies Limited (or its licensors). This presentation or webinar was provided on behalf of: Egress Software Technologies
Limited (12th Floor, The White Collar Factory, 1 Old Street Yard, London, EC1Y 8AF, UK. Registered in England and Wales, 06393598) or Egress Software Technologies Inc. (a Massachusetts corporation,
51 Melcher St, 1st Floor, Boston, MA 02210). Both are part of the Egress Software Technologies group of companies. Egress is a trademark of Egress Software Technologies Limited.

Andrew Thompson
October, 2019
Everything You Always Wanted to Know About DevSecOps
But Were Afraid To Ask.

/
What Is DevOps?
A modern process to develop software that has 4 major disciplines:
Development = Coding
Continuous Integration (CI)
The Orchestration Layer
Continuous Delivery/Deployment (CD)
Where all automated tests and the deployment processes happens
Production
Putting pieces of the
puzzle together
Where all the various technologies and components are put
together to build the software
Functional, Unit

/
What Is DevSecOps?
A modern process to develop software that has 4 major disciplines + Security testing!
Development = Coding
Continuous Integration (CI)
The Orchestration Layer
Continuous Delivery/Deployment (CD)
Where all automated tests and the deployment processes happens
Production
Putting pieces of the
puzzle together
Where all the various technologies and components are put
together to build the software
Functional, Unit

/
• Education
• Design
• SAST
• OSA
• IAST / DAST
• Penetration Testing
Automation of Software Security

/ So what’s the problem ?
Perception that
Security checks will slow the delivery process
False Positives

/
And the solution is…
SAST best practice
Learn from Deming
Stop the production line
[Break the build]
Root cause analysis
Fix the issue
[Fix the vulnerability or
remove the FP]

/
How is this applicable to Software ?
Easy to write vulnerable software
SAST highlights the vulnerable code early
Developers don’t write bad code on top of bad code
Less time spent on test/fix cycles
Cheaper
Root cause analysis – remove False Positives (and False Negatives)
OSA highlights known issues in Open Source code

/
Run Security testing as
part of CI/CD
Start by just initiating
scans, don’t break the
build
Test early, test often
Automation is key

/
Sounds easy, what’s the catch?
There’s no silver bullet …
Management focus on Software
Security
DevSecOps is everyone’s
responsibility from CEO to developer

/ Common Misconceptions
Testing is testing, the code still needs to be fixed!
If I just make the tool available to Developers they will make all of our Security Issues Disappear
No. Violation of a Law of Thermodynamics
‘The entropy of a system (Disorder) always increases unless outside energy is applied’
No. Violation of a Law of Physics
‘A body in motion will remain in motion unless acted upon by an outside force’
No. Violation of a Basic Law of Human Nature
‘What’s in it for me?’

/ No such thing as a free beer
IDEs
Source Code
Management Solutions
Build/CI Solutions
Defect Tracking
Dashboarding
Dev
OpsCLI, Web Services API
Data Export API

/ 4 things to remember
Security is everyone’s business
Automate
Fix - Don’t be an Osterich
Have Fun

Ian Heritage
Cloud Security Architect

Need a new example for machine learning since this would be caught
by variant protection – Jon Oliver working on this example now.

Opcode
normalised
in graph
API calls –
displayed in
import table

Often vulnerabilities are
found in unsupported
software or operating
systems.

Doing the right…
• Scanning for Malware
• Blocking Access to Malicious Web Sites
• Filtering Traffic Using Firewall Rules
• Protecting Servers From Vulnerabilities
• Detecting Changes on Protected Servers
• Blocking Unapproved Applications
• Monitoring Logs on Protected Servers

Public
Cloud
Virtual
Servers
Physical
ServersSoftware
SaaS

How much money you expect to lose
in a year due to a certain threat.

• One platform for physical, virtual & cloud
environments.
• Automated protection and shielding of vulnerabilities
before a patch is issued.
• Supports your move to the cloud
• Offers protection in minutes with simplified
deployment and recommendation scans.
Try a free 30-day trial of Deep Security as a Service.
Takeaways

© 2019 ForcepointPublic
Why Protect Data
in the Cloud?
of all corporate data
is stored in the cloud43%
of this data is
not managed or
controlled by IT
53%
Types of
Data at Risk
▸ Payment information
▸ Customer information
▸ Consumer data
▸ Employee records
▸ Email

© 2019 Forcepoint
Challenges in Protecting Data
in the Cloud
Lack of Visibility Not under IT
control
Traditional security
solutions do not extend
to the cloud
Public

© 2019 Forcepoint
Understanding Cloud Risks
Users oversharing
data in file-sharing
apps
Employees, 3rd
parties accessing
cloud apps from
their own devices
The cloud becoming
the new attack
surface
Employees finding and
using their own cloud
services
Admins making
mistakes or coming
under attack
Public

© 2019 Forcepoint
Scenario – Users Oversharing Data
Cloud Apps
Collaborate via cloud apps
Share data safely within Cloud Apps.
Team
Outsider
Public
Policy to exclude
external users
Geo-location
anomaly

© 2019 Forcepoint
Scenario – Compromised Admin Credentials
Cloud Apps
Stop Unauthorized Access
Reduce risk while leveraging power of cloud.
Admin
Pretend Admin
Public
Behavior
Analytics
Step up authentication
Automatic Policy
Enforcement

© 2019 Forcepoint
Scenario – Employees or Partners using Personal Devices
Cloud Apps
Enable BYOD Access
Unleash the power of personal devices.
Personal Devices
Public
Access apps anywhere
Robust reverse proxy
Seamless SSO
integration
F
O
R
W
A
R
D
P
R
O
X
Y
REVERSE PROXY + SSO

© 2019 Forcepoint
Scenario – Employees using their own apps – Shadow IT
Gain full visibility into Shadow IT
Monitor and secure unsanctioned cloud app usage
Public
Visibility into
unsanctioned apps
Control over both
unsanctioned and
sanctioned apps

© 2019 Forcepoint
Scenario – Cloud becoming the new attack surface
Cloud Apps
Use Cloud Apps Safely
Provide frictionless cloud security easily.
Public
Access policy
Enforcement
Step-up authentication
Block unauthorized
access

© 2019 Forcepoint
Forcepoint Cloud Protection
Get cloud protection based on your needs.
Forcepoint
DLP
DLP
Cloud
Apps
Forcepoint
CASB
Forcepoint
Web Security
Cloud App
Control
Public

© 2019 Forcepoint
Data protection in the cloud is
becoming increasingly critical
Integrated and unified solutions are key
to avoid siloed security
Forcepoint data protection solution can
effectively extend from on-premises to
the cloud
Takeaways
Public
Let us show you a demo

© 2019 Forcepoint
Thank you
Follow us!
Forcepoint LLC@Forcepoint Forcepoint @ForcepontSec
@ForcepointLabs
Forcepoint
Public

Contact us
Phone: +44(0)203 657 0707
Support: +44(0)1932 911 053
Email: hello@seconcyber.com

OktCyberfest Agenda and Technology Partner Presentations

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to OktCyberfest Agenda and Technology Partner Presentations

Similar to OktCyberfest Agenda and Technology Partner Presentations (20)

Recently uploaded

Recently uploaded (20)

OktCyberfest Agenda and Technology Partner Presentations