6. The Problem
The average business does not know their cyber security vulnerabilities or
if they have been attacked
The cost of building and maintaining a cyber security service inhouse for
the average business is too high
9. How do we make it easy for them?
Unpatched operating systems
Unpatched applications (e.g Adobe etc)
Legacy operating systems
Standard users with priviledged accounts
Out of date security tools
Misconfigured Security tools (and network devices)
Using Cloud applications, storage or workloads without controls in place
Non savvy users in front of the keyboard
Weak passwords, using same password multiple times
No controls on sensitive data - DLP, Encryption, Role based access
Poor backup strategy
We dont know they are there until they have done their business
(MONITORING)
10. Who has set up DMARC?
40%
Do not have a
DMARC record
published
51%
Do not have a DMARC
quarantine/reject policy
enabled
Of the organisations that do have a
DMARC Record Published here
today
Of all the attendees here today
12. Why the need for monitoring?
● Detect attacks: Either originating from outside the organisation or attacks as a result of
deliberate or accidental user activity.
● React to attacks: An effective response to an attack depends upon first being aware
than an attack has happened or is taking place. A swift response is essential to stop the
attack, and to respond and minimise the impact or damage caused.
● Account for activity: You should have a complete understanding of how systems,
services and information are being used by users. Failure to monitor systems and their
use could lead to attacks going unnoticed and/or non-compliance with legal or
regulatory requirements.
15. Have a plan!
Incident Scenario definition - Define potential breach scenarios across the organisation
Classification of Data review - Identify the different classes of data within your organisation and determine the response efforts and activities for
each data type
Performance Objectives definition - On a per data classification per scenario basis, define high-level guidelines and timelines for each incident
response
Key Roles & Responsibilities identification - Agree key senior executive and “war room” personnel. List key roles and individuals, including external
stakeholders
Possible Failure Modes - Review areas where the Incident Response Plan could break down. Build-in contingency around areas of weakness e.g.
backup personnel.
Tools & Documentation Review - A review of all documentation and tools including procedures, checklists,
for both eradication and recovery.
Response Plan Testing - Create exercise scenarios and test the plan’s effectiveness.
Ongoing Maintenance and Training - Ensure an executive has overall responsibility of the plan. Integrate the
maintenance of the plain into normal business processes. Ensure the plan is available to all staff and they are aware of the content
16. Lessons learnt.
CYBERSECURITY BEST PRACTICE
ALWAYS PREPARE FOR THE WORST
VALUE OF MONITORING
SECURITY IS A CONTINUOUS PROCESS - NOT SET
AND FORGET!
17.
18. GOOD FOR PEOPLE &
GOOD FOR BUSINESS
How to start your least privileged journey
C Y B E R S E C U R I T Y T H A T ’ S
Scott Shields
19. Protecting privileged accounts has the
greatest impact of any cyber security strategy
of cyber attacks enter through
compromised endpoints
85%
- SANS
of breaches involve
privileged credentials
80%
- 2018 Forrester Wave
Privileged Identity Management
20. accessing privileged accounts was the
number one choice for the easiest and
fastest way to get at sensitive data
32%
OF HACKERS SAY
21. PRIVILEGED ACCOUNTS
What is a privileged account?
§ Non-human or user accounts used by IT staff or applications
which often have unfettered access to critical data and systems
i.e. Domain Admin, root.
§ Exist everywhere in nearly every connected device, server,
hypervisor, OS, DB, or application: on-premises & cloud.
§ Represent one of the most vulnerable aspects of an
organization’s IT infrastructure.
22. PAM
Gartner Ranks
CISO’s #1
Security Priority
On Gartner’s List of Top 6 Security Projects
THYCOTIC ADRESSES 4
§ #1 – Privilege Account Management
§ #3 – Anti-phishing
§ #4 – Application Control
§ #6 – Detection & Response
23. Why can Privileged Accounts be difficult to
secure?
Unknown:
• Don’t know where service accounts are used (dependent services)
• Multiple accounts used to run services, tasks, applications on multiple
servers, possibly in multiple data centers
Unmanaged:
• Never rotating passwords = manual, tedious process
• Password changes require downtime = need to be done off hours
Unprotected:
• No access control
• No auditing
24.
25. Secret Server
Privileged Accounts
MSSQL
Oracle
MySQL
Domain Administrators
Windows Local
Administrators
Domain Service Accounts
RedHat
Debian
Fedora
AS400 / OS390
z/OS (RACF)
SSH
Cisco / Juniper
Checkpoint / Palo Alto
Blue Coat / SonicWall
VMware ESX/ESXi
Dell DRAC / HP iLO
SSH/Telnet Compatible
Google / Office365 / Salesforce
SAP / Social Media
AWS / Azure
Config Files
Scripts
DevOps
26. Two Factor
SAML SSO
IWA
Desktop App /
Smartphone Apps
Web Browser
API
Session
Launcher
Session
Monitoring
+
Workflows
Alerts
Distributed Engine
Password
Rotation Discovery+
Service
Accounts
Discovery+
Secret Server
Secret Server
MS SQL HA/Geo Replication
IIS Cluster
IT Admins
RBAC
Complete DR
Time limited Access
Request & Approval
Requires Ticket
One Time Password
+
27. Why Privileged Accounts
Are an Attractive Target
• Privileged accounts exist everywhere and used by IT personnel
to access servers, OS, routers, apps, DB….
• Privileged accounts are often unknown, unmanaged, & unprotected
• Attackers target privileged accounts to gain access & cause harm
• 200+ days is average time breaches go undetected
83% of cyber breaches involve privilege accounts
- Verizon 2018 Report
29. MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
Low risk to
architecture &
operations
§ Paper-based password
& credential tracking
§ Default password use
§ No password rotation
§ No or minimal
password complexity
requirements
§ Automated privileged
account discovery
§ Password vaulting
§ Non-default password
use
§ Multi-factor
authentication
§ Automated password
rotation &
randomization
§ Password hiding
§ Privileged session
proxying
§ Dual control & 4-eyes
protocols
§ Session monitoring
§ Immutable privileged
activity auditing
§ Endpoint Least Privilege
& application control
§ Automated anomoly
detection &
remediation
§ Automated privileged
account lifecycle
management
§ DevOps workflow
privileged account
management
FEATURES
ADVANCED3
PAM Maturity Model
30. MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
Low risk to
architecture &
operations
§ Paper-based password
& credential tracking
§ Default password use
§ No password rotation
§ No or minimal
password complexity
requirements
§ Automated privileged
account discovery
§ Password vaulting
§ Non-default password
use
§ Multi-factor
authentication
§ Automated password
rotation & randomization
§ Password hiding
§ Privileged session
proxying
§ Dual control & 4-eyes
protocols
§ Session monitoring
§ Immutable privileged
activity auditing
§ Endpoint Least Privilege
& application control
§ Automated anomoly
detection &
remediation
§ Automated privileged
account lifecycle
management
§ DevOps workflow
privileged account
management
FEATURES
ADVANCED3
PAM Maturity Model
31. MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
Low risk to
architecture &
operations
§ Paper-based password
& credential tracking
§ Default password use
§ No password rotation
§ No or minimal
password complexity
requirements
§ Automated privileged
account discovery
§ Password vaulting
§ Non-default password
use
§ Multi-factor
authentication
§ Automated password
rotation & randomization
§ Password hiding
§ Privileged session
proxying
§ Dual control & 4-eyes
protocols
§ Session monitoring
§ Immutable privileged
activity auditing
§ Endpoint Least Privilege &
application control
§ Automated anomoly
detection &
remediation
§ Automated privileged
account lifecycle
management
§ DevOps workflow
privileged account
management
FEATURES
ADVANCED3
PAM Maturity Model
32. MATURITYLEVEL
ADAPTIVE
INTELLIGENT4
SECURITYPOSTURE
BEGINNERS LEADERS
ANALOG1
BASIC2
High risk to
architecture &
operations
CRITICAL RISK THRESHOLD
Low risk to
architecture &
operations
§ Paper-based password
& credential tracking
§ Default password use
§ No password rotation
§ No or minimal
password complexity
requirements
§ Automated privileged
account discovery
§ Password vaulting
§ Non-default password
use
§ Multi-factor
authentication
§ Automated password
rotation & randomization
§ Password hiding
§ Privileged session
proxying
§ Dual control & 4-eyes
protocols
§ Session monitoring
§ Immutable privileged
activity auditing
§ Endpoint Least Privilege &
application control
§ Automated anomoly
detection &
remediation
§ Automated privileged
account lifecycle
management
§ DevOps workflow
privileged account
management
FEATURES
ADVANCED3
PAM Maturity Model
33. Ultimate goal
No more local administrators
Lightweight, clientside service -> Granular Policies ->
Elevate applications, instead of users
34. THE THREAT: Local Privileged Accounts
Local admin accounts on endpoints can be
used to access other computers, domain
resources, and critical servers unless a least
privilege security model is implemented
They exist everywhere because it’s easier
to give standard domain user accounts more
rights than they actually need, resulting in
humans with privileged access.
The issue is rarely addressed on employee
computers, leaving companies vulnerable to
privileged account escalation and pass-the-
hash attacks
96% of critical vulnerabilities affecting
Windows operating systems could be
mitigated by removing admin rights
60% of all Microsoft vulnerabilities could
be mitigated by removing admin rights
According to
35. THE Microsoft Solution: UAC
Microsoft recommend that no users
should log in to endpoints with local
admin rights. Instead they should be
issued with two sets of credentials:
• Standard User
• Local Admin
Users should log in with their standard user
account and will receive a UAC prompt
whenever admin privileges are required.
OR
Remove admin accounts from end users and
keep support teams with administrative
accounts
Limitations of UAC
• 2 sets of credentials to remember
• Users just log in with the admin
account or create a new account/s
• Limited application support
• If leaving support team with Admin
accounts this puts HUGE workload on
them
36. How?
• Elevate (add admin rights) to specific applications (Never the User!)
• Replace Windows UAC with flexible, customized messaging
• Block known-bad applications outright
• Whitelist known-good applications and prevent unknown applications from
executing
• And much more…
38. RATED #1 in GARTNER PEER REVIEWS
Performance & Ease of Use
We are very pleased with Secret
Server performance and ease of use,
especially compared to the CyberArk
product it will replace.”
CISO, FINANCE INDUSTRY
Requires Less, Covers More
Thycotic is 100% better than
CyberArk at a fraction of the cost.
And requires a smaller footprint and
covers more compliance
requirements.”
IT SPECIALIST, SERVICE INDUSTRY
Adoption Skyrockets
Adoption has been organic without a
need to strongly push the tool. It’s
intuitive, requiring very little training
to get our teams up and running.”
INFOSEC MANAGER, SERVICE INDUSTRY
51. 8
Faster and More Secure
Registration to websites and
applications
Rapid onboarding of new
devices and establishing trusted
devices
{ Easy and Fast
Account Recovery in
the case of a
lost/stolen device
Portable
Root of Trust
High Security with Escalation of
Privileges/Step-up Authentication
A Portable Root of Trust
Simplifies the User Experience and Increases Security
60. Identity & Access Management
Secon OktCyberFest
IAM Solution
of The Year
IAM Award
International Contribution
to Cyber Security
Best Identity
Management Solution
Leveraging IAM to Protect Against Data Breach Threats
62. The Problem – Complex,
Inter-connected Public/Private Environments
Expenses
Active Directory/
Azure AD
TrainingAppraisals
Unknown Apps
Unknown Apps
Thick Client Apps ie. RDP
ie. mainframe
Shadow IT
Unknown Apps
Unknown Apps
63. The Problem
Gartner/Forrester
20% - 50%
of all help desk calls are for
password resets. Each call
costs £20
Direct Cost
Average cost of corporate
data breach in the UK
£3.6 million
Security Vulnerabilities
Ponemon
Compliance Failures
£Fines
4% of T/O
End users need a solution for all the new
passwords they have to manage
Business Impact
Threats
Insider Threat
Phishing Attacks
Shadow IT
Compliance Obligations
PCI
ICO
FCA
ISO
GDPR
100. MANA GING T HE INSIDER THREAT:
WHY VISIBILITY IS CRITICAL
LE E DUF F, CS S P, TECHNICA L E X PE RT
Company Confidential
101. PAGE |
WM Morrisons
Supermarkets
99K files
AT A NEW RECORD HIGH…
Amazon
Punjab
National
Bank
Allen &
Hoshall
$425K
Google
19K
Sun Trust
Bank
$1.5M
Nuance
45K
Coca Cola
8K
Delta
DuPont
18K
Boeing
Anthem
80K
NSA
Average days to complete
investigations: 73 days
Source: Ponemon study, 2018
Source: CSOOnline
McKinsey 2018 study:
50% data breaches
with insider threat
2016 2017 2018-19Increase in
BREACHES
AMSC
$1B loss
700 layoffs
Facebook
No public data Number of files affected Value of data affected
General
Electric
19K files
MUIA
$33K
102. PAGE |
INSIDER
THREATS
3
When an insider intentionally
or unintentionally misuses
access to negatively affect the
confidentiality, integrity, or
availability of the organisation’s
critical information or systems.
COMPROMISED INSIDER
CARELESS INSIDER
MALICIOUS INSIDER
103. PAGE |
THE VIEW FROM INSIDE TRADITIONAL DEFENCES
BEFORE
The NETWORK was the Perimeter
TODAY
The USER is the new Perimeter
USER
104. PAGE |
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
Seconds Minutes Hours Days Weeks Months Years
Breach Discovery 1 Year (n=60) 5 Years (n=326)
TIME TO DETECTION IS MONTHS OR YEARS
Since insiders have fewer barriers…and…don’t
require circumventing controls, the time-to-
compromise and time-to-exfiltrate metrics for
insider threat actions are grim
~70% of insider
breaches take
months / years
to detect
Source: Verizon Insider Threat
Report 2018
Breach Time to Discovery within Insider & Privilege Misuse Breaches
105. PAGE |
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Internal Actor Varieties
1 Year (n=156) 2 Years (n=683)
HIGH RISK USERS ARE BEYOND IT/ADMINS
Regular users: ~60%
Privileged users: <5%
Regular users have access to sensitive and
monetizable data and are behind most internal data
breaches
Source: Verizon Insider Threat
Report 2018
108. PAGE |
OBSERVEIT INSIGHTS – TOP USED ALERTS
0 2 4 6 8 10 12 14
Exfiltrating tracked file to the web by uploading
Connecting unlisted USB device
Exfiltrating a file to an unlisted USB device
Installing hacking or spoofing tools
Opening a clear text file that potentially stores passwords
Clearing browsing history in Google Chrome
Running software to enable sharing and access from remote machine
Searching data on monitoring or sniffing
Browsing Adult sites
Browsing Illegal drugs sites
Connecting to a new FTP or SFTP server using FTP application
Downloading file with potentially malicious extension
Installing software on Server
Opening cloud storage sync folder
Performing large file or folder copy during irregular hours
Browsing Gambling sites
Clearing browsing history in IE or Firefox
Installing TOR (The Onion Router) tools
Searching data on password cracking
Num. of Customers
109. PAGE |
Wait! No ML/AI/Deep Learning/Algorithm?
CERTAINTY
INSIGHT
“I don’t want false positives” “Give me insights to threats I
wouldn’t otherwise know about”
https://blogs.gartner.com/anton-chuvakin/2016/12/08/what-should-your-ueba-show-indications-or-conclusions/
110. PAGE |
OBSERVEIT AT-A-GLANCE
SERVING 2,000+ CUSTOMERS ACROSS ALL MAJOR VERTICALS
Founded 2006
Headquarter
s
Boston, MA
Locations
Boston, Germany, London, San Francisco, Singapore,
Tel Aviv, Washington, D.C
Investors
Market
Leader
• 5 of top 10 Financial Services Companies
• 10 of top 20 Telecommunications Organizations
• 7 of top 20 Technology Services Providers
Insider Threat Management Platform Highlights
• Visibility across user and data activity
• Real-time detection of data exfiltration attempts
• Contextual insights through timeline-based metadata views
• Easy-to-use and reliable
• Privacy-centric through complete anonymization of user data
We empower organizations
to detect, investigate and stop insider threats.
111. PAGE |
THE LEADER IN INSIDER THREAT MANAGEMENT
“Most breaches… are only found
months or years later.”
“All companies, regardless of
size, have the risk of malicious
insiders.” “Traditional forms of DLP are not
effectively addressing insider threat
detection…”
112.
113. Secure Access
For a Zero Trust world
Graham Duthie
EMEA Systems Engineer – gduthie@pulsesecure.net
118. Multi-Cloud
Secure Access
Market Trends
Proprietary & Confidential
Security perimeter has moved to where the users and
devices are – and they could be anywhere
Public/Private
Cloud Datacenter
SaaS
IoT
• Multi-cloud migration
Applications and Infrastructure migrating to multi-cloud
• Apps accessible from anywhere
No “inside” or “outside” network from user’s perspective
– all apps accessible from anywhere
• Expanded attack surface
• Stringent Access
More stringent access requirements
• No trusted domains
Verify everything before allowing access
119. Zero Trust Secure Access Principles
Data Center
SaaS
Users, Devices,
Things
Hybrid IT, Apps
IaaS
Single User Client
”Zero Trust” Policy and
Compliance
Centralized Visibility,
Management, & Analytics
Flexible, Scalable,
Reliable
120. Zero Trust for Hybrid IT Access
Verify
User
• Single sign-on,
Multi-factor
authentication
• Authenticate &
authorize every
user
Verify
Device
• Host checking,
Location awareness
• Validate device
security profile
BEFORE connection
Control
Access
• Centralized policy
management &
enforcement
• Enable access for
mobile workforce to
appropriate
resources only
Protect
Data
• Always-on & on-
demand VPN,
Per-app VPN
• Keep transactions
secure, reduce data
leakage & loss
Pulse Secure provides a Zero Trust model today !
121. Authenticate everything
before access
Zero Trust Model
No “inside” or “outside”
distinction
Trust established closest
to resource
Policy based access (identity
& device configuration)
Software Defined Perimeter
127. Are you using DMARC Enforcement yet?
Lars Postma
Technical Lead, EMEA
Contact me at: LPostma@agari.com
E-mail Security:
www.agari.com
Agari Brand Protection
128. DMARC…pardon?
Domain-based Message Authentication Reporting and Conformance
In other words…
It stops your own domains from being spoofed.
basically your customers only get to receive e-mails that are actually coming from your domains with DMARC
Hackers can
freely
impersonate
your brand
DMARC Record
not at enforcement
Vulnerable to
reputation hacking
& email shutdown
Marketing mails
likely sidelined or
blocked
Otherwise risk…
https://tools.ietf.org/html/rfc7489
141. Thank You
Lars Postma, Technical Lead EMEA
Lpostma@agari.com
Assessment, Demo, DMARC? Get in touch via Secon
Agari customers
agari.com
Thank you, prost!
142.
143. Network at the Speed of NOW.
The only SD-WAN architected for the digital business.
Phil Keeling
Regional Director -EMEA
144. Cato Networks
The Team. The Funding. The Growth.
Shlomo Kramer, CEO
(Check Point, Imperva)
Gur Shatz, CTO
(Incapsula)
$125M 350+
Enterprise Customers
100 countries
3000+Branches and cloud Instances
145. The WAN is Incompatible with Today’s Business Needs
Can your network deliver optimized and secured access everywhere?
DC
MPLS/VPN
Legacy Network
Branch
Cloud
Global
Branch
Mobile
UsersCostsAgility
Optimization Security
146. Mobile
Users
Point solutions? You can’t patch your way to a better network
DC
Cloud
Global
Branch
Legacy Network
Branch
MPLS
SD-WAN
Cloud Acceleration Cloud Security
Mobile
VPN/SDP
Network
Security
WAN Optimization
Branch Security
Getting better?
147. MPLS
Network
Security
Mobile
VPN/SDP
SD-WAN
WAN Optimization
Cloud Acceleration
Cloud Security
Do itYOURSELF
Pay itYOURSELF
“In essence, complexity is
the enemy of availability,
security and agility”
“Avoid These 'Bottom 10' Networking Worst Practices”
By: Andrew Lerner, Bill Menezes, Vivek Bhalla, Danellie Young
MPLS
Network
Security
Mobile
VPN/SDP
SD-WAN
WAN Optimization
Cloud Acceleration
Cloud Security
148. Cloud-Native Convergence Drives WAN Transformation
ALL-IN-1
Faster Innovation
Better Service
Lower Costs
MPLS
Network
Security
Mobile
VPN/SDP
SD-WAN
WAN Optimization
Cloud Acceleration
Cloud Security
149. Cato Keeps it Simple
Connect. Secure. Run
Secure.
Protect all traffic with built-in
security as a service
Connect.
End-to-end optimized connectivity for all
locations, clouds, and users
Run.
One console for all network and
security policies and analytics
BranchHQ/DC Cloud Mobile
150. Cato Cloud PoPs Global Map: 45 PoPs, Network+Security Converged
151. NG Firewall
Secure Web Gateway
Advanced Threat Prevention
Cloud and Mobile Security
Cloud Optimization
WAN Optimization
Global Route Optimization
Self-healing Architecture
Cato Cloud: the NETWORK for the digital business
Branch
Internet
Datacenter
Edge SD-WAN
• Active / Active / Active
• Dynamic Path Selection
• Application- and User Aware QoS
• Packet Loss Mitigation
IPSec
Internet
MPLS
Hybrid/Multi Cloud
Agentless
Mobile
Client/Clientless
SDP
Flexible Management
• Self-service
• Co-managed
• Fully managed
PoP
Converged
Network &
Security
152. Cato Managed Services
Rapid Site Deployment
• Remote site setup and configuration
• On-site support available from
partners
Intelligent Last Mile
Management
• Proactive Monitoring of Last Mile ISPs
• Blackout or Brownout detection
• ISP resolution management (LOA is required)
* Last mile provisioning is provided via partners if needed
Hands-free
Management
• Cato service adjustments by Cato NOC
• Setting, changing or removing site
configuration, networking, routing, QoS, and
security policies
Managed Detection and
Response (MDR)
• Monitor the network for compromised end-
points
• Alert for infected machines (human verified)
• Guided remediation until threat is removed
153. Cato Cloud: In Action
Email from a customer’s IT manager to his team
“ALL {Telco} devices need to be removed.
Cisco routers (both Datanet & Flex if present),
Check Point Firewalls (two at each site),
Blue Coat WAN accelerator (if present).
CPE device provided by local MPLS operator as well…”
“You should install two Cato sockets + rack mount kit”
172. /
Proprietary & Confidential | All Rights Reserved | 175
What Is DevOps?
A modern process to develop software that has 4 major disciplines:
Development = Coding
Continuous Integration (CI)
The Orchestration Layer
Continuous Delivery/Deployment (CD)
Where all automated tests and the deployment processes happens
Production
Putting pieces of the
puzzle together
Where all the various technologies and components are put
together to build the software
Functional, Unit
173. /
Proprietary & Confidential | All Rights Reserved | 176
What Is DevSecOps?
A modern process to develop software that has 4 major disciplines + Security testing!
Development = Coding
Continuous Integration (CI)
The Orchestration Layer
Continuous Delivery/Deployment (CD)
Where all automated tests and the deployment processes happens
Production
Putting pieces of the
puzzle together
Where all the various technologies and components are put
together to build the software
Functional, Unit
174. /
• Education
• Design
• SAST
• OSA
• IAST / DAST
• Penetration Testing
Proprietary & Confidential | All Rights Reserved | 177
Automation of Software Security
175. / So what’s the problem ?
Perception that
Security checks will slow the delivery process
False Positives
176. /
Proprietary & Confidential | All Rights Reserved | 179
And the solution is…
SAST best practice
Learn from Deming
Stop the production line
[Break the build]
Root cause analysis
Fix the issue
[Fix the vulnerability or
remove the FP]
177. /
Proprietary & Confidential | All Rights Reserved | 180
How is this applicable to Software ?
Easy to write vulnerable software
SAST highlights the vulnerable code early
Developers don’t write bad code on top of bad code
Less time spent on test/fix cycles
Cheaper
Root cause analysis – remove False Positives (and False Negatives)
OSA highlights known issues in Open Source code
178. /
Run Security testing as
part of CI/CD
Start by just initiating
scans, don’t break the
build
Test early, test often
Proprietary & Confidential | All Rights Reserved | 181
Automation is key
179. /
Proprietary & Confidential | All Rights Reserved | 182
Sounds easy, what’s the catch?
There’s no silver bullet …
Management focus on Software
Security
DevSecOps is everyone’s
responsibility from CEO to developer
180. / Common Misconceptions
Testing is testing, the code still needs to be fixed!
If I just make the tool available to Developers they will make all of our Security Issues Disappear
No. Violation of a Law of Thermodynamics
‘The entropy of a system (Disorder) always increases unless outside energy is applied’
No. Violation of a Law of Physics
‘A body in motion will remain in motion unless acted upon by an outside force’
No. Violation of a Basic Law of Human Nature
‘What’s in it for me?’
181. / No such thing as a free beer
Proprietary & Confidential | All Rights Reserved | 184
IDEs
Source Code
Management Solutions
Build/CI Solutions
Defect Tracking
Dashboarding
Dev
OpsCLI, Web Services API
Data Export API
182. / 4 things to remember
Security is everyone’s business
Automate
Fix - Don’t be an Osterich
Have Fun
194. Copyright 2019 Trend Micro Inc.197
Need a new example for machine learning since this would be caught
by variant protection – Jon Oliver working on this example now.
195. Copyright 2019 Trend Micro Inc.198
Opcode
normalised
in graph
API calls –
displayed in
import table
220. Copyright 2019 Trend Micro Inc.223
How much money you expect to lose
in a year due to a certain threat.
221. Copyright 2019 Trend Micro Inc.224
• One platform for physical, virtual & cloud
environments.
• Automated protection and shielding of vulnerabilities
before a patch is issued.
• Supports your move to the cloud
• Offers protection in minutes with simplified
deployment and recommendation scans.
Try a free 30-day trial of Deep Security as a Service.
Takeaways
224. Data Protection | Web Security | CASB | NGFW | Advanced Malware Detection | Behavioral Analytics | Insider Threat | Email Security | Data Guard | Cross Domain
Use more cloud with CASB
Cloud security is different but not difficult with Forcepoint
“#CASB Dave” Barnett
Head of CASB EMEA