Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Symantec Data Loss Prevention 11 simplifies the detection and protection of intellectual property. Symantec’s market-leading data security suite features Vector Machine Learning, which makes it easier to detect hard-to-find intellectual property, and enhancements to Data Insight that streamline remediation, increasing the effectiveness of an organization’s data protection initiatives.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
With the increasing number of cyber-attacks and incidents seeming to occur weeks/months/years before discovery of breach, simply securing your perimeter is no longer enough to protect your most critical assets. Privacy breaches are averaging upwards of $200 per record and studies have shown at intellectual property infringement cost the average company $101.9 million in revenues.
Key points addressed include:
• The Impact of Cyber Crime on our Economy
• The Cost Companies are incurring due to Cyber Crime and Data Breaches
• Who are the threat actors?
• What makes up a Data Loss Prevention ecosystem?
• What does a Data Loss Prevention strategy do for me?
• Hidden Benefits of Data Loss Prevention
• Justifying a Data Loss Prevention Strategy
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Symantec Data Loss Prevention 11 simplifies the detection and protection of intellectual property. Symantec’s market-leading data security suite features Vector Machine Learning, which makes it easier to detect hard-to-find intellectual property, and enhancements to Data Insight that streamline remediation, increasing the effectiveness of an organization’s data protection initiatives.
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
With the increasing number of cyber-attacks and incidents seeming to occur weeks/months/years before discovery of breach, simply securing your perimeter is no longer enough to protect your most critical assets. Privacy breaches are averaging upwards of $200 per record and studies have shown at intellectual property infringement cost the average company $101.9 million in revenues.
Key points addressed include:
• The Impact of Cyber Crime on our Economy
• The Cost Companies are incurring due to Cyber Crime and Data Breaches
• Who are the threat actors?
• What makes up a Data Loss Prevention ecosystem?
• What does a Data Loss Prevention strategy do for me?
• Hidden Benefits of Data Loss Prevention
• Justifying a Data Loss Prevention Strategy
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Frameworkcentralohioissa
From this presentation you will learn:
· A brief history of encryption
· How encryption is now deployed in the enterprise
· Encryption and key management best practices to keep data safe
Data Loss Prevention technologies are needed to protect data coming into and leaving the organization. There are a number of problems and challenges with the many vendors supplying DLP technology. This presenation reviews some of the Myths around Data Loss Prevention.
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la informaciónSymantec LATAM
Be Aware Webinar Symantec
Maxímice su prevención hacia la fuga de la información
Nueva Versión Symantec DLP v 14.5
Únete a nuestra comunidad en Facebook y sigue nuestro calendario
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
All the essential information you need about DLP in one eBook.
As security professionals struggle with how to keep up with threats, DLP - a technology designed to ensure sensitive data isn't stolen or lost - is hot again. This comprehensive guide provides what you need to understand, evaluate, and succeed with today's DLP. It includes insights from DLP Experts, Forrester Research, Gartner, and Digital Guardian's security analysts.
What's Inside:
-The seven trends that have made DLP hot again
-How to determine the right approach for your organization
-Making the business case to executives
-How to build an RFP and evaluate vendors
-How to start with a clearly defined quick win
-Straight-forward frameworks for success
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
Discussion of if and how you can secure payments in the cloud. Covers the issue, compliance considerations, regulatory changes and their impact, and provides a rationale for using a cloud to decouple your payments processes from your legacy infrastructure.
Ted Gruenloh, Director of Operations, ECONET
The Role of Threat Intelligence and Layered Security for Intrusion Prevention
The term 'Threat Intelligence' is getting a lot of buzz these days, but what does it mean? And, more importantly, how can it help protect your network? In this presentation, we will attempt to answer these questions within the context of a layered security approach that integrates Threat Intelligence with existing security methodologies. We also attempt to demonstrate how Threat Intelligence can improve a network's defenses at the perimeter and allow administrators to gain more visibility on the inside.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...Andris Soroka
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
Get an inside look at practical examples of how hackers target control systems networks from the recent Lunch and Learn event put on by Infonaligy and Flexware Innovation.
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Data Loss Prevention technologies are needed to protect data coming into and leaving the organization. There are a number of problems and challenges with the many vendors supplying DLP technology. This presenation reviews some of the Myths around Data Loss Prevention.
Be Aware Webinar Symantec-Maxímice su prevención hacia la fuga de la informaciónSymantec LATAM
Be Aware Webinar Symantec
Maxímice su prevención hacia la fuga de la información
Nueva Versión Symantec DLP v 14.5
Únete a nuestra comunidad en Facebook y sigue nuestro calendario
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
All the essential information you need about DLP in one eBook.
As security professionals struggle with how to keep up with threats, DLP - a technology designed to ensure sensitive data isn't stolen or lost - is hot again. This comprehensive guide provides what you need to understand, evaluate, and succeed with today's DLP. It includes insights from DLP Experts, Forrester Research, Gartner, and Digital Guardian's security analysts.
What's Inside:
-The seven trends that have made DLP hot again
-How to determine the right approach for your organization
-Making the business case to executives
-How to build an RFP and evaluate vendors
-How to start with a clearly defined quick win
-Straight-forward frameworks for success
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
Discussion of if and how you can secure payments in the cloud. Covers the issue, compliance considerations, regulatory changes and their impact, and provides a rationale for using a cloud to decouple your payments processes from your legacy infrastructure.
Ted Gruenloh, Director of Operations, ECONET
The Role of Threat Intelligence and Layered Security for Intrusion Prevention
The term 'Threat Intelligence' is getting a lot of buzz these days, but what does it mean? And, more importantly, how can it help protect your network? In this presentation, we will attempt to answer these questions within the context of a layered security approach that integrates Threat Intelligence with existing security methodologies. We also attempt to demonstrate how Threat Intelligence can improve a network's defenses at the perimeter and allow administrators to gain more visibility on the inside.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...Andris Soroka
Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
Get an inside look at practical examples of how hackers target control systems networks from the recent Lunch and Learn event put on by Infonaligy and Flexware Innovation.
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Certes webinar securing the frictionless enterpriseJason Bloomberg
Join Jason Bloomberg, President of Intellyx and contributor to Forbes and Satyam Tyagi, CTO for Certes Networks as they explore securing the frictionless enterprise.
- The Dark Side of the Frictionless Enterprise
- The Limitations of Network Segmentation
- Borderless Enterprises Require Borderless Security
- Crypto-Segmentation: Security in a Post-Trust World
- Certes Networks CryptoFlows
- Crypto-Segmentation with CryptoFlows
Too Small to Get Hacked? Think Again (Webinar)OnRamp
SMBs are a major target in today’s threat landscape since larger organizations have invested in security measures in the last couple of years. Find out how much your data is worth and the best way to safeguard those assets from our experts.
According to StaySafeOnline.org, attacks on SMBs account for over 70% of data breaches, a figure that is on the rise. Sophisticated digital criminals easily exploit businesses with limited security budgets, outdated security controls, and untrained employees. Not to mention, insider threats are becoming more prevalent. Each security incident costs SMBs a loss of $120k, on average. So what can you do about it?
Data security requires implementing the right technology, people, and processes. Like many SMBs, you may see the value in security, but may not be sure where to start. Join our panel of experts in this educational webinar to find out what steps you can take to protect your business today and its valuable assets. We’ll review current trends in attack methods, how to determine what to protect, and what methods are best suited for your objectives.
Takeaways and Learning Objectives
Find out what threats are most common today and how to prevent them.
Get actionable tips on how to protect your business in the short-term and long-term, despite budget and resource constraints.
Get clarity on data security best practices, including tools, policies, processes and developing a culture of security.
It's a Who, What, Where and Why behind cyber risk in today's modern era - how data breaches happen, why they happen, and what you can do to address them.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically.
The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore.
Join Certes Networks and Intellyx for a webinar to explore:
What factors are driving the expansion of the attack surface?
What types of attacks and exploits are taking advantage of these changes?
How are segmentation techniques and access controls evolving in response?
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges.
The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure.
In this webcast SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs.
The presentation encompasses:
• An overview of the CIS Critical Security Controls, including ongoing updates
• Success patterns organizations have demonstrated for using the controls to their advantage
• How an automation can reduce the staffing load to determine whether controls are in place and effective
• How to prioritize remediation efforts
• Real-world examples of recent attacks that leveraged misconfigured systems
Watch the on-demand webcast: https://goo.gl/j6Posx
Similar to Beware the Firewall My Son: The Workshop (20)
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
2. Who Am I?
• Michele Chubirka, aka Mrs. Y.
• Senior security architect.
• Blogs and hosts Healthy
Paranoia, information security
podcast channel of
Packetpushers.
• Researches and pontificates on
topics such as security
architecture and best practices.
3. Agenda
•
•
•
•
•
•
•
Firewall State of the Union
Current Architectural Models
Challenges
Security Vs. Compliance
Design Recommendations
Case Study
Overcoming Barriers
6. WHY?
What’s the big deal, can’t I just install a
firewall to protect my organization?
7. Recent Findings: Trustwave and Verizon
•
•
•
Customer records make up 89% of
breached data.
92% of breaches come from outsiders.
76% of intrusions utilize weak or stolen
credentials.
8. Death of AV?
• In 2012, SANS and Bruce Schneier publicly criticized
effectiveness of anti-malware protection.
• According to Mikko Hypponen of F-Secure:
“Stuxnet went undetected for more than a year after it
was unleashed in the wild, and was only discovered
after an antivirus firm in Belarus was called in to look
at machines in Iran that were having problems.”
9. Are You Depressed Yet?
The most common password used by
organizations is “Password1” because it
satisfies the default Microsoft Active
Directory complexity setting.
10. Trustwave 2012 Global Security
Report
Only 16% of
compromises
were selfdetected and
attackers had
an average of
173.5 days
before
detection.
11. Verizon Data Breach Report 2013
“…three-quarters of breaches
are of low or very low difficulty
for initial compromise, and the
rest land in the moderate
category.”
15. Verizon Data Breach Report 2013
“When you consider the methods used by attackers
to gain a foothold in organizations—brute force,
stolen creds, phishing, tampering—it’s really not all
that surprising that none receive the highly difficult
rating. Would you fire a guided missile at an
unlocked screen door?”
16. High Profile Attacks
• Major news media organizations compromised.
• DDoS attacks against financial institutions.
• Breach of credit card processor Global Payments
went undetected for over a year with 7 million
accounts compromised.
• Prominent defense contractors penetrated via
information stolen from RSA Security.
Do you think they had firewalls?
17. "The entire security industry is wired so
that the oldest and least effective methods
will profit most….”
Josh Corman, Director of Security
Intelligence at Akamai, the content delivery
network.
18. Why Do We Say We Use Firewalls?
• Infosec design “best practice.”
• Because compliance rules and auditors say so.
• To protect data, applications, servers and users
from attacks.
19. Why Do We Really Use Firewalls?
FUD
(Fear, Uncertainty and Doubt)
20. Why Do We Still Use Firewalls?
According to Infoworld’s Roger Grimes, they “…
need to go away.”
•Most attacks are client-side (http and https) and
can bypass the firewall rules.
•Network choke-points.
•Rules are a mess, often breaking access.
•Management is difficult, at best.
•More of a problem than a solution.
21. Why Do You Hate Firewalls?
I don’t hate
firewalls.
I hate how we use
them.
22. April Fool’s RFC 3514
Firewalls [CBR03], packet filters, intrusion
detection systems, and the like often have difficulty
distinguishing between packets that have
malicious intent and those that are merely unusual.
The problem is that making such determinations is
hard. To solve this problem, we define a security
flag, known as the "evil" bit, in the IPv4 [RFC791]
header.
23. April Fool’s RFC 3093
We propose the Firewall Enhancement Protocol
(FEP).… Our methodology is to layer any
application layer Transmission Control
Protocol/User Datagram Protocol (TCP/UDP)
packets over the HyperText Transfer Protocol
(HTTP) protocol, since HTTP packets are typically
able to transit Firewalls. … FEP allows the best of
both worlds: the security of a firewall, and
transparent tunneling through the firewall.
27. Definitions Con’t
Firewall
From The Oxford American Dictionary:
A wall or partition designed to inhibit or prevent
the spread of fire. Any barrier that is intended to
thwart the spread of a destructive agent.
A firewall does not prevent a fire.
28. So rested she by
the DMZ,
And stood
awhile in
thought.
30. Typical Network Security Segmentation
INET : Public facing, the internet.
CORP : Corporate network, your user community.
DATA : Database systems
APP: Applications
DMZ : Anything requiring public access; web-front ends,
mail, DNS
MGMT : management segment
PCI or other compliance standards are usually wedged in
somewhere as an afterthought.
31. Typical Data Classification Model
•
•
•
•
Routine or Public
Sensitive
Private
Business-Critical or Confidential
32. Routine or Public
Information not presenting a risk to the business if it
were compromised. The lowest degree of protection.
Examples
•Master list of projects
•Employee names associated with public projects or
documents
33. Sensitive
Information not of specific value to an attacker, but it
might provide information that could be useful in an
attack.
Examples:
•Details of a project
•Employee email addresses
•Types of applications used internally
34. Private
Personal information that the organization is required
to keep secure, either by regulation or to maintain the
confidence of its customers. Disclosure could impact
reputation of company.
Examples:
•Credit card information
•Medical data
35. Business-Critical or Confidential
Internal data containing details about how the
organization operates its business. Could affect the
organization's competitive advantage or have a
financial impact if it were compromised.
Examples:
•Intellectual property
•Source code
37. And, as in
uffish thought
she stood,
The firewall,
with eyes of
flame,
38. Data Owner
Member of the management team who makes
decisions regarding data and is ultimately responsible
for ensuring its protection.
39. Data Custodian
Individual, usually in the security department, who is
a delegate appointed by the data owner to oversee
the protection of data. The responsibilities of this role
could also be divided between various roles in an
operations team.
40. The Challenge
• The data owner is responsible for classifying
information within an organization.
• A Security team is responsible for managing the
technical or logical controls for accessing data.
• They are data custodians for the data owners.
• The challenge is to ensure that they closely
align the network security segmentation design
with an information classification matrix.
42. Security Vs. Compliance
• Adherence to PCI-DSS, SOX, HIPAA or any other
compliance standard does not equate to
organizational security.
• Compliance is conformance to a standard dictated
by a governing body.
43. Definitions
Compliance - the act of conforming, acquiescing, or yielding. A
tendency to yield readily to others, especially in a weak and
subservient way. Conformity; accordance: in compliance with
orders. Cooperation or obedience.
From The American Heritage Dictionary
44. Definitions
Security - freedom from danger, risk, etc.; safety.
Freedom from care, anxiety, or doubt; well-founded
confidence. Something that secures or makes safe;
protection; defense. Precautions taken to guard against
crime, attack, sabotage, espionage, etc.
From The American Heritage Dictionary
49. One, two! One,
two! And
through and
through
The vorpal
blade went
snicker-snack!
50. Elements of a Good Security Design
• Well-documented data classification model
• Business service catalog
• Technical service catalog
51. Information Classification Best Practices
• Data represents the digital assets of a company.
• Different data has varying levels of value, organized
according to sensitivity to loss, disclosure, or unavailability.
• Data is segmented according to level, then security controls
are applied.
• An information classification matrix represents the
foundation of a security design.
For additional information, see “Understanding Data
Classification Based On Business and Security
Requirements” by Rafael Etges and Karen McNeil
52. The Goal: Enterprise Security Architecture
• Integration of security into the enterprise
architecture.
• Design driven by business needs.
• Built in, not bolted on.
• Utilize frameworks or models such as:
OSA (Open Security Architecture)
SABSA (Sherwood Applied Business
Security Architecture)
53. Definition
Security Architecture
“…the art and science of designing and supervising the
construction of business systems, usually business
information systems, which are: free from danger,
damage, etc.; free from fear, care, etc.; in safe
custody; not likely to fail; able to be relied upon; safe
from attack.”
From Enterprise Security Architecture: A
Business-Driven Approach
54. OSA Design Principles
The design artifacts that describe how the security controls (=
security countermeasures) are positioned, and how they relate to
the overall IT Architecture.
55. A New and Improved DMZ Sandwich
http://www.opensecurityarchitecture.org/cms/images/OSA_ima...
AU-02 Auditable Events
AU-03 Content Of Audit
Records
AU-04 Audit Storage
Capacity
AC-04 Information Flow
Enforcement
SC-10 Network Disconnect
AU-11
Audit Record
Retention
AC-06 Least Privilege
SC-23 Session Authenticity
AC-12 Session Termination
SI-03 Malicious Code
Protection
CM-07 Least Functionality
SI-08 Spam Protection
AU-10 Non-Repudiat ion
SC-05
Denial Of Service
Protection
AU-05 Response To Audit
Processing Failures
SI-06
Security
Functionality Verif..
AU-06 Audit Monitoring,
Analysis, And Repor..
SI-07 Software And
Information Integri..
AU-08 Time Stamps
AU-09 Protection Of Audit
Information
Proxy/Gateway/Web
-minimal services
-hardened configuration
-management/monitoring
by seperate network
interfaces/VLAN
Internal
Services
External
Services
Untrusted public network
e.g. Internet
Default rule: DENY ALL
Enable specific port
and IP addresses.
Stateful inspection and
DOS protection
Load balance/High
availability
External
Firewall
SC-07 Boundary Protection
Internal
Firewall
Bastion
Host
DNS
SC-20 Secure Name /
Address Resolution ..
IDS/IPS
Trusted network
e.g. CorpNet
Default rule: DENY ALL
Enable specific port
and IP addresses/ranges
Stateful inspection
System
SI-04 InformationTools An..
Monitoring
SC-21 Secure Name /
Address Resolution ..
SC-22 Architecture And Na..
Provisioning For
AC-07 Unsuccessful Login
Attempts
http://www.opensecurityarchitecture.org/c
ms/en/library/patternlandscape/286-sp-016dmz-module
OSA is licensed according to Creative Commons Share-alike.
Please see:http://www.opensecurityarchitecture.org/cms/about/license-terms.
AU-07 Audit Reduction And
Report Generation
Actor: Security Operations
Configuration of
environment
Monitoring and response
to emerging threats
CA-03 Information System
Connections
CA-04 Security
Certification
CA-05 Plan Of Action And
Milestones
RA-05 Vulnerability
Scanning
SI-05 Security Alerts And
Advisories
57. SABSA Model
Contextual Layer – Business policymaking, risk assessment,
requirements collection and specification.
Conceptual Layer – Programs for training and awareness,
business continuity, audit/review, process development,
standards and procedures.
Logical Layer – Security policymaking, classification,
management of security services, audit trail monitoring.
Physical Layer – Development and execution of security rules,
practices and procedures.
Component Layer – Products, technology, evaluation and
selection of standards and tools, project management.
60. Form Follows Function
•What's the purpose of the structure? Who must it
serve?
•What's the environment like? Is it closed or open?
What is the context?
•Complex or simple? Think of the technical environment
and the capabilities of those involved.
61. Definitions
Defense-in-depth
According to the Committee on National Security
Systems Instruction No. 4009, National Information
Assurance Glossary, it is defined as:
IA [information assurance] strategy integrating
people, technology, and operations capabilities to
establish variable barriers across multiple layers
and dimensions of networks.
63. Multi-Layered Security
1. Information Assets
2. Data Security
3. Application Software Security
4. System Software Security
5. Hardware Security
6. Physical Security
7. Procedures, Training, Audit, Business Continuity
8. Policy
It is like an onion!
65. Security as an enabler of
business, not a roadblock.
“Consider the brakes on a car…. having better brakes
enables the car to be driven at much higher speeds,
because the driver now has the confidence that if the
need arises, braking will be fast and efficient.”
From Enterprise Security Architecture: A
Business-Driven Approach
66. She left it dead, and with its NAT
policy, she went galumphing back.
67. Implementing Good Network
Segmentation: Phase One
1. Establish a new network segmentation model, based upon
some of the existing or implicit standards from your
security team.
2. Verify that this will meet current compliance needs,
proactively.
3. Document this fully and get sign off, so that there is an
agreed upon model or standard for all divisions.
4. Build new systems and networks on this design, migrating
legacy systems where possible with minimal impact to
customers and when required for compliance.
68. Implementing Good Network
Segmentation: Phase Two
1. Build a business and service technical catalog, then a full
data classification matrix.
2. Develop the next generation of network segmentation
based upon the data classification matrix.
3. Document this fully, so that there is an agreed upon
model or standard.
Implementation of phase one, will make phase two feasible.
The goal is a thoughtful design that meets the needs of all
customers and divisions within an organization.
69. Case Study: Recovery from PCI-DSS
Audit Failure
1.
2.
3.
4.
Inventory of the cardholder data environment (CDE).
Data classification.
User classification.
Proposed segmentation based upon the intersection
of users and data.
5. Documentation of business rules.
Warning:
You will experience PCI scope creep. Think of anything
touching the CDE as contaminated and plan
accordingly.
72. A NEW KIND OF INGRATITUDE
Who gets rewarded, the central banker who avoids a
recession or the one who comes to "correct" his
predecessors' faults and happens to be there during
some economic recovery?
...everybody knows that you need more prevention than
treatment, but few reward acts of prevention. …We
humans are not just a superficial race (this may be
curable to some extent); we are a very unfair one.
-from “The Black Swan” by Nassim Taleb
73. Selling the Design
• The WAY we present information is just as important
as WHAT we present.
• In the first few minutes we interact with someone,
we’re being assessed for our potential to provide
reward or punishment.
74. The Threat Response
• Cortex receives input.
• Limbic system, the emotional area, and prefrontal
cortex (the executive or evaluator of the brain)
take in data simultaneously.
• Amygdala, responsible for emotional response and
memory, acts as an alarm activating fight/flight
response if threat is perceived.
• Sympathetic nervous system sets up organs and
muscles for fight/flight response.
75. Key Concepts
• The limbic system is an “open loop,” influenced by
other people’s emotions, aka mirror neurons. Also
known as emotional contagion.
• The brain has a negativity bias because the limbic
system is quicker than the prefrontal cortex at
perceiving and analyzing potential threats.
• Traumatic experiences are “stickier” than positive,
happy experiences, i.e. harder to un-map.
76. No Escape From Threat
• Most of us are in a permanent state of cortisol
overload due to the constant stressors of modern life
and the fact that stress hormones stay in the body
for hours.
• This decreases intellectual capacity, memory
capacity and lowers impulse control.
• Stress makes you stupid.
77. Amygdala Hijack
Intense and immediate emotional reaction, followed
by the understanding that it was inappropriate.
78. Examples
• I thought that stick on the ground was a snake!
• I don’t like you or I’m bored, so I won’t cooperate or
listen to what you have to say.
• That guy who cut me off in traffic was trying to kill
me!
• Why were you so insulting to me in that email
yesterday? (studies show there’s a negativity bias in
email.)
79. Thin Slicing: Bedside Manner
• In an analysis of malpractice lawsuits, there was no
correlation between the number of mistakes by
doctors and how many lawsuits were filed against
them.
• In studies, psychologists were able to predict which
doctors would be sued more by analyzing the
amount of time spent with patients and if the tone of
their voices sounded “concerned.”
80. Mirror Neurons
Marie Dasborough observed two groups:
•One group was given negative feedback accompanied
by positive emotional signs, nods and smiles.
•Another was provided positive feedback that was
delivered using negative emotional cues, frowns and
narrowed eyes.
81. Entrainment
• Those who received the positive feedback
accompanied by negative emotional signs reported
that they felt worse than participants who received
negative feedback given with positive emotional
cues.
• Delivery was more important than the message.
• This is similar to a phenomenon known in physics as
entrainment.
82. Conflict Avoidance != Conflict
Resolution
“…conflicts are like fish, and if you put this fish under
the table, what happens after a while? It starts to
smell.”
- George Kohlrieser
By addressing conflict through respectful methods,
opposition can be transformed into an engaged
dialogue.
84. Operational Security To Do List
• Focus on containment.
• Improve standardization and documentation.
• Gather metrics. If you can’t measure, you can’t
demonstrate value.
• Visibility and monitoring (and no, that doesn’t
mean email alerts).
• Consistently audit access.
• Emphasize a proactive over reactive posture.
• Be a partner to the business.
88. Where Am I?
Spending quality time in kernel mode practicing and
refining my particular form of snark.
www.healthyparanoia.net
Twitter @MrsYisWhy
Google+ MrsYisWhy
networksecurityprincess@gmail.com
chubirka@packetpushers.net
http://www.networkcomputing.com/blogs/author/Mich
ele-Chubirka
89. References
Covert, Edwin. Using Enterprise Security Architecture S to Align
Business Goals and IT Security within an Organization. Tech.
Columbia: Applied Network Solutions, n.d. Print.
Gladwell, Malcolm. Blink: The Power of Thinking without Thinking. New
York: Little, Brown and, 2005. Print.
Goleman, Daniel, and Richard Boyatzis. "Social Intelligence and
Biology of Leadership." Harvard Business Review (2008): n. pag. Web.
Goleman, Daniel. Working with Emotional Intelligence. New York:
Bantam, 1998. Print.
Grimes, Roger. "Why You Don't Need a Firewall." InfoWorld. N.p., 15
May 2012. Web. 15 May 2012.
<http://www.infoworld.com/d/security/why-you-dont-need-firewall193153?page=0,1>.
Harris, Shon. CISSP Exam Guide. Berkeley, CA: Osborne, 2012. Print.
90. References Con’t
Krebs, Brian. "Krebs on Security." Krebs on Security RSS. N.p., 1 May 2012. Web.
16 Apr. 2013. <http://krebsonsecurity.com/2012/05/global-payments-breachwindow-expands/>.
Krebs, Brian. "Krebs on Security." Krebs on Security RSS. N.p., 17 May 2012. Web.
16 Apr. 2013. <http://krebsonsecurity.com/2012/05/global-payments-breachnow-dates-back-to-jan-2011/>.
Lee, Rob. "Blog." Is Anti-Virus Really Dead? A Real-World Simulation Created for
Forensic Data Yields Surprising Results. SANS, 9 Apr. 2012. Web. 16 Apr. 2013.
http://computer-forensics.sans.org/blog/2012/04/09/is-anti-virus-really-dead-areal-world-simulation-created-for-forensic-data-yields-surprising-results.
"Open Security Architecture." Open Security Architecture. N.p., n.d. Web. 17 Apr.
2013.
Plato, Andrew. "Analysis of the Palo Alto Cache Poison Issue." Anitian Blog. Antian
Security, 3 Jan. 2013. Web. 16 Apr. 2013.
"SABSA." SABSA. N.p., n.d. Web. 17 Apr. 2013.
91. References Con’t
Sherwood, John, Andrew Clark, and David Lynas. Enterprise Security Architecture: A
Business-driven Approach. San Francisco: CMP, 2005. Print.
Trustwave 2012 Global Security Report. Rep. Trustwave, 2012. Web.
Verizon 2013 Data Breach Investigations Report. Rep. Verizon, 2013. Web.
Wan, William, and Ellen Nakashima. "Report Ties Cyberattacks on U.S. Computers to
Chinese Military." Washington Post. The Washington Post, 19 Feb. 2013. Web. 16 Apr.
2013. <http://www.washingtonpost.com/world/report-ties-100-plus-cyber-attacks-onus-computers-to-chinese-military/2013/02/19/2700228e-7a6a-11e2-9a75dab0201670da_story.html>.
Zetter, Kim. "RSA Agrees to Replace Security Tokens After Admitting Compromise."
Wired.com. Conde Nast Digital, 05 June 0011. Web. 16 Apr. 2013.
<http://www.wired.com/threatlevel/2011/06/rsa-replaces-securid-tokens/>.
Editor's Notes
Or , to make it simpler:
Why, What, How.
Break it down into three sections.
Why do I need a three hour session on firewalls?
If it were really that easy, we wouldn’t be here right?
Anyone have any horror stories?
Trustwave 2012 Global Security Report and Verizon Data Breach Report 2013
His conclusion is simply that the attackers -- in this case, military intelligence agencies -- are simply better than commercial-grade anti-virus programs.
Personally, I play a game. I’ll download a suspicious file without opening it onto various operating systems. Then I’ll wait to see how long it takes for each AV product to alert me that it’s got malware. Sometimes it’s a day, but often it’s a week.
Trustwave 2012 Global Security Report
Contributors to Verizon Data Breach Report:
“The list of partners is not only lengthy, but also quite diverse, crossing international and public/private lines . It’s an interesting mix of law enforcement agencies, incident reporting/handling
entities, a research institution, and other incident response (IR)/forensic service firms .
What’s more, these organizations contributed a huge amount of data to the report . All told, we have the privilege of setting before you our analysis of more than 47,000 reported security incidents and 621 confirmed data breaches from the past year . Over the entire nine-year range of this study, that tally now exceeds 2,500 data breaches and 1 .1 billion compromised records . “
Australian Federal Police (AFP)
www .afp .gov .au/policing/cybercrime
CERT Insider Threat Center at the Carnegie Mellon University Software Engineering Institute (CERT)
www .cert .org/insider_threat/index .html
Consortium for Cybersecurity Action (CSIS control mapping)
www .sans .org/critical-security-controls/
Danish Ministry of Defence, Center for Cybersecurity
www .fmn .dk/Eng/Pages/Frontpage .aspx
Danish National Police, NITES (National IT Investigation Section)
www .politi .dk/en/servicemenu/home/
Deloitte
www .deloitte .com
Dutch Police: National High Tech Crime Unit (NHTCU)
www .politie .nl
Electricity Sector Information Sharing and Analysis Center (ES-ISAC)
www .esisac .com/SitePages/Home .aspx
European Cyber Crime Center (EC3)
www .europol .europa .eu/ec3
G-C Partners, LLC
www .g-cpartners .com/
Guardia Civil (Cybercrime Central Unit)
www .gdt .guardiacivil .es
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
ics-cert .us-cert .gov/ics-cert/
Irish Reporting and Information Security Service (IRISS-CERT)
Malaysia Computer Emergency Response Team (MyCERT), CyberSecurity Malaysia
www .mycert .org .my/en/
National Cybersecurity and Communications Integration Center (NCCIC)
www .us-cert .gov/nccic/
ThreatSim
threatsim .com
U .S . Computer Emergency Readiness Team (US-CERT)
www .us-cert .gov/
U .S . Secret Service
www .secretservice .gov
Verizon
www .verizonenterprise .com
“WHILE IT MIGHT BE DIFFICULT TO DETECT, POSITIVELY IDENTIFY, AND RESPOND TO AN INTRUSION WITHIN SECONDS OR MINUTES, OUR ABILITY TO DO SO SHOULD OSTENSIBLY INCREASE THE LONGER THEY POKE AROUND OUR INTERNAL NETWORKS. BUT UNFORTUNATELY, WE’RE NOT REALLY SEEING THAT IMPROVEMENT.”
http://www.infoworld.com/print/193153
Why you don't need a firewall
By Roger A. Grimes
Created 2012-05-15 03:00AM
Firewalls need to go away. I'm just saying what we all already know. Firewalls have always been problematic, and today there is almost no reason to have one.
Computer firewalls have been with us since the 1980s. Even early on it was pretty clear that they didn't really work; if they did, we would have defeated malicious hackers and malware a long time ago. But at least back in the day there was a decent reason to need them.
[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive [1]" PDF guide. | Keep up with key security issues with the Security Central newsletter [2]. ]
A vestigial defenseFor nearly three decades, remote buffer overflows were the most dreaded tool in the hacker's arsenal. Simply find an open listening port running a vulnerable service, pile in executable code, and -- voila! -- your buffer overflow exploit gained you complete system access.
That's hardly ever true anymore. The number of truly remote buffer overflows -- the ones you can point at a listening service and pull the trigger, such as SQL Slammer or MS-Blaster -- are dwindling and nearly gone. Ask Microsoft: Since the release of Microsoft Windows Server 2003 in April of that year, Microsoft Windows has had only a handful of truly remote buffer overflows. This is out of literally thousands of different versions of Microsoft services over nine years. (Note: Most of today's so-called remote buffer overflows require local human interaction to be successful, which does not qualify it as a remote exploit in my book.)
It's simply harder to pull of any buffer overflow today, much less a remote buffer overflow. Microsoft and other vendors have significantly improved the quality of the code and provided excellent proactive memory protections, including DEP (data execution prevention), ASLR (address space layout randomization), canary stack values, and chip-level NX/XD hardware protections. Even if you pull off a buffer overflow against a service, fewer of them are running as local system or root.
Worse than a boat anchorFirewalls tend to be horribly managed. Almost no one reads the logs or responds to the events recorded. Who can blame us? The average firewall produces thousands of warning messages every hour. Who can find the valuable, actionable information in all that noise? Not me -- nor any firewall administrator I've ever met.
Worse, when I review firewalls, almost all of them seem to have horrible rule sets. I find so many firewalls with "ANY ANY" rules that defang the protection, it doesn't faze me anymore. Again, I'm not sure I can always blame the poor, misguided souls that have created those rules. Firewalls seem to interrupt many legitimate operations, and I know the frustration that led to those rules.
I've been there: "Just open the firewall up and let's see if that's causing the problem. Oh, that worked. OK, we'll get that app running, then come back and fix the firewall later." I'd be lying if I said this didn't happen once or twice in my career when I was a network administrator. These days, I have a hard time doing security reviews, patching, or other legitimate network management due to firewall problems.
Plus, in over 20 years, I've never reviewed a hardware firewall that had up-to-date firmware. They all contained public vulnerabilities that would allow attackers to get in only if they tried. It's ironic. The device that's supposed to protect the castle is a bridge across the moat.
Familiar routesOne of the biggest reasons why firewalls don't matter is how every app and service being developed today works over either port 80 or 443, two ports you can't and never could block. The bad guys know this, and many years ago, they coded their hacking tools and malware to work over those same ports. If you find a malicious program that doesn't work over those two ports, I'll show you an old program or one that doesn't survive long in the wild.
The smart hacker money has been sailing through the guaranteed open firewall ports for many years. Today, 99 percent of all successful attacks are client-side attacks, in which the end-user runs something he or she shouldn't -- and in those cases, the firewall doesn't help at all.
But the real test of whether or not firewalls have any value is whether or not PCs with firewalls get hacked less than PCs with firewalls. This used to be true -- but it hasn't been true for a long time.
Firewall farewellStill don't believe firewalls are going away? In truth, that process is already happening.
We all know that most future computing devices will not be traditional desktop or laptop computers. Do you think that our pad devices, smartphones, mobile devices, and computer-enabled TVs are going to have firewalls -- or that their users that will understand firewalls well enough to configure them, especially when the firewall admin experts of our current networks can't do it? Please! In the future, which is now, firewalls are already dead.
True, in a perfect world, firewalls would have real value. The recent Remote Desktop Protocol exploit [3] is a case in point: Microsoft recommended that affected clients block RDP port 3389 at perimeter firewalls as one of their protective work-arounds. But everyone I know, instead, installed the emergency patch. They didn't reconfigure the firewalls blocking port 3389. They did something else. This has been the case for every similar sort of exploit over the last decade.
Heck, even when we block attacks at the firewall, the defense doesn't work. One of the most destructive worms in the past decade was MS-Blaster [4]. Initially, everyone relaxed because the port that MS-Blaster attack was blocked by nearly every perimeter firewall by default. A day later, every network in existence was infected by MS-Blaster. It turns out that perimeter firewalls have less value when you're riddled with infected mobile devices, VPNs, and other permeable holes laying open the false security that has always been granted by firewalls.
The cost of having a firewall simply outweighs the benefits. Me? I've known for a long time that firewalls were dead. It's just a matter of time until they disappear.
Wouldn’t it be great if attackers set this bit out of courtesy for security engineers? Don’t they read RFCs?
http://www.ietf.org/rfc/rfc3514.txt
http://en.wikipedia.org/wiki/Evil_bit
Wonder if someone has done this for IPv6?
https://tools.ietf.org/html/rfc3093
Internet Transparency via the end-to-end architecture of the Internet has allowed vast innovation of new technologies and services [1]. However, recent developments in Firewall technology have altered this model and have been shown to inhibit innovation. We propose the Firewall Enhancement Protocol (FEP) to allow innovation, without violating the security model of a Firewall. With no cooperation from a firewall operator, the FEP allows ANY application to traverse a Firewall. Our methodology is to layer any application layer Transmission Control Protocol/User Datagram Protocol (TCP/UDP) packets over the HyperText Transfer Protocol (HTTP) protocol, since HTTP packets are typically able to transit Firewalls. This scheme does not violate the actual security usefulness of a Firewall, since Firewalls are designed to thwart attacks from the outside and to ignore threats from within. The use of FEP is compatible with the current Firewall security model because it requires cooperation from a host inside the Firewall. FEP allows the best of both worlds: the security of a firewall, and transparent tunneling through the firewall.
So why have we come to believe that firewall technology will prevent an attack?
I thought security was supposed to be like an onion, not a sandwich. Do you feel protected by your BLT? Which one looks more appetizing?
Anyone notice anything? The two do *not* align. They’re also fairly generic, without any consideration of the specifics to a business.
Anyone else notice that these two don’t seem to overlap? How do you map one to the other?
Who is the data owner?
These are two entirely different things, no?
Maybe a quikmeme from Blue Velvet?
Pick your battles.
The catalog you provide to your customer is a Business catalog. Once a customer orders something, you, as a service provider must fulfill that request. You have a catalog of services needed to fulfill orders, this becomes your Technical catalog. Your customer may not need to know exactly how you fulfill their order, just that they get it delivered fast and efficiently.
ITIL defines two different aspects of an organization's service catalog, which in practice can be two separate initiatives:
Business Service Catalog ~ Defines services delivered to all end users within an organization, e.g. ordering a new laptop.
Technical Service Catalog ~ Audience is generally internal IT staff and IT management. Defines the IT components necessary to support the provisioning of services to end users, e.g. hosting, network backup, security, etc. These services should not be included in the business user view.
Today, it is accepted that the Business Service Catalog should be an online web store that all users visit to order any IT service. The Technical Service Catalog should be integrated with your CMDB and should be viewed by internal IT staff and management. Business users don't need to see all this underlying detail.
The Business Service Catalog contains services that customers need and use as seen from their perspective. It should not be confused with a configuration management database (CMDB), though they should integrate. A view of the CMDB may constitute a Technical Service Catalog.
The design artifacts that describe how the security controls (= security countermeasures) are positioned, and how they relate to the overall IT Architecture. These controls serve the purpose to maintain the system’s quality attributes, among them confidentiality, integrity, availability, accountability and assurance.
Template courtesy OSA.
You’ll notice that the design is driven by PRINCIPLES, not solutions.
http://en.wikipedia.org/wiki/Form_follows_function
The American architect, Louis Sullivan, Greenough's much younger compatriot, who admired rationalist thinkers like Greenough, Thoreau, Emerson, Whitman and Melville, coined the phrase in his article The Tall Office Building Artistically Considered in 1896 (some fifty years after Greenough's death). Here Sullivan actually said "form ever follows function", but the simpler (and less emphatic) phrase is the one usually remembered. For Sullivan this was distilled wisdom, an aesthetic credo, the single "rule that shall permit of no exception". The full quote is thus:
"It is the pervading law of all things organic and inorganic, of all things physical and metaphysical, of all things human and all things superhuman, of all true manifestations of the head, of the heart, of the soul, that the life is recognizable in its expression, that form ever follows function. This is the law."[2]
Eric M. Hutchins, Michael J. Cloppert, Rohan M. Amin, Ph.D of Lockheed Martin in their paper, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,”
The phrase “kill chain” describes the structure of the intrusion, and the corresponding model guides analysis to inform actionable security intelligence.