SlideShare a Scribd company logo

Csa UK agm 2019 - Chris J Hodson - Visibility in the cloud

Download as PPTX, PDF
Cloud Security Alliance, UK chapter
Cloud Security Alliance, UK chapter

Chris Hodson

Engineering
1 of 27
Visibility and Control in the Cloud Achieving Security Equivalency
Chris Hodson | CISO, EMEA >whois @ChrisHInfosec
Organisational Perceptions of Cloud Contemporary Technology Paradigms
©2019 Tanium. All rights reserved. 4 The CIO & CISO View “Bridging the Resilience Gap” • Two phased study released early 2019 • Aim to understand exactly how organizations are addressing technology-based disruption, • Phase 1 – Involved over 4,000 business decision-makers working in the to understand the barriers to achieving resilience against disruption. • Phase 2 - Explored the IT security and operational trade-offs that more than 500 CIOs and CISOs face when it comes to protecting their business from a growing number of cyber threats and other disruptions. Both phases of our study clearly show that a new approach is needed! See: https://www.tanium.com/resources/endpoint-management-for-security-and-business-resilience/
of respondents reported ‘poor visibility of entry points’ was a significant challenge to true business resilience Data provided: Tanium Resilience Gap Research Barriers to Business Resilience 24% Encryption Cloud Services Reliance on CMDB
©2018 Tanium. All rights reserved. 6 Hub and Spoke Fragile Infrastructure and Agents Slow Response Times – Days to Weeks HQMOBILE BRANCHIOT Direct to Internet
©2019 Tanium. All rights reserved. 7 Proven on the world's largest and most complex networks. FIREWALL Tanium Architecture Faster and more reliable than legacy platforms Scale without massive hardware investments Reduces reliance on congested WAN links Connect off-network machines (cloud, roaming) Single agent for all compute endpoints CLIENTS
Photos by Unknown Author are licensed under CC BY-SA-NC of respondents stated ‘growing organisational complexity’ as the biggest barrier to achieving business resilience Data provided: Tanium Resilience Gap Research 34%
©2019 Tanium. All rights reserved. 9 By Bartledan (talk), based on a file by User:Foofy - Public Domain, https://commons.wikimedia.org/w/index.php?curid=6907222
©2019 Tanium. All rights reserved. 10 Round
Demystifying the Risks of Cloud Computing An Academic Study
Clouds are like roads - they facilitate getting to your destination… Chris Hodson (Me), CIO Summit, Dublin, 2016 “ ”
©2018 Tanium. All rights reserved. 13 Cybersecurity Risk Equation – Back to Basics Cybersecurity System/Data Owner
©2018 Tanium. All rights reserved. 14 Actors, Events and Impact Cloud Computing
©2018 Tanium. All rights reserved. 15 Cloud ‘Risks’ Understanding the Landscape
©2018 Tanium. All rights reserved. 16 Cloud Threat and Vulnerability Categories Really?
©2018 Tanium. All rights reserved. 17 Cloud or Multitenancy?
©2018 Tanium. All rights reserved. 18 Could this happen to us? Qualifying Cloud Threat Scenarios
©2018 Tanium. All rights reserved. 19 Threat Profiling Multitenancy Exploitation | Phishing and Credential Theft | Windows Vulnerability Exploitation
Are all staff adequately trained in security awareness? How do we provide value to the DevOps community? How do I obtain visibility of public cloud consumption? How do I obtain visibility of all my endpoints? How quickly can we apply a break-glass patch or hunt for an indicator of compromise? What is the latest regulation we need to adhere to? How do I get my business units to care about their data in the cloud?
Talk Takeaways Pragmatic Cloud Guidance
Vivek Kundra, Former Federal CIO of the United States of America “Cloud computing is often far more secure than traditional computing, because companies like Google and Amazon can attract and retain cyber-security personnel of a higher quality than many governmental agencies”
©2018 Tanium. All rights reserved. 23 https://blogs.msdn.microsoft.com/cclayton/2011/06/07/standard-cloud-taxonomies-and- windows-azure/ Know your Cloud!
©2018 Tanium. All rights reserved. 24
©2018 Tanium. All rights reserved. 25
©2018 Tanium. All rights reserved. 26 Cyber Risk Management A Good Practice Handbook for Professionals “Cyber Risk Management clearly explains the importance of implementing a cyber security strategy and provides practical guidance for those responsible for managing threat events, vulnerabilities and controls, including malware, data leakage, insider threat and Denial-of-Service. Examples and cases 'from the field', including the Yahoo and Facebook breaches, add context throughout and emphasise the importance of communicating security and risk effectively, while implementation review checklists bring together key points at the end of each chapter. Cyber Risk Management analyses the innate human factors around risk and how they affect cyber awareness and employee training, along with the need to assess the risks posed by third parties. Including an introduction to threat modelling, this book presents a data-centric approach to cyber risk management based on business impact assessments, data classification, data flow modelling and assessing return on investment. It covers pressing developments in artificial intelligence, machine learning, big data and cloud mobility, and includes advice on responding to risks which are applicable for the environment and not just based on media sensationalism.”
Thank you Go make something awesome.

Recommended

News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413
GCCCYBER SECURITY
 
Slide Deck about Cybersecurity by Marcos Semola 2017
Slide Deck about Cybersecurity by Marcos Semola 2017Slide Deck about Cybersecurity by Marcos Semola 2017
Slide Deck about Cybersecurity by Marcos Semola 2017
Marcos Semola
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
Andrew Bycroft
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in Cybersecurity
Reading Works Detroit
 
12 Top Talks from the 2016 R-CISC Summit
12 Top Talks from the 2016 R-CISC Summit12 Top Talks from the 2016 R-CISC Summit
12 Top Talks from the 2016 R-CISC Summit
Tripwire
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on Security
Ina Luft
 
Think Cyber Think Resilience | William Barker | March 2016
Think Cyber Think Resilience | William Barker | March 2016Think Cyber Think Resilience | William Barker | March 2016
Think Cyber Think Resilience | William Barker | March 2016
Anna Fenston
 

Recommended

News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413News release 1 gcc cyber security - 150413
News release 1 gcc cyber security - 150413
GCCCYBER SECURITY
 
Slide Deck about Cybersecurity by Marcos Semola 2017
Slide Deck about Cybersecurity by Marcos Semola 2017Slide Deck about Cybersecurity by Marcos Semola 2017
Slide Deck about Cybersecurity by Marcos Semola 2017
Marcos Semola
 
Building Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital EconomyBuilding Cyber Resilience in the Digital Economy
Building Cyber Resilience in the Digital Economy
Agus Wicaksono
 
Journey to cyber resilience
Journey to cyber resilienceJourney to cyber resilience
Journey to cyber resilience
Andrew Bycroft
 
What Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in CybersecurityWhat Small Business Can Do To Protect Themselves Now in Cybersecurity
What Small Business Can Do To Protect Themselves Now in Cybersecurity
Reading Works Detroit
 
12 Top Talks from the 2016 R-CISC Summit
12 Top Talks from the 2016 R-CISC Summit12 Top Talks from the 2016 R-CISC Summit
12 Top Talks from the 2016 R-CISC Summit
Tripwire
 
Cyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on SecurityCyber Resilience: A New Perspective on Security
Cyber Resilience: A New Perspective on Security
Ina Luft
 
Think Cyber Think Resilience | William Barker | March 2016
Think Cyber Think Resilience | William Barker | March 2016Think Cyber Think Resilience | William Barker | March 2016
Think Cyber Think Resilience | William Barker | March 2016
Anna Fenston
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
seadeloitte
 
brochure
brochurebrochure
brochureAri Järvinen
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?
PECB
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)OCTF Industry Engagement
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
Bob Maley
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
Kevin Duffey
 
When thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksWhen thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacks
Sangram Gayal
 
Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...
IT Arena
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
seadeloitte
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic Security
Gareth Niblett
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
Phil Agcaoili
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
Christopher Dorobek
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
CDS_2015_PER(1)
CDS_2015_PER(1)CDS_2015_PER(1)
CDS_2015_PER(1)Syed Faizuddin Alim
 
e-Trust and cyber security
e-Trust and cyber security e-Trust and cyber security
e-Trust and cyber security
OneWebDay, Inc.
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 

More Related Content

What's hot

Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
seadeloitte
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?
PECB
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
John D. Johnson
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
Bob Maley
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
Kevin Duffey
 
When thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksWhen thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacks
Sangram Gayal
 
Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...
IT Arena
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
seadeloitte
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
IBM Security
 
BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic Security
Gareth Niblett
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
Phil Agcaoili
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
Christopher Dorobek
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
e-Trust and cyber security
e-Trust and cyber security e-Trust and cyber security
e-Trust and cyber security
OneWebDay, Inc.
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 

What's hot (20)

Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
 
brochure
brochurebrochure
brochure
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)CRI-Corporate-Profile (1)
CRI-Corporate-Profile (1)
 
2010 Sc World Congress Nyc
2010 Sc World Congress Nyc2010 Sc World Congress Nyc
2010 Sc World Congress Nyc
 
The Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber SecurityThe Security Director's Practical Guide to Cyber Security
The Security Director's Practical Guide to Cyber Security
 
When thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacksWhen thieves strike: Executive briefing on SWIFT attacks
When thieves strike: Executive briefing on SWIFT attacks
 
Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...Iurii Garasym. The future crimes and predestination of cyber security. Though...
Iurii Garasym. The future crimes and predestination of cyber security. Though...
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
BCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic SecurityBCS ITNow 201309 - Holistic Security
BCS ITNow 201309 - Holistic Security
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 
Improving cyber-security through acquisition
Improving cyber-security through acquisitionImproving cyber-security through acquisition
Improving cyber-security through acquisition
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
CDS_2015_PER(1)
CDS_2015_PER(1)CDS_2015_PER(1)
CDS_2015_PER(1)
 
e-Trust and cyber security
e-Trust and cyber security e-Trust and cyber security
e-Trust and cyber security
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 

Similar to Csa UK agm 2019 - Chris J Hodson - Visibility in the cloud

Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-RoundtableTMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
Laura Tibbo
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Silvia Cardona
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?
CIO Academy Asia Community
 
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012 Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Livingstone Advisory
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
Accenture Insurance
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
International Federation of Accountants
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
Akamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security reportAkamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security report
Yuriy Yuzifovich
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
WGroup
 
The Art of CyberSecurity in the Cloud
The Art of CyberSecurity in the CloudThe Art of CyberSecurity in the Cloud
The Art of CyberSecurity in the CloudAmazon Web Services
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud Services
Hugo Rodrigues
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
Supply Chain Coalition
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 

Similar to Csa UK agm 2019 - Chris J Hodson - Visibility in the cloud (20)

Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-RoundtableTMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable
 
dcb1203CyberNDI
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDI
 
Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
Digital Resilience flipbook
Digital Resilience flipbookDigital Resilience flipbook
Digital Resilience flipbook
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?
 
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012 Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Akamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security reportAkamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security report
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
The Art of CyberSecurity in the Cloud
The Art of CyberSecurity in the CloudThe Art of CyberSecurity in the Cloud
The Art of CyberSecurity in the Cloud
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud Services
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 

More from Cloud Security Alliance, UK chapter

Dimitry presentation - Challenges of Cloud Transformation
Dimitry presentation - Challenges of Cloud TransformationDimitry presentation - Challenges of Cloud Transformation
Dimitry presentation - Challenges of Cloud Transformation
Cloud Security Alliance, UK chapter
 
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Cloud Security Alliance, UK chapter
 
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCsa container-security-in-aws-dw
Csa container-security-in-aws-dw
Cloud Security Alliance, UK chapter
 
Csa UK agm 2019 - Justin Campbell, Xabi Errotabehere - Looking at public clou...
Csa UK agm 2019 - Justin Campbell, Xabi Errotabehere - Looking at public clou...Csa UK agm 2019 - Justin Campbell, Xabi Errotabehere - Looking at public clou...
Csa UK agm 2019 - Justin Campbell, Xabi Errotabehere - Looking at public clou...
Cloud Security Alliance, UK chapter
 
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCsa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Cloud Security Alliance, UK chapter
 
Csa UK agm 2019 - Csa agm research
Csa UK agm 2019 - Csa agm researchCsa UK agm 2019 - Csa agm research
Csa UK agm 2019 - Csa agm research
Cloud Security Alliance, UK chapter
 
Csa UK agm 2019 - Daniel Card - Hacking myelsf first
Csa UK agm 2019 - Daniel Card - Hacking myelsf firstCsa UK agm 2019 - Daniel Card - Hacking myelsf first
Csa UK agm 2019 - Daniel Card - Hacking myelsf first
Cloud Security Alliance, UK chapter
 
Csa UK agm 2019 - Chapter Presentation
Csa UK agm 2019 - Chapter Presentation Csa UK agm 2019 - Chapter Presentation
Csa UK agm 2019 - Chapter Presentation
Cloud Security Alliance, UK chapter
 
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Cloud Security Alliance, UK chapter
 
Csa UK agm 2019 - Cloud Conformity - Looking at public cloud through a new lens
Csa UK agm 2019 - Cloud Conformity - Looking at public cloud through a new lensCsa UK agm 2019 - Cloud Conformity - Looking at public cloud through a new lens
Csa UK agm 2019 - Cloud Conformity - Looking at public cloud through a new lens
Cloud Security Alliance, UK chapter
 
C-Level tools for Cloud strategy decisions
C-Level tools for Cloud strategy decisionsC-Level tools for Cloud strategy decisions
C-Level tools for Cloud strategy decisions
Cloud Security Alliance, UK chapter
 

More from Cloud Security Alliance, UK chapter (11)

Dimitry presentation - Challenges of Cloud Transformation
Dimitry presentation - Challenges of Cloud TransformationDimitry presentation - Challenges of Cloud Transformation
Dimitry presentation - Challenges of Cloud Transformation
 
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
Csa UK agm 2019 - Nsc42 - is the cloud secure - is easy if you do it smart Fr...
 
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCsa container-security-in-aws-dw
Csa container-security-in-aws-dw
 
Csa UK agm 2019 - Justin Campbell, Xabi Errotabehere - Looking at public clou...
Csa UK agm 2019 - Justin Campbell, Xabi Errotabehere - Looking at public clou...Csa UK agm 2019 - Justin Campbell, Xabi Errotabehere - Looking at public clou...
Csa UK agm 2019 - Justin Campbell, Xabi Errotabehere - Looking at public clou...
 
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti MohulCsa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
Csa UK agm 2019 - Web API attacks - Trends seen in the field Kriti Mohul
 
Csa UK agm 2019 - Csa agm research
Csa UK agm 2019 - Csa agm researchCsa UK agm 2019 - Csa agm research
Csa UK agm 2019 - Csa agm research
 
Csa UK agm 2019 - Daniel Card - Hacking myelsf first
Csa UK agm 2019 - Daniel Card - Hacking myelsf firstCsa UK agm 2019 - Daniel Card - Hacking myelsf first
Csa UK agm 2019 - Daniel Card - Hacking myelsf first
 
Csa UK agm 2019 - Chapter Presentation
Csa UK agm 2019 - Chapter Presentation Csa UK agm 2019 - Chapter Presentation
Csa UK agm 2019 - Chapter Presentation
 
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
Csa UK agm 2019 - Craig Savage - safe as clouds the journey from legacy to cl...
 
Csa UK agm 2019 - Cloud Conformity - Looking at public cloud through a new lens
Csa UK agm 2019 - Cloud Conformity - Looking at public cloud through a new lensCsa UK agm 2019 - Cloud Conformity - Looking at public cloud through a new lens
Csa UK agm 2019 - Cloud Conformity - Looking at public cloud through a new lens
 
C-Level tools for Cloud strategy decisions
C-Level tools for Cloud strategy decisionsC-Level tools for Cloud strategy decisions
C-Level tools for Cloud strategy decisions
 

Recently uploaded

在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
SamSarthak3
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
Pratik Pawar
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
BrazilAccount1
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
WENKENLI1
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
thanhdowork
 
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSCW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
veerababupersonal22
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
zwunae
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
Vijay Dialani, PhD
 
Basic Industrial Engineering terms for apparel
Basic Industrial Engineering terms for apparelBasic Industrial Engineering terms for apparel
Basic Industrial Engineering terms for apparel
top1002
 
AP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specificAP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specific
BrazilAccount1
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
TeeVichai
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 

Recently uploaded (20)

在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
 
weather web application report.pdf
weather web application report.pdfweather web application report.pdf
weather web application report.pdf
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
English lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdfEnglish lab ppt no titlespecENG PPTt.pdf
English lab ppt no titlespecENG PPTt.pdf
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdfGoverning Equations for Fundamental Aerodynamics_Anderson2010.pdf
Governing Equations for Fundamental Aerodynamics_Anderson2010.pdf
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...
 
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSCW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
ML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptxML for identifying fraud using open blockchain data.pptx
ML for identifying fraud using open blockchain data.pptx
 
Basic Industrial Engineering terms for apparel
Basic Industrial Engineering terms for apparelBasic Industrial Engineering terms for apparel
Basic Industrial Engineering terms for apparel
 
AP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specificAP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specific
 
Railway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdfRailway Signalling Principles Edition 3.pdf
Railway Signalling Principles Edition 3.pdf
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 

Csa UK agm 2019 - Chris J Hodson - Visibility in the cloud

  • 1. Visibility and Control in the Cloud Achieving Security Equivalency
  • 2. Chris Hodson | CISO, EMEA >whois @ChrisHInfosec
  • 3. Organisational Perceptions of Cloud Contemporary Technology Paradigms
  • 4. ©2019 Tanium. All rights reserved. 4 The CIO & CISO View “Bridging the Resilience Gap” • Two phased study released early 2019 • Aim to understand exactly how organizations are addressing technology-based disruption, • Phase 1 – Involved over 4,000 business decision-makers working in the to understand the barriers to achieving resilience against disruption. • Phase 2 - Explored the IT security and operational trade-offs that more than 500 CIOs and CISOs face when it comes to protecting their business from a growing number of cyber threats and other disruptions. Both phases of our study clearly show that a new approach is needed! See: https://www.tanium.com/resources/endpoint-management-for-security-and-business-resilience/
  • 5. of respondents reported ‘poor visibility of entry points’ was a significant challenge to true business resilience Data provided: Tanium Resilience Gap Research Barriers to Business Resilience 24% Encryption Cloud Services Reliance on CMDB
  • 6. ©2018 Tanium. All rights reserved. 6 Hub and Spoke Fragile Infrastructure and Agents Slow Response Times – Days to Weeks HQMOBILE BRANCHIOT Direct to Internet
  • 7. ©2019 Tanium. All rights reserved. 7 Proven on the world's largest and most complex networks. FIREWALL Tanium Architecture Faster and more reliable than legacy platforms Scale without massive hardware investments Reduces reliance on congested WAN links Connect off-network machines (cloud, roaming) Single agent for all compute endpoints CLIENTS
  • 8. Photos by Unknown Author are licensed under CC BY-SA-NC of respondents stated ‘growing organisational complexity’ as the biggest barrier to achieving business resilience Data provided: Tanium Resilience Gap Research 34%
  • 9. ©2019 Tanium. All rights reserved. 9 By Bartledan (talk), based on a file by User:Foofy - Public Domain, https://commons.wikimedia.org/w/index.php?curid=6907222
  • 10. ©2019 Tanium. All rights reserved. 10 Round
  • 11. Demystifying the Risks of Cloud Computing An Academic Study
  • 12. Clouds are like roads - they facilitate getting to your destination… Chris Hodson (Me), CIO Summit, Dublin, 2016 “ ”
  • 13. ©2018 Tanium. All rights reserved. 13 Cybersecurity Risk Equation – Back to Basics Cybersecurity System/Data Owner
  • 14. ©2018 Tanium. All rights reserved. 14 Actors, Events and Impact Cloud Computing
  • 15. ©2018 Tanium. All rights reserved. 15 Cloud ‘Risks’ Understanding the Landscape
  • 16. ©2018 Tanium. All rights reserved. 16 Cloud Threat and Vulnerability Categories Really?
  • 17. ©2018 Tanium. All rights reserved. 17 Cloud or Multitenancy?
  • 18. ©2018 Tanium. All rights reserved. 18 Could this happen to us? Qualifying Cloud Threat Scenarios
  • 19. ©2018 Tanium. All rights reserved. 19 Threat Profiling Multitenancy Exploitation | Phishing and Credential Theft | Windows Vulnerability Exploitation
  • 20. Are all staff adequately trained in security awareness? How do we provide value to the DevOps community? How do I obtain visibility of public cloud consumption? How do I obtain visibility of all my endpoints? How quickly can we apply a break-glass patch or hunt for an indicator of compromise? What is the latest regulation we need to adhere to? How do I get my business units to care about their data in the cloud?
  • 22. Vivek Kundra, Former Federal CIO of the United States of America “Cloud computing is often far more secure than traditional computing, because companies like Google and Amazon can attract and retain cyber-security personnel of a higher quality than many governmental agencies”
  • 23. ©2018 Tanium. All rights reserved. 23 https://blogs.msdn.microsoft.com/cclayton/2011/06/07/standard-cloud-taxonomies-and- windows-azure/ Know your Cloud!
  • 24. ©2018 Tanium. All rights reserved. 24
  • 25. ©2018 Tanium. All rights reserved. 25
  • 26. ©2018 Tanium. All rights reserved. 26 Cyber Risk Management A Good Practice Handbook for Professionals “Cyber Risk Management clearly explains the importance of implementing a cyber security strategy and provides practical guidance for those responsible for managing threat events, vulnerabilities and controls, including malware, data leakage, insider threat and Denial-of-Service. Examples and cases 'from the field', including the Yahoo and Facebook breaches, add context throughout and emphasise the importance of communicating security and risk effectively, while implementation review checklists bring together key points at the end of each chapter. Cyber Risk Management analyses the innate human factors around risk and how they affect cyber awareness and employee training, along with the need to assess the risks posed by third parties. Including an introduction to threat modelling, this book presents a data-centric approach to cyber risk management based on business impact assessments, data classification, data flow modelling and assessing return on investment. It covers pressing developments in artificial intelligence, machine learning, big data and cloud mobility, and includes advice on responding to risks which are applicable for the environment and not just based on media sensationalism.”
  • 27. Thank you Go make something awesome.

Editor's Notes

  1. CISO, EMEA at Tanium Board Member @ IISP CompTIA Cybersecurity Committee Awful golfer, writer, father to three daughters – as such, the golf is a distant memory!
  2. “An enterprise has resilience when it can maintain continuous operability of technology and data security in the face of inevitable change and disruption.”
  3. I talk regularly abou the quest for visibility in an organsation -
  4. Legacy network para
  5. People will ask ‘so why is Tanium different’ We stick this slide up and say ‘rather than go into the weeds, we’re going to show you in a moment’ link to other versions of our architecture: https://docs.google.com/presentation/d/15a22T2WmGkW46PZFLF7d7Hxekt_eTnmaEBDUCFc2Dgk/edit#slide=id.g512710d244_1_0
  6. Pivot now to some of the outputs from the resilience gap study. How is your company looking at the complexity of today, but also tomorrow? Mentioned earlier that technology is driving change in business processes but as processes become more reliant on technology, we introduce more technical vulnerability into the supply chain. technology is moving at breakneck speed and it is important that the threats of tomorrow and today are considered as the security function serves the business. Look at this stat from our study, 34% of respondents cited growing complexity as a barrier to business resilience. Big Data, IoT, Blockchain and cloud – these techs are all all having profound impact on the way businesses operate. When I first started in tech - IT ran the show! - machines, apps, data This leaves the CISO with a plethora of recurring questions – transition to next slide.
  7. Or Docker containers, Google Big Query. Look at the security tools too.
  8. SaaS, IaaS, PaaS. No two implementations are created equally. We have vendors who ‘take security seriously’, we have very public examples of others who don’t. We cannot say ‘cloud is either security in insecure’ – requirements differ depending on the criticality of a system and the data being stored or processed. In the same way that a single speed limit for all roads would be inappropriate, a standard set of controls for all cloud solutions is not feasible. Road analogy – 70 mile an hour on a country lane would be foolhardy but enforcing a ’safe’ country lane speed limit on a motorway would be equally dangerous. Context is critical.
  9. This equation holds as true today as it ever has. Data and system owners report to board executives – Finance, HR, People, etc
  10. IP correlation to AWS Resource Groups – Ristenpart study – 9% of time - also need internet to be accepting unsolicited Pings from unknown locations. Free with AWS __________________________ For a VM escape or rogue hypervisor exploit, the attacker will need to ensure that she is resident on the same physical hardware as the victim machine although “just a few dollars invested in launching VMs can result in a 40% chance of placing a malicious VM on the same physical server as your target “Identical Dom 0 IP Addresses Small IP Packet Round Trip Times (RTTs) Numerically close IP addresses Brute force machine creation, _________________________ VM Escape attack – needs a vulnerability in a hypervisor – PoC code has been released for the Xen hypervison – VENOM vulnerability I _______________________ Install a kernel driver in the guest OS Find and initialise hardware virtualisation support Load the malicious hypervisor code into memory from the driver Create a new VM to place the host operating system inside Bind the new VM to the rootkit’s hypervisor Launch the new VM – this will switch the host into guest mode. _______________________ Side Channel – measure Cache usage, etc. Keystroke timing attacks. _____________________ DDoS Amazon or GCP – good luck! ____________________ We them compare with Social Engineering or exploiting an unpatched workstation – way greater number of vulns
  11. Let’s look at some resilience Business data – we cannot have resilience if we don’t know what needs to be resilient DevOps – resilience – traditional project models allow for security due dilliegence, Agile, Scrum and DevSecOps…less so. Visibility – how do we know what services are business units are consuming? Wherer are they putting data? Reslience impossible if we cannot measure. Visibility of endpoints – one of biggest challenges I see focuses on breadth of coverage. Companies are comfortable that they have ‘appropriate controls’ on the endpoints they know about, but there is often little confidence that they have an accurate picture of all endpoints on their network. How quickly can you deploy a patch or hunt for a particular threat indicator? How is this being measured? Latest regulation – GDPR, CCPA or Austrilian data privacy regulations. PCI-DSS, HIPPA Are all your staff adequately trained? What is ‘awareness’ amyway? I think we have some challenges inside and outside of cybersecurity on this one…
  12. Certainly when considering