SlideShare a Scribd company logo

GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and Ransomware in the Cloud

J
James Anderson

Are Cybersecurity threats increasing? Learn about protecting your business with a security program and understanding ransomware threats. Join us as Google's Biodun Awojobi and Wade Walters join us to discuss "Security Programs and Ransomware in the Cloud." We expect to have additional Cybersecurity events in future to cover security posture, Zero Trust, Google's Cybersecurity products & more! #cybersecurity #ransomware #google #gdg #gdgcloudsouthlake

Technology
1 of 46
Download to read offline
Proprietary + Confidential A Cybersecurity Framework: Protecting Against Ransomware Biodun Awojobi Manager, Customer Engineering August 2021 Wade Walters Customer Engineer, Security August 2021
Modern Security Approaches
Proprietary + Confidential Data breaches 1 Misconfiguration of technologies 2 Insufficient identity/access/credential management 3 Account hijacking 4 Insider threat 5 Weak control plane 6 Limited cloud usage visibility 7 Nefarious use of cloud services 8 … Lack of cloud security architecture and strategy, weak control plane, metastructure failures. Common Threats
MITRE ATT&CK FRAMEWORK
ATT&CK for Enterprise 5 EXPLOIT DELIVER WEAPONIZE RECON CONTROL EXECUTE MAINTAIN Source: The MITRE Corporation
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Defense in depth at scale Service deployment Operational & device security Hardware infrastructure Storage services Identity Internet communication
Traditional Hybrid Environments On-Prem Cloud(s) Firewalls IDS/IPS Endpoint XDR/NDR SIEM SIEM Load Balancers ACLs Containers Identity Identity SOAR SOAR Physical Vulnerability Scanning Vulnerability Scanning APIs Encryption Compliance Encryption Compliance Authentication Authentication UEBA UEBA VPN Isolation/Segmentation BC/DR BC/DR MFA/2FA MFA/2FA
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Application security Scanning and testing | API security Identity & access management Managing user lifecycle | Managing application access | Assuring identities Endpoint security Patch & vuln mgmt | Preventing compromise (A/V, EDR) | Device mgmt (config, policy, etc.) Security program activities Data security Finding sensitive data | Enforcing controls | Preventing exfil / loss Network security Defining / enforcing perimeter | Segmentation | Managing remote access | DoS defense Infrastructure security Hardening, config mgmt | Patch & vuln mgmt | Policy enforcement Security monitoring operations Threat prevention Threat detection Incident response Governance, risk & compliance Understanding risk Defining and enforcing policy Achieving certifications Demonstrating compliance
Application security Identity & access management Endpoint security Supported by an ecosystem of partners Data security Network security Infrastructure security Security monitoring operations Governance, risk & compliance and more...
NIST Cybersecurity Framework: 5 Functions Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident. Data Protection Identity Supply Chain Protection Zero Trust Critical Asset Discovery and Protection Risk Manager and Risk Protection Logging, Configuration and Monitoring Detection and Investigation Response Rapid Recovery Risk Manager and Risk Protection Products and Capabilities Activities to take action regarding a detected cybersecurity incident. Google Cloud Solutions ● Risk Assessment & Critical Asset Discovery ● Asset Diagnostics on GCP ● Risk Management Modernization ● Secure Supply Chain ● Secure Collaboration ● Resilient by Design ● Autonomic Security Operations ● Autonomic Security Operations ● Ransomware Recovery Solution ● Risk Management Modernization
What are we all facing?
Phishing 80% of attacks start with a phishing email. Targeted threats are extremely difficult to detect. Attacker tactics remain consistent Email-borne threats 94% of malware was installed via malicious emails and attachments. Attackers rapidly change tactics to defeat email security measures. Ransomware 21% of Americans have have experienced a ransomware attack . 46% say their company paid the ransom.
Recent events ● REvil ransomware used against 1,500 Kaseya customers ● Bombardier, Inc., data leaked by CLOP ransomware (Feb ‘21) ● W&T Offshore hit by Nefilim that stole over 800 GB of personnel and financial data (May ‘20) ● Ragnar Locker ransomware used against Portuguese energy company Energias de Portugal and asked for 1,580 in BTC (Apr ‘20) ● WannaCry used against West Bengal State Electricity Distribution Company (India), Iberdrola (Spain), Petrobras (Brazil), Gas Natural (Spain), and PetroChina (China).
How do these attacks work?
Common vulnerabilities Open Attachment Retrieve Encryption Keys Encrypt files Scan the network Ransom demand Encryption keys exfiltration Phishing Email Malicious App Open URL Initial Attack Command & Control Extract & Exfiltrate Identify & Recon Exploitation & Installation Discover & Spread Ransomware Kill chain Supply Chain Attacks
Why are these attacks still successful?
Recent bad actor’s TTPs On Network Mimikatz, GSecDump, PSExec, with POSH C2 Phishing Email Account deletion theme Launches Powershell Achieves persistence Word doc Macro with a .NET loader decrypting the payload Attachment Zipped format
Common theme Distribution of Malware AV-TEST Security Report 2019/2020 ● The vast majority of malware and attacker tools run on Windows ● Share of malware targeted to Windows is now trending towards 83% ● Microsoft Exchange Server ○ 100 NVD listed vulns in the last 10 years, 11 critical vulns in the last 4 years ○ By comparison, Gmail had 10 vulns published with none appearing in the NVD.
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Google Cloud’s approach
Trust Nothing Build in security controls and verification everywhere with a Zero Trust approach Detect Everything Build on planet scale security analytics and insights Protect Everyone Make everyone safer online with actionable ML and threat intelligence Three key themes
World-largest threat observatory • Massive amounts of data, instantaneous searching • Any kind of threat observable (files, URLs, domains, IPs) • Multi-angular characterization (AVs, whitelists, sandboxes, etc.) • Diverse, global, crowdsourced, real-time • Unparalleled history, going back to 2004
Most Common Vectors…. The threat is real... Phishing Malware Credential Theft
Phishing
How do you spot threats fast? Protect more when you see more Network Defends 1B+ Gmail accounts & Chrome users Scans 694,000 web pages every minute for malicious intent Encrypts all data at rest and in transit Checks 400+ million Android devices for health every day Stop 10M spam emails a minute
Email flow External Website Send Delivery Reject AV Sync Warning banners Restricted actions Message open Reclassification Deep Scanning Attachment download Link click Antivirus check Preview Suspicious prompt Out of domain warning Safe browsing check Reply Static Ana. Sanitize S/MIME Ver. Prevent Downloads AV DLP Whitelisting 2SV APP Password Entry
Google Safe Browsing built-in Smart sandboxing and site isolation Enterprise-grade password protection Chrome browser Proactive Enterprise Security
Malware
Antivirus Services Policy Context-based Protections AV Engines Security Sandbox Multiple services + technologies Different specializations to cover a wide range of malware Protections range from volume abuse to detecting unknown malware Simplified picture; leverage every bit of data to increase coverage
Proprietary + Confidential ‘Zero-trust’ model utilizing cryptographically secured identities Right identity accessing the right machine authorized by the right code accessing the right data at the right time and context Binary authorization Data protection Machine identity IAM User identity Device identity Machine identity Service identity Code identity
Credential Theft
Password Alert automatically detects and notifies users if a corporate password is being used on a personal account Password Checkup automatically checks to see if any of a user’s saved passwords have been compromised in an online data breach and prompts the user to change their password Show UI Enterprise-grade Password Protection
Proprietary + Confidential Protect against Account Takeovers Enhanced account protection Phishing-resistant 2nd factor of authentication that verifies user’s identity and sign-in URL Open ecosystem Works with popular browsers and a growing ecosystem of services that support FIDO
2FA It’s a spectrum of assurance SMS / Voice Backup codes Authenticator (TOTP) Mobile Push FIDO security keys Assurance Different types of two-factor authentication (2FA) exist, all providing various levels of assurance and convenience Phishing-resistant
Common vulnerabilities Open Attachment Retrieve Encryption Keys Encrypt files Scan the network Ransom demand Encryption keys exfiltration Phishing Email Malicious App Open URL Initial Attack Command & Control Extract & Exfiltrate Identify & Recon Exploitation & Installation Discover & Spread Ransomware Kill chain Addressed Supply Chain Attacks
Increasing your posture
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Proprietary + Confidential Apply intel Intelligent data fusion Modern threat detection Continuous IoC Matching Self-managed Hunt at Google speed Disruptive economics
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Proprietary + Confidential Backup & recover Actifio Disk ON-PREMISES VMware, SAP, Oracle, etc. Local Cache. Instant Recovery 2 Low RPO. Incremental forever data capture 1 Replicate to Cloud. Incremental Forever 3 Benefits • Built-in integrations for application-consistent data capture • Eliminate local backup footprint & burden • Take advantage of cost-effective Google Cloud Storage GCP NL/CL 4 Days to Decades. Google Nearline/Coldline.
NIST Cybersecurity Framework: 5 Functions Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident. Data Protection Identity Supply Chain Protection Zero Trust Critical Asset Discovery and Protection Risk Manager and Risk Protection Logging, Configuration and Monitoring Detection and Investigation Response Rapid Recovery Risk Manager and Risk Protection Products and Capabilities Activities to take action regarding a detected cybersecurity incident. Google Cloud Solutions ● Risk Assessment & Critical Asset Discovery ● Asset Diagnostics on GCP ● Risk Management Modernization ● Secure Supply Chain ● Secure Collaboration ● Resilient by Design ● Autonomic Security Operations ● Autonomic Security Operations ● Ransomware Recovery Solution ● Risk Management Modernization
Proprietary + Confidential Recommendations and next steps ● Establish a Ransomware Protection strategy ● Conduct a Cyber Resilience assessment to evaluate risk of ransomware ● Execute a quick diagnostic service to analyze telemetry data for indicators of compromise (IOCs) ● Evaluate off-network segregated backup capabilities for critical workloads ● Conduct periodic user awareness campaigns
Thank you.

Recommended

Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
Art Ocain
 

Recommended

Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.
marketingunitrends
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Storage Switzerland
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup Story
Quest
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and Availability
Lai Yoong Seng
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
Spanning Cloud Apps
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
Art Ocain
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomware
marketingunitrends
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
HTS Hosting
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
ErnestStaats
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
OK2OK
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your System
ClickSSL
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
Unitrends
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
Radware
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
Bright Technology
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Skybox Security
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
CCA study group
CCA study groupCCA study group
CCA study group
IIBA UK Chapter
 

More Related Content

What's hot

Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
ETech 7
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomware
marketingunitrends
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
Quick Heal Technologies Ltd.
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
HTS Hosting
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
ErnestStaats
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
OK2OK
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension Inc.
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
IBM Security
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
AlienVault
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your System
ClickSSL
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
Unitrends
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
Radware
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
Bright Technology
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
David Sweigert
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Skybox Security
 

What's hot (20)

Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomware
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your System
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
 

Similar to GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and Ransomware in the Cloud

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
AlienVault
 
CCA study group
CCA study groupCCA study group
CCA study group
IIBA UK Chapter
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
Stephen Abram
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
Francisco González Jiménez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
IBM Security
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
QRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptxQRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptx
Dmitry718707
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Jack Shaffer
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding
'Self-Employed'
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Cloudera, Inc.
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
Jürgen Ambrosi
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
Mohan Jadhav
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
CSO_Presentations
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
xband
 

Similar to GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and Ransomware in the Cloud (20)

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
QRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptxQRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptx
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
 

More from James Anderson

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
James Anderson
 
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
James Anderson
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
James Anderson
 
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesGDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
James Anderson
 
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson
 
GDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfGDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdf
James Anderson
 
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfGraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
James Anderson
 
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ... GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
James Anderson
 
A3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdfA3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdf
James Anderson
 
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
James Anderson
 
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsGDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
James Anderson
 
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
James Anderson
 
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
James Anderson
 
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
James Anderson
 
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
James Anderson
 
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
James Anderson
 
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneGDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
James Anderson
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
James Anderson
 

More from James Anderson (20)

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
 
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesGDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
 
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
 
GDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfGDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdf
 
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfGraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
 
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ... GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
 
A3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdfA3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdf
 
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
 
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsGDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
 
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
 
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
 
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
 
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
 
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
 
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneGDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

Recently uploaded (20)

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 

GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and Ransomware in the Cloud

  • 1. Proprietary + Confidential A Cybersecurity Framework: Protecting Against Ransomware Biodun Awojobi Manager, Customer Engineering August 2021 Wade Walters Customer Engineer, Security August 2021
  • 3. Proprietary + Confidential Data breaches 1 Misconfiguration of technologies 2 Insufficient identity/access/credential management 3 Account hijacking 4 Insider threat 5 Weak control plane 6 Limited cloud usage visibility 7 Nefarious use of cloud services 8 … Lack of cloud security architecture and strategy, weak control plane, metastructure failures. Common Threats
  • 5. ATT&CK for Enterprise 5 EXPLOIT DELIVER WEAPONIZE RECON CONTROL EXECUTE MAINTAIN Source: The MITRE Corporation
  • 6. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 7. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 8. Defense in depth at scale Service deployment Operational & device security Hardware infrastructure Storage services Identity Internet communication
  • 9. Traditional Hybrid Environments On-Prem Cloud(s) Firewalls IDS/IPS Endpoint XDR/NDR SIEM SIEM Load Balancers ACLs Containers Identity Identity SOAR SOAR Physical Vulnerability Scanning Vulnerability Scanning APIs Encryption Compliance Encryption Compliance Authentication Authentication UEBA UEBA VPN Isolation/Segmentation BC/DR BC/DR MFA/2FA MFA/2FA
  • 10. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 11. Application security Scanning and testing | API security Identity & access management Managing user lifecycle | Managing application access | Assuring identities Endpoint security Patch & vuln mgmt | Preventing compromise (A/V, EDR) | Device mgmt (config, policy, etc.) Security program activities Data security Finding sensitive data | Enforcing controls | Preventing exfil / loss Network security Defining / enforcing perimeter | Segmentation | Managing remote access | DoS defense Infrastructure security Hardening, config mgmt | Patch & vuln mgmt | Policy enforcement Security monitoring operations Threat prevention Threat detection Incident response Governance, risk & compliance Understanding risk Defining and enforcing policy Achieving certifications Demonstrating compliance
  • 12. Application security Identity & access management Endpoint security Supported by an ecosystem of partners Data security Network security Infrastructure security Security monitoring operations Governance, risk & compliance and more...
  • 13. NIST Cybersecurity Framework: 5 Functions Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident. Data Protection Identity Supply Chain Protection Zero Trust Critical Asset Discovery and Protection Risk Manager and Risk Protection Logging, Configuration and Monitoring Detection and Investigation Response Rapid Recovery Risk Manager and Risk Protection Products and Capabilities Activities to take action regarding a detected cybersecurity incident. Google Cloud Solutions ● Risk Assessment & Critical Asset Discovery ● Asset Diagnostics on GCP ● Risk Management Modernization ● Secure Supply Chain ● Secure Collaboration ● Resilient by Design ● Autonomic Security Operations ● Autonomic Security Operations ● Ransomware Recovery Solution ● Risk Management Modernization
  • 14. What are we all facing?
  • 15. Phishing 80% of attacks start with a phishing email. Targeted threats are extremely difficult to detect. Attacker tactics remain consistent Email-borne threats 94% of malware was installed via malicious emails and attachments. Attackers rapidly change tactics to defeat email security measures. Ransomware 21% of Americans have have experienced a ransomware attack . 46% say their company paid the ransom.
  • 16. Recent events ● REvil ransomware used against 1,500 Kaseya customers ● Bombardier, Inc., data leaked by CLOP ransomware (Feb ‘21) ● W&T Offshore hit by Nefilim that stole over 800 GB of personnel and financial data (May ‘20) ● Ragnar Locker ransomware used against Portuguese energy company Energias de Portugal and asked for 1,580 in BTC (Apr ‘20) ● WannaCry used against West Bengal State Electricity Distribution Company (India), Iberdrola (Spain), Petrobras (Brazil), Gas Natural (Spain), and PetroChina (China).
  • 17. How do these attacks work?
  • 18. Common vulnerabilities Open Attachment Retrieve Encryption Keys Encrypt files Scan the network Ransom demand Encryption keys exfiltration Phishing Email Malicious App Open URL Initial Attack Command & Control Extract & Exfiltrate Identify & Recon Exploitation & Installation Discover & Spread Ransomware Kill chain Supply Chain Attacks
  • 19. Why are these attacks still successful?
  • 20. Recent bad actor’s TTPs On Network Mimikatz, GSecDump, PSExec, with POSH C2 Phishing Email Account deletion theme Launches Powershell Achieves persistence Word doc Macro with a .NET loader decrypting the payload Attachment Zipped format
  • 21. Common theme Distribution of Malware AV-TEST Security Report 2019/2020 ● The vast majority of malware and attacker tools run on Windows ● Share of malware targeted to Windows is now trending towards 83% ● Microsoft Exchange Server ○ 100 NVD listed vulns in the last 10 years, 11 critical vulns in the last 4 years ○ By comparison, Gmail had 10 vulns published with none appearing in the NVD.
  • 22. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 24. Trust Nothing Build in security controls and verification everywhere with a Zero Trust approach Detect Everything Build on planet scale security analytics and insights Protect Everyone Make everyone safer online with actionable ML and threat intelligence Three key themes
  • 25. World-largest threat observatory • Massive amounts of data, instantaneous searching • Any kind of threat observable (files, URLs, domains, IPs) • Multi-angular characterization (AVs, whitelists, sandboxes, etc.) • Diverse, global, crowdsourced, real-time • Unparalleled history, going back to 2004
  • 26. Most Common Vectors…. The threat is real... Phishing Malware Credential Theft
  • 28. How do you spot threats fast? Protect more when you see more Network Defends 1B+ Gmail accounts & Chrome users Scans 694,000 web pages every minute for malicious intent Encrypts all data at rest and in transit Checks 400+ million Android devices for health every day Stop 10M spam emails a minute
  • 29. Email flow External Website Send Delivery Reject AV Sync Warning banners Restricted actions Message open Reclassification Deep Scanning Attachment download Link click Antivirus check Preview Suspicious prompt Out of domain warning Safe browsing check Reply Static Ana. Sanitize S/MIME Ver. Prevent Downloads AV DLP Whitelisting 2SV APP Password Entry
  • 30. Google Safe Browsing built-in Smart sandboxing and site isolation Enterprise-grade password protection Chrome browser Proactive Enterprise Security
  • 32. Antivirus Services Policy Context-based Protections AV Engines Security Sandbox Multiple services + technologies Different specializations to cover a wide range of malware Protections range from volume abuse to detecting unknown malware Simplified picture; leverage every bit of data to increase coverage
  • 33. Proprietary + Confidential ‘Zero-trust’ model utilizing cryptographically secured identities Right identity accessing the right machine authorized by the right code accessing the right data at the right time and context Binary authorization Data protection Machine identity IAM User identity Device identity Machine identity Service identity Code identity
  • 35. Password Alert automatically detects and notifies users if a corporate password is being used on a personal account Password Checkup automatically checks to see if any of a user’s saved passwords have been compromised in an online data breach and prompts the user to change their password Show UI Enterprise-grade Password Protection
  • 36. Proprietary + Confidential Protect against Account Takeovers Enhanced account protection Phishing-resistant 2nd factor of authentication that verifies user’s identity and sign-in URL Open ecosystem Works with popular browsers and a growing ecosystem of services that support FIDO
  • 37. 2FA It’s a spectrum of assurance SMS / Voice Backup codes Authenticator (TOTP) Mobile Push FIDO security keys Assurance Different types of two-factor authentication (2FA) exist, all providing various levels of assurance and convenience Phishing-resistant
  • 38. Common vulnerabilities Open Attachment Retrieve Encryption Keys Encrypt files Scan the network Ransom demand Encryption keys exfiltration Phishing Email Malicious App Open URL Initial Attack Command & Control Extract & Exfiltrate Identify & Recon Exploitation & Installation Discover & Spread Ransomware Kill chain Addressed Supply Chain Attacks
  • 40. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 41. Proprietary + Confidential Apply intel Intelligent data fusion Modern threat detection Continuous IoC Matching Self-managed Hunt at Google speed Disruptive economics
  • 42. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 43. Proprietary + Confidential Backup & recover Actifio Disk ON-PREMISES VMware, SAP, Oracle, etc. Local Cache. Instant Recovery 2 Low RPO. Incremental forever data capture 1 Replicate to Cloud. Incremental Forever 3 Benefits • Built-in integrations for application-consistent data capture • Eliminate local backup footprint & burden • Take advantage of cost-effective Google Cloud Storage GCP NL/CL 4 Days to Decades. Google Nearline/Coldline.
  • 44. NIST Cybersecurity Framework: 5 Functions Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident. Data Protection Identity Supply Chain Protection Zero Trust Critical Asset Discovery and Protection Risk Manager and Risk Protection Logging, Configuration and Monitoring Detection and Investigation Response Rapid Recovery Risk Manager and Risk Protection Products and Capabilities Activities to take action regarding a detected cybersecurity incident. Google Cloud Solutions ● Risk Assessment & Critical Asset Discovery ● Asset Diagnostics on GCP ● Risk Management Modernization ● Secure Supply Chain ● Secure Collaboration ● Resilient by Design ● Autonomic Security Operations ● Autonomic Security Operations ● Ransomware Recovery Solution ● Risk Management Modernization
  • 45. Proprietary + Confidential Recommendations and next steps ● Establish a Ransomware Protection strategy ● Conduct a Cyber Resilience assessment to evaluate risk of ransomware ● Execute a quick diagnostic service to analyze telemetry data for indicators of compromise (IOCs) ● Evaluate off-network segregated backup capabilities for critical workloads ● Conduct periodic user awareness campaigns