SlideShare a Scribd company logo

How to perform an Infrastructure Security Gap Analysis

C
Carlo Dapino

This presentation was designed to share and propose a methodology across the cyber security community, to perform Infrastructure Security Architecture Gap Analysis. This methodology is adopting a threat analysis model to infrastructure design, allowing a reusable process to score the infrastructure security controls maturity and overall security maturity posture. This methodology was crafted by Carlo Dapino, aka Acklost , for more information visit my website https://carlo.dapino.info

1 of 20
Download to read offline
1 / 20 [How-To] Infrastructure Security Gap Analysis Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
2 / 20 #whoami Copyright © Carlo Dapino 2019 - All rights reserved - Almost 20 years of infrastructure security experience - Consulting and in-house experience evaluating infrastructure maturity (on-prem, multi-cloud, hybrid) - Threat model of complex Network Infrastructures (SDN/ NFV, SD-WAN, MPLS, etc.) - Specialized in DFIR - Survived the cyber security ninja era, evangelists and whatever the market decided to feed us with.... Carlo Dapino https://carlo.dapino.info
3 / 20 Tailored for... Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved - CISOs starting the evaluation of a new challenge - Cyber Security Architects - Security professionals zooming in or out of Infrastructure - Whoever wants to connect the dots and see the big security picture
4 / 20 A bit of Why history... Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved https://acklost.weebly.com/tech-blog/tmm-technical-threat-matrix 2 0 1 6
5 / 20 Issues with standard analysis approaches Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved - High Level Design can be specific to applications, cloud environments or not evaluating the connectivity link risks or technical differences across Function As Service Vs. PaaS Vs. Iaas - Gap Analysis producing gaps and findings but no clear actionable items to score maturity - Threat modeling is common in applications but less popular with Infrastructures - Gap Analysis result with actionable items are not owned by business different teams (network, application, etc) - Gap Analysis disconnected from a configuration standing point
6 / 20 Target Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved - Define an easy and repeatable methodology - Help to define a CISO and Security Architecture strategy and road map - Prioritise gaps and understand how to tune the security monitoring to cover areas of weakness - Define areas of investment and structure a cyber security budget items list - Define corrective actions in accordance with the business organization by skills/teams - Connect the dots, understand the attack surface, incident response capabilities and potential lateral movements
7 / 20 Let’s go! Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved High Level Design + Infra Threat Modeling + IAM/AAA Analysis + Security Maturity + Incident Response
8 / 20 ON-PREM Cloud BYOD //define building blocks ./start CloudCloud GCP AWS Azure Branch Offices VPN MPLSMPLS Dedicated Links VPN WAN Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
9 / 20 //analyse threats by connectivity ./links WAN MPLSVPN LAN Northbound Southbound West ● Ddos ● BGP attacks ● DNS Hijacking ● Public API attacks ● Etc, etc... East ● ARP spoofing ● VLAN hopping ● Internal threat ● Management access ● Golden tickets ● Lateral move ● Etc, etc... Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
10 / 20 //analyse Identity ./IAM Vs. AAA IDentity Provider (IDP) Authentication Authorization Accountability ● Centralized? => Behavioural analysis ● Federated? => 3rd party trusted domain ● SSON => 3rd party incident response ● Radius/TACACS+ network devices East West Northbound Southbound API token, Secrets, Appl. Tokens Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
11 / 20 ./how_to_glue_blocks l a y e r s Physical Data Link Network Presentation Application People / IAM Transport Session Assets & Data Switch Port Security MAC filtering, Vlan security DHCP, VPN, Firewall DLP, encription at rest, etc. Social Engineer, Internal threats, etc. TLS vulns, Application/Code vuln WAF/CDN bypass Subdomain take over Sys Admins Network & Infra teams DevOps, DEV teams, Infra teams HR, Audit, Monitoring, Sys Admins, etc.Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
12 / 20 ./cloud_visualization Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved //use Jericho cube model https://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdf
13 / 20 ./cloud_controls Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved //use CSA Cloud Control Matrix https://cloudsecurityalliance.org/research/working-groups/cloud-controls-matrix/
14 / 20 ./connect_dots Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
15 / 20 ./readme Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved This is a technical methodology and it does require for each device a configuration review ....THIS IS NOT A RISK ANALYSIS!
16 / 20 ./incident_response Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved Paying a gym membership doesn’t make you an athlete.... (I discovered that!) ....in the same way.... ....having various security controls doesn’t give you incident response capabilities (people, processes, tools, skills, etc.) //score Incident response
17 / 20 ./score_DFIR Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved //score Incident response https://www.crest-approved.org/cyber-security-incident-response-maturity-assessment/index.html CREST - Cyber Security Incident Response Maturity Assessment https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-capabilities/csirt-maturity ENISA – SIM3 – CSIRT Maturity NIST Cyber Security Framework https://www.nist.gov/cyberframework https://www.soc-cmm.com/ SOC Capability Maturity Model
18 / 20 ./my2cents Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved - Security products directly connected to cloud, e.g. without reverse proxy, are potentially at risk of reverse shell, needs to be flagged and analysed. You can help yourself in this analysis using MITRE ATT&CK matrix - TLS v.1.3 issue in inspection or specific cloud TAP issues needs to be considered - API gw policy enforcement should be listed as a stand-alone control - NAT changing src.ip and VLAN not extended showing only gateway layer 2 info, should be flagged in the incident response capabilities matrix - DevOps CI/CD pipeline should be analysed and included in the analysis too, especially automation layers like Terraform, K8s, Ansible, etc....their (in)Security has to change the result of your analysis - Internal Threat is part of Layer8 analysis, don’t forget that layer...the same for Layer 0 (data and assets)
19 / 20 Thanks, if want to hear more Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved https://www.amazon.co.uk/Cyber-Security-Heads-up-Carlo-Dapino-ebook/dp/B082S5CQXK
20 / 20 ./Q&A Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved Contact me on LinkedIN https://www.linkedin.com/in/carlodapino

Recommended

Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
Carlo Dapino
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
Vivek Chauhan
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Chris Gates
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin
 

Recommended

Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
Carlo Dapino
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
Sirius
 
Cyber Kill Chain.pptx
Cyber Kill Chain.pptxCyber Kill Chain.pptx
Cyber Kill Chain.pptx
Vivek Chauhan
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...
Chris Gates
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin
 
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)
Nadim Kadiwala
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
Jorge Orchilles
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
Bhavya Chawla
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
DESTROYER39
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
Adam Pennington
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro... Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
MITRE ATT&CK
 
Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Purple team strategy_lascon_2016
Purple team strategy_lascon_2016
Trupti Shiralkar, CISSP
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat Hunting
Splunk
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
Sergey Soldatov
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
Vikram Khanna
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
Nico Penaredondo
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
NSC42 Ltd
 
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERSDRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
Reputelligence
 

More Related Content

What's hot

MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE - ATT&CKcon
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)
Nadim Kadiwala
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
Jorge Orchilles
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
Bhavya Chawla
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
DESTROYER39
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
Adam Pennington
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro... Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
MITRE ATT&CK
 
Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Purple team strategy_lascon_2016
Purple team strategy_lascon_2016
Trupti Shiralkar, CISSP
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat Hunting
Splunk
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
Sergey Soldatov
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
Vikram Khanna
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
Nico Penaredondo
 

What's hot (20)

MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
MITRE ATT&CKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities; Da...
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Misp(malware information sharing platform)
Misp(malware information sharing platform)Misp(malware information sharing platform)
Misp(malware information sharing platform)
 
Purple Team Use Case - Security Weekly
Purple Team Use Case - Security WeeklyPurple Team Use Case - Security Weekly
Purple Team Use Case - Security Weekly
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
RH-ISAC Summit 2019 - Adam Pennington - Leveraging MITRE ATT&CK™ for Detectio...
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro... Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
Intelligence Failures of Lincolns Top Spies: What CTI Analysts Can Learn Fro...
 
Purple team strategy_lascon_2016
Purple team strategy_lascon_2016Purple team strategy_lascon_2016
Purple team strategy_lascon_2016
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Splunk workshop-Threat Hunting
Splunk workshop-Threat HuntingSplunk workshop-Threat Hunting
Splunk workshop-Threat Hunting
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
 

Similar to How to perform an Infrastructure Security Gap Analysis

The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
NSC42 Ltd
 
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERSDRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
Reputelligence
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
Global Knowledge Training
 
Application Framework - Palo Alto Networks
Application Framework - Palo Alto NetworksApplication Framework - Palo Alto Networks
Application Framework - Palo Alto Networks
Harry Gunns
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
NSC42 Ltd
 
Cyber Security integration
Cyber Security integrationCyber Security integration
Cyber Security integration
Carlo Dapino
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
Nixu Corporation
 
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
NSC42 Ltd
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Amazon Web Services
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Kyle Lai
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
Kyle Lai
 
Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slides
Kenji Taguchi
 
TWISummit 2019 - Build Security In
TWISummit 2019 - Build Security InTWISummit 2019 - Build Security In
TWISummit 2019 - Build Security In
Thoughtworks
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
Symantec
 
Implementing CSIRT based on some frameworks and maturity model
Implementing CSIRT based on some frameworks and maturity modelImplementing CSIRT based on some frameworks and maturity model
Implementing CSIRT based on some frameworks and maturity model
Rakuten Group, Inc.
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
dino715195
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4
bpasdar
 
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsSecurely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Priyanka Aash
 
Brksec 2048-demystifying aci-security
Brksec 2048-demystifying aci-securityBrksec 2048-demystifying aci-security
Brksec 2048-demystifying aci-security
Cisco
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
Nilesh Sapariya
 

Similar to How to perform an Infrastructure Security Gap Analysis (20)

The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
 
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERSDRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 
Application Framework - Palo Alto Networks
Application Framework - Palo Alto NetworksApplication Framework - Palo Alto Networks
Application Framework - Palo Alto Networks
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
 
Cyber Security integration
Cyber Security integrationCyber Security integration
Cyber Security integration
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
 
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNsc42 security knights slayer of dragons 0-5_very_short_15m_share
Nsc42 security knights slayer of dragons 0-5_very_short_15m_share
 
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
Achieving Visibility, Security and Real-Time Actionable Alerts Using VPC Flow...
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slides
 
TWISummit 2019 - Build Security In
TWISummit 2019 - Build Security InTWISummit 2019 - Build Security In
TWISummit 2019 - Build Security In
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec Webinar | Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
Implementing CSIRT based on some frameworks and maturity model
Implementing CSIRT based on some frameworks and maturity modelImplementing CSIRT based on some frameworks and maturity model
Implementing CSIRT based on some frameworks and maturity model
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4Bat Blue Cloud Sec Presentation 4
Bat Blue Cloud Sec Presentation 4
 
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web AppsSecurely Deploying Micro Services, Containers & Serverless PaaS Web Apps
Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps
 
Brksec 2048-demystifying aci-security
Brksec 2048-demystifying aci-securityBrksec 2048-demystifying aci-security
Brksec 2048-demystifying aci-security
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 

Recently uploaded

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 

Recently uploaded (20)

Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 

How to perform an Infrastructure Security Gap Analysis

  • 1. 1 / 20 [How-To] Infrastructure Security Gap Analysis Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
  • 2. 2 / 20 #whoami Copyright © Carlo Dapino 2019 - All rights reserved - Almost 20 years of infrastructure security experience - Consulting and in-house experience evaluating infrastructure maturity (on-prem, multi-cloud, hybrid) - Threat model of complex Network Infrastructures (SDN/ NFV, SD-WAN, MPLS, etc.) - Specialized in DFIR - Survived the cyber security ninja era, evangelists and whatever the market decided to feed us with.... Carlo Dapino https://carlo.dapino.info
  • 3. 3 / 20 Tailored for... Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved - CISOs starting the evaluation of a new challenge - Cyber Security Architects - Security professionals zooming in or out of Infrastructure - Whoever wants to connect the dots and see the big security picture
  • 4. 4 / 20 A bit of Why history... Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved https://acklost.weebly.com/tech-blog/tmm-technical-threat-matrix 2 0 1 6
  • 5. 5 / 20 Issues with standard analysis approaches Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved - High Level Design can be specific to applications, cloud environments or not evaluating the connectivity link risks or technical differences across Function As Service Vs. PaaS Vs. Iaas - Gap Analysis producing gaps and findings but no clear actionable items to score maturity - Threat modeling is common in applications but less popular with Infrastructures - Gap Analysis result with actionable items are not owned by business different teams (network, application, etc) - Gap Analysis disconnected from a configuration standing point
  • 6. 6 / 20 Target Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved - Define an easy and repeatable methodology - Help to define a CISO and Security Architecture strategy and road map - Prioritise gaps and understand how to tune the security monitoring to cover areas of weakness - Define areas of investment and structure a cyber security budget items list - Define corrective actions in accordance with the business organization by skills/teams - Connect the dots, understand the attack surface, incident response capabilities and potential lateral movements
  • 7. 7 / 20 Let’s go! Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved High Level Design + Infra Threat Modeling + IAM/AAA Analysis + Security Maturity + Incident Response
  • 8. 8 / 20 ON-PREM Cloud BYOD //define building blocks ./start CloudCloud GCP AWS Azure Branch Offices VPN MPLSMPLS Dedicated Links VPN WAN Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
  • 9. 9 / 20 //analyse threats by connectivity ./links WAN MPLSVPN LAN Northbound Southbound West ● Ddos ● BGP attacks ● DNS Hijacking ● Public API attacks ● Etc, etc... East ● ARP spoofing ● VLAN hopping ● Internal threat ● Management access ● Golden tickets ● Lateral move ● Etc, etc... Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
  • 10. 10 / 20 //analyse Identity ./IAM Vs. AAA IDentity Provider (IDP) Authentication Authorization Accountability ● Centralized? => Behavioural analysis ● Federated? => 3rd party trusted domain ● SSON => 3rd party incident response ● Radius/TACACS+ network devices East West Northbound Southbound API token, Secrets, Appl. Tokens Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
  • 11. 11 / 20 ./how_to_glue_blocks l a y e r s Physical Data Link Network Presentation Application People / IAM Transport Session Assets & Data Switch Port Security MAC filtering, Vlan security DHCP, VPN, Firewall DLP, encription at rest, etc. Social Engineer, Internal threats, etc. TLS vulns, Application/Code vuln WAF/CDN bypass Subdomain take over Sys Admins Network & Infra teams DevOps, DEV teams, Infra teams HR, Audit, Monitoring, Sys Admins, etc.Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
  • 12. 12 / 20 ./cloud_visualization Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved //use Jericho cube model https://collaboration.opengroup.org/jericho/cloud_cube_model_v1.0.pdf
  • 13. 13 / 20 ./cloud_controls Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved //use CSA Cloud Control Matrix https://cloudsecurityalliance.org/research/working-groups/cloud-controls-matrix/
  • 14. 14 / 20 ./connect_dots Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved
  • 15. 15 / 20 ./readme Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved This is a technical methodology and it does require for each device a configuration review ....THIS IS NOT A RISK ANALYSIS!
  • 16. 16 / 20 ./incident_response Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved Paying a gym membership doesn’t make you an athlete.... (I discovered that!) ....in the same way.... ....having various security controls doesn’t give you incident response capabilities (people, processes, tools, skills, etc.) //score Incident response
  • 17. 17 / 20 ./score_DFIR Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved //score Incident response https://www.crest-approved.org/cyber-security-incident-response-maturity-assessment/index.html CREST - Cyber Security Incident Response Maturity Assessment https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-capabilities/csirt-maturity ENISA – SIM3 – CSIRT Maturity NIST Cyber Security Framework https://www.nist.gov/cyberframework https://www.soc-cmm.com/ SOC Capability Maturity Model
  • 18. 18 / 20 ./my2cents Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved - Security products directly connected to cloud, e.g. without reverse proxy, are potentially at risk of reverse shell, needs to be flagged and analysed. You can help yourself in this analysis using MITRE ATT&CK matrix - TLS v.1.3 issue in inspection or specific cloud TAP issues needs to be considered - API gw policy enforcement should be listed as a stand-alone control - NAT changing src.ip and VLAN not extended showing only gateway layer 2 info, should be flagged in the incident response capabilities matrix - DevOps CI/CD pipeline should be analysed and included in the analysis too, especially automation layers like Terraform, K8s, Ansible, etc....their (in)Security has to change the result of your analysis - Internal Threat is part of Layer8 analysis, don’t forget that layer...the same for Layer 0 (data and assets)
  • 19. 19 / 20 Thanks, if want to hear more Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved https://www.amazon.co.uk/Cyber-Security-Heads-up-Carlo-Dapino-ebook/dp/B082S5CQXK
  • 20. 20 / 20 ./Q&A Carlo Dapino https://carlo.dapino.info Copyright © Carlo Dapino 2019 - All rights reserved Contact me on LinkedIN https://www.linkedin.com/in/carlodapino