SlideShare a Scribd company logo

IANS information security forum 2019 summary

Karun Chennuri
Karun Chennuri

Was part of IANS Information Security forum held at Seattle 2019. This is a summary of my leanings.

Software
1 of 9
Download to read offline
Table of Contents 1 IANS Information Security Forum 2019 Summary – Seattle.................................................................1 2 Executive Summary...............................................................................................................................1 3 Sessions.................................................................................................................................................3 3.1 The Cloud Security Maturity Roadmap.........................................................................................3 3.2 Hybrid Web App Pen Testing ........................................................................................................4 3.3 Container Security.........................................................................................................................6 3.4 Security Tools for a Multi-Platform Cloud Environment...............................................................7 3.5 Comparing Google to Big Cloud Providers....................................................................................8 4 Vendor presentations: ..........................................................................................................................9 5 Prize.......................................................................................................................................................9 1 IANS Information Security Forum 2019 Summary – Seattle Prepared By: Karun Chennuri Email: Karun.Chennuri1@T-Mobile.com 2 Executive Summary IANS Information Security Forums 2019 at Seattle (June 12 -13), had a lineup of following Keynote presenters: • John Visneski, CISO, The Pokemon Company o Phil Gardner, CEO IANS – interviewed John in this discussion o Various touch points on - What it takes to run a successful Security program, Why ROI is disappointing proposition while evaluating security, How security & privacy overlap - how companies succeed if they understand this! • Aaron Goldstein, Director, Endpoint Detection and Response, Tanium o Some of the common pitfalls that organizations run into, and how threat actors exploit these weaknesses o Walked through some Ransomware scenarios he/his team dealt with in the past, touched on how attackers act – Prior to Breach, During Breach o Importance of improving visibility and control via Proper Asset Discovery & Compliance assessments, Creating standard images, Implementing SOPs for common admin tasks (Automation).
o Emphasized “Test your response team” (When breach happens – this drill – gives an opportunity for teams to act, improve and better prepared during actual breach) o Twitter handle @badthingdaily for daily security incident news • Shannon Lietz, IANS o Securing software through “measurement”. Like all other – ilities, Security, too, must become a measurable capability in the art of deployed software. o Hooking up security scanners to the CI/CD pipeline (isn’t just enough, you need more) o Automation is key to solving major security issues – embrace CI/CD o Steps to DevSecOps: Identify & eliminate Security gates, Training barriers, Communication barriers, Compile/track known weaknesses, Security curation (reduce false positives), Continuous monitoring etc. • Gary Sockrider, Principal Security Technologist, NETSCOUT o Insights from the 14th Annual worldwide infrastructure security report o DDoS attack vectors, DNS pitfalls Some of the key take aways: • Measuring security is key tenet of Security operations – Challenging but do-able! • Cloud Security Maturity Model (CSMM) – one can still be successful without being level 5 across all domains of security domains • Predictive Prioritization is key topic in multiple vendor presentations, they all pointed towards how to focus on Vulnerabilities that matter the most! (Use of Data science and Predictive analysis)
3 Sessions 3.1 The Cloud Security Maturity Roadmap Cloud Tourists vs Cloud Natives: Cloud tourists deploy their existing operational models and frameworks onto a cloud service, losing most of the benefits of cloud. “LIFT and SHIFT” Typically due to lack of knowledge, institutional momentum, and arbitrary economic models. On the other hand, Cloud natives combine abstraction and automation for enhanced agility and increased security. Cloud Native Security Program Principles: APIs, Automation, Immutability & Isolation “Cloud Security Starts With Architecture, and Ends With Automation” – Rich Mogull, Securosis and IANS Faculty IANS developed “5 Levels of Cloud Security Maturity Model & 12 Categories across 3 Domains” 3 Domains: Procedural, Structural, Foundational Domains Note: Monitoring and logging of both cloud administrative activity (management plane) and assets within the cloud (networks, workloads, applications, data) 5 Levels of CSMM:
Advantages of Immutable Infrastructure: • Based on images and automatically deployed (eg: by an autoscale group) • Very easy to harden for security • Entire environment fully consistent, easy to rebuild/roll-back • Login disabled since changes won’t propagate to other instances Summary: • You can be successful without being Level 5 across all domains • It’s about constant improvement • Remember to START with Architecture • The focus on automation where and when practical • Data Security: Bring Your own Key (BYOK) • Embrace Chaos Engineering 3.2 Hybrid Web App Pen Testing Problem/Challenges: So many web app vulnerability scanners, so little time. Server side frameworks, client side frameworks, Highly scaled, decoupled web architectures and deployment Client side frameworks: Angular, React, Vue.js, Node.js etc Service side frameworks: Django, Ruby on Rails, Flask etc
Web Vulnerability Scanners: Acunetix, Netsparker, Burp Suite Pro, OWASP ZAP, Fiddler, W3AF Automation Only Approach for PT Manual-Only Approach for PT Advantages: Quick recon of attack surface area Wide coverage for low-hanging fruit Advantages: Detailed exploration of attack surface Recon results in deeper context-awareness Allows for custom attack development
Identifies possible starting point for deeper exploration Disadvantages: No user perspective context-awareness Prone to false positives More of a sledge hammer than a scalpel Disadvantages: Slow progress May only achieve limited application coverage More dependent on tester skill Need for Hybrid approach: • Start with one or more automated scanners • Very useful for app recon • While scanner is running, perform manual recon • Using results, manually verify individual issues o Helps eliminate false positives o Helps focus on what is important • Document all manual success and failure Tools: Burp Suite Pro, Firefox (Wappalyzer, Cookie modifiers, FoxyProxy, User agent string selector, Developer console), WPScan, Python programming 3.3 Container Security Few best practices: • Lock Down Container Hosts o Container run on a standard OS build ▪ Lock it down! & implement hardening standards o Update container services and patch o Limit OS user/group access to container services o Log everything from container services o Audit all container files/folders o Host IDS/IPS or anti-malware agent to be installed if possible (watch out performance!) • Enable auditing • Enable isolation and lead privilege • Enable runtime threat detection and response • Enable access controls: Use AppArmor and SELinux • Enable image provenance • Enable image Scanning • Look at guidance from sources like IANS, SANS and NIST (NIST 800-190)
Container Security Tools: • Docker Bench for security • Docker Cloud Scanner • Black Duck Security Checker • Twistlock • Aqua • Sysdig • CoreOS Clair 3.4 Security Tools for a Multi-Platform Cloud Environment Problem: Many organizations use numerous cloud providers in a hybrid configuration. What security controls are available in each environment? How to handle complexity and operational overhead of these varied controls? A Key Theme for Multi-Cloud: Centralization Do you have centralized: • Endpoint security tools • Configuration and patching tools and processes • Vulnerability scanning • Event collection and SIEM/analytics • Template-based infrastructure as code Some that will not be easy to centralize: • Encryption • All identity and access management (IAM), although directories should be • (more on that in a moment) • Automation Multi-Cloud Brokers (Network Connectivity and Admin): AT&T NetBond, Cloud Exchange Fabric. Problem with these solutions – very expensive!
Hypervisor Security Controls: • Foundational Controls, Hardening and configuration, Network access control, local firewall, Users and groups, SELinux and/or multitenant isolation measures, CSP controls Cloud Firewalls and Capabilities: • Palo Alto VM-Series (AWS, Azure, VMware vCloud Air) • Cisco ASAv (AWS and Azure) • Fortinet FortiGate VM (AWS and Azure) • Check Point vSEC (AWS and Azure) Other options • Network IDS and IPS in the cloud • Web Application Firewalls o Security as a Service (SecaaS) – Cloudflare, Akamai etc o AWS has a WAF natively available today o Azure has WAF controls in its Application Gateway • Cloud DLP • Network flow and Behavioral Monitoring (AWS VPC Flow Monitoring, Microsoft Network Security Group Flow Logs, Cisco Stealthwatch cloud) • HashiCorp’s Terraform – for IaaC • IAM, Identity as a service (IDaaS) • Encryption (CloudHSM Safenet, S3, EBS, KMS) • Event Monitoring (CloudTrail, Host Logs, Flow Logs) 3.5 Comparing Google to Big Cloud Providers Monitoring/Threat Detection: Native GCP (Stackdriver), Google Cloud Security Command Center, Cloud- based security data lake/security analytics
4 Vendor presentations: There were bunch of vendor presentations: • Kenna Security – “A Risk-Based Approach to Vulnerability Management” • Netscout – “Visibility without borders” • Cequence – “Bad actors and Bad bots: How they are exploiting your application infrastructure, and how you can stop them” • Tanium – Connecting security and IT operations through shared visibility • Expanse – Cloud care: Tracking Assets at your Network Edge • Tenable – Worlds first cyber exposure platform with predictive prioritization 5 Prize Won this :D END OF DOCUMENT

Recommended

VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 

Recommended

VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
Vmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicroVmug birmingham mar2013 trendmicro
Vmug birmingham mar2013 trendmicrodvmug1
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld
 
Why Security Teams should care about VMware
Why Security Teams should care about VMwareWhy Security Teams should care about VMware
Why Security Teams should care about VMwareJJDiGeronimo
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Six Steps to SIEM Success
Six Steps to SIEM SuccessSix Steps to SIEM Success
Six Steps to SIEM SuccessAlienVault
 
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...Symantec
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendArrow ECS UK
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsEnclaveSecurity
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introductionCalvin Lee
 
Log Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkPriyanka Aash
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure SecurityRicky Sanders
 
The Great Disconnect of Data Protection: Perception, Reality and Best Practices
The Great Disconnect of Data Protection: Perception, Reality and Best PracticesThe Great Disconnect of Data Protection: Perception, Reality and Best Practices
The Great Disconnect of Data Protection: Perception, Reality and Best Practicesiland Cloud
 
move-anti-virus
move-anti-virusmove-anti-virus
move-anti-virusAakash Chaturvedi
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Ryan Hodgin
 

More Related Content

What's hot

VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...Symantec
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Securitysyrinxtech
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceYury Chemerkin
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendArrow ECS UK
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsEnclaveSecurity
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introductionCalvin Lee
 
Log Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkPriyanka Aash
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesFrank Lesniak
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat Security Conference
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure SecurityRicky Sanders
 
The Great Disconnect of Data Protection: Perception, Reality and Best Practices
The Great Disconnect of Data Protection: Perception, Reality and Best PracticesThe Great Disconnect of Data Protection: Perception, Reality and Best Practices
The Great Disconnect of Data Protection: Perception, Reality and Best Practicesiland Cloud
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 

What's hot (20)

VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
TECHNICAL BRIEF: Using Symantec Endpoint Protection 12.1 to Protect Against A...
 
Virtualization Security
Virtualization SecurityVirtualization Security
Virtualization Security
 
AWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the ComplianceAWS Cloud Security From the Point of View of the Compliance
AWS Cloud Security From the Point of View of the Compliance
 
New Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - TrendNew Horizons for End-User Computing Event - Trend
New Horizons for End-User Computing Event - Trend
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
 
Cloud security introduction
Cloud security introductionCloud security introduction
Cloud security introduction
 
Log Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton ChuvakinLog Standards & Future Trends by Dr. Anton Chuvakin
Log Standards & Future Trends by Dr. Anton Chuvakin
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT Framework
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault In...
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure Security
 
The Great Disconnect of Data Protection: Perception, Reality and Best Practices
The Great Disconnect of Data Protection: Perception, Reality and Best PracticesThe Great Disconnect of Data Protection: Perception, Reality and Best Practices
The Great Disconnect of Data Protection: Perception, Reality and Best Practices
 
move-anti-virus
move-anti-virusmove-anti-virus
move-anti-virus
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 

Similar to IANS information security forum 2019 summary

Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Ryan Hodgin
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
GrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapGrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapJoel Cardella
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problemskiansahafi
 
Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool sangam biradar
 
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...CloudVillage
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeCloudHesive
 
Advanced Security Automation Made Simple
Advanced Security Automation Made SimpleAdvanced Security Automation Made Simple
Advanced Security Automation Made SimpleMark Nunnikhoven
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Security and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseSecurity and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseAmazon Web Services
 
Cloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceCloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceSoumitra Bhattacharyya
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickMichael Man
 

Similar to IANS information security forum 2019 summary (20)

Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
GrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the CheapGrrCon 2014: Security On the Cheap
GrrCon 2014: Security On the Cheap
 
Using Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security ProblemsUsing Analyzers to Resolve Security Problems
Using Analyzers to Resolve Security Problems
 
Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool
 
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)
 
Advanced Security Automation Made Simple
Advanced Security Automation Made SimpleAdvanced Security Automation Made Simple
Advanced Security Automation Made Simple
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Security and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseSecurity and Advanced Automation in the Enterprise
Security and Advanced Automation in the Enterprise
 
Cloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceCloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform Service
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security Brick
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutions
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 

IANS information security forum 2019 summary

  • 1. Table of Contents 1 IANS Information Security Forum 2019 Summary – Seattle.................................................................1 2 Executive Summary...............................................................................................................................1 3 Sessions.................................................................................................................................................3 3.1 The Cloud Security Maturity Roadmap.........................................................................................3 3.2 Hybrid Web App Pen Testing ........................................................................................................4 3.3 Container Security.........................................................................................................................6 3.4 Security Tools for a Multi-Platform Cloud Environment...............................................................7 3.5 Comparing Google to Big Cloud Providers....................................................................................8 4 Vendor presentations: ..........................................................................................................................9 5 Prize.......................................................................................................................................................9 1 IANS Information Security Forum 2019 Summary – Seattle Prepared By: Karun Chennuri Email: Karun.Chennuri1@T-Mobile.com 2 Executive Summary IANS Information Security Forums 2019 at Seattle (June 12 -13), had a lineup of following Keynote presenters: • John Visneski, CISO, The Pokemon Company o Phil Gardner, CEO IANS – interviewed John in this discussion o Various touch points on - What it takes to run a successful Security program, Why ROI is disappointing proposition while evaluating security, How security & privacy overlap - how companies succeed if they understand this! • Aaron Goldstein, Director, Endpoint Detection and Response, Tanium o Some of the common pitfalls that organizations run into, and how threat actors exploit these weaknesses o Walked through some Ransomware scenarios he/his team dealt with in the past, touched on how attackers act – Prior to Breach, During Breach o Importance of improving visibility and control via Proper Asset Discovery & Compliance assessments, Creating standard images, Implementing SOPs for common admin tasks (Automation).
  • 2. o Emphasized “Test your response team” (When breach happens – this drill – gives an opportunity for teams to act, improve and better prepared during actual breach) o Twitter handle @badthingdaily for daily security incident news • Shannon Lietz, IANS o Securing software through “measurement”. Like all other – ilities, Security, too, must become a measurable capability in the art of deployed software. o Hooking up security scanners to the CI/CD pipeline (isn’t just enough, you need more) o Automation is key to solving major security issues – embrace CI/CD o Steps to DevSecOps: Identify & eliminate Security gates, Training barriers, Communication barriers, Compile/track known weaknesses, Security curation (reduce false positives), Continuous monitoring etc. • Gary Sockrider, Principal Security Technologist, NETSCOUT o Insights from the 14th Annual worldwide infrastructure security report o DDoS attack vectors, DNS pitfalls Some of the key take aways: • Measuring security is key tenet of Security operations – Challenging but do-able! • Cloud Security Maturity Model (CSMM) – one can still be successful without being level 5 across all domains of security domains • Predictive Prioritization is key topic in multiple vendor presentations, they all pointed towards how to focus on Vulnerabilities that matter the most! (Use of Data science and Predictive analysis)
  • 3. 3 Sessions 3.1 The Cloud Security Maturity Roadmap Cloud Tourists vs Cloud Natives: Cloud tourists deploy their existing operational models and frameworks onto a cloud service, losing most of the benefits of cloud. “LIFT and SHIFT” Typically due to lack of knowledge, institutional momentum, and arbitrary economic models. On the other hand, Cloud natives combine abstraction and automation for enhanced agility and increased security. Cloud Native Security Program Principles: APIs, Automation, Immutability & Isolation “Cloud Security Starts With Architecture, and Ends With Automation” – Rich Mogull, Securosis and IANS Faculty IANS developed “5 Levels of Cloud Security Maturity Model & 12 Categories across 3 Domains” 3 Domains: Procedural, Structural, Foundational Domains Note: Monitoring and logging of both cloud administrative activity (management plane) and assets within the cloud (networks, workloads, applications, data) 5 Levels of CSMM:
  • 4. Advantages of Immutable Infrastructure: • Based on images and automatically deployed (eg: by an autoscale group) • Very easy to harden for security • Entire environment fully consistent, easy to rebuild/roll-back • Login disabled since changes won’t propagate to other instances Summary: • You can be successful without being Level 5 across all domains • It’s about constant improvement • Remember to START with Architecture • The focus on automation where and when practical • Data Security: Bring Your own Key (BYOK) • Embrace Chaos Engineering 3.2 Hybrid Web App Pen Testing Problem/Challenges: So many web app vulnerability scanners, so little time. Server side frameworks, client side frameworks, Highly scaled, decoupled web architectures and deployment Client side frameworks: Angular, React, Vue.js, Node.js etc Service side frameworks: Django, Ruby on Rails, Flask etc
  • 5. Web Vulnerability Scanners: Acunetix, Netsparker, Burp Suite Pro, OWASP ZAP, Fiddler, W3AF Automation Only Approach for PT Manual-Only Approach for PT Advantages: Quick recon of attack surface area Wide coverage for low-hanging fruit Advantages: Detailed exploration of attack surface Recon results in deeper context-awareness Allows for custom attack development
  • 6. Identifies possible starting point for deeper exploration Disadvantages: No user perspective context-awareness Prone to false positives More of a sledge hammer than a scalpel Disadvantages: Slow progress May only achieve limited application coverage More dependent on tester skill Need for Hybrid approach: • Start with one or more automated scanners • Very useful for app recon • While scanner is running, perform manual recon • Using results, manually verify individual issues o Helps eliminate false positives o Helps focus on what is important • Document all manual success and failure Tools: Burp Suite Pro, Firefox (Wappalyzer, Cookie modifiers, FoxyProxy, User agent string selector, Developer console), WPScan, Python programming 3.3 Container Security Few best practices: • Lock Down Container Hosts o Container run on a standard OS build ▪ Lock it down! & implement hardening standards o Update container services and patch o Limit OS user/group access to container services o Log everything from container services o Audit all container files/folders o Host IDS/IPS or anti-malware agent to be installed if possible (watch out performance!) • Enable auditing • Enable isolation and lead privilege • Enable runtime threat detection and response • Enable access controls: Use AppArmor and SELinux • Enable image provenance • Enable image Scanning • Look at guidance from sources like IANS, SANS and NIST (NIST 800-190)
  • 7. Container Security Tools: • Docker Bench for security • Docker Cloud Scanner • Black Duck Security Checker • Twistlock • Aqua • Sysdig • CoreOS Clair 3.4 Security Tools for a Multi-Platform Cloud Environment Problem: Many organizations use numerous cloud providers in a hybrid configuration. What security controls are available in each environment? How to handle complexity and operational overhead of these varied controls? A Key Theme for Multi-Cloud: Centralization Do you have centralized: • Endpoint security tools • Configuration and patching tools and processes • Vulnerability scanning • Event collection and SIEM/analytics • Template-based infrastructure as code Some that will not be easy to centralize: • Encryption • All identity and access management (IAM), although directories should be • (more on that in a moment) • Automation Multi-Cloud Brokers (Network Connectivity and Admin): AT&T NetBond, Cloud Exchange Fabric. Problem with these solutions – very expensive!
  • 8. Hypervisor Security Controls: • Foundational Controls, Hardening and configuration, Network access control, local firewall, Users and groups, SELinux and/or multitenant isolation measures, CSP controls Cloud Firewalls and Capabilities: • Palo Alto VM-Series (AWS, Azure, VMware vCloud Air) • Cisco ASAv (AWS and Azure) • Fortinet FortiGate VM (AWS and Azure) • Check Point vSEC (AWS and Azure) Other options • Network IDS and IPS in the cloud • Web Application Firewalls o Security as a Service (SecaaS) – Cloudflare, Akamai etc o AWS has a WAF natively available today o Azure has WAF controls in its Application Gateway • Cloud DLP • Network flow and Behavioral Monitoring (AWS VPC Flow Monitoring, Microsoft Network Security Group Flow Logs, Cisco Stealthwatch cloud) • HashiCorp’s Terraform – for IaaC • IAM, Identity as a service (IDaaS) • Encryption (CloudHSM Safenet, S3, EBS, KMS) • Event Monitoring (CloudTrail, Host Logs, Flow Logs) 3.5 Comparing Google to Big Cloud Providers Monitoring/Threat Detection: Native GCP (Stackdriver), Google Cloud Security Command Center, Cloud- based security data lake/security analytics
  • 9. 4 Vendor presentations: There were bunch of vendor presentations: • Kenna Security – “A Risk-Based Approach to Vulnerability Management” • Netscout – “Visibility without borders” • Cequence – “Bad actors and Bad bots: How they are exploiting your application infrastructure, and how you can stop them” • Tanium – Connecting security and IT operations through shared visibility • Expanse – Cloud care: Tracking Assets at your Network Edge • Tenable – Worlds first cyber exposure platform with predictive prioritization 5 Prize Won this :D END OF DOCUMENT