More Related Content Similar to Know Your Attacker - Core Security (20) More from Core Security (20) Know Your Attacker - Core Security1. P A G E ©2014 Co re Secur i t y
Know Your Attacker
Black Hat 2014 2. P A G E ©2014 Co re Secur i t y
Top 5: You Know You’re in Trouble When…
5. You’re asked to move the Active Directory server to an open part of the network to insure users can easily LOGIN
4. When you’re boss, who is responsible for security, asks you, “what type of security software do we use”
3. You respond with, “the freeware version of Malwarebytes Anti-Malware”
2. A press release states, “our IT system and security measures are in full compliance with industry practices.”
1. The 2nd press release states, “we were the victim of a sophisticated cyber attack operation.” 2
3. P A G E ©2014 Co re Secur i t y
Risk Introduced by Commercial Software
•
National Vulnerability Database (3 Month CVE Count)
Successful Exploits
Count
IBM
160
Microsoft
127
Oracle
121
Symantec
17
EMC
11 4. P A G E ©2014 Co re Secur i t y
“US City” Network Topology – High level view 4
5. P A G E ©2014 Co re Secur i t y
Could Running a Vuln. Scan Have Helped? 5
A total of about 100 systems….
Generates about 1,400 vulnerabilities 6. P A G E ©2014 Co re Secur i t y
Think Like An AttackerTM Insight 4.0 7. P A G E ©2014 Co re Secur i t y
Prioritized Attack Paths to Your Critical Assets 7
Vulnerable Database
Attack Point
Web Application Server
Further test and validate vulnerable systems on attack paths
Pivot or Escalation Point Print Server
Critical Business Asset
(Ex. credit card database) 8. P A G E ©2014 Co re Secur i t y
6.3M Vulnerability Data Points – Made Easy 8
9. P A G E ©2014 Co re Secur i t y
Core Security – Attack Intelligence
•
Attack Intelligence 9
Specialized security services
Advanced penetration testing, PCI compliance, app security
Commercial-grade penetration testing solution
Assess and test security vulnerabilities across network, web, mobile, Wi-Fi
Consolidate and prioritize vulnerabilities
Protect against the most likely threats based on what an attacker would do
Core Insight
Attack Intelligence Platform
Core Impact Pro
Core Security Consulting Services 10. P A G E ©2014 Co re Secur i t y
Thank You!