Threats from cyber attacks are increasing and becoming more sophisticated. Existing security tools and even next-generation tools are often ineffective at detecting advanced persistent threats. It is an asymmetrical conflict where defenders must focus on fundamentals like training employees, prioritizing security over compliance, and implementing defense-in-depth across endpoints, networks, data in transit, cloud systems, and internal systems to build a more defensible infrastructure and gain situational awareness of attacks. Continuous improvement is needed to counter evolving adversary techniques.
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Common WebApp Vulnerabilities and What to Do About ThemEoin Woods
With more and more services becoming internet-facing, web application security is now a problem for most of us. In response to this, the OWASP security community have been working for years to catalogue, understand and prioritise common web application vulnerabilities, published as the “OWASP Top 10 List”.
In this session, Eoin will review the OWASP Top 10 list to understand the vulnerabilities and dig into the implementation details of some of the more important of them to identify practical mitigations for them in our own applications.
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
5 ‘myths’ that can put the future of the mainframe at risk. How can the mainframe survive after 50 years of existence? How bright is the future? How secure is the mainframe?
When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems.
However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways.
My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty.
In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas:
– Weaknesses in Physical Security
– Susceptibility to Phishing
– Vulnerability Management Immaturity
– Weaknesses in Authentication
– Poor Network Segmentation
– Loose Data Access Control
– Terrible Host / Network Visibility
– Unwise Procurement & Security Spending Decisions
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Common WebApp Vulnerabilities and What to Do About ThemEoin Woods
With more and more services becoming internet-facing, web application security is now a problem for most of us. In response to this, the OWASP security community have been working for years to catalogue, understand and prioritise common web application vulnerabilities, published as the “OWASP Top 10 List”.
In this session, Eoin will review the OWASP Top 10 list to understand the vulnerabilities and dig into the implementation details of some of the more important of them to identify practical mitigations for them in our own applications.
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
5 ‘myths’ that can put the future of the mainframe at risk. How can the mainframe survive after 50 years of existence? How bright is the future? How secure is the mainframe?
When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems.
However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways.
My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty.
In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas:
– Weaknesses in Physical Security
– Susceptibility to Phishing
– Vulnerability Management Immaturity
– Weaknesses in Authentication
– Poor Network Segmentation
– Loose Data Access Control
– Terrible Host / Network Visibility
– Unwise Procurement & Security Spending Decisions
In a digital age of cloud computing and mobile systems; where cyber security, cyber crime and cyber war are part of the day-to-day vocabulary, how secure is the mainframe? Is it safe to assume that the mainframe is secure by default? Can we ignore the fact that the mainframe is just another platform in the great scheme of things? How vital is the mainframe and the data that it stores for you and your company?
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
This presentation addresses the requirements to protect the mainframe system from hackers. Common problems that need to be addressed, risks and mentalities that need to adapt to the new security realities.
Mainframe Security - It's not just about your ESM v2.2Rui Miguel Feio
In this session we will be taking a look at some of the other security controls available to help us protect our mainframe systems. Don’t be fooled by the non-mainframe folk who say the mainframe is fine, because it's behind a firewall.
We will discuss and encourage debate around a number of non ESM related security controls that should/must be used to protect our mainframe systems.
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. This talk will look at the history of embedded device insecurity. We’ll explore some real-world example of how devices are exploited (and attackers profited). You will also learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
Web application-security-and-why-you-should-review-yoursDavid Busby, CISSP
In this talk we will cover what is an attack surface and what you can do to limit it.
Acronym hell what does all these acronyms associated with security products mean and what do they mean?
Vulnerability media naming stupidity or driving the message home ?
Detection or Prevention avoiding the boy who cried wolf.
Emerging technologies to keep an eye on or even implement yourself to help improve your security posture.
2014 -> 2017 what's been going on, why have there been so many compromises ?
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
A robot, a ninja and a pirate get into a fight. The question is: who wins? While we can debate this question until the end of time, likely have fun in the process; it’s a waste of time. Who are the robots, ninjas and pirates in your environment? What roles do they play in the vulnerability management process? We debate how to build a vulnerability management program all the time, however we are still spinning our wheels. Unlike the robot, ninja, pirate battle, there are concrete facts that will help you build a successful program, and avoid smoke bombs, swords, and robot death rays. Who wins? Find out in this presentation and learn how to protect your booty.
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
In this talk I will quickly bring you up to speed on the history of embedded device insecurity. Next, we will look at a real-world example or two of how devices are exploited (And attackers profited). Finally, you will learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
You may have heard about this threat, one that has plagued our lives and networks for well over a decade. A problem so ubiquitous, it can't be ignored. Yet, this threat has a history of hiding in plain sight. Users are, for the most part, unaware of the dangers. Security researchers and the media have attempted to highlight this problem for years, without making an impact on improving security. However, vendors and users are still very much at risk and the problem is still largely being ignored by the masses. The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. The goal of this talk is to enable the audience to help raise awareness and influence the security of embedded systems in a positive way.
This presentation will take a high level look at the malware life cycle and the role that both hackers and IT professionals play in it. It should be interesting to IT professionals as well as individuals interested in learning more about the general approach used by hackers to gain unauthorized access to systems, applications, and sensitive data.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKelly Robertson
Have you ever wondered why our web apps, and mobile web apps in particular, are hard to secure?
Be sure to read the speakers notes in this presentation
In this lengthy presentation, you will observe where researchers and hackers corrupt the developer's intentions...then, you will look at the Good, the Bad and the Ugly of Secure Software Development, WAF considerations, and Mobile Device Management...
In a digital age of cloud computing and mobile systems; where cyber security, cyber crime and cyber war are part of the day-to-day vocabulary, how secure is the mainframe? Is it safe to assume that the mainframe is secure by default? Can we ignore the fact that the mainframe is just another platform in the great scheme of things? How vital is the mainframe and the data that it stores for you and your company?
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
This presentation addresses the requirements to protect the mainframe system from hackers. Common problems that need to be addressed, risks and mentalities that need to adapt to the new security realities.
Mainframe Security - It's not just about your ESM v2.2Rui Miguel Feio
In this session we will be taking a look at some of the other security controls available to help us protect our mainframe systems. Don’t be fooled by the non-mainframe folk who say the mainframe is fine, because it's behind a firewall.
We will discuss and encourage debate around a number of non ESM related security controls that should/must be used to protect our mainframe systems.
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. This talk will look at the history of embedded device insecurity. We’ll explore some real-world example of how devices are exploited (and attackers profited). You will also learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
Web application-security-and-why-you-should-review-yoursDavid Busby, CISSP
In this talk we will cover what is an attack surface and what you can do to limit it.
Acronym hell what does all these acronyms associated with security products mean and what do they mean?
Vulnerability media naming stupidity or driving the message home ?
Detection or Prevention avoiding the boy who cried wolf.
Emerging technologies to keep an eye on or even implement yourself to help improve your security posture.
2014 -> 2017 what's been going on, why have there been so many compromises ?
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Security Weekly
A robot, a ninja and a pirate get into a fight. The question is: who wins? While we can debate this question until the end of time, likely have fun in the process; it’s a waste of time. Who are the robots, ninjas and pirates in your environment? What roles do they play in the vulnerability management process? We debate how to build a vulnerability management program all the time, however we are still spinning our wheels. Unlike the robot, ninja, pirate battle, there are concrete facts that will help you build a successful program, and avoid smoke bombs, swords, and robot death rays. Who wins? Find out in this presentation and learn how to protect your booty.
The Internet of Insecure Things: 10 Most Wanted ListSecurity Weekly
In this talk I will quickly bring you up to speed on the history of embedded device insecurity. Next, we will look at a real-world example or two of how devices are exploited (And attackers profited). Finally, you will learn what we can do to help fix these problems and push the industry for a much higher level of security for devices affecting our daily lives.
You may have heard about this threat, one that has plagued our lives and networks for well over a decade. A problem so ubiquitous, it can't be ignored. Yet, this threat has a history of hiding in plain sight. Users are, for the most part, unaware of the dangers. Security researchers and the media have attempted to highlight this problem for years, without making an impact on improving security. However, vendors and users are still very much at risk and the problem is still largely being ignored by the masses. The Internet of Things (IoT) aims to makes our lives better, yet there is still no foundation for security controls on the devices that allow us to access the Internet, listen to music, watch television, control the temperature in our homes and more. The goal of this talk is to enable the audience to help raise awareness and influence the security of embedded systems in a positive way.
This presentation will take a high level look at the malware life cycle and the role that both hackers and IT professionals play in it. It should be interesting to IT professionals as well as individuals interested in learning more about the general approach used by hackers to gain unauthorized access to systems, applications, and sensitive data.
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKelly Robertson
Have you ever wondered why our web apps, and mobile web apps in particular, are hard to secure?
Be sure to read the speakers notes in this presentation
In this lengthy presentation, you will observe where researchers and hackers corrupt the developer's intentions...then, you will look at the Good, the Bad and the Ugly of Secure Software Development, WAF considerations, and Mobile Device Management...
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
Over the last few years, as the world has moved closer to realizing the idea of the Internet of Things, an increasing number of the analog things with which we used to interact every day have been replaced with connected devices. The increasingly-complex systems that drive these devices have one thing in common – they must all communicate to carry out their intended functionality. Such communication is handled by firmware embedded in the device. And firmware, like any piece of software, is susceptible to a wide range of errors and vulnerabilities.
Malware in the Wild: Evolving to Evade DetectionLastline, Inc.
Lastline co-founder and chief architect Engin Kirda presents new insights into malware in the wild including new research coming out of Lastline Labs on high resolution dynamic analysis of Windows kernel root kits at SXSW Interactive.
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
As sophisticated tools that combine static and dynamic analysis become more ubiquitous, cybercriminals are developing increasingly-evasive malware components that actively counteract analysis and behavior identification. Is this another arms race? Or is it possible to define, quantify, and identify "evasiveness" and use it as a way to detect malicious intent? This talk presents an overview of the problem and how it's been attacked from both industry and academia.
Nothing strikes fear into the heart of an engineer more than the installation of a firewall to achieve the laudable goal of defense-in-depth through network segmentation. Security teams demand the implementation of firewalls telling everyone, “It’s for compliance!” But the addition of firewalls and other security appliances (aka chokepoints) into an infrastructure infuriates network engineers who design to optimize speed and minimize latency. Sysadmins and DBAs are equally frustrated, because of the increased complexity in building and troubleshooting applications. So it’s down the rabbit hole we go trying to achieve the unachievable with everyone waxing rhapsodic for those bygone days when the end-to-end principle ruled the Internet. Is it really possible to have security coexist with operational efficiency? Organizations seem happy to throw money at technology and operations, but when it comes to policies and procedures, they fail miserably. This is the biggest problem with building a layered design. As engineers, if we don’t have clear policies as a set of requirements, how will we determine the appropriate network segmentation and protections to put in place? The answer lies in aligning network segmentation with an organizational data classification matrix and understanding that while compliance and security often overlap, they’re not the same.
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
Respond proactively to threats like a defense contractor. It’s more realistic than you might think!
A practical guide of how to build intelligence-driven cyber defenses using open source software, based on real implementations of best practices, adapted from the Lockheed Martin Cyber Kill Chain model.
Information Security: Advanced SIEM TechniquesReliaQuest
Joe Parltow, CISO, ReliaQuest (www.reliaquest.com) -We’ve all heard it before; SIEM is dead, defense is boring, logs suck, etc. The fact is having total visibility into what’s happening on your network is absolutely necessary and keeps you from having to answer questions like “How did you not know we were compromised for the past 6 months!” This talk focuses on advanced tips and tricks you can implement with your SIEM to give you better visibility into all areas of your environment. Also includes top secret, 1337 (ok maybe just average) code snippets.
An Introduction To IT Security And Privacy In LibrariesBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library
Corona| COVID IT Tactical Security Preparedness: Threat ManagementRedZone Technologies
Work from Home - Practical Advice on Operations and Security Impact and what to do about it.
DR and BCP Planning Ideas
Widening Attack Surface Solutions
Managing Threats Solutions
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...Izar Tarandach
How to do threat modeling in the age of Agile and DevOps. A practical methodology for teams focusing on developers. Also, an introduction to PyTM as a tool for threat-modeling-with-code.
We are surrounding with technology. The more we surround and integrate with technology the more we will be in risk our privacy data/online/internet/cyber. Not only you are in risk, your family and friend alos in risk. If we think I am not important person then that would be your great mistake. You are important to someone in somewhere in this world.
Mind it your daily life is watched by someone. So be conscious… remember Prevention is Better than cure.
Similar to Presentation infra and_datacentrre_dialogue_v2 (20)
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. World’s biggest Hack?
• They’ve lost...everything
• Was their security ”make believe”?
• Can they survive?
3. Defending enterprise IT
- Some best practices to mitigate
cyber attacks
Going Above
and Beyond Compliance
And staying away from Slide #1
4. About me
• Father of 3, happily married. I live in Luxembourg
• Head of IT for a Bank, and also independent IT/Infosec
consultant. Any opinions presented here are my own
and do not represent my employer.
• CISO-as-a-service, CIO-as-a-service
• Contributor to @TheAnalogies project (making IT and
Infosec understandable to the masses)
• Member of the I am the Cavalry movement – trying to
make connected devices worthy of our trust
• @ClausHoumann
• Find my work on slideshare
5. Cyber Security:
”State of the (European) Union”
• Threats are abundant and on the rise
• http://map.ipviking.com/ is a good way to illustrate/visualize this
• Existing tools, and even Next-Generation APT tools dont work:
– Examples: https://blog.mrg-effitas.com/wp-
content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf
– http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf
6.
7. Cyber Security:
”State of the (European) Union”
• Threats are abundant and on the rise
• http://map.ipviking.com/ is a good way to illustrate/visualize this
• Existing tools, and even Next-Generation APT tools dont work:
– Examples: https://blog.mrg-effitas.com/wp-
content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf
– http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf
• The job of Enterprise-Defender is as much sorting through vendor bullshit, trying
to not purchase crappy products while trying to build some actual skills
• Tools are not the solution
• No silver bullets exist
9. Cyber Security:
”State of the (European) Union”
• Threats are abundant and on the rise
• http://map.ipviking.com/ is a good way to illustrate/visualize this
• Existing tools, and even Next-Generation APT tools dont work:
– Examples: https://blog.mrg-effitas.com/wp-
content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf
– http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf
• The job of Enterprise-Defender is as much sorting through vendor bullshit, trying
to not purchase crappy products while trying to build some actual skills
• Tools are not the solution
• No silver bullets exist
• It’s an assymetrical conflict
11. Cyber Security:
”State of the (European) Union”
• Threats are abundant and on the rise
• http://map.ipviking.com/ is a good way to illustrate/visualize this
• Existing tools, and even Next-Generation APT tools dont work:
– Examples: https://blog.mrg-effitas.com/wp-
content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf
– http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf
• The job of Enterprise-Defender is as much sorting through vendor bullshit, trying
to not purchase crappy products while trying to build some actual skills
• Tools are not the solution
• No silver bullets exist
• It’s an assymetrical conflict
• A lot of companies fail to focus on the basics
• Train your people!
13. Cyber Security:
”State of the (European) Union”
• Threats are abundant and on the rise
• http://map.ipviking.com/ is a good way to illustrate/visualize this
• Existing tools, and even Next-Generation APT tools dont work:
– Examples: https://blog.mrg-effitas.com/wp-
content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf
– http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf
• The job of Enterprise-Defender is as much sorting through vendor bullshit, trying
to not purchase crappy products while trying to build some actual skills
• Tools are not the solution
• No silver bullets exist
• It’s an assymetrical conflict
• A lot of companies fail to focus on the basics
• Train your people!
• Do not rely on compliance for security
14. Compliance
• Is
• NOT
• Security
• Which any of you who ever attended a
Security conference will have already heard
• Compliance is preparing to fight yesteryears
war
15. Want to beat assymetricality?
Here’s how:
• A strategic approach to security leveraging
methods that work
16. Pyramids
- This one is Joshua Cormans.
Could be best definition of Defense-in-Depth
Defensible Infrastructure
Operational Excellence
Situational
Awareness
Counter-
measures
17. The Foundation
Defensible Infrastructure
Software and Hardware built as
”secure by default” is ideal
here. Rugged DevOps.
Your choices of tech impacts
you ever after
You must assemble carefully,
like Lego
Without backdoors or Golden Keys!
18. Mastery
Operational Excellence
Master all aspects of your Development,
Operations and Outsourcing. Train like the
Ninjas!
DevOps (Rugged DevOps)
Change Management
Patch Management
Asset Management
Information classification & localization
Basically, all the cornerstones of ITIL
You name it. Master it.
19. Gain the ability to handle situations correctly – Floodlights ON
Situational
Awareness
”People don’t write software anymore, they assemble it” Quote Joshua Corman.
-> Know which lego blocks you have in your infrastructure
-> Actionable threat intelligence
-> Automate as much as you can, example: IOC’s automatically fed from sources
into SIEM with alerting on matches
Are we affected by Poodle? Shellshock?
WinShock? Heartbleed? Should we patch now?
Next week? Are we under attack? Do we have
compromised endpoint? Are there anomalies
in our LAN traffic?
20. Counter that which you profit from
countering
• Decrease attacker ROI below critical threshold
by applying countermeasures
• Most Security tools fall within this category
• Limit spending until you’re laid the
foundational levels of the pyramid
Counter-
measures
Footnote: Cyber kill chain is patented by Lockheed Martin.
21. Mapping to other strategic approaches
Defensible Infrastructure
Operational Excellence
Situational
Awareness
Counter-
measures
Lockheed Martin patented
Nigel Wilson ->
@nigesecurityguy
24. Defensive hot zones
• Basketball and
other sports
analysis ->
• – FIND the
HOT zones of
your
opponents.
• Defend there.
25. Defensive hot zones
• Basketball and
other sports
analysis ->
• – FIND the
HOT zones of
your
opponents.
• Defend there.
26. Hot zones!
• You need to secure:
– The (Mobile) user/
endpoints
– The networks
– Data in transit
– The Cloud
– Internal systems
Sample protections added only, not the
complete picture of course
27. Best Practices – High level
• Create awareness – Security awareness training
• Increase the security budget
– Justify investments BEFORE the breach.
– It’s easier when you’re actually being attacked. But
too late.
• Use the Cyber Kill Chain model or Nigel Wilsons
”Defensible Security Posture” to gain capability to
thwart attackers
• Training, skills and people!
28. Hot zone 1: Endpoints
A safe dreamworld PC
• Microsoft EMET 5.1
• No Java
• No Adobe Flash Player/Reader
• No AV (that one is for you @matalaz)
• Kill all executable files on the Proxy layer (.exe .msi
etc.)
• (Not even needed but works if something evades the
above):
– Adblocking extension in browser
– Invincea FreeSpace/Bromium
Vsentry/Malwarebytes/Crowdstrike Falcon
29. Hot zone 1:
A real world PC
• Microsoft EMET 5.1
• Java
• Adobe Flash Player/Reader
• AV
• Executable files kill you, so use:
– Adblocking extension in browser
– Invincea FreeSpace/Bromium Vsentry/Malwarebytes/Crowdstrike
Falcon
– Secure Web Gateway
– White listing, black listing
– No admin credentials left behind
And then cross your fingers
30. Hot zone 1, more
• PC defense should include:
– Whitelisting
– Blacklisting
– Sandboxing
– Registry defenses
– Change roll-backs
– HIPS
– Domain policies
– Log collection and review
– MFA
– ACL’s/Firewall rules
– Heuristics detection/prevention
– DNS audit and protection
31. Hot zone 2:
The networks
• Baselining everything
• Spot anomalies
• Monitor, observe, record
• Advanced network level tools such as Netwitness,
FireEye, CounterAct
• Test your network resilience/security with fx Ixia
BreakingPoint
• Network Security Monitoring (NSM)
• Don’t forget the insider threat
32. Hot zone 3+4:
Data in Transit/Cloud
• Trust in encryption
• Remember you secure what you put in the cloud. The Cloud
provider doesn’t
• Great new mobile collaboration tools exist
• SaaS monitoring and DLP tools exist -> ”CloudWalls”
• Cloudcrypters
• CloudTrail, CloudWatch, Config-log/change-trackers, vuln.mgmt
• Story about the Vulnerability patched during Bash/Shellshock public
confusion period
• And this for home study: https://securosis.com/blog/security-best-
practices-for-amazon-web-services
36. Best practices
• Use EMET
• Use ad-blockers
• Use advanced endpoint mitigation tools like
Bromium Vsentry, Invincea FreeSpace,
Malwarebytes, Crowdstrike Falcon
• Identify potential attackers and profile them
37. A more defensible infrastructure
• Avoid expense in depth
• Research and find the best counter measures
• Open Source tools can be awesome for example
Suricata & Bro_IDS
• Full packet capture and Deep packet
inspection/Proxies for visibility
• KNOW WHAT’S GOING ON IN YOUR NETWORKS
• Watch and learn from attack patterns
39. Automate Threat Intelligence IOC
• Use multiple IOC feeds
• Automate daily:
– IOC feed retrival,
– Insertion into SIEM,
– Correlation against all-time logfiles,
– Alerting on matches
• Example: Splunk Splice can do parts of this
40. You need to ally up!
• Security and Infrastructure aren’t enemies
• Security and the office of the CIO aren’t
enemies
• Ally up & Bromance!
• Together, you can
make things more
defensible and
retain usability
41. • 5G: The rise of the Android DDoS’er. 1 gbit/s
connections from phones easily hacked. Obvious
threat?
• IPv6 – network reconnainsance surprisingly easily
done: https://tools.ietf.org/html/draft-ietf-opsec-ipv6-
host-scanning-04. Damn, no security through obscurity
to get there
• Countering Nation State Actors -> or more specifically
their TTP’s becomes a MUST. Because the bad guys will
learn from them & adapt their offense
Future threat trends
42. And the unexpected extra win
• Real security will actually make you compliant
in many areas of compliance
43. Q & A
• Ask me question, or I’ll ask you questions
44. Sources used
– http://www.itbusinessedge.com
– Heartbleed.com
– https://nigesecurityguy.wordpress.com/
– Lockheed Martins ”Cyber Kill Chain”
– Joshua Corman and David Etue from RSAC 2014
”Not Go Quietly: Surprising Strategies and
Teammates to Adapt and Overcome”
– Lego
Editor's Notes
Or join these
The Egyptians built their pyramids from the bottom up. Because, that’s how you build pyramids. Start there!
Laying a secure foundation matters supremely. History proves this
As with any art, practice makes master. So, Practice!
Automation is key for threat intelligence, threat detection and threat remediation
Dont start by blindly buying tools, do the basics, master it and work from there
In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables
In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables
In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables
In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables