SlideShare a Scribd company logo

Rebooting the Enterprise Security Program for Defensibility - ISSA International 2013

Rafal Los
Rafal Los

These are the talk slides from ISSA International - discussing the need to reboot Enterprise Security to facilitate better defensibility, more intelligent security, and better operational capabilities.

TechnologyBusiness
1 of 48
Inconceivable! Rebooting the Enterprise Security Program for Defensibility Rafal M. Los – Principal, Strategic Security Services ISSA International 2013 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com
. whoami Rafal Los Principal, Strategic Security Services HP Enterprise Security Services Advisory group delivering on strategy, operationalization, and tactical response. Detect, Respond, Resolve in a meaningful way. Rafal@HP.com +1 (404) 606-6056 2 Rafal Los, Principal, Strategic Security Services, with HP Enterprise Security Services, brings a pragmatic approach to enterprise security. Combining nearly 15 years of technical, consulting and management skills in Information Security, Rafal draws on his extensive experience to help organizations build intelligent, defensible and operationally efficient security programs. He is an advocate for focus on sound security fundamentals and for the principles of "right defenses, right place, right reason". He is also a contributor to open standards and organizations - volunteering his time to groups such as OWASP and the Cloud Security Alliance. His blog, Following the White Rabbit, is his unique perspective on the various aspects of enterprise security, emerging technologies, and current events and can be found at http://hp.com/go/white-rabbit. Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization's security and riskmanagement strategy internally and externally. Rafal prides himself on being able to add a 'tint of corporate realism' to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill. © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Security Risk Defensibility © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
To quote Enigo Montoya: “You keep using that word, I do not think it means what you think it means.” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Security of yesterday © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Security of today © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
your current security is the equivalent of the Maginot Line © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
© Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
your enemy will attack where you are weak © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
meanwhile … © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
security must enable the enterprise © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
security must maximize enterprise resources © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
security must adjust to adversaries © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
HOW?! © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
let’s start with adjusting goals © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
we know secure is a myth © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
© Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
so what is more realistic? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Detect the incident Respond to the threat Resolve the issue © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
disrupt the attack(ers) © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
The adversary attack ecosystem Research Infiltration Discovery Their ecosystem Our enterprise Capture Exfiltration 21 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Discovery Their ecosystem Our enterprise Capture Exfiltration 22 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Their ecosystem Our enterprise Capture Exfiltration 23 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Our enterprise Capture Exfiltration 24 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Protecting the Capture target asset Our enterprise Exfiltration 25 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Protecting the Capture target asset Our enterprise Planning Exfiltration damage mitigation 26 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
I know what you’re thinking! © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
“Oh, great, more products?” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
maybe? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Products (alone) don’t solve this Security products don’t get fully implemented Processes and operational capabilities need to be developed Resources primarily spent on prevent Need to detect, respond, resolve 30 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
How well do you do BASICS? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
assets in your environment © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
changes to your environment © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
situational awareness and context © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
let’s do “security intelligence” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
structured + unstructured data sets refined analyzed data raw data intelligence © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Your logs are raw data © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
data analysis means… © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
finding this: © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
in this: © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
NON-TRIVIAL ACTIVITY © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
so now what? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
now you make decisions © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
in ‘real time’ © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Developing a scoring methodology (one way) 1 Tiered Scoring process 2 3 Threat Index (1~5) 2 potential impact • Human-based analysis of the threat – Severity 1 – Severe – Severity 2 – Urgent – Severity 3 – Important – Severity 4 – Low – Severity 5 – Inconsequential 3 1 applicability 45 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
The SPR Framework Measure & Improve • Part 1 • Assessment of business ‘criticals’ • Define ‘what’, ‘why’, ‘from whom’ for defensibility Baseline Triage • Part 2 • Mitigate immediate deficiencies • Identify and triage active threats • Part 3 • Define strategic ‘how’ • Align to organizational goals, needs, resources Tactics • Part 4 • Define tactical feedback • Strengthen tactical response Strategy Developed by: Rafal Los 46 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Measurably improving enterprise security 12-month plan to get you there Improve ability to detect, respond, resolve Implement strategy and measure effectiveness Develop a goal-oriented strategy Understand your current operational state 47 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Thank you © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com

Recommended

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
Rafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Rafal Los
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Enterprise Italia
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
HP Enterprise Italia
 
Moving beyond Vulnerability Testing
Moving beyond Vulnerability TestingMoving beyond Vulnerability Testing
Moving beyond Vulnerability Testing
Capgemini
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
 

Recommended

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
Rafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Rafal Los
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Enterprise Italia
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
HP Enterprise Italia
 
Moving beyond Vulnerability Testing
Moving beyond Vulnerability TestingMoving beyond Vulnerability Testing
Moving beyond Vulnerability Testing
Capgemini
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
CrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
CrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
CrowdStrike
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo
PivotalOpenSourceHub
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
Ben Ten (0xA)
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk
 
The New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure WorldThe New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure World
Eric Kavanagh
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
MarketingArrowECS_CZ
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
jenkoon
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
Imperva
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynoteMassTLC
 
Security asap
Security asapSecurity asap
Security asapmorisson
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...Tunde Ogunkoya
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
CBIZ, Inc.
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
Imperva
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015
Tunde Ogunkoya
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
NowSecure
 
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
Onapsis Inc.
 
SAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crimeSAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crime
Onapsis Inc.
 
Agile risk management
Agile risk managementAgile risk management
Agile risk managementAgileConsortiumINT
 

More Related Content

What's hot

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
CrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
CrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
CrowdStrike
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo
PivotalOpenSourceHub
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
Ben Ten (0xA)
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk
 

What's hot (8)

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
 

Similar to Rebooting the Enterprise Security Program for Defensibility - ISSA International 2013

The New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure WorldThe New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure World
Eric Kavanagh
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
MarketingArrowECS_CZ
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
jenkoon
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
Imperva
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynoteMassTLC
 
Security asap
Security asapSecurity asap
Security asapmorisson
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...Tunde Ogunkoya
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
CBIZ, Inc.
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
Imperva
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015
Tunde Ogunkoya
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
NowSecure
 
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
Onapsis Inc.
 
SAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crimeSAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crime
Onapsis Inc.
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziOscar Romano
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Jimmy Blake
 
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxviaForensics
 
Succeeding in the Age of Co-Creation
Succeeding in the Age of Co-CreationSucceeding in the Age of Co-Creation
Succeeding in the Age of Co-Creation
Florian Vollmer
 
Black swan decision making sikich 2014 rev 0
Black swan decision making sikich 2014 rev 0Black swan decision making sikich 2014 rev 0
Black swan decision making sikich 2014 rev 0Geary Sikich
 

Similar to Rebooting the Enterprise Security Program for Defensibility - ISSA International 2013 (20)

The New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure WorldThe New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure World
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
 
Security asap
Security asapSecurity asap
Security asap
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
 
SAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crimeSAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crime
 
Agile risk management
Agile risk managementAgile risk management
Agile risk management
 
Milton smith 2013
Milton smith 2013Milton smith 2013
Milton smith 2013
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
 
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linux
 
Succeeding in the Age of Co-Creation
Succeeding in the Age of Co-CreationSucceeding in the Age of Co-Creation
Succeeding in the Age of Co-Creation
 
Black swan decision making sikich 2014 rev 0
Black swan decision making sikich 2014 rev 0Black swan decision making sikich 2014 rev 0
Black swan decision making sikich 2014 rev 0
 

More from Rafal Los

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
 
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
Rafal Los
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Rafal Los
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
Rafal Los
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Rafal Los
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security Metrics
Rafal Los
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Rafal Los
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Rafal Los
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
Rafal Los
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
Rafal Los
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
Rafal Los
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
Rafal Los
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
Rafal Los
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
Rafal Los
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Rafal Los
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Rafal Los
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
Rafal Los
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Rafal Los
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Rafal Los
 

More from Rafal Los (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security Metrics
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3
 

Recently uploaded

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 

Recently uploaded (20)

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 

Rebooting the Enterprise Security Program for Defensibility - ISSA International 2013

  • 1. Inconceivable! Rebooting the Enterprise Security Program for Defensibility Rafal M. Los – Principal, Strategic Security Services ISSA International 2013 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com
  • 2. . whoami Rafal Los Principal, Strategic Security Services HP Enterprise Security Services Advisory group delivering on strategy, operationalization, and tactical response. Detect, Respond, Resolve in a meaningful way. Rafal@HP.com +1 (404) 606-6056 2 Rafal Los, Principal, Strategic Security Services, with HP Enterprise Security Services, brings a pragmatic approach to enterprise security. Combining nearly 15 years of technical, consulting and management skills in Information Security, Rafal draws on his extensive experience to help organizations build intelligent, defensible and operationally efficient security programs. He is an advocate for focus on sound security fundamentals and for the principles of "right defenses, right place, right reason". He is also a contributor to open standards and organizations - volunteering his time to groups such as OWASP and the Cloud Security Alliance. His blog, Following the White Rabbit, is his unique perspective on the various aspects of enterprise security, emerging technologies, and current events and can be found at http://hp.com/go/white-rabbit. Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization's security and riskmanagement strategy internally and externally. Rafal prides himself on being able to add a 'tint of corporate realism' to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill. © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 3. Security Risk Defensibility © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 4. To quote Enigo Montoya: “You keep using that word, I do not think it means what you think it means.” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 5. Security of yesterday © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 6. Security of today © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 7. your current security is the equivalent of the Maginot Line © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 8. © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 9. your enemy will attack where you are weak © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 10. meanwhile … © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 11. security must enable the enterprise © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 12. security must maximize enterprise resources © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 13. security must adjust to adversaries © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 14. HOW?! © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 15. let’s start with adjusting goals © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 16. we know secure is a myth © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 17. © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 18. so what is more realistic? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 19. Detect the incident Respond to the threat Resolve the issue © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 20. disrupt the attack(ers) © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 21. The adversary attack ecosystem Research Infiltration Discovery Their ecosystem Our enterprise Capture Exfiltration 21 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 22. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Discovery Their ecosystem Our enterprise Capture Exfiltration 22 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 23. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Their ecosystem Our enterprise Capture Exfiltration 23 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 24. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Our enterprise Capture Exfiltration 24 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 25. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Protecting the Capture target asset Our enterprise Exfiltration 25 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 26. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Protecting the Capture target asset Our enterprise Planning Exfiltration damage mitigation 26 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 27. I know what you’re thinking! © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 28. “Oh, great, more products?” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 29. maybe? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 30. Products (alone) don’t solve this Security products don’t get fully implemented Processes and operational capabilities need to be developed Resources primarily spent on prevent Need to detect, respond, resolve 30 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 31. How well do you do BASICS? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 32. assets in your environment © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 33. changes to your environment © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 34. situational awareness and context © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 35. let’s do “security intelligence” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 36. structured + unstructured data sets refined analyzed data raw data intelligence © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 37. Your logs are raw data © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 38. data analysis means… © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 39. finding this: © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 40. in this: © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 41. NON-TRIVIAL ACTIVITY © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 42. so now what? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 43. now you make decisions © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 44. in ‘real time’ © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 45. Developing a scoring methodology (one way) 1 Tiered Scoring process 2 3 Threat Index (1~5) 2 potential impact • Human-based analysis of the threat – Severity 1 – Severe – Severity 2 – Urgent – Severity 3 – Important – Severity 4 – Low – Severity 5 – Inconsequential 3 1 applicability 45 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 46. The SPR Framework Measure & Improve • Part 1 • Assessment of business ‘criticals’ • Define ‘what’, ‘why’, ‘from whom’ for defensibility Baseline Triage • Part 2 • Mitigate immediate deficiencies • Identify and triage active threats • Part 3 • Define strategic ‘how’ • Align to organizational goals, needs, resources Tactics • Part 4 • Define tactical feedback • Strengthen tactical response Strategy Developed by: Rafal Los 46 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 47. Measurably improving enterprise security 12-month plan to get you there Improve ability to detect, respond, resolve Implement strategy and measure effectiveness Develop a goal-oriented strategy Understand your current operational state 47 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 48. Thank you © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com

Editor's Notes

  1. A debit card processing company was breached in India.  To breach into these companies, it is likely that profiles were developed on key employees… There are experts who build profilesI want to attack company X. I find out who the top execs are. I might go on LinkedIn. I look at their Facebook posts. I know his friends. Places he’s been. Restaurants he checks into. Find out what he likes to do. It makes the victim easy to attack because the profiler know things about him or her that not many people should know.If you are an expert profiler, you can build these profiles and sell them on the black market, i.e, the internet to the highest bidder. I have 10 profiles from company X. Who wants them? Hackers buy these profiles because it is more efficient than doing the profiling themselves. It will take way less time to buy them than build them myself. These hackers then breached the company.  They might have used a phishing attack and installed malware to break into the network and use the employee’s credentials. They may build their own toolkits. Or go online and rent bot.net networks for $18/day. Or buy a Zeus kit for $7K or so. They only had to be right once.  It could be likely that after these companies were breached that these hackers raised their hand and sold these breach points to the highest bidder. I have 50 access points. Who wants to buy that? After the breach, we don’t know how long the adversary was there.  It could have been months… years?  Then the person who’s really good at using those access points, figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create this map… They raise their hand. Sell it on the Internet and sell it to the next person.Eventually they criminals were able to access some critical databases and change the account profile including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party.  And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.  This information is monetized and feeds this entire ecosystem. Are there vertically integrated bad guys? Yes. Nation states, large criminal organizations. But is someone is more efficient and more effective at doing one of those stages, why wouldn’t you just buy it? When talking about cyber security, we focus too much on the specific actors, whether state-sponsored, a “hacktivist” or a cyber criminal. We need to focus on the full marketplace in which these actors participate. The market organizes these actors around the market processes for breach, enabling disparate parties to collaborate. As actors specialize in this marketplace – in order to make more money – innovation is extraordinary. This criminal ecosystem is much more efficient at creating, sharing and acting on the security intelligence than the ecosystem that exists to defend our customers. The standardization of Security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary. No framework discussed in committee will be able to evolve as fast as a marketplace. We need to build our response in a way that disrupts the adversary at every step of their process.
  2. For us, we need to define a new defense in depth. New defense in depth. Build our capabilities at each stage of their value chain. Obviously we do some of these things.We teach people how to be less vulnerable. How do you go on the internet without clicking on the links that will download the latest virus to your laptop. You are only as secure as the behavior of your employees. We need to do more work here.We spend money building capabilities trying how to keep the adversary out of the organization. We may stop 10,000 attacks, but they only have to be right 1 time. And, they are extremely good at evading us.
  3. For us, we need to define a new defense in depth. New defense in depth. Build our capabilities at each stage of their value chain. Obviously we do some of these things.We teach people how to be less vulnerable. How do you go on the internet without clicking on the links that will download the latest virus to your laptop. You are only as secure as the behavior of your employees. We need to do more work here.We spend money building capabilities trying how to keep the adversary out of the organization. We may stop 10,000 attacks, but they only have to be right 1 time. And, they are extremely good at evading us.
  4. We need to look at solutions that help us determine that something is afoot. In building out the capabilities for disrupting the discovery and capture stages, Big data and the ability to process large data sets in real time and at scale is powerful. We need to look at the data that you have in your organization to find something that is unusual. If a verified employee, i.e., the individual who’s profile was hacked, starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off. Now, what these criminals are looking for is your critical data. IP, customer information, etc.  What are you doing to protect your critical data? Is it encrypted? You should know when it is being moved. Accessed inappropriately or being sent outside the organization in an email, a post on a Facebook account or stored on cloud storage. The increase in the types of information that can be correlated from all over the enterprise and from data outside the enterprise is phenomenal. Organizations are monitoring the cyber black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders. Finally, the adversary will beat us at some point. What capabilities do we have for responding after they have won.
  5. We need to look at solutions that help us determine that something is afoot. In building out the capabilities for disrupting the discovery and capture stages, Big data and the ability to process large data sets in real time and at scale is powerful. We need to look at the data that you have in your organization to find something that is unusual. If a verified employee, i.e., the individual who’s profile was hacked, starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off. Now, what these criminals are looking for is your critical data. IP, customer information, etc.  What are you doing to protect your critical data? Is it encrypted? You should know when it is being moved. Accessed inappropriately or being sent outside the organization in an email, a post on a Facebook account or stored on cloud storage. The increase in the types of information that can be correlated from all over the enterprise and from data outside the enterprise is phenomenal. Organizations are monitoring the cyber black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders. Finally, the adversary will beat us at some point. What capabilities do we have for responding after they have won.
  6. We need to look at solutions that help us determine that something is afoot. In building out the capabilities for disrupting the discovery and capture stages, Big data and the ability to process large data sets in real time and at scale is powerful. We need to look at the data that you have in your organization to find something that is unusual. If a verified employee, i.e., the individual who’s profile was hacked, starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off. Now, what these criminals are looking for is your critical data. IP, customer information, etc.  What are you doing to protect your critical data? Is it encrypted? You should know when it is being moved. Accessed inappropriately or being sent outside the organization in an email, a post on a Facebook account or stored on cloud storage. The increase in the types of information that can be correlated from all over the enterprise and from data outside the enterprise is phenomenal. Organizations are monitoring the cyber black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders. Finally, the adversary will beat us at some point. What capabilities do we have for responding after they have won.
  7. How the SPR framework looks at your organization, to analyze and devise a forward-moving plan for measureable improvement.