SlideShare a Scribd company logo

Risks vs real life

Download as PPTX, PDF
Mona Arkhipova
Mona Arkhipova

CISO forum X, 2017, Moscow, Russia

Technology
1 of 15
RISKS VS. REAL LIFE Mona Arkhipova Unit Manager of information security architecture and monitoring Acronis
PROPRIETARY AND CONFIDENTIAL 2PROPRIETARY AND CONFIDENTIAL 2 About me Unit Manager of information security architecture and monitoring, Acronis Past: • Head of SOC and OPS monitoring, Lead information security expert at QIWI group; • Security analyst at General Electric (GE Capital); • independent security consultant at fintech start-ups; • *nix systems and network administrator
PROPRIETARY AND CONFIDENTIAL 3PROPRIETARY AND CONFIDENTIAL 3 Traditional approach Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. - NIST 800-30 Risks management is the base for most part of security-related standards. But is it applicable to security in real life?
Prepare your perimeters
PROPRIETARY AND CONFIDENTIAL 5PROPRIETARY AND CONFIDENTIAL 5 Physical security Most widely used state to argue about internal systems’ security: “Why should we harden this asset/application/device? It’s for internal users only, no one can enter our office! There’s no risk!” There are many ”unbelievable” ways to get inside: • Shared areas in your business center • ”Comfortable” ways to less secure areas for employees • Good old social engineering
PROPRIETARY AND CONFIDENTIAL 6PROPRIETARY AND CONFIDENTIAL 6 Internal resources One more state to argue about internal systems security: “Why should we harden this asset/application/device? It’s for internal users only, everyone should be authorized to use those systems! The risk is low!” In many companies way inside is much easier than it could be imagined: • Lack of segmentation • Lack of controls on remote access • External-facing intranet portals • Oh, and one step back – physical security
PROPRIETARY AND CONFIDENTIAL 7PROPRIETARY AND CONFIDENTIAL 7 Test environments ”There’s no sensitive data, it is not production” Common mistakes: • Not (properly) segregated from internal network • Passwords/keys reuse • Core management systems links • Often DOES CONTAIN production data
PROPRIETARY AND CONFIDENTIAL 8PROPRIETARY AND CONFIDENTIAL 8 (Not so) good services Do you really rely on external services? • Had you ever reviewed information you send? • Aren’t you afraid to transfer your sensitive data to services with no formal background? • Do you believe to your security service providers’ employees like your own ones? • Do you have 3rd party security review?
Legacy systems
PROPRIETARY AND CONFIDENTIAL 10PROPRIETARY AND CONFIDENTIAL 10 Mission-critical systems ”We can not patch the system, it’s too critical, update would ruin it” • Good start point for your BCM program • Vulnerability and patch management declared by standards • One day it may ruin your business not only for security reasons • Human mistakes • Lack of expertise (delayed issues)
PROPRIETARY AND CONFIDENTIAL 11PROPRIETARY AND CONFIDENTIAL 11 Core Business Impact Code quality and less legacy directly affects business, especially based on in- house developed applications  Good code – stable and secure code  Stable code is the basic brick of overall service stability and availability  Stable HA service – good customer experience  Good customer experience brings more than just money.
Weakest link in your security chain
PROPRIETARY AND CONFIDENTIAL 13PROPRIETARY AND CONFIDENTIAL 13 Endpoints “I’m tired of all that weekly/monthly/quarter reboots” • Security is around data, not only a server somewhere • Old good software may be a great security risk • …as well as service tested on workstation for faster feedback/dev/PoC/whatever • What’s about lost devices, BYOD and remote access?
PROPRIETARY AND CONFIDENTIAL 14PROPRIETARY AND CONFIDENTIAL 14 Employees ”Our employees are loyal, we believe them” • Prepare for a lot of disappointment after DLP installation • Not all loyal employees stay loyal in crisis situations (or just local conflicts) • Not all “oldboys” are playing on your side • Unspoken things about contracts bribery and its detection • Not all companies have employment pre-checks and proper conflict of interests detection • Do you really know your data flows?
Questions? Mona Arkhipova Unit Manager of information security architecture and monitoring Mona@acronis.com /monaarkhipova

Recommended

Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsMona Arkhipova
 
QIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyQIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyMona Arkhipova
 
Enterprise Forensics 101
Enterprise Forensics 101Enterprise Forensics 101
Enterprise Forensics 101Mona Arkhipova
 
Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsSavvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersSavvius, Inc
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiNCCOMMS
 

Recommended

Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsMona Arkhipova
 
QIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyQIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyMona Arkhipova
 
Enterprise Forensics 101
Enterprise Forensics 101Enterprise Forensics 101
Enterprise Forensics 101Mona Arkhipova
 
Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsSavvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersSavvius, Inc
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiNCCOMMS
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius VigilSavvius, Inc
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Alexander Leonov
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Kirill Ermakov
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Endpoint Modeling 101 - A New Approach to Endpoint Security
Endpoint Modeling 101 - A New Approach to Endpoint SecurityEndpoint Modeling 101 - A New Approach to Endpoint Security
Endpoint Modeling 101 - A New Approach to Endpoint SecurityObservable Networks
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthKen Tulegenov
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
Practical Defense
Practical DefensePractical Defense
Practical DefenseSean Whalen
 
Security Essentials
Security EssentialsSecurity Essentials
Security EssentialsAshley Deuble
 
Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 

More Related Content

What's hot

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius VigilSavvius, Inc
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Alexander Leonov
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Kirill Ermakov
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?Priyanka Aash
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesAtif Ghauri
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSAlienVault
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Endpoint Modeling 101 - A New Approach to Endpoint Security
Endpoint Modeling 101 - A New Approach to Endpoint SecurityEndpoint Modeling 101 - A New Approach to Endpoint Security
Endpoint Modeling 101 - A New Approach to Endpoint SecurityObservable Networks
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsColorTokens Inc
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course contentShivamSharma909
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthKen Tulegenov
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
Practical Defense
Practical DefensePractical Defense
Practical DefenseSean Whalen
 

What's hot (20)

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
 
Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius Vigil
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...Let’s play the game. Yet another way to perform penetration test. Russian “re...
Let’s play the game. Yet another way to perform penetration test. Russian “re...
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
 
IDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDSIDS for Security Analysts: How to Get Actionable Insights from your IDS
IDS for Security Analysts: How to Get Actionable Insights from your IDS
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Endpoint Modeling 101 - A New Approach to Endpoint Security
Endpoint Modeling 101 - A New Approach to Endpoint SecurityEndpoint Modeling 101 - A New Approach to Endpoint Security
Endpoint Modeling 101 - A New Approach to Endpoint Security
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal FirewallsMicro-Segmentation for Data Centers - Without Using Internal Firewalls
Micro-Segmentation for Data Centers - Without Using Internal Firewalls
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
IDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in DepthIDC Security 2014, Endpoint Security in Depth
IDC Security 2014, Endpoint Security in Depth
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
 
Practical Defense
Practical DefensePractical Defense
Practical Defense
 
Security Essentials
Security EssentialsSecurity Essentials
Security Essentials
 

Similar to Risks vs real life

Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on VehiclesPriyanka Aash
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Extending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterExtending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterVeriato
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceDarren Argyle
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNorth Texas Chapter of the ISSA
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnSamuel Reed
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - IdealwareIdealware
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopMichele Chubirka
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?NTEN
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
 

Similar to Risks vs real life (20)

Hardware Security on Vehicles
Hardware Security on VehiclesHardware Security on Vehicles
Hardware Security on Vehicles
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Extending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterExtending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office Perimeter
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Cloud Security - Idealware
Cloud Security - IdealwareCloud Security - Idealware
Cloud Security - Idealware
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?The Cloud Beckons, But is it Safe?
The Cloud Beckons, But is it Safe?
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Risks vs real life

  • 1. RISKS VS. REAL LIFE Mona Arkhipova Unit Manager of information security architecture and monitoring Acronis
  • 2. PROPRIETARY AND CONFIDENTIAL 2PROPRIETARY AND CONFIDENTIAL 2 About me Unit Manager of information security architecture and monitoring, Acronis Past: • Head of SOC and OPS monitoring, Lead information security expert at QIWI group; • Security analyst at General Electric (GE Capital); • independent security consultant at fintech start-ups; • *nix systems and network administrator
  • 3. PROPRIETARY AND CONFIDENTIAL 3PROPRIETARY AND CONFIDENTIAL 3 Traditional approach Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. - NIST 800-30 Risks management is the base for most part of security-related standards. But is it applicable to security in real life?
  • 5. PROPRIETARY AND CONFIDENTIAL 5PROPRIETARY AND CONFIDENTIAL 5 Physical security Most widely used state to argue about internal systems’ security: “Why should we harden this asset/application/device? It’s for internal users only, no one can enter our office! There’s no risk!” There are many ”unbelievable” ways to get inside: • Shared areas in your business center • ”Comfortable” ways to less secure areas for employees • Good old social engineering
  • 6. PROPRIETARY AND CONFIDENTIAL 6PROPRIETARY AND CONFIDENTIAL 6 Internal resources One more state to argue about internal systems security: “Why should we harden this asset/application/device? It’s for internal users only, everyone should be authorized to use those systems! The risk is low!” In many companies way inside is much easier than it could be imagined: • Lack of segmentation • Lack of controls on remote access • External-facing intranet portals • Oh, and one step back – physical security
  • 7. PROPRIETARY AND CONFIDENTIAL 7PROPRIETARY AND CONFIDENTIAL 7 Test environments ”There’s no sensitive data, it is not production” Common mistakes: • Not (properly) segregated from internal network • Passwords/keys reuse • Core management systems links • Often DOES CONTAIN production data
  • 8. PROPRIETARY AND CONFIDENTIAL 8PROPRIETARY AND CONFIDENTIAL 8 (Not so) good services Do you really rely on external services? • Had you ever reviewed information you send? • Aren’t you afraid to transfer your sensitive data to services with no formal background? • Do you believe to your security service providers’ employees like your own ones? • Do you have 3rd party security review?
  • 10. PROPRIETARY AND CONFIDENTIAL 10PROPRIETARY AND CONFIDENTIAL 10 Mission-critical systems ”We can not patch the system, it’s too critical, update would ruin it” • Good start point for your BCM program • Vulnerability and patch management declared by standards • One day it may ruin your business not only for security reasons • Human mistakes • Lack of expertise (delayed issues)
  • 11. PROPRIETARY AND CONFIDENTIAL 11PROPRIETARY AND CONFIDENTIAL 11 Core Business Impact Code quality and less legacy directly affects business, especially based on in- house developed applications  Good code – stable and secure code  Stable code is the basic brick of overall service stability and availability  Stable HA service – good customer experience  Good customer experience brings more than just money.
  • 12. Weakest link in your security chain
  • 13. PROPRIETARY AND CONFIDENTIAL 13PROPRIETARY AND CONFIDENTIAL 13 Endpoints “I’m tired of all that weekly/monthly/quarter reboots” • Security is around data, not only a server somewhere • Old good software may be a great security risk • …as well as service tested on workstation for faster feedback/dev/PoC/whatever • What’s about lost devices, BYOD and remote access?
  • 14. PROPRIETARY AND CONFIDENTIAL 14PROPRIETARY AND CONFIDENTIAL 14 Employees ”Our employees are loyal, we believe them” • Prepare for a lot of disappointment after DLP installation • Not all loyal employees stay loyal in crisis situations (or just local conflicts) • Not all “oldboys” are playing on your side • Unspoken things about contracts bribery and its detection • Not all companies have employment pre-checks and proper conflict of interests detection • Do you really know your data flows?
  • 15. Questions? Mona Arkhipova Unit Manager of information security architecture and monitoring Mona@acronis.com /monaarkhipova

Editor's Notes

  1. Риск - возможность того, что произойдет определенное неблагоприятное событие, имеющее свою цену (размер ожидаемого ущерба) и вероятность наступления. Традиционный подход к рискам подразумевает модель угроз с учётом экспертной оценки и/или с учётом уже реализовавшихся рисков (пентест, редтим, факты). С какой частотой пересматривается?
  2. Аварийные лестницы, общие области с БЦ Удобные проходы для сотрудников (курилка, столовка и тп) Социнженерия – насколько осведомлены пользователи
  3. Проблемы сегментации Удаленный доступ (например простые пароли без 2fa) Порталы/сервисы для сотрудников наружу
  4. Опять проблемы сегментации, повторение ключей/паролей, связка с уже имеющимися системами
  5. Как часто пересматриваете информацию, которая отдается третьей сторне Вы не боитесь отдавать данные третьей стороне без юрлица/с непроверяемым юрлицом/просто по знакомству? А запускать скрипты? Персонал сервиса и ваши внутрение проверки Есть ли проверка третьей стороны, можете ли вы устроить аудит? GDPR и IP-адреса
  6. Обеспечение непрерывности бизнеса – ОНИВД, 242-П Продиктовано стандартами Иногда может грохнуться не только по причине уязвимостей (функц.баги) Человеческие ошибки Отдельной строкой – уход квалифицированных кадров, «незаменимых нет», передача менее квалифицированным без обучения, анекдот про три письма
  7. Для тех, у кого есть внутренняя разработка Best practices (SDLC/VPM) Code quality Product quality Service quality UX …Profit!
  8. На самом деле вообще не звено
  9. Трудности взаимодействия с пользователями при старте VPM Привычный софт (дырявый) Для ИТ-компаний – разработка сервисов/PoC на рабочих станциях Потерянные устройства, BYOD, удаленный доступ с домашних ПК
  10. Риски, которые никто не хочет документировать. Не стоит ставить DLP первым приоритетом, но будет много разочарований Не все лояльные сотрудники остаются лояльными (например когда бизнес продают или локальные конфликты) Не все дружбаны на вашей стороне О чём не принято говорить – торговля инсайдом, прозрачность закупок Конфликт интересов То же, что с третьими сторонами – потоки данных