The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond presented by Ben Dankers, SVP Security & Privacy Services for CynergisTek, and moderated by Mike McCune.
2. CTEK SUMMIT
2020
The Next Normal: New CTEK Services
Support Adapting in 2020 & Beyond
2
This Photo by by KariHak is licensed under CC BY 2.0
3. CTEK SUMMIT
2020
3
Ben Denkers
SVP of Security & Privacy Services, CynergisTek
• 20 years of experience information security and consulting from a variety of industries and
has been recognized as a frontline leader.
• An extensive track record of success delivering the vision, key leadership, and strategies to
take business performance and IT security to new levels of performance.
• Prior to CynergisTek, he was the VP of North America Consulting at Cylance.
4. CTEK SUMMIT
2020
Managed Security
Validation™Collaborative Evolution of CTEK Advantage Partner Program (CAPP)
Assess + Build &
Manage
Ability to Validate
Control
Effectiveness
Predictable
Budget
Dynamic &
Flexible 3-yr
Program
A Security & Privacy Journey to
Reduce Risk and Show
Progress Over Time
4
5. CTEK SUMMIT
2020
5
VALIDATE
Confirm the Effectiveness of
People, Processes & Technology
ASSESS
Identify Gaps & Define
the Go-Forward Roadmap
BUILD
Develop Policies
& Procedures
MANAGE
Outsource Responsibility
& Oversight
SECURITY & PRIVACY
JOURNEY
Managed Security Validation™
CTEK
Advantage
Partner
Program
(CAPP)Evolution of
CAPP to
Provide More
Advanced
Value-add
Services
Remediation
Roadmap with
Actionable Next
Steps & Support
6. CTEK SUMMIT
2020
Advanced
Offerings
6
CTEK Service To Support
Security Control
Validation
Assessment
Measuring the ROI and
Security Controls (or people,
technology)
API Sentry New Regulations Around
& Interoperability
24/7 Adversary
Validation
Increased Threat Landscape with
Normal (remote workforce,
ransomware & telehealth)
7. CTEK SUMMIT
2020
New Offering: Security Control
Validation Assessment (SCVA)
• CTEK leverages technology to test
implemented safeguards on their
effectiveness using real world attack
simulation.
• You will be able to gain insight into
which tools are providing protection
and where the gaps are. (ROI)
• Reliably prove detection and response
capabilities for both internal security
operations and managed security
service providers.
7
8. CTEK SUMMIT
2020
SVCA Self
Assessment:
• How do you know your if safeguards and controls are
configured or working as planned?
• Are you missing crucial technology in your stack or lacking
compensating controls?
• Is your SOC / MSSP identifying everything they should? Do
you have a way to validate?
• How would your technical controls hold up against a
ransomware attack, data exfiltration attempt or similar
threat?
8
This Photo by Unknown Author is licensed under CC BY-ND
9. CTEK SUMMIT
2020
How does a SCVA work?
9
1. Agent VMs ( ) are deployed in key
areas of the network.
2. Inoculated attacks are then sent
between agents across the
implemented safeguards. (firewall in
this example)
3. Logs are captured from the safeguard
or SIEM and analyzed.
4. Technology reports on whether the
safeguard missed or identified the
attack, logged the attack, and/or
prevented the attack.
5. Reports are aligned to the MITRE
ATT&CK framework for managing and
tracking
11. CTEK SUMMIT
2020
New Offering: API Sentry
• CTEK provides continuous and on
demand API testing capabilities.
• Testing is based on the actual API
business logic and custom playbooks
are then created to build the attack
chain.
• Findings and recommendations can be
fully implemented into a devops or
security ticketing solution.
• Quarterly strategic touchpoints help
ensure your API security program is
maturing.
1
1
Powered by APIsec
12. CTEK SUMMIT
2020
What is an API?
An application
program interface
(API) defines
business logic
that allows for
interaction
between services
and systems.
12
13. CTEK SUMMIT
2020
API Sentry “The
Need”
• Vulnerable API’s can lead to ePHI data
compromise.
• Traditional vulnerability scanning
methods do not identify or prevent risks.
• The skillset needed to assess is hard to
find and expensive to staff.
• Very Important: Providers and payers
need to be ready to share their most
protected patient data with 3rd party
applications. (Interoperability )
13
14. CTEK SUMMIT
2020
Have you ever reviewed
your APIs?
How does your security
program identify APIs in use?
Would you know if an API is
capable of being compromised?
If you’re developing applications
with APIs, how are you ensuring
APIs are secure?
API Sentry : Self Assessment
14
17. CTEK SUMMIT
2020
Continuous Attack
Validation
Attack Checkpoints
Customer has full
control over the
exploit lifecycle.
Agentless
Standalone attack
platform with no
agents to install.
Automated
Continuously running 24/7
and managed by the CTEK
RedTeam BrainTrust.
No False Positives
Results are parsed and
validated prior to
customer delivery to
ensure accuracy.
Robust Reporting
Reporting allows to
see what devices were
exploited and what
level of access was
granted.
Stable Exploitation
Only proven reliable
exploit code is used.
New Offering: 24/7 Adversary
Validation
17
18. CTEK SUMMIT
2020
Quick Level Setting…
Vulnerability Scanning:
Technology that utilizes a database of
findings to identify if systems and services
are potentially susceptible to vulnerabilities.
Pentesting:
The art of exploiting networks, applications
and other devices with the goal to identify
weakness in technology, processes or the
human element.
18
20. CTEK SUMMIT
2020
The Need: 24/7 Adversary Validation
20
• Remote workforce now equals a new breed of
threats.
• Attack surfaces are continually changing.
• Visibility is lacking as it relates to opportunities for
lateral movement and privilege escalation.
• Traditional methods of pentesting assessments are
only a point in time only.
• Budgeting for a Red/Purple team is expensive, and
resources are hard to come by.
21. CTEK SUMMIT
2020
How Does CTEK Solve the Problem?
• Automated and on demand 24/7
pentesting in your organization
managed by the CTEK Red Team
focus on active exploitation and
lateral movement.
• Access to the CTEK BrainTrust
who partners with you to provide
additional context and
remediation support as issues
and solutions are identified.
• Allows for prioritization of
remediation and integration into
ticketing solution to allow
organizations to track the
lifecycle.
21
22. CTEK SUMMIT
2020
Define The Attack Surface
Which network
segments do you want
to attack first?
01
Identify / Execute Exploit Paths
How can the exploit
be leveraged to move
laterally or aid in a
different attack chain?
Remediation Review
Track remediation as
it integrates within
your workflow.
05
Set Exploit Parameters
What do you want to
happen when an
exploit opportunity
has been identified?
02
Findings and Analysis Generation
Generate a report with
an analysis of the
hack.
04
Weekly / Quarterly Touch Points
Have access to the
CTEK Braintrust to
understand progress
and to help shape
focus.
0306
Service Overview
22