SlideShare a Scribd company logo

Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps

Skybox Security
Skybox Security

If you’re tasked with keeping your enterprise network infrastructure secure against cyber attacks, then you’d better start thinking like a hacker. Do you know what your network looks like? Where are all the access points? Can you create a short list of the most vital vulnerabilities a hacker could exploit? And how long does it take you to get this info? Days? Weeks? Never? In this webcast, we will discuss a practical game plan to continuously monitor your cyber security status and proactively fix concerns before they become a data breach or attack. Learn how to minimize risks by combining a detailed understanding of your network topology, cyber threats, and likely attack scenarios with everyday security management processes. This webcast is appropriate for firewall and network administrators, IT security managers, and CISOs in medium to large business and government agencies. We will examine: • Network mapping – How to create a virtual network model to use for security architecture planning and policy compliance checks • Access analysis – Ways to identify all network access routes , to block unauthorized access and quickly troubleshoot network availability issues • Securing the perimeter – Enable daily checks of firewalls and network devices to keep them configured securely • Attack simulation – Find and fix the vulnerabilities most likely to be used in an attack – every day

Technology
1 of 29
Download to read offline
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps • Michelle Johnson Cobb • VP, Marketing and BD • March 15, 2012 • SANS webcast © 2012 Skybox Security
Skybox Security Overview Leading Security Risk Management Solutions • Automated Firewall Management • Continuous Network Compliance • Risk and Vulnerability Management Unique, High-Performance Technology • Network Modeling • Access Path Analysis • Attack Simulation Proven in Demanding Network Environments • 6 of the top 10 banks, 5 of the 10 largest NATO members • Financial Services, Retail, Energy, Government, Defense, Retail, Telecommunications, Manufacturing, Technology © 2012 Skybox Security 2
Preventing Attacks is not Trivial • 300 firewalls • 25,000 rules • 250 routers/gateways • 55,000 nodes • 65 daily network changes • 10,000 daily reported vulnerabilities • Infrastructure spanning three continents © 2012 Skybox Security 3
First… Think Like a Hacker Pre-Attack Gather info on Or Find and Fix to network topology Reconnaissance? Prevent Attack? Find access paths Find exploitable vulnerabilities Hacker toolkit: Security Manager Wireshark, nmap, toolkit: Nessus, netcat, Try out attack Snort, Google, John scenarios the Ripper, etc. © 2012 Skybox Security 4
Building a Network Model Gather info on network topology Automatically import data from network devices, management systems Firewall Router Load IPS Vulnerability Patch Balancer Scanner © 2012 Skybox Security 5
Feeding the Network Model Gather info on network topology Must be imported, normalized, correlated © 2012 Skybox Security 6
How is the Model Created? Gather info on network topology • Import topology data • Device configs • Routing tables • Automatically create a hierarchical model tree, grouping hosts by TCP/IP network • Add function, location, type • Analyze model to detect missing info – hosts, ACLs, routing rules for gateways © 2012 Skybox Security 7
Comprehensive Network Model Gather info on network topology • Normalized view of the network security situation • Visualize entire network • Updated continuously • 3 models: Live, Forensic, and What-if © 2012 Skybox Security
Virtual “Sandbox” for Complex Security Analysis Analyze access paths Prioritize exposed vulnerabilities Find device misconfigurations © 2012 Skybox Security
Now - Check the Firewalls! Find access paths • Analyze firewall rule base against policies/best practices (NIST, PCI…) • Identify risky rules • Uniform policy for all firewalls
Access Analyzer Finds all Paths Find access paths • Complete End-to- End path analysis • Highlighting ACL’s and routing rules • Supports NAT, VPN, Dynamic Routing and Authenticated rules
Determine Rules Allowing Access Find access paths • Find blocking or allowing devices • Show rules involved • View routes
Check for Access Policy Violations Find access paths • Define what is allowed, limited and denied between Security Zones • Compliance Metrics • Violating Rules • Exceptions • Multiple policies • Dashboard
Exploitable Vulnerabilities? Start with the scan… Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490
Add Skybox Vulnerability Dictionary Content Find exploitable vulnerabilities • Collects vulnerability data from multiple sources (scanners, published repositories, threat feeds) • Represent vulnerabilities in standard format • Adds severity, degree of difficulty, commonality of exploit and attack impact (CIA) • Models pre-conditions for exploitation – used in attack simulation © 2012 Skybox Security 15
Look at Potential Threat Origins Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Compromised Partner
Simulate all Possible Attacks Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Attack Compromised Simulations Partner
How Attack Simulation Works Connectivity Path Probable attack vector to Finance servers asset group This attack is a “multi-step” attack, crossing several network zones Business Impact Attack Vector How to Block Potential Attack? © 2012 Skybox Security
Quantify and Prioritize Risks Vulnerability (CVSS Score & CIA Impact) + Exposure (Threat Origins & Network) + Business Impact (CIA Impact and Asset Importance) {Attack Simulation} Risk
Plan Defensive Strategy Most Critical Actions Vulnerabilities Threats © 2012 Skybox Security
Skybox Security Portfolio Firewall Assurance Network Assurance Risk Control Automated firewall Network compliance and Identify exposed analysis and audits access path analysis vulnerabilities Change Manager Threat Manager Complete firewall Workflow to address change workflow new threats © 2012 Skybox Security 21
Remote Buffer Overflow Attack Steps 1. Buffer overflow vulnerability MS11-004 on FTP server in DMZ 2. Exploit to gain root control on the FTP server 3. FTP server trust relations with DNS server in core network 4. DNS server running Free BSD has BIND vulnerability - enables control of DNS server 5. Finance server compromised. Significant damage or data loss
Prevent a Buffer Overflow Attack • Skybox Risk Control identifies attack paths Buffer Overflow Attack • Attack simulation reveals a small number of exposed vulnerabilities • Skybox issues urgent ticket request to patch the FTP server • Security team patches a single vulnerability to block potential attack and reduce high risk of Financial Server compromise © 2012 Skybox Security 23
Firewall Bypass Attack Steps 1. DMZ firewall allowed access through TCP port Firewall Bypass 443 to internal network (which might be okay) 2. A misconfigured load balancer rule performed NAT to TCP port 80 3. Allowing port 80 access to the development network – a very risky situation © 2012 Skybox Security 24
Preventing the Firewall Bypass Attack • Skybox Firewall Assurance automatically finds risky rules and configs in firewalls • Skybox Network Assurance creates up-to-date network model and checks rest of layer 3 devices - load balancers, switches, routers • Skybox checks policy rules such as: “No access from Internet to Internal except …” • End-to-end access path analysis – every possible path • Skybox issues tickets to address violations reported
Client-Side Attack Steps User opens infected email attachment or clicks link to a A vulnerability or misconfig malicious or hacked website on desktops is exploited and malware is installed Malware enables attacker to collect data from machine, continue attack within the network, and send data back to attacker Source: SANS Tutorial: HTTP Client-side Exploit
Preventing a Client-Side Attack EMEA region at highest risk Retrieve exact list of vulnerable hosts Remediate in order Adobe Reader 9.x and of risk impact 8.x contribute the majority of the risk (76%)
Best Practices to Prevent Attacks Get the comprehensive Find security gaps network view every day Prioritize by Validate changes Automate security risk level in advance processes © 2012 Skybox Security 28
Time for Questions Thank You! www.skyboxsecurity.com © 2012 Skybox Security

Recommended

Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
ebusinessmantra
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is all
PECB
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCP
Karthikeyan Dhayalan
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
Forcepoint LLC
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
Digital Shadows
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 

Recommended

Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
ebusinessmantra
 
Information security – risk identification is all
Information security – risk identification is allInformation security – risk identification is all
Information security – risk identification is all
PECB
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
Sam Bowne
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
CISSP Chapter 1 BCP
CISSP Chapter 1 BCPCISSP Chapter 1 BCP
CISSP Chapter 1 BCP
Karthikeyan Dhayalan
 
Forcepoint Advanced Malware Detection
Forcepoint Advanced Malware DetectionForcepoint Advanced Malware Detection
Forcepoint Advanced Malware Detection
Forcepoint LLC
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
Digital Shadows
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
Karthikeyan Dhayalan
 
8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016
Lance Peterman
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Nist.sp.800 61r2
Nist.sp.800 61r2Nist.sp.800 61r2
Nist.sp.800 61r2
Jesús Yustas Romo
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
Nikhil Soni
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
CISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyCISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network Topology
Karthikeyan Dhayalan
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
Lenur Dzhemiliev
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
SnapComms
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
Aruba, a Hewlett Packard Enterprise company
 
Network Management Fundamentals
Network Management FundamentalsNetwork Management Fundamentals
Network Management Fundamentals
SolarWinds
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
Mauricio Velazco
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
Karthikeyan Dhayalan
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
Kiran Kumar
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl
 
Alphorm.com Formation Logpoint SIEM: Le guide complet
Alphorm.com Formation Logpoint SIEM: Le guide completAlphorm.com Formation Logpoint SIEM: Le guide complet
Alphorm.com Formation Logpoint SIEM: Le guide complet
Alphorm
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Anindya Ghosh,
 

More Related Content

What's hot

8 Access Control
8 Access Control8 Access Control
8 Access Control
Alfred Ouyang
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016
Lance Peterman
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
Aruba, a Hewlett Packard Enterprise company
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
Virginia Fernandez
 
Nist.sp.800 61r2
Nist.sp.800 61r2Nist.sp.800 61r2
Nist.sp.800 61r2
Jesús Yustas Romo
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
Nikhil Soni
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
CISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyCISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network Topology
Karthikeyan Dhayalan
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
Lenur Dzhemiliev
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
Anton Chuvakin
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
SnapComms
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
Aruba, a Hewlett Packard Enterprise company
 
Network Management Fundamentals
Network Management FundamentalsNetwork Management Fundamentals
Network Management Fundamentals
SolarWinds
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
Mauricio Velazco
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
Karthikeyan Dhayalan
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
Kiran Kumar
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl
 
Alphorm.com Formation Logpoint SIEM: Le guide complet
Alphorm.com Formation Logpoint SIEM: Le guide completAlphorm.com Formation Logpoint SIEM: Le guide complet
Alphorm.com Formation Logpoint SIEM: Le guide complet
Alphorm
 

What's hot (20)

8 Access Control
8 Access Control8 Access Control
8 Access Control
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Nist.sp.800 61r2
Nist.sp.800 61r2Nist.sp.800 61r2
Nist.sp.800 61r2
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
CISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network TopologyCISSP - Chapter 4 - Network Topology
CISSP - Chapter 4 - Network Topology
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
Network Management Fundamentals
Network Management FundamentalsNetwork Management Fundamentals
Network Management Fundamentals
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
 
CISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architectureCISSP - Chapter 3 - System security architecture
CISSP - Chapter 3 - System security architecture
 
Cloud computing security from single to multiple
Cloud computing security from single to multipleCloud computing security from single to multiple
Cloud computing security from single to multiple
 
Sqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar UsersSqrrl and IBM: Threat Hunting for QRadar Users
Sqrrl and IBM: Threat Hunting for QRadar Users
 
Alphorm.com Formation Logpoint SIEM: Le guide complet
Alphorm.com Formation Logpoint SIEM: Le guide completAlphorm.com Formation Logpoint SIEM: Le guide complet
Alphorm.com Formation Logpoint SIEM: Le guide complet
 

Similar to Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps

Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
Anindya Ghosh,
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
Lacework
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Khazret Sapenov
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6
Irsandi Hasan
 
Security best practices
Security best practicesSecurity best practices
Security best practices
AVEVA
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
Microsoft TechNet - Belgium and Luxembourg
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
Alert Logic
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
Outpost24
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Apostolos Giannakidis
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Skybox Security
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
OPNFV
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Open Data Center Alliance
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
John Kinsella
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
iphonepentest
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 

Similar to Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps (20)

Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
 
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...Yes, you can be pci compliant using a public iaas cloud a case study by phi...
Yes, you can be pci compliant using a public iaas cloud a case study by phi...
 
CCNA Security - Chapter 6
CCNA Security - Chapter 6CCNA Security - Chapter 6
CCNA Security - Chapter 6
 
Security best practices
Security best practicesSecurity best practices
Security best practices
 
Private cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud securityPrivate cloud day session 5 a solution for private cloud security
Private cloud day session 5 a solution for private cloud security
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
Protecting Against Web App Attacks
Protecting Against Web App AttacksProtecting Against Web App Attacks
Protecting Against Web App Attacks
 
Outpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud securityOutpost24 webinar - Mastering the art of multicloud security
Outpost24 webinar - Mastering the art of multicloud security
 
Protecting Against Web Attacks
Protecting Against Web AttacksProtecting Against Web Attacks
Protecting Against Web Attacks
 
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
Unsafe Deserialization Attacks In Java and A New Approach To Protect The JVM ...
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, TrapezoidForecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
Forecast 2012 Panel: Security POC NAB, Terremark, Trapezoid
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KLBreaking Secure Mobile Applications - Hack In The Box 2014 KL
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 

More from Skybox Security

Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
Skybox Security
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
Skybox Security
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
Skybox Security
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
Skybox Security
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
Skybox Security
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
Skybox Security
 
Secure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual IntelligenceSecure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual Intelligence
Skybox Security
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
Skybox Security
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
Skybox Security
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Skybox Security
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security?
Skybox Security
 
Infosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementInfosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change Management
Skybox Security
 
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability DiscoveryInfosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Skybox Security
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Skybox Security
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Skybox Security
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Skybox Security
 
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline SecurityInfosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
Skybox Security
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
Skybox Security
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply
Skybox Security
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics Overview
Skybox Security
 

More from Skybox Security (20)

Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
Secure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual IntelligenceSecure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual Intelligence
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security?
 
Infosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementInfosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change Management
 
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability DiscoveryInfosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
 
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline SecurityInfosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics Overview
 

Recently uploaded

Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
HarisZaheer8
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 

Recently uploaded (20)

Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
AWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptxAWS Cloud Cost Optimization Presentation.pptx
AWS Cloud Cost Optimization Presentation.pptx
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 

Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps

  • 1. Think Like a Hacker: Using Network Analytics and Attack Simulation to Find and Fix Security Gaps • Michelle Johnson Cobb • VP, Marketing and BD • March 15, 2012 • SANS webcast © 2012 Skybox Security
  • 2. Skybox Security Overview Leading Security Risk Management Solutions • Automated Firewall Management • Continuous Network Compliance • Risk and Vulnerability Management Unique, High-Performance Technology • Network Modeling • Access Path Analysis • Attack Simulation Proven in Demanding Network Environments • 6 of the top 10 banks, 5 of the 10 largest NATO members • Financial Services, Retail, Energy, Government, Defense, Retail, Telecommunications, Manufacturing, Technology © 2012 Skybox Security 2
  • 3. Preventing Attacks is not Trivial • 300 firewalls • 25,000 rules • 250 routers/gateways • 55,000 nodes • 65 daily network changes • 10,000 daily reported vulnerabilities • Infrastructure spanning three continents © 2012 Skybox Security 3
  • 4. First… Think Like a Hacker Pre-Attack Gather info on Or Find and Fix to network topology Reconnaissance? Prevent Attack? Find access paths Find exploitable vulnerabilities Hacker toolkit: Security Manager Wireshark, nmap, toolkit: Nessus, netcat, Try out attack Snort, Google, John scenarios the Ripper, etc. © 2012 Skybox Security 4
  • 5. Building a Network Model Gather info on network topology Automatically import data from network devices, management systems Firewall Router Load IPS Vulnerability Patch Balancer Scanner © 2012 Skybox Security 5
  • 6. Feeding the Network Model Gather info on network topology Must be imported, normalized, correlated © 2012 Skybox Security 6
  • 7. How is the Model Created? Gather info on network topology • Import topology data • Device configs • Routing tables • Automatically create a hierarchical model tree, grouping hosts by TCP/IP network • Add function, location, type • Analyze model to detect missing info – hosts, ACLs, routing rules for gateways © 2012 Skybox Security 7
  • 8. Comprehensive Network Model Gather info on network topology • Normalized view of the network security situation • Visualize entire network • Updated continuously • 3 models: Live, Forensic, and What-if © 2012 Skybox Security
  • 9. Virtual “Sandbox” for Complex Security Analysis Analyze access paths Prioritize exposed vulnerabilities Find device misconfigurations © 2012 Skybox Security
  • 10. Now - Check the Firewalls! Find access paths • Analyze firewall rule base against policies/best practices (NIST, PCI…) • Identify risky rules • Uniform policy for all firewalls
  • 11. Access Analyzer Finds all Paths Find access paths • Complete End-to- End path analysis • Highlighting ACL’s and routing rules • Supports NAT, VPN, Dynamic Routing and Authenticated rules
  • 12. Determine Rules Allowing Access Find access paths • Find blocking or allowing devices • Show rules involved • View routes
  • 13. Check for Access Policy Violations Find access paths • Define what is allowed, limited and denied between Security Zones • Compliance Metrics • Violating Rules • Exceptions • Multiple policies • Dashboard
  • 14. Exploitable Vulnerabilities? Start with the scan… Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490
  • 15. Add Skybox Vulnerability Dictionary Content Find exploitable vulnerabilities • Collects vulnerability data from multiple sources (scanners, published repositories, threat feeds) • Represent vulnerabilities in standard format • Adds severity, degree of difficulty, commonality of exploit and attack impact (CIA) • Models pre-conditions for exploitation – used in attack simulation © 2012 Skybox Security 15
  • 16. Look at Potential Threat Origins Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Compromised Partner
  • 17. Simulate all Possible Attacks Find exploitable Vulnerabilities • CVE 2009-203 vulnerabilities • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Attack Compromised Simulations Partner
  • 18. How Attack Simulation Works Connectivity Path Probable attack vector to Finance servers asset group This attack is a “multi-step” attack, crossing several network zones Business Impact Attack Vector How to Block Potential Attack? © 2012 Skybox Security
  • 19. Quantify and Prioritize Risks Vulnerability (CVSS Score & CIA Impact) + Exposure (Threat Origins & Network) + Business Impact (CIA Impact and Asset Importance) {Attack Simulation} Risk
  • 20. Plan Defensive Strategy Most Critical Actions Vulnerabilities Threats © 2012 Skybox Security
  • 21. Skybox Security Portfolio Firewall Assurance Network Assurance Risk Control Automated firewall Network compliance and Identify exposed analysis and audits access path analysis vulnerabilities Change Manager Threat Manager Complete firewall Workflow to address change workflow new threats © 2012 Skybox Security 21
  • 22. Remote Buffer Overflow Attack Steps 1. Buffer overflow vulnerability MS11-004 on FTP server in DMZ 2. Exploit to gain root control on the FTP server 3. FTP server trust relations with DNS server in core network 4. DNS server running Free BSD has BIND vulnerability - enables control of DNS server 5. Finance server compromised. Significant damage or data loss
  • 23. Prevent a Buffer Overflow Attack • Skybox Risk Control identifies attack paths Buffer Overflow Attack • Attack simulation reveals a small number of exposed vulnerabilities • Skybox issues urgent ticket request to patch the FTP server • Security team patches a single vulnerability to block potential attack and reduce high risk of Financial Server compromise © 2012 Skybox Security 23
  • 24. Firewall Bypass Attack Steps 1. DMZ firewall allowed access through TCP port Firewall Bypass 443 to internal network (which might be okay) 2. A misconfigured load balancer rule performed NAT to TCP port 80 3. Allowing port 80 access to the development network – a very risky situation © 2012 Skybox Security 24
  • 25. Preventing the Firewall Bypass Attack • Skybox Firewall Assurance automatically finds risky rules and configs in firewalls • Skybox Network Assurance creates up-to-date network model and checks rest of layer 3 devices - load balancers, switches, routers • Skybox checks policy rules such as: “No access from Internet to Internal except …” • End-to-end access path analysis – every possible path • Skybox issues tickets to address violations reported
  • 26. Client-Side Attack Steps User opens infected email attachment or clicks link to a A vulnerability or misconfig malicious or hacked website on desktops is exploited and malware is installed Malware enables attacker to collect data from machine, continue attack within the network, and send data back to attacker Source: SANS Tutorial: HTTP Client-side Exploit
  • 27. Preventing a Client-Side Attack EMEA region at highest risk Retrieve exact list of vulnerable hosts Remediate in order Adobe Reader 9.x and of risk impact 8.x contribute the majority of the risk (76%)
  • 28. Best Practices to Prevent Attacks Get the comprehensive Find security gaps network view every day Prioritize by Validate changes Automate security risk level in advance processes © 2012 Skybox Security 28
  • 29. Time for Questions Thank You! www.skyboxsecurity.com © 2012 Skybox Security