How to build a defense-in-depth

Slides:



Advertisements
Similar presentations
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Advertisements

Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Sky Advanced Threat Prevention
©2012 Bit9. All Rights Reserved Peter Llorens, PERegional Sales Manager, FL, Caribbean & Latin America Julio GutierrezSales Engineer, FL, Caribbean & Latin.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
November 14, 2016 bit.ly/nercomp_defendingyourdata16
Proactive Incident Response
Protect your Digital Enterprise
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Your Partner for Superior Cybersecurity
Ilija Jovičić Sophos Consultant.
Your security risk is higher than ever.
Six Steps to Secure Access for Privileged Insiders and Vendors
Threat Scan (ETS) for Office 365
Threat Scan (ETS) for Office 365
There Will be Attacks – Improve Your Defenses
Today’s cyber security landscape
Cybersecurity - What’s Next? June 2017
CEH vs CISSP Course, Advantage, Career, Salary, Demand!
[Internal Use] for Check Point employees​
Juniper Software-Defined Secure Network
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.
The next frontier in Endpoint security
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
THR2099 What to do BEFORE all hell breaks loose: Building a modern cybersecurity strategy.
Cyber Security: State of the Nation
Introduction to a Security Intelligence Maturity Model
Active Cyber Security, OnDemand
Security Themes Debunked
Six Steps to Secure Access for Privileged Insiders and Vendors
(1888 PressRelease) Staying Ahead of Today’s Rapidly Evolving Security Landscape
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them David Hood Director of Technology Marketing.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Vanderhoff.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
بهترین راهکار را انتخاب کنید...
Myths About Web Application Security That You Need To Ignore.
5G Security Training
A quick look into today’s APTs
Cyber Security in the Mortgage Industry
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.
Strong Security for Your Weak Link:
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
There Will be Attacks – Improve Your Defenses
Reconnaissance Report Trillium Technologies
8 Reasons You Need a Security Penetration Test
Home Internet Vulnerabilities
Navigating Security Seas in a Small Ship with a Limited Crew
National Cyber Security
Securing your hack-free work environment
Panda Adaptive Defense Platform and Services
Symantec Web Isolation Secure Access to Uncategorized and Risky Sites Protect Your Most Privileged Users Prevent Phishing and Ransomware Attacks John Moore.
Cyber Security professions Overview
Keeping your data, money & reputation safe
Back-End Data Security
Presentation slide for courses, classes, lectures et al.
Information Protection
Mitre Att&ck Matrix RA PS...Trebuchet Font makes crazy ampersands but I was to lazy to change it.
Per Söderqvist Per Söderqvist Sales Engineer
Information Protection
ISDC 2018 Malware dynamics: how to develop a successful anti-malware defense reference architecture policy Speaker: Sander Zeijlemaker, PhD Student Authors:
Cybersecurity Simplified: Ransomware
CyberSecurity Strategy For Defendable ROI
Presentation transcript:

How to build a defense-in-depth Banque Öhman 2018-11-12 Defensive strategies  How to build a defense-in-depth Claus Cramon Houmann

Key take aways: Never ever rely on a single solution Banque Öhman 2018-11-12 Key take aways: Never ever rely on a single solution Defense in depth. In Depth... Both threat prevention and threat detection are important If the bad guys want to get in bad enough, they will – be able to reduce the ”dwell time” they have inside your systems The ”CLICKER” is the colleague who clicks on that ”interesting link or attachment” in a suspicious e-mail...

1 Single 0-day or unpatched system is all ”they” need Banque Öhman 2018-11-12 1 Single 0-day or unpatched system is all ”they” need

Breach methods Hacking (Fx SQL injection against DB servers) Banque Öhman 2018-11-12 Breach methods Hacking (Fx SQL injection against DB servers) Malware (fx phishing) Social engineering Physical

Source: Verizon’s 2012 Data Breach investigations report Banque Öhman 2018-11-12 Source: Verizon’s 2012 Data Breach investigations report

Defense-in-depth. Isnt is simple and beatiful? Banque Öhman 2018-11-12 Defense-in-depth. Isnt is simple and beatiful?

Banque Öhman

Where to start a defense-in-depth? Banque Öhman 2018-11-12 Where to start a defense-in-depth? First establish where you are as an IT-security organization today, then find out where you want to be Get the right people. As your organizations “Infosec level” matures – you may be able to pass or almost pass a pentest. Most low hanging fruits have been “picked” already This makes it very hard for “them” to get in via hacking methods -> they will try malware next

Banque Öhman 2018-11-12 Advanced targetted Malware leveraging 0-days or recently patched vulnerabilities = CIO/CISO nightmare The CLICKER becomes your biggest external threat!

Mitigating the “CLICKER” Banque Öhman 2018-11-12 Mitigating the “CLICKER” There are now innovative next-generation tools available for advanced threat prevention and/or detection = AMP’s Microvirtualization Advanced code handling/analysis/reverse-engineering tools Network level Sandboxing or detection based on behavioural analysis/packet inspection System and registry level lockdown of process/user-rights Cloud based Big Data analytical/defense tools Whitelisting tech Others – this “market segment” is booming right now

Risk assessments match? Banque Öhman 2018-11-12 Risk assessments match? The approach to pick the lowest hanging apples first should be identical to the approach your IT risk management would recommend Mitigating the easy-value-for-money threats first

Why is the AMP market booming? Banque Öhman 2018-11-12 Why is the AMP market booming? The AV industry in the traditional sense has declared their tools insufficient and the war on malware lost Hacking is increasing supported by big budgets – think nation-state-sponsored APT’s 0-days abound in the Wild – being purchased by “hackers” – unofficial hackers or nation-state sponsored hackers alike The black market cyber-industry is a huge! economy

The future of defense strategies Banque Öhman 2018-11-12 The future of defense strategies Whatever the name (Defense-in-depth, layered defense, defensible security posture) almost everyone in IT/Infosec agree that you need to think in security at all levels Defenders are always behind attackers Defenders need to share knowledge, experience and methodologies better and faster Develop capabilities to stop attackers at several points in the cyber kill chain

Conclusion To build a defense-in-depth you want to: Banque Öhman 2018-11-12 Conclusion To build a defense-in-depth you want to: Have capabilities within Threat Prevention, Detection, Alerting, Incident Response, some kind of IOC / Threat sharing community. AMP’s + more. To be able to this way both block+detect known and unknown attacks/payloads, and when penetrated, regain control and limit losses

Banque Öhman 2018-11-12 Can I help? Can you help? There are people trying to help us: on twitter #wearethecavalry for example In the UK: Strategic security advisors alliance My plan: Turn www.defense-in-depth.com into the WIKIPEDIA of IT-security/Infosec

Banque Öhman 2018-11-12 About me Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids CISSP, ITIL Certified Expert, Prince2 practitioner You can contact me anytime: Skype: Claushj0707 Twitter: @claushoumann or @improveitlux Sources used: Verizon: Data Breach investigations report 2012 @gollmann from IOactive Blog posts http://nigesecurityguy.wordpress.com/2013/10/02/advanced-threat-defense-part-1/ and other blog posts @RobertMLee

Banque Öhman 2018-11-12 Questions?

Banque Öhman 2018-11-12 More questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.