Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Value of Defense in Depth

Published byLenard Ball Modified over 6 years ago

Similar presentations

Presentation on theme: "The Value of Defense in Depth"— Presentation transcript:

1 The Value of Defense in Depth
J. Peter Bruzzese Office Servers and Services MVP Conversational Geek Nick Cavalancia Technical Evangelist Conversational Geek

2 J. Peter Bruzzese Office Servers and Services MVP (Exchange/Office 365 MVP) Certifications: Microsoft Certified Trainer Triple-MCSE (MCSE for NT 4.0/2000/2003) MCITP: Messaging (2007, 2010 and 2013) Co-Founder of ClipTraining.com and ConversationalGeek.com Technical author with over a dozen books sold internationally Technical speaker for Techmentor, Connections, MEC and TechEd/Ignite Journalist for MSExchange.org, Redmond Magazine (and others) Journalist for InfoWorld (Enterprise Windows column) and Petri.com Instructor for Pluralsight on Exchange 2010/2013/2016/O365 courses Strategic Technical Consultant for Mimecast

3 Nick Cavalancia Technical Evangelist Certifications:
MCSE/MCT/MCNE/MCNI Co-Founder of ConversationalGeek.com Founder of Techvangelism Consultant/Trainer/Speaker/Author Technical author with over a dozen books Technical speaker for Techmentor, Connections Regular speaker for 1105 Media, Penton, Spiceworks Writes, Speaks, and Blogs for some of today’s best-known tech companies

4 What is Defense in Depth?

5 We Live In A Scary World

6 Which Would YOU Rob?

7 Entry, Authentication, Control, Persistence, Stealth
THE CYBER KILL CHAIN Intrusion Kill Chain Horizontal Kill Chain Entry, Authentication, Control, Persistence, Stealth Reconnaissance Installation Delivery Weaponization Command & Control Laterally Move

8 How Secure Should You Be?
There are points of diminishing returns with bolt on security solutions that overlap, however, the majority of organizations are typically UNDER secured Would you rather be over or under secure?

9 Defense Assessment (the GATEWAY)
Does your company utilize: MDM for mobile control and security? A secure gateway solution for ? EOP/ATP or a third-party solution? Protection at the DNS level?

10 Defense Assessment (the Human)
Do you seek to improve your human firewall through: Fake phishing assessments? End user security awareness training?

11 Defense Assessment (the ENDPOINT)
Do you regularly ensure: Up-to-date patching of OS, applications, and plug-ins? Do you have solutions on the endpoint: AV Application Whitelisting (Endpoint Protection)

12 Defense Assessment (the Infrastructure)
Do you regularly ensure: You manage privileged access within your network? You have an OS patch management system in place? You are prepared to recover from a ransomware attack? (with or without paying the ransom)

13 Defense Assessment (the PRIVILEGED)
Do you have a means to protect privileged accounts: Privileged Account Management? User Behavior Analytics? Logon Monitoring?

14 FBI Report 270% increase in spear phishing attacks, has cost organizations more than $2.3 billion over the past 3 years According to Wired Magazine, Verizon Data Breach Report, IBM 2016 Cyber Security Intelligence Index - Between % of all breaches that have taken place over the last year started from Between $1.8 - $4 million is the average cost of a breach due to a spear phishing attack

15 Low Hanging Fruit A free, 1 minute, MXToolbox scan

16 Q&A Let’s hit a few questions…
Contact info:

Download ppt "The Value of Defense in Depth"

Similar presentations

Faruk Çubukçu Get Your IT Manager Title samples,

Faruk Çubukçu Get Your IT Manager Title samples,
Information Security in Real Business

Information Security in Real Business
Course 1562B: Designing a Microsoft ® Windows ® 2000 Networking Services Infrastructure.

Course 1562B: Designing a Microsoft ® Windows ® 2000 Networking Services Infrastructure.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Microsoft Exchange MVP Microsoft Certified Trainer (MCT) Certifications: Triple-MCSE (MCSE for NT 4.0/2000/2003) MCITP: Messaging (2007 and 2010) A+,

Microsoft Exchange MVP Microsoft Certified Trainer (MCT) Certifications: Triple-MCSE (MCSE for NT 4.0/2000/2003) MCITP: Messaging (2007 and 2010) A+,
Course 2150A: Designing a Secure Microsoft Windows 2000 Network.

Course 2150A: Designing a Secure Microsoft Windows 2000 Network.
Getting Exchange and SharePoint to Play Together J. Peter Bruzzese Exchange MVP, MCSE, MCT Exchange/SharePoint Administration Instructor for TrainSignal.

Getting Exchange and SharePoint to Play Together J. Peter Bruzzese Exchange MVP, MCSE, MCT Exchange/SharePoint Administration Instructor for TrainSignal.
SIM 302. Unprepared UninformedUnaware Untrained Unused.

SIM 302. Unprepared UninformedUnaware Untrained Unused.
SIM327. Andy Malone is the CEO of Quality Training Ltd and founder of both the Dive Deeper Technology and Cybercrime Security events. Based in Scotland,

SIM327. Andy Malone is the CEO of Quality Training Ltd and founder of both the Dive Deeper Technology and Cybercrime Security events. Based in Scotland,
CRA102. Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.

CRA102. Master Expert Associat e Microsoft Certified Solutions Master (MCSM) Microsoft Certified Solutions Expert (MCSE) Microsoft Certified Solutions.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.

Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.

Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.

FND2851. Mobile First | Cloud First Sixty-one percent of workers mix personal and work tasks on their devices* >Seventy-five percent of network intrusions.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review.

Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review.
ERP Infrastructure: Increase Security & Mitigate Risk Fred Limmer, IT Practice Manager.

ERP Infrastructure: Increase Security & Mitigate Risk Fred Limmer, IT Practice Manager.
An Anatomy of a Targeted Cyberattack

An Anatomy of a Targeted Cyberattack
Proactive Incident Response

Proactive Incident Response

Similar presentations

Ads by Google