Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to build a defense-in-depth

Published byViolet Blake Modified over 6 years ago

Similar presentations

Presentation on theme: "How to build a defense-in-depth"— Presentation transcript:

1 How to build a defense-in-depth
Banque Öhman Defensive strategies  How to build a defense-in-depth Claus Cramon Houmann

2 Key take aways: Never ever rely on a single solution
Banque Öhman Key take aways: Never ever rely on a single solution Defense in depth. In Depth... Both threat prevention and threat detection are important If the bad guys want to get in bad enough, they will – be able to reduce the ”dwell time” they have inside your systems The ”CLICKER” is the colleague who clicks on that ”interesting link or attachment” in a suspicious ...

3 1 Single 0-day or unpatched system is all ”they” need
Banque Öhman 1 Single 0-day or unpatched system is all ”they” need

4 Breach methods Hacking (Fx SQL injection against DB servers)
Banque Öhman Breach methods Hacking (Fx SQL injection against DB servers) Malware (fx phishing) Social engineering Physical

5 Source: Verizon’s 2012 Data Breach investigations report
Banque Öhman Source: Verizon’s 2012 Data Breach investigations report

6 Defense-in-depth. Isnt is simple and beatiful?
Banque Öhman Defense-in-depth. Isnt is simple and beatiful?

7 Banque Öhman

8 Where to start a defense-in-depth?
Banque Öhman Where to start a defense-in-depth? First establish where you are as an IT-security organization today, then find out where you want to be Get the right people. As your organizations “Infosec level” matures – you may be able to pass or almost pass a pentest. Most low hanging fruits have been “picked” already This makes it very hard for “them” to get in via hacking methods -> they will try malware next

9 Banque Öhman Advanced targetted Malware leveraging 0-days or recently patched vulnerabilities = CIO/CISO nightmare The CLICKER becomes your biggest external threat!

10 Mitigating the “CLICKER”
Banque Öhman Mitigating the “CLICKER” There are now innovative next-generation tools available for advanced threat prevention and/or detection = AMP’s Microvirtualization Advanced code handling/analysis/reverse-engineering tools Network level Sandboxing or detection based on behavioural analysis/packet inspection System and registry level lockdown of process/user-rights Cloud based Big Data analytical/defense tools Whitelisting tech Others – this “market segment” is booming right now

11 Risk assessments match?
Banque Öhman Risk assessments match? The approach to pick the lowest hanging apples first should be identical to the approach your IT risk management would recommend Mitigating the easy-value-for-money threats first

12 Why is the AMP market booming?
Banque Öhman Why is the AMP market booming? The AV industry in the traditional sense has declared their tools insufficient and the war on malware lost Hacking is increasing supported by big budgets – think nation-state-sponsored APT’s 0-days abound in the Wild – being purchased by “hackers” – unofficial hackers or nation-state sponsored hackers alike The black market cyber-industry is a huge! economy

13 The future of defense strategies
Banque Öhman The future of defense strategies Whatever the name (Defense-in-depth, layered defense, defensible security posture) almost everyone in IT/Infosec agree that you need to think in security at all levels Defenders are always behind attackers Defenders need to share knowledge, experience and methodologies better and faster Develop capabilities to stop attackers at several points in the cyber kill chain

14 Conclusion To build a defense-in-depth you want to:
Banque Öhman Conclusion To build a defense-in-depth you want to: Have capabilities within Threat Prevention, Detection, Alerting, Incident Response, some kind of IOC / Threat sharing community. AMP’s + more. To be able to this way both block+detect known and unknown attacks/payloads, and when penetrated, regain control and limit losses

15 Banque Öhman Can I help? Can you help? There are people trying to help us: on twitter #wearethecavalry for example In the UK: Strategic security advisors alliance My plan: Turn into the WIKIPEDIA of IT-security/Infosec

16 Banque Öhman About me Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids CISSP, ITIL Certified Expert, Prince2 practitioner You can contact me anytime: Skype: Claushj0707 Sources used: Verizon: Data Breach investigations report 2012 @gollmann from IOactive Blog posts and other blog posts @RobertMLee

17 Banque Öhman Questions?

18 Banque Öhman More questions?

Download ppt "How to build a defense-in-depth"

Similar presentations

The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.

Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.

Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Sky Advanced Threat Prevention

Sky Advanced Threat Prevention
©2012 Bit9. All Rights Reserved Peter Llorens, PERegional Sales Manager, FL, Caribbean & Latin America Julio GutierrezSales Engineer, FL, Caribbean & Latin.

©2012 Bit9. All Rights Reserved Peter Llorens, PERegional Sales Manager, FL, Caribbean & Latin America Julio GutierrezSales Engineer, FL, Caribbean & Latin.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.

Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
November 14, 2016 bit.ly/nercomp_defendingyourdata16

November 14, 2016 bit.ly/nercomp_defendingyourdata16
Proactive Incident Response

Proactive Incident Response
Protect your Digital Enterprise

Protect your Digital Enterprise
Explaining Bitcoins will be the easy part: Email Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.

Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Karsten Chearis Sales Engineer.
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Your Partner for Superior Cybersecurity

Your Partner for Superior Cybersecurity
Ilija Jovičić Sophos Consultant.

Ilija Jovičić Sophos Consultant.
Your security risk is higher than ever.

Your security risk is higher than ever.
Six Steps to Secure Access for Privileged Insiders and Vendors

Six Steps to Secure Access for Privileged Insiders and Vendors
Threat Scan (ETS) for Office 365

Threat Scan (ETS) for Office 365
Threat Scan (ETS) for Office 365

Threat Scan (ETS) for Office 365

Similar presentations

Ads by Google