Presentation is loading. Please wait.

Presentation is loading. Please wait.

Top Security Priorities 2018

Published byRoderick Kelley Modified over 6 years ago

Similar presentations

Presentation on theme: "Top Security Priorities 2018"— Presentation transcript:

1 Top Security Priorities 2018

2 Agenda Defining Cybersecurity Cybersecurity Challenges
Evolving our Strategy Cybersecurity Models Reactive to Proactive

3 Defining Cybersecurity

4 Defining Cybersecurity
Information Security IT Security OT Security IoT Security Physical Security Cybersecurity Cybersecurity is an organizational challenge, not an IT, InfoSec, or compliance challenge.

5 Defining Cybersecurity
“Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. A range of traditional crimes is now being perpetrated through cyberspace. This includes banking and financial fraud, intellectual property violations, and other crimes, all of which have substantial human and economic consequences.” – Source: U.S. Department of Homeland Security

6 Cybersecurity Challenges

7 Cybersecurity challenges

8 Cybersecurity challenges

9 Cybersecurity challenges

10 Cybersecurity challenges

11 Cybersecurity challenges
Patching continues to be an issue both externally and internally

12 Cybersecurity challenges
Patching continues to be an issue both externally and internally Application patching less controlled than operating system patching

13 Cybersecurity challenges
Patching continues to be an issue both externally and internally Application patching less controlled than operating system patching Unsupported systems continue to be an issue

14 Cybersecurity challenges
Patching continues to be an issue both externally and internally Application patching less controlled than operating system patching Unsupported systems continue to be an issue External vulnerabilities < Internal vulnerabilities (as expected) Now time to focus on internal

15 Cybersecurity challenges
Patching continues to be an issue both externally and internally Application patching less controlled than operating system patching Unsupported systems continue to be an issue External vulnerabilities < Internal vulnerabilities (as expected) Now time to focus on internal SSL issue totals are significant (particularly weak ciphers and versions) Not a major issue at this time but could be something to watch out for in the future

16 Cybersecurity challenges
Patching continues to be an issue both externally and internally Application patching less controlled than operating system patching Unsupported systems continue to be an issue External vulnerabilities < Internal vulnerabilities (as expected) Now time to focus on internal SSL issue totals are significant (particularly weak ciphers and versions) Not a major issue at this time but could be something to watch out for in the future Exploits and vulnerabilities continue to increase as time goes on

17 Cybersecurity challenges
Patching continues to be an issue both externally and internally Application patching less controlled than operating system patching Unsupported systems continue to be an issue External vulnerabilities < Internal vulnerabilities (as expected) Now time to focus on internal SSL issue totals are significant (particularly weak ciphers and versions) Not a major issue at this time but could be something to watch out for in the future Exploits and vulnerabilities continue to increase as time goes on Every few years a major “one-click” exploit MS08-67, Heartbleed, shellshock, MS MS17-010“wannacry”

18 Cybersecurity challenges
Patching continues to be an issue both externally and internally Application patching less controlled than operating system patching Unsupported systems continue to be an issue External vulnerabilities < Internal vulnerabilities (as expected) Now time to focus on internal SSL issue totals are significant (particularly weak ciphers and versions) Not a major issue at this time but could be something to watch out for in the future Exploits and vulnerabilities continue to increase as time goes on Every few years a major “one-click” exploit MS08-67, Heartbleed, shellshock, MS MS17-010“wannacry” Most vulnerable ports windows 445 and web 443

19 Evolving our Strategy

20 Evolving our Strategy 1. Most Cybersecurity Controls are Preventative in Nature Preventative Controls Detective Controls Firewalls / Next-Gen Firewalls Intrusion Prevention Systems (IPS) Anti-virus / Anti-malware Application Whitelisting Internet Proxies Web Application Firewalls Web Content Filters Data Loss Prevention (DLP) Network Admission Control (NAC) Intrusion Detection Systems (IDS) Security Information and Event Management (SIEM)

21 Evolving our Strategy 2. Cybersecurity is still a people problem
Security is not “Fire and Forget” Preventative controls are not 100% effective. When they fail, we need a detective control in place We can't respond to attacks we don't see coming Having a defined response plan is key

22 Evolving our Strategy Have been hacked. Will be hacked. Won’t admit it
3. Prevention is ideal but detection is a must There are three kinds of entities: Have been hacked. Will be hacked. Won’t admit it

23 Evolving our Strategy 4. Shift focus from preventing attacks to preventing attacker success Moving to a goal-oriented defense strategy Assess your risk / know your environment and know what attackers are after Detect attackers moving toward their goals and execute a rapid response Increase Threat Intelligence (know your enemy) Leverage security methodologies and models to your advantage

24 Cybersecurity models

25 Cyber Kill Chain – Attack, Defense and Internal Controlslivery
Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Action on Objectives The attack can be disrupted at any point in the kill chain. Ideally, a company will have controls at each point to create a defense in depth strategy. “Cyber kill chain” model shows, cyber attacks can and do incorporate a broad range of malevolent actions, from spear phishing and espionage to malware and data exfiltration that may persist undetected for an indefinite period.

26 MITRE ATT&CK Framework
Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command and Control Weaponize Deliver Exploit Control Execute Maintain Recon MITRE MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target. ATT&CK is useful for understanding security risk against known adversary behavior, for planning security improvements, and verifying defenses work as expected.

27 Reactive to proactive

28 What is threat hunting? A technique to uncover hidden threats that bypass both preventative and detective controls A proactive process of looking for traces of attackers in your IT environment An approach that applies threat intelligence, analytics, security tools and human analysis

29 Why threat hunting? Increased stakeholder and Board concerns
New, more targeted threats Increased regulatory and compliance attention High-profile breaches result in questions about organizational capabilities for detection and response Breach detection may not be formally evaluated by Internal Audit Due diligence should be conducted by at- risk organizations Increasingly hostile cyber-security environment Nation-state sponsored attacks on US companies Criminal organizations focused on credit card and identity theft More regulatory agency scrutiny across the board Increased industry regulation demands (e.g. PCI-DSS) State and pending federal breach notification laws

30 A Different Approach If you know the enemy and know yourself, you need not to fear the result of a hundred battles. Sun Tzu

31 Let’s get to know the enemy
Insider threats and compliance “threats” are a different presentation… Credit Card / PII Thieves Ransomware Crooks Wire Transfer Fraudsters Botnet Herders Political Attackers Intellectual Property Thieves

32 Let’s get to know ourselves
Easier Questions What does our network look like (systems, network, users)? Where is our sensitive data? What are our weaknesses? Harder Questions What programs should be running on our systems? What type of traffic is “normal” for us? What user activity is normal? What’s the Risk? Not knowing what you have makes it hard to know what to protect. Not knowing your weaknesses makes it hard to know where you will be hit. Not knowing what is normal makes it hard to know what is abnormal.

33 Approach to threat hunting
Checking enterprise event logs (SIEM, IDS, FIM, etc.) for signs of hacking tools or customized malware used by attackers. Additionally, gather basic configuration from enterprise systems (running processes, registry, autoruns, etc.) Enterprise-Based Threat Hunting Network-Based Threat Hunting Examine network activity logs, netflow information and listening ports for a period of time for unusual destinations or patterns of activity that could indicate a persistent attacker connection. Host-Based Threat Hunting Detailed analysis of running processes, memory dumps and file systems on a sample of systems, looking for signs of malware or malicious activity.

34 Example Issues Uncovered
Uninvestigated connections are being made between the organization’s network to suspicious destinations (e.g., Russia, China) Uninvestigated suspicious patterns of connections are being made from the organization’s network to external IP addresses (e.g., a connection every 5 minutes) There is a high volume of non-business-critical traffic interfering with the ability to recognize a breach in progress. Anti-virus detected hacking tools that could indicate an attacker was in the network, but such detections were not investigated (e.g., how did the tool get on the system?). Unauthorized programs are present on key servers without clear business rationale or formal approval. Key events are not being monitored or logged, hindering the detection and investigation of potential breaches. Existing monitoring efforts are focused only on detecting common malware or hacking attempts, and no proactive searching for targeted attacks occurs.

35 Thank You Mike Ortlieb Director, Protiviti mike.ortlieb@protiviti.com
Orlando, FL

36

Download ppt "Top Security Priorities 2018"

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
David Flournoy Bit9 Mid-Atlantic Regional Manager

David Flournoy Bit9 Mid-Atlantic Regional Manager
Microsoft Ignite /16/2017 4:54 PM

Microsoft Ignite /16/2017 4:54 PM
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Department Of Computer Engineering

Department Of Computer Engineering
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS-2010 13 Sept 2004.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

Similar presentations

Ads by Google