Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamics of (in)security

Published byMichiel van den Pol Modified over 5 years ago

Similar presentations

Presentation on theme: "Dynamics of (in)security"— Presentation transcript:

1 Dynamics of (in)security
Operational Excellence Webinar Series Patch Management Dynamics of (in)security ReBIT in collaboration with Sequretek & Kotak Bank Webinar support from Cisco

2 Information Security Governance, Kotak
Agenda Anand Naik Co-CEO of Sequretek Patch and Vulnerability Management Best Practice Ninad Chavan Information Security Governance, Kotak Case Study at Kotak Agnelo D’souza CISO Kotak Moderator Vivek Srivastav SVP-R&I, ReBIT Agenda: ReBIT’s Industry Initiatives Stats on Patching Security Vocabulary Patch and Vulnerability Management Best Practices Case Study at Kotak Bank Q/A Sessions

3 ReBIT’s Industry Initiatives
Securing the Financial Sector

4 ReBIT’s Facilitator Role
Business Leader’s - Forum Industry Stakeholders Research Institutions Community Leadership - WG Operational Excellence

5 ReBIT’s Industry Initiatives
Cybersecurity Assessment Tools VAPT Accreditation Body Auditing and Monitoring Tools Regulatory Technologies & Reporting Operational Excellence Webinar (monthly): Industry initiatives to improve cybersecurity postures DMARC Webinar - with PayPal & ICICI Bank – May 11th Patch Management – Dynamics of (in)security – July 4th Upcoming - FIDO DNSSEC & DNS Governance IR Cybersecurity Awareness Campaign Business Leader’s Forum Cybersecurity Assessment Framework WG Auditing and Monitoring Cybersecurity Maturity Model - WG 6-months effort: Kicked off in Feb, ongoing industry initiative to define a uniform yardstick to assess a firm’s cybersecurity maturity, benchmark and help create evolution roadmap

6 Vulnerability and Patch Management
Some statistics

7 Patching Vulnerability
Recent incident of Petya/NotPetya and WannaCry underscores the importance of Patch Management 77% of the total vulnerabilities are because of either poor patching or poor configuration Heartbleed: Shellshock: LogJam: Edgescan 2016 Stats Report

8 How fast are we fixing vulnerabilities?
The vulnerabilities discovered are a result of providing “Fullstack” continuous vulnerability management to a wide range of client verticals; from Small Businesses to Global Enterprises, From Telecoms & Media companies to Software Development, Gaming, Energy and Medical organisations. The statistics are based on the continuous security assessment & management of over 57,000 systems distributed globally. Edgescan 2016 Stats Report

9 Median number of days for vulnerability exploit
Source: Recorded Future - Week to Weak: The Weaponization of Cyber Vulnerabilities, 2014

10 Talk about security like a pro
Security Vocabulary Talk about security like a pro Source attribution: Cisco

11 “What do you mean, vulnerable? It works the way I designed it to!”
Vulnerability Vulnerability A weakness, design or coding error, or lack of protection in a product that enables an attack. “What do you mean, vulnerable? It works the way I designed it to!” Lack of protection against code injection Mishandling of unexpected conditions Insufficient enforcement of authentication and authorization A product that has safeguards in place to protect against a given threat is considered to be secured, but only against that specific threat. A vulnerability is any weakness or absence of protection that may be exploited to bypass the product’s security. For example, a vulnerability could come from the way the product handles a threat that was never identified, and for which the product has no safeguards. Vulnerabilities might exist for many reasons. In some cases there might be a vulnerability because the threat was never identified, so the product couldn’t be designed with a countermeasure against it. In other cases, a product might not have been thoroughly tested and gone through a secure development and design process, and so that product doesn’t implement robust security against known threats.

12 Threats Threat A potential danger that could cause harm to information or a system Product Threat Agent Threat Agent An entity that exploits a threat A threat is an event that could cause harm to a system or the information contained in a system. Threats can come from multiple sources including physical events, logical problems in software, and human actions.

13 “Exploits and attacks go hand in hand…”
A practical method to take advantage of a specific vulnerability Attack The use of an exploit against an actual vulnerability Attack Vector A theoretical application of an exploit “Exploits and attacks go hand in hand…” Zero-Day Attack An attack that exploits a previously unknown vulnerability for which there is not yet a defense An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious code. Attack vectors enable hackers to exploit system vulnerabilities, including the human element. An exploit is a process or program that takes advantage of an potential vulnerability to compromise a system. A physical example of this would be the vulnerability of locks to being picked. Locks are designed in a predictable way, and a set of lockpicking tools along with the knowledge of how to use them is an exploit against a lock. Exploits in the computer world behave in a similar way. If a piece of code predictably provides a way for an unauthorized user to gain access to a system, that access method and information on how to use it would represent a predictable and repeatable danger to the system. Any time such an exploit is used, the incident is known as an attack. A zero-day attack is an attack or threat that exploits a previously unknown vulnerability, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.

14 Exposure Close calls still count!
The probability and severity of an attack using a specific exploit Time between the announcement of a vulnerability and a suitable patch Any information leak that facilitates an attack Close calls still count! Whether or not an attack is successful, an exposure has still occurred. When an exploit is used to take advantage of a vulnerability and launch an attack against a product, that incident is known as an exposure. The fortunate goose in this picture escaped the alligator’s snapping teeth, but he had an extremely close call. The potential harm harm to the goose if he’d flown a little lower and not managed to escape is known as the exposure factor. In business terms this is the the potential percentage of loss to an asset if a threat is realized. NEED PICTURE: Plumber hanging over, exposed → cartoon form.

15 Mitigation A few examples… Reduction in attack surface
A strategy for reducing or eliminating the severity of a security issue A few examples… Reduction in attack surface Security education and training Defensive coding Secure code review PI (Platform Independent) code Run time defenses Security features (encryption, packet filtering, logging) When designing a product it is important to identify the potential threats to the product’s security and implement protections to reduce or mitigate the risk from threats. These protections are commonly known as countermeasures or safeguards. A countermeasure can be an action, device, or procedure that reduces, eliminates, or prevents harm from an attack, or discovers and reports on an attack after the fact. In short, a countermeasure is the deployment of a set of security services, including but not limited to the ones listed here, designed to protect against a specific threat. Countermeasures can be network, host, or application based. For example, a company might want to implement countermeasures against a network information gathering attack meant to find out what kind of hosts they have on their network. They could configure their routers to restrict their responses to footprinting requests, and configure operating systems that host network software (for example, software firewalls) to prevent footprinting by disabling unused protocols and unnecessary ports. If that same company wanted to implement countermeasures to protect their individual hosts against viruses and inappropriate logons, they would want to make sure their hosts had all the current security patches for the operating system. They might also install antivirus and firewall software. Additionally, they would likely establish and enforce a security policy requiring that all user passwords be changed regularly. Application level countermeasures are commonly implemented during the design phase of a product and will be covered most frequently in the Security Ninja courses. These include things like secure software development, robust vulnerability mapping and testing. We will cover more on application countermeasures later in this presentation.

16 Vulnerability and Patch Management
Mitigation Mitigation A strategy for reducing or eliminating the severity of a security issue And the most important Vulnerability and Patch Management When designing a product it is important to identify the potential threats to the product’s security and implement protections to reduce or mitigate the risk from threats. These protections are commonly known as countermeasures or safeguards. A countermeasure can be an action, device, or procedure that reduces, eliminates, or prevents harm from an attack, or discovers and reports on an attack after the fact. In short, a countermeasure is the deployment of a set of security services, including but not limited to the ones listed here, designed to protect against a specific threat. Countermeasures can be network, host, or application based. For example, a company might want to implement countermeasures against a network information gathering attack meant to find out what kind of hosts they have on their network. They could configure their routers to restrict their responses to footprinting requests, and configure operating systems that host network software (for example, software firewalls) to prevent footprinting by disabling unused protocols and unnecessary ports. If that same company wanted to implement countermeasures to protect their individual hosts against viruses and inappropriate logons, they would want to make sure their hosts had all the current security patches for the operating system. They might also install antivirus and firewall software. Additionally, they would likely establish and enforce a security policy requiring that all user passwords be changed regularly. Application level countermeasures are commonly implemented during the design phase of a product and will be covered most frequently in the Security Ninja courses. These include things like secure software development, robust vulnerability mapping and testing. We will cover more on application countermeasures later in this presentation.

17 Patch Management Best Practices Deep Dive

18 http://webinar.rebit.org.in ReBIT
Operational Excellence Webinar Series Patch Management - Dynamics of (in)security Visit for future webinars and events

19

Download ppt "Dynamics of (in)security"

Similar presentations

Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.

FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
Discussing “Risk Analysis in Software Design” 1 FEB 2006 - Joe Combs.

Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.
What does “secure” mean? Protecting Valuables

What does “secure” mean? Protecting Valuables
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Similar presentations

Ads by Google