Download presentation
Presentation is loading. Please wait.
Published byOdalys Locklair Modified over 9 years ago
1
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack
2
2© Copyright 2011 EMC Corporation. All rights reserved. The “Community’ of Attackers Nation state actors PII, government, defense industrial base, IP rich organizations Criminals Petty criminals Organized crime Organized, sophisticated supply chains (PII, financial services, retail) Unsophisticated Non-state actors Terrorists Anti-establishment vigilantes “Hacktivists” Targets of opportunity PII, Government, critical infrastructure
3
3© Copyright 2011 EMC Corporation. All rights reserved. Advanced Threats 1.0 abc.com def.com 1.2.3.4 Clear-text & custom protocol Clear-text & normal protocol Custom encryption Custom encryption Content Inspection Content Inspection Protocol Anomalies Protocol Anomalies Network Traffic Anomalies Network Traffic Anomalies Known Bad Endpoints Known Bad Endpoints C2 Traffic SSL or other standards based encryption. Custom malware w/ no signature. C2 Traffic (port 80/443) abc.com def.com 1.2.3.4 def.com 3.7.9.1 8.2.3.3 Advanced Threats 2.0
4
4© Copyright 2011 EMC Corporation. All rights reserved. Understanding the threat Intrusion Kill Chain ReconWeaponizationDeliveryExploitationInstallationC2 Act on Objectives Note/ Attribution: ‘Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains’; Hutchins, Cloppert, Amin, Lockheed Martin CIRT; Proceedings of the 6th International Conference on Information Warfare, 2011 7-Phase Model for how an adversary engages a victim Any disruption in the chain will impact their actions Human intervention is often required for success and failure All seven steps can be detected, prevented, or minimized
5
5© Copyright 2011 EMC Corporation. All rights reserved.
6
6 Executive Checklist Is your IT security organization functionally aligned with the greater IT infrastructure? –Outsourcer > Insourced Capabilities > SOC > etc. Do you monitor the crown jewels of your organization and know where your most high value programs and assets are? Does your organization have & practice a breach readiness plan, incident response, discovery & remediation process/procedures? In addition to perimeter defenses (ingress), does there exist an egress defense strategy and approach to mitigate data exfiltration? Is there a consistent 360 degree governance, risk and compliance practice in your organization? –Compliance, Regulatory, Legal, Corporate Policy, Communications & HR
7
7© Copyright 2011 EMC Corporation. All rights reserved. Security Practices – Critical Checklist Business Risk Assessment – Critical Asset Protection Identify most critical systems; ensure they are given the highest priorities for all hardening and monitoring activities Active Directory and Exchange Hardening Minimize number of admins Monitoring and alerting (Windows Event ID #566) Two factor admin access from hardened VDI platform Executable whitelisting on hardened DCs Disable default account and rename key accounts Complex passwords (9 & 15 Char) Infrastructure & Logging Full and detailed logging & analysis Tighten VPN controls Increase controls on crypto keys Full packet capture at strategic network locations Network segmentation Team trained and focused on APT activity Service Accounts Review accounts for privilege creep Change passwords frequently Do not embed credentials into scripts Minimize interactive login Restrict login only from required hosts Web Access Block access to high risk and web filter categories Click through on medium risk websites Black hole dynamic DNS domains Authenticated internet access DNS traffic analysis User Education Increase security training for IT Launch security improvement initiative Regular education of users on phishing attacks Regular education on social engineering Increase mail filtering controls User Machine Hardening Limit local admin and randomize PW- change often Increase patching regime Enable security controls in applications Deep visibility to identify lateral movement Limit use of non-authorized and unapproved software
8
8© Copyright 2011 EMC Corporation. All rights reserved. THANK YOU
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.