It takes a company an average of 35 days to detect when they have been compromised. For some, it can take years. As fast as software changes and new vulnerabilities are discovered, waiting for an annual penetration test is just not enough. In this talk, I will show you how we perform self-audits on our own network on a continual basis. You will learn about the tools that we use so that you can audit your own network to determine if your technical and physical controls will detect a security incident. I will show you how our self-audits and 'fire drills' engage our IT team, allowing us to learn both how to detect when an incident is occurring and how to react. I will also share some mistakes I've made and give you tips on performing a self-assessment without disrupting your business. You will see how this has strengthened our awareness education and our overall security posture. If you've never performed a self-audit this talk will be a great introduction. It's okay to touch your...network.
Handwritten Text Recognition for manuscripts and early printed texts
It's Okay To Touch Yourself - DerbyCon 2013
1. It's Okay To Touch Yourself!
DerbyCon 2013
Ben Ten
(@Ben0xA)
2. About Me
● 12+ years experience in Health Care
Information Systems
● Vice President & Security Officer
● Developer (Builder)
● Security Consultant, Trainer
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
3. About Me
● Federal Regulation Compliance
Oversight (HIPAA, HITECH, PCI,
Meaningful Use, Red Flag)
● Manager
● Gamer
● Love Science Fiction
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
5. Overview
● State of Breach Detection
● What is a Self Assessment
● Performing Fire Drills
● Pitfalls to Avoid
● Tools
● Acknowledgments
● Q&A
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
17. Why This Talk? Why Me?
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
A @dave_rel1k story...
18. Why This Talk? Why Me?
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
19. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
64% of businesses did not
detect they had a breach
until after 90 days!
Source: 2013 Global Security Report ~ Trustwave
https://www2.trustwave.com/2013GSR.html
20. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
21. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Approximately 70% of
breaches were discovered
by external parties who
then notified the victim.
Source: 2013 Data Breach Investigations Report ~ Verizon
http://www.verizonenterprise.com/DBIR/2013/
22. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
23. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Source: 2013 Data Breach Investigations Report ~ Verizon
http://www.verizonenterprise.com/DBIR/2013/
24. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
But we have these tools!!!11!!!two
● SIEM
● DLP
● IDS/IPS
● Logs
25. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
So, what's the problem?
26. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● Poorly implemented tools
● Lack of implemented tools
● Or maybe it's a perception
issue...
27. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Security by Obscurity
28. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Security by Vicinity
29. State of Breach Detection
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
Security by Divinity
30. Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
It's time to get intimate
with your...network!
31. Self Assessment
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
At the very least, the critical
parts of your network!
37. DISCLAIMER
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● I am not a professional penetration
tester. But, I am staying at the Hyatt.
● Do not attempt anything on any
network unless you have written
permission!
● Do not do this on production first. Use a
test environment!
46. Fire Drills
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● Are your tools working?
● Does your team react appropriately?
● What is happening during that nmap,
nexpose, nessus, scan?
● What's the Incident Response plan and is it
working?
47. Pitfalls to Avoid
It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
● Verify Scope!
● Start Small / Focused
● Be wary of untested tools!
● Secure your results
● Don't DoS yourself
48. It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
“[T]he ultimate goal should be to
develop an environment in which
security events are discovered
innately—by both responsible
security professionals or others in
the organization.”
Source: 2013 Global Security Report ~ Trustwave
https://www2.trustwave.com/2013GSR.html
New Tool
49. It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
My Big Security Idea!
New Tool
50. It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
New Tool
Will Steele @pen_test
51. It's Okay To Touch Yourself
Ben0xA - DerbyCon 2013
New Tool