SlideShare une entreprise Scribd logo

Losing battles, winning wars

Rafal Los
Rafal Los

When it comes to intrusions and breaches, most security teams take a short-game view. This means that they look at events as discrete and individual and focus efforts on short-term goals. While not universally detrimental, this view does harm the overall security of an organization in the "long game”. Additionally, “active defense” has been hopelessly confused by marketing hype even though its meaning is powerful to security’s operational goals. This talk focuses on how enterprise security defenders can adjust their mindset, refocus, and beat adversaries by leveraging active defense over the long game. The basis of this talk is the extensive research done in support of the threat intelligence solution blueprint, a comprehensive guide to understanding, architecting, operationalizing and maturing a threat intelligence program.

Technologie
1  sur  99
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved. Losing  Battles,   Winning  Wars Frustrating  adversaries  using  threat  intelligence
AGENDA Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.2 • 1st – Background  and  perspective • 2nd – Understanding  “winning”  and  “losing” • 3rd – Playing  the  defensive  long  game
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.3 Background • This  is  knowledge  based  on  research • Leading  practices  from  world-­class  (and  not-­so-­world-­class)   security  organizations • Drawing  from  industry  experts,  leading  minds • YMMV,  this  is  not  a  silver  bullet  (and  there  are  no  werewolves) • Trident  Research  Methodology • 60+  enterprise  adopters • 30+  leading  industry  experts • 60+  solution  providers
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.4 UNDERSTANDING   WINNING  AND  LOSING
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.5 Are  we  winning yet?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.6 Have  you  beaten  an  adversary  today?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.7 How  would  you  know?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.8 We’ve  been  thinking  about  this  wrong.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.9 What  does  it  mean  to  “lose”?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.10 Any  guesses?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.11 If  you’ve  been  hacked,  is  that  losing?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.12 The  bar  is  set  unrealistically high.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.13 As  defenders  – 3  key  questions
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.14 Do  you control  the  situation?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.15 If  no,  you’re  losing.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.16 Have  critical  assets been  exfiltrated?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.17 If  yes,  you’re  losing.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.18 Is  the  situation  recoverable?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.19 If  no,  you’ve  lost.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.20 For  perspective  –
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.21 Malware  on  your  systems Distributed  Denial  of  Service  (DDoS) Website  defacement
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.22 versus
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.23 Stolen  trade  secret(s).
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.24 Defenders  must understand   difference.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.25 As  attackers  – 1 key  question.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.26 Have  you  achieved  your  objective?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.27 If  no,  you  haven’t  won.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.28
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.29 With  this  new  focus  we  shift  the  game
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.30 From  short-­game (discrete  incident)
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.31 To  long-­game (campaign  à objectives)
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.32 PLAYING  THE   DEFENSIVE  LONG   GAME
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.33 Fundamentals  – live  it,  love  it.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.34 Asset Classification Configuration Change
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.35 Know.  Your. Battlefield.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.36 “Home  ice  advantage.”
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.37 Defending   the  unknown  is  unpossible.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.38 Actively  map  your  protected  space.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.39 Collect  data,  build  baselines.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.40 Get  some  threat  intelligence goodness.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.41
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.42 Intelligently  incorporate  externalities.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.43 More data  is  not  necessarily  good.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.44 10,000  bad IP  addresses.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.45 and?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.46 Where  will  you  put  this  data?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.47 What  will  you  do with  this  new  data?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.48 Much  harder  question.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.49 Your  security  tools  are  killing you.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.50 How  many  alerts do  you  receive… per  day?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.51 Typically  10x your  capacity  to  respond.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.52 Average:  24-­32 alerts  /8hr  shift Realistic
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.53 Receive  à Triage à Decision
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.54 You  will  drown  chasing  “incidents”.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.55 STOP and  FOCUS
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.56 What  threats  are  relevant?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.57 Malware.  Malware.  Adversary. Malware.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.58 3  types of  threats.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.59 Keys  to  differentiating  threat  types: • Targeting –whether   the  victim  is  one  of  opportunity,  or  specifically   tasked  (individually,  by  industry,  or  in  another   manner) • Persistence –whether   the  intent is  a  long-­term   embedded   or   short-­term  infiltration;;  generally  speaking  to  a  level  of  stealth  and   extent  of  infiltration Category Targeting Persistence Example Generic no no ransomware Targeted yes no credential  thief Persistent yes yes embedded  RAT
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.60 Why  does  this  matter?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.61 Vastly  different  responses.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.62 Generic: “Kill  it  with  fire” Tier  1  automated   response
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.63 Destroy  or  re-­image.  Move  on.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.64 Near-­zero  human  time  expended.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.65 Targeted:  Focused,  tier  2  response.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.66 Contain.  Analyze.  Destroy.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.67 Minimal  human  time  expended.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.68 Persistent:  Focused,  tier  3  response.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.69 Contain.  Analyze.  Remove.  Recover.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.70 Necessary  human  time  expended.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.71 How  do  you  tell  the  difference?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.72 Your  threat  intelligence  works  here.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.73 Atomic  indicators  need  c o n t e x t .
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.74 The  goal:  intelligent  prioritization.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.75 Opportunistic  malware  vs.  adversary.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.76 Feeding  an  intelligence  process  loop.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.77 core processes strategy acquisition triage executiondistribution development collaboration enrichment governance feedback measurement Intialize refinement (finishing) secondary development
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.78 Start  with  (external)  indicators.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.79 core processes strategy acquisition triage executiondistribution development collaboration enrichment governance feedback measurement Intialize refinement (finishing) secondary development
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.80 Enrich  with  context  (internal  &  external).
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.81 core processes strategy acquisition triage executiondistribution development collaboration enrichment governance feedback measurement Intialize refinement (finishing) secondary development
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.82 Distribute  and  execute.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.83 core processes strategy acquisition triage executiondistribution development collaboration enrichment governance feedback measurement Intialize refinement (finishing) secondary development
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.84 Which  type  of  response  does  it  warrant?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.85 Tier  1  à 3  response  type.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.86 Can  you  learn from  the  incident? Can  you  improve from  the  incident?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.87 Now  let’s  figure  out  how  to  win.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.88 Goal  1:  Raise  the  cost  for  adversary.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.89 Goal  2:  Frustrate the  adversary.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.90 Goal  3:  Keep  from  achieving  objective.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.91 An  adversary  will  be  persistent.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.92 Malware  won’t  care.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.93 Tie  atomic  indicators  à adversary
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.94 Disrupt efforts  to  achieve  objective.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.95 Repeat as  necessary.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.96 This  is  winning.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.97 Releasing  our  research  at  RSA  Conf. Comprehensive   program  guidance on  threat  intelligence  as  a  program.
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.98 Want  it?
Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved. 1125  17th  Street,  Suite  1700,  Denver,  CO  80202   800.574.0896 SolutionsResearch@accuvant.com www.accuvant.com

Recommandé

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
Moving beyond Vulnerability Testing
Moving beyond Vulnerability TestingMoving beyond Vulnerability Testing
Moving beyond Vulnerability TestingCapgemini
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Marco Casassa Mont
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 

Recommandé

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
Moving beyond Vulnerability Testing
Moving beyond Vulnerability TestingMoving beyond Vulnerability Testing
Moving beyond Vulnerability TestingCapgemini
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Security intelligence using big data presentation (engineering seminar)
Security intelligence using big data presentation (engineering seminar)Marco Casassa Mont
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Distributed systems in practice, in theory
Distributed systems in practice, in theoryDistributed systems in practice, in theory
Distributed systems in practice, in theoryAysylu Greenberg
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...
CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...
CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...CloudIDSummit
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access darkRoyce Davis
 
Building security leaders ISSA Virtual CISO Series
Building security leaders ISSA Virtual CISO SeriesBuilding security leaders ISSA Virtual CISO Series
Building security leaders ISSA Virtual CISO SeriesAaron Carpenter
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
The New Security - Post "9/11"
The New Security - Post "9/11"The New Security - Post "9/11"
The New Security - Post "9/11"Wivenhoe Management Group
 
Building a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationBuilding a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationZane Lackey
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyDirectorate of Information Security | Ditjen Aptika
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.pptFaheem Ul Hasan
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 

Contenu connexe

Tendances

CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Distributed systems in practice, in theory
Distributed systems in practice, in theoryDistributed systems in practice, in theory
Distributed systems in practice, in theoryAysylu Greenberg
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 

Tendances (7)

CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Distributed systems in practice, in theory
Distributed systems in practice, in theoryDistributed systems in practice, in theory
Distributed systems in practice, in theory
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 

En vedette

CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...
CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...
CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...CloudIDSummit
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access darkRoyce Davis
 
Building security leaders ISSA Virtual CISO Series
Building security leaders ISSA Virtual CISO SeriesBuilding security leaders ISSA Virtual CISO Series
Building security leaders ISSA Virtual CISO SeriesAaron Carpenter
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Building a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationBuilding a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationZane Lackey
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 

En vedette (15)

CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...
CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...
CIS13: Identity Bridges and IDaaS: Connecting Users, Internal Applications an...
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access dark
 
Building security leaders ISSA Virtual CISO Series
Building security leaders ISSA Virtual CISO SeriesBuilding security leaders ISSA Virtual CISO Series
Building security leaders ISSA Virtual CISO Series
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
The New Security - Post "9/11"
The New Security - Post "9/11"The New Security - Post "9/11"
The New Security - Post "9/11"
 
Building a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationBuilding a Modern Security Engineering Organization
Building a Modern Security Engineering Organization
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
 

Similaire à Losing battles, winning wars

Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesImperva
 
[Webinar] Demystifying Predictive Lead Scoring
[Webinar] Demystifying Predictive Lead Scoring [Webinar] Demystifying Predictive Lead Scoring
[Webinar] Demystifying Predictive Lead Scoring Mintigo1
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015Paul Hogan
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...Accumulo Summit
 
Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3Patrick Florer
 
Retailers and Data from DRS, 7.28.14
Retailers and Data from DRS, 7.28.14Retailers and Data from DRS, 7.28.14
Retailers and Data from DRS, 7.28.14Digiday
 
[Webinar] Data, Predictive Analytics & Marketing Clouds: The Platform For The...
[Webinar] Data, Predictive Analytics & Marketing Clouds: The Platform For The...[Webinar] Data, Predictive Analytics & Marketing Clouds: The Platform For The...
[Webinar] Data, Predictive Analytics & Marketing Clouds: The Platform For The...Mintigo1
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
 
Adding Predictive Marketing To Your Mix In 2015
Adding Predictive Marketing To Your Mix In 2015Adding Predictive Marketing To Your Mix In 2015
Adding Predictive Marketing To Your Mix In 2015G3 Communications
 
Building Saas for the Enterprise
Building Saas for the EnterpriseBuilding Saas for the Enterprise
Building Saas for the EnterpriseBeau Christensen
 
Digital Marketing: Combining Art and Science for Effective Customer Engagement
Digital Marketing: Combining Art and Science for Effective Customer EngagementDigital Marketing: Combining Art and Science for Effective Customer Engagement
Digital Marketing: Combining Art and Science for Effective Customer EngagementMarketo
 
The Race to Marketing Mastery
The Race to Marketing MasteryThe Race to Marketing Mastery
The Race to Marketing MasteryChris Haleua
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityCyren, Inc
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...
Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...
Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...Digiday
 

Similaire à Losing battles, winning wars (20)

Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known VulnerabilitiesBleeding Servers – How Hackers are Exploiting Known Vulnerabilities
Bleeding Servers – How Hackers are Exploiting Known Vulnerabilities
 
[Webinar] Demystifying Predictive Lead Scoring
[Webinar] Demystifying Predictive Lead Scoring [Webinar] Demystifying Predictive Lead Scoring
[Webinar] Demystifying Predictive Lead Scoring
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
 
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
 
Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3Smu seminar 2014_03_26 v3
Smu seminar 2014_03_26 v3
 
Retailers and Data from DRS, 7.28.14
Retailers and Data from DRS, 7.28.14Retailers and Data from DRS, 7.28.14
Retailers and Data from DRS, 7.28.14
 
[Webinar] Data, Predictive Analytics & Marketing Clouds: The Platform For The...
[Webinar] Data, Predictive Analytics & Marketing Clouds: The Platform For The...[Webinar] Data, Predictive Analytics & Marketing Clouds: The Platform For The...
[Webinar] Data, Predictive Analytics & Marketing Clouds: The Platform For The...
 
Top 10 Natural Wonders in Ontario
Top 10 Natural Wonders in OntarioTop 10 Natural Wonders in Ontario
Top 10 Natural Wonders in Ontario
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
 
Adding Predictive Marketing To Your Mix In 2015
Adding Predictive Marketing To Your Mix In 2015Adding Predictive Marketing To Your Mix In 2015
Adding Predictive Marketing To Your Mix In 2015
 
Building Saas for the Enterprise
Building Saas for the EnterpriseBuilding Saas for the Enterprise
Building Saas for the Enterprise
 
The First Mile Overview
The First Mile OverviewThe First Mile Overview
The First Mile Overview
 
Digital Marketing: Combining Art and Science for Effective Customer Engagement
Digital Marketing: Combining Art and Science for Effective Customer EngagementDigital Marketing: Combining Art and Science for Effective Customer Engagement
Digital Marketing: Combining Art and Science for Effective Customer Engagement
 
The Race to Marketing Mastery
The Race to Marketing MasteryThe Race to Marketing Mastery
The Race to Marketing Mastery
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud Security
 
Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
10 Spectacular Lakes in Canada
10 Spectacular Lakes in Canada10 Spectacular Lakes in Canada
10 Spectacular Lakes in Canada
 
Interactive Day San Diego 2014
Interactive Day San Diego 2014Interactive Day San Diego 2014
Interactive Day San Diego 2014
 
Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...
Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...
Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...
 

Plus de Rafal Los

The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security MetricsRafal Los
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Rafal Los
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterpriseRafal Los
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationRafal Los
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Rafal Los
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Rafal Los
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Rafal Los
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Rafal Los
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsRafal Los
 

Plus de Rafal Los (20)

The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security Metrics
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
 

Dernier

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Dernier (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Losing battles, winning wars

  • 1. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved. Losing  Battles,   Winning  Wars Frustrating  adversaries  using  threat  intelligence
  • 2. AGENDA Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.2 • 1st – Background  and  perspective • 2nd – Understanding  “winning”  and  “losing” • 3rd – Playing  the  defensive  long  game
  • 3. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.3 Background • This  is  knowledge  based  on  research • Leading  practices  from  world-­class  (and  not-­so-­world-­class)   security  organizations • Drawing  from  industry  experts,  leading  minds • YMMV,  this  is  not  a  silver  bullet  (and  there  are  no  werewolves) • Trident  Research  Methodology • 60+  enterprise  adopters • 30+  leading  industry  experts • 60+  solution  providers
  • 4. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.4 UNDERSTANDING   WINNING  AND  LOSING
  • 5. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.5 Are  we  winning yet?
  • 6. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.6 Have  you  beaten  an  adversary  today?
  • 7. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.7 How  would  you  know?
  • 8. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.8 We’ve  been  thinking  about  this  wrong.
  • 9. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.9 What  does  it  mean  to  “lose”?
  • 10. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.10 Any  guesses?
  • 11. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.11 If  you’ve  been  hacked,  is  that  losing?
  • 12. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.12 The  bar  is  set  unrealistically high.
  • 13. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.13 As  defenders  – 3  key  questions
  • 14. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.14 Do  you control  the  situation?
  • 15. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.15 If  no,  you’re  losing.
  • 16. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.16 Have  critical  assets been  exfiltrated?
  • 17. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.17 If  yes,  you’re  losing.
  • 18. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.18 Is  the  situation  recoverable?
  • 19. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.19 If  no,  you’ve  lost.
  • 20. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.20 For  perspective  –
  • 21. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.21 Malware  on  your  systems Distributed  Denial  of  Service  (DDoS) Website  defacement
  • 22. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.22 versus
  • 23. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.23 Stolen  trade  secret(s).
  • 24. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.24 Defenders  must understand   difference.
  • 25. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.25 As  attackers  – 1 key  question.
  • 26. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.26 Have  you  achieved  your  objective?
  • 27. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.27 If  no,  you  haven’t  won.
  • 28. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.28
  • 29. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.29 With  this  new  focus  we  shift  the  game
  • 30. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.30 From  short-­game (discrete  incident)
  • 31. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.31 To  long-­game (campaign  à objectives)
  • 32. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.32 PLAYING  THE   DEFENSIVE  LONG   GAME
  • 33. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.33 Fundamentals  – live  it,  love  it.
  • 34. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.34 Asset Classification Configuration Change
  • 35. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.35 Know.  Your. Battlefield.
  • 36. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.36 “Home  ice  advantage.”
  • 37. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.37 Defending   the  unknown  is  unpossible.
  • 38. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.38 Actively  map  your  protected  space.
  • 39. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.39 Collect  data,  build  baselines.
  • 40. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.40 Get  some  threat  intelligence goodness.
  • 41. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.41
  • 42. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.42 Intelligently  incorporate  externalities.
  • 43. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.43 More data  is  not  necessarily  good.
  • 44. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.44 10,000  bad IP  addresses.
  • 45. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.45 and?
  • 46. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.46 Where  will  you  put  this  data?
  • 47. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.47 What  will  you  do with  this  new  data?
  • 48. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.48 Much  harder  question.
  • 49. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.49 Your  security  tools  are  killing you.
  • 50. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.50 How  many  alerts do  you  receive… per  day?
  • 51. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.51 Typically  10x your  capacity  to  respond.
  • 52. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.52 Average:  24-­32 alerts  /8hr  shift Realistic
  • 53. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.53 Receive  à Triage à Decision
  • 54. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.54 You  will  drown  chasing  “incidents”.
  • 55. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.55 STOP and  FOCUS
  • 56. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.56 What  threats  are  relevant?
  • 57. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.57 Malware.  Malware.  Adversary. Malware.
  • 58. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.58 3  types of  threats.
  • 59. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.59 Keys  to  differentiating  threat  types: • Targeting –whether   the  victim  is  one  of  opportunity,  or  specifically   tasked  (individually,  by  industry,  or  in  another   manner) • Persistence –whether   the  intent is  a  long-­term   embedded   or   short-­term  infiltration;;  generally  speaking  to  a  level  of  stealth  and   extent  of  infiltration Category Targeting Persistence Example Generic no no ransomware Targeted yes no credential  thief Persistent yes yes embedded  RAT
  • 60. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.60 Why  does  this  matter?
  • 61. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.61 Vastly  different  responses.
  • 62. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.62 Generic: “Kill  it  with  fire” Tier  1  automated   response
  • 63. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.63 Destroy  or  re-­image.  Move  on.
  • 64. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.64 Near-­zero  human  time  expended.
  • 65. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.65 Targeted:  Focused,  tier  2  response.
  • 66. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.66 Contain.  Analyze.  Destroy.
  • 67. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.67 Minimal  human  time  expended.
  • 68. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.68 Persistent:  Focused,  tier  3  response.
  • 69. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.69 Contain.  Analyze.  Remove.  Recover.
  • 70. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.70 Necessary  human  time  expended.
  • 71. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.71 How  do  you  tell  the  difference?
  • 72. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.72 Your  threat  intelligence  works  here.
  • 73. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.73 Atomic  indicators  need  c o n t e x t .
  • 74. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.74 The  goal:  intelligent  prioritization.
  • 75. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.75 Opportunistic  malware  vs.  adversary.
  • 76. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.76 Feeding  an  intelligence  process  loop.
  • 77. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.77 core processes strategy acquisition triage executiondistribution development collaboration enrichment governance feedback measurement Intialize refinement (finishing) secondary development
  • 78. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.78 Start  with  (external)  indicators.
  • 79. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.79 core processes strategy acquisition triage executiondistribution development collaboration enrichment governance feedback measurement Intialize refinement (finishing) secondary development
  • 80. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.80 Enrich  with  context  (internal  &  external).
  • 81. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.81 core processes strategy acquisition triage executiondistribution development collaboration enrichment governance feedback measurement Intialize refinement (finishing) secondary development
  • 82. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.82 Distribute  and  execute.
  • 83. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.83 core processes strategy acquisition triage executiondistribution development collaboration enrichment governance feedback measurement Intialize refinement (finishing) secondary development
  • 84. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.84 Which  type  of  response  does  it  warrant?
  • 85. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.85 Tier  1  à 3  response  type.
  • 86. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.86 Can  you  learn from  the  incident? Can  you  improve from  the  incident?
  • 87. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.87 Now  let’s  figure  out  how  to  win.
  • 88. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.88 Goal  1:  Raise  the  cost  for  adversary.
  • 89. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.89 Goal  2:  Frustrate the  adversary.
  • 90. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.90 Goal  3:  Keep  from  achieving  objective.
  • 91. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.91 An  adversary  will  be  persistent.
  • 92. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.92 Malware  won’t  care.
  • 93. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.93 Tie  atomic  indicators  à adversary
  • 94. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.94 Disrupt efforts  to  achieve  objective.
  • 95. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.95 Repeat as  necessary.
  • 96. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.96 This  is  winning.
  • 97. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.97 Releasing  our  research  at  RSA  Conf. Comprehensive   program  guidance on  threat  intelligence  as  a  program.
  • 98. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved.98 Want  it?
  • 99. Proprietary   and  Confidential.   Do  Not  Distribute.  ©  2014   Accuvant,  Inc.  All  Rights  Reserved. 1125  17th  Street,  Suite  1700,  Denver,  CO  80202   800.574.0896 SolutionsResearch@accuvant.com www.accuvant.com