SlideShare une entreprise Scribd logo

Gidi Cohen presentation on overcoming network complexity challenges

Télécharger en tant que PPTX, PDF
Skybox Security
Skybox Security

Gidi Cohen is the CEO and founder of Skybox Security, Inc. The document discusses the challenges of managing network security in large, complex enterprise networks. It notes that most organizations only scan a small portion of their networks infrequently for vulnerabilities, which is not sufficient given networks are constantly changing. Traditional security tools also cannot keep up with the growth in network size and complexity. The document argues a new approach is needed based on continuous monitoring of the entire network to identify vulnerabilities, threats, and risky configurations in order to proactively prevent attacks.

Technologie
1  sur  36
Gidi Cohen CEO, Founder Skybox Security, Inc. Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 1
Why can’t we curb the threat? Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 2
The Network Complexity Challenge Enterprise network • 55,000 nodes • 300 firewalls • 25,000 rules • 65 network changes/day • 10,000 daily reported vulnerabilities Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 3
Heterogeneous Networks are the Norm Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 4
Vulnerabilities and Threats Abound buffer attack blocked rules Misconfigured firewall USBs Misconfigured firewall policy violation social networks social networks missing IPS signature blocked rules asset vulnerabilities default password threat origins Misconfigured firewall access violation blocked rules threat origins blocked rules access policy violations access policy violations buffer attack violation default password access default password Misconfigured firewall USBs USBs policy violation social networks blocked rules policy violation access violation missing IPS signature social networks threat originssocial networks policy violation access violation USBs missing IPS signature Misconfigured firewall threat origins social networks buffer attack buffer attack social networks social networks blocked rules missing IPS signature blocked rules access violation access violation Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 5
Every Organization Feels the Pain  88% of organizations: experienced significant damage or disruption due to attacks or data breaches in past six months Damage to brand Minor Web DoS None, 10.0% Data breach of (e.g. attack, 1.7% customer or hactivism), 6.7% confidential Damage to records, 20.0% information systems or data, 18.3% Misuse or Service unauthorized down, 60.0% access to information, 35.0 % Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
Vulnerability Management Program Key for Risk Reduction • Most respondents see their VM program as a key to reduce risk level and respond to threats To reduce our security risk level To proactively prevent threats before they happen To respond to new threats To provide an accurate assessment of our security status To meet compliance requirements To prioritize and minimize patching costs 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
Vulnerability Scans – Too Little, too Late Frequency and Coverage 350 Where you need to be 300 Daily updates Frequency x/year 250 90%+ hosts 200 150 Critical systems, DMZ Partner/External networks Avg. scan: every 30 days 100 Avg. scan: every 60-90 days 50-75% of hosts 50 <50% of hosts 0 10% 20% 30% 40% 50% 60% 70% 80% 90% % of Network Scanned Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
Vulnerability Scanning: Not Effective We are concerned about disruptions from scanning 59% We don’t have the resources to analyze more frequent scan data 58% We don't have the resources to deal with broader patching activity 41% Some hosts are not scannable due to their use 34% The cost of licenses is prohibitive 29% Unable to gain credentialed access to scan portions of the network 12% We just don’t need to scan more 5% Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
Old Gen Tech – Can’t Keep Up Vulnerability Scanners Too much  Disruptive to the network data  Not suitable for daily operations  Irrelevant for the Internet of Things Security Information & Event Management (SIEM) Reactive  Real-time is too late  Lacks context to deal with incidents Network Configuration Management Limited  Config management, not security view  No holistic view of network security Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 10
Security is Unmanageable Painful, Costly, Reactive Unable to keep pace with Damaging attacks, business network changes, new services disruption, loss of IP Compliance reporting Inefficient processes, consumes scarce resources escalating management costs Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 11
It’s going to get a lot worse (Mobile, Virtualization, Clouds) Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 12
The Security Management Gap is 140 Widening Fast 120  BYOD and BYOC the new norm 100  Virtual servers now 50% of 80 deployments Security  Security programs can’t keep 60 challenges up 40  Can you achieve a 16X 20 improvement in 4 years? 0 2009 2010 2011 Ability to2013 2014 2012 execute How? Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 13
Many Attacks, Similar Root Causes Scenario Attack Technique Contributing factors Buffer overflow Known vulnerabilities Data Breach SQL injection, RFI, XSS Policy compliance Cyber Theft DDOS Device misconfigurations Hacktivism Client-side attack Insiders APT combining techniques Vulnerabilities Espionage Known and zero-day Policy compliance Cyber Crime vulnerabilities Social engineering Custom malware Firewall bypass Firewall misconfiguration Unauthorized Stolen credentials Vulnerabilities Access Policy compliance Stepping stone Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 14
The Missing Piece: Security Risk Management Holistic Visibility of the IT Infrastructure • Networks, routers, firewalls, … • End points – servers, desktops, virtual machines, mobile • Cloud and virtualization infrastructure Predictive Security Analytics  Cyber attack simulation – APT, malicious code  Network security analysis – firewalls, network path analysis  Security metrics Cost Saving - Integrated into Daily Operations • Proactive, automated operation • Scale to any environment • Integrated with existing infrastructure Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 15
Future Architecture of Security Management SOC Console Security Risk Security Information & Management Event Management (SRM) (SIEM) Proactive, pre-attack Post-attack incident exposure management management Patch Management, Vulnerability Scanners, A lot of logs, events Asset Management, Threat Intelligence, network traffic Network & Security Configs, Mobile Device Management Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 16
Proactive Security Risk Management prevents attacks Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 17
Elements of a Predictive Approach  Situational Awareness – Where are we right now?  Contextual and current data  Network context – configuration, controls, policies  Vulnerability data  Threat data  Analytics – Where are the biggest risks?  Network modeling  Access Paths  Risk Analysis  Threat Impact  Operational – What should we do to prevent?  Must improve and simplify daily security activities or why bother  Actionable Intelligence  Secure Change Management process Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 18
Situational Awareness Using a Network Model Firewall Router Load IPS Vulnerability Patch Balancer Scanner Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 19
How is the Model Created? Gather info on  Import topology data network topology  Device configs  Routing tables  Automatically create a hierarchical model tree, grouping hosts by TCP/IP network  Add function, location, type  Analyze model to detect missing info – hosts, ACLs, routing rules for gateways Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 20
Network Model Enables Analytics  Normalized view of the network security situation  Visualize entire network  Updated continuously  Multiple models (sandboxes): Live, Forensic, and What-if Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 21
Network Path Analysis  Complete End-to- End path analysis  Highlighting ACL’s and routing rules  Supports NAT, VPN, Dynami c Routing and Authenticated rules Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 22
Find Exploitable Vulnerabilities Vulnerabilities • CVE 2009-203 • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Compromised Partner Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 23
Simulate all Possible Attacks Vulnerabilities • CVE 2009-203 • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Attack Compromised Simulations Partner Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 24
Proactive Intelligence to Prevent Attack Connectivity Path Probable attack vector to Finance servers asset group This attack is a “multi-step” attack, crossing several network zones Business Impact Attack Vector How to Block Potential Attack? © 2012 Skybox Security Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 25
Quantify and Prioritize Risks Vulnerability (CVSS Score & CIA Impact) X Exposure (Threat Origins & Network) X Business Impact (CIA Impact and Asset Importance) {Attack Simulation} Risk Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 26
Plan Defensive Strategy Most Critical Actions Vulnerabilities Threats 27 Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
Example Attack Scenarios Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 28
Attack Vector w/ Network Propagation Remote Code Execution 1. Buffer overflow vulnerability MS11-004 on FTP server in DMZ 2. Exploit to gain root control on the FTP server 3. FTP server trust relations with DNS server in core network 4. DNS server running Free BSD has BIND vulnerability - enables control of DNS server 5. Finance server compromised. Significant damage or data loss Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 29
Prevent a Buffer Overflow Attack  Identifies all potential attack paths Buffer Overflow Attack  Attack simulation reveals a small number of exposed vulnerabilities  Issue an urgent request to patch the FTP server  Security team patches a single vulnerability to block potential attack and reduce high risk of Financial Server compromise Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 30
Attack Vector w/ Network Propagation Firewall Bypass Attack Steps 1. DMZ firewall allowed access Firewall Bypass through TCP port 443 to internal network (which might be okay) 2. A misconfigured load balancer rule performed NAT to TCP port 80 3. Allowing port 80 access to the development network – a very risky situation Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 31
Preventing a Firewall Bypass Attack  Automatically assess configurations of firewalls, load balancers, IPS devices, and routers  Create an up-to-date network model  Check policy rules such as: “No access from Internet to Internal except …”  End-to-end access path analysis – every possible path  Issues tickets to address violations in order of impact to business Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 32
Wide Attack Surface Expose Client-Side Attack Vectors User opens infected email attachment or clicks link to a A vulnerability or misconfig on malicious or hacked website desktops is exploited and malware is installed Malware enables attacker to collect data from machine, continue attack within the network, and send data back to attacker Source: SANS Tutorial: HTTP Client-side Exploit Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 33
Preventing a Client-Side Attack EMEA region at highest risk Retrieve exact list of vulnerable hosts Remediate in order Adobe Reader 9.x and of risk impact 8.x contribute the majority of the risk (76%) Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 34
Reinvent your Security Program Add Proactive Security Tools Now  Situational awareness  Predictive Use the Force, Luke!  Risk-based analytics  Decision support Set the bar really high  Unbelievable scale  Adapt to new architectures Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 35
Thank you Gidi Cohen CEO, Founder info@skyboxsecurity.com +1 (408) 441-8060 Disclaimer The views and opinions expressed during this conference are those of the speakers and do not necessarily reflect the views and opinions held by the Information Systems Security Association (ISSA), the Silicon Valley ISSA, the San Francisco ISSA or the San Francisco Bay Area InfraGard Members Alliance (IMA). Neither ISSA, InfraGard, nor any of its chapters warrants the accuracy, timeliness or completeness of the information presented. Nothing in this conference should be construed as professional or legal advice or as creating a professional-customer or attorney-client relationship. If professional, legal, or other expert assistance is required, the services of a competent professional should be sought. 36 Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.

Recommandé

Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Skybox Security
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content SecurityCisco Canada
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 

Recommandé

Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...Skybox Security
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesInfosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content SecurityCisco Canada
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.SOCIALware Benelux
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web securityxKinAnx
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye, Inc.
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye PortfolioPrime Infoserv
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSForgeRock
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Skybox Security
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 

Contenu connexe

Tendances

Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Security
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web securityxKinAnx
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye, Inc.
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...EC-Council
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseCisco Canada
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Kyle Lai
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSForgeRock
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 

Tendances (20)

Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Cisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack ContinuumCisco Addresses the Full Attack Continuum
Cisco Addresses the Full Attack Continuum
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware Disaster
 
FireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to KnowFireEye Advanced Threat Protection - What You Need to Know
FireEye Advanced Threat Protection - What You Need to Know
 
FireEye Portfolio
FireEye PortfolioFireEye Portfolio
FireEye Portfolio
 
Proatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security TeamsProatively Engaged: Questions Executives Should Ask Their Security Teams
Proatively Engaged: Questions Executives Should Ask Their Security Teams
 
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
Next Generation Defense in Depth Model - Tari Schreider, CCISO, Chief Cybers...
 
Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...Intelligence-based computer network defence: Understanding the cyber kill cha...
Intelligence-based computer network defence: Understanding the cyber kill cha...
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPSREAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
REAL-TIME THREAT INTELLIGENCE FOR TRUSTED RELATIONSHIPS
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 

Similaire à Gidi Cohen presentation on overcoming network complexity challenges

Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Skybox Security
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloudInterop
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Managementipspat
 
2011-10 The Path to Compliance
2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance Raleigh ISSA
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security MonitoringAnton Goncharov
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionShane Rice
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Skybox Security
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Tripwire
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandTyler Shields
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooAlex Stamos
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formulaOracleIDM
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 

Similaire à Gidi Cohen presentation on overcoming network complexity challenges (20)

Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013 Security at the Breaking Point: Rethink Security in 2013
Security at the Breaking Point: Rethink Security in 2013
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
Symantec Endpoint Protection 12
Symantec Endpoint Protection 12Symantec Endpoint Protection 12
Symantec Endpoint Protection 12
 
Data security in cloud
Data security in cloudData security in cloud
Data security in cloud
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
2011-10 The Path to Compliance
2011-10 The Path to Compliance 2011-10 The Path to Compliance
2011-10 The Path to Compliance
 
Modern Lessons in Security Monitoring
Modern Lessons in Security MonitoringModern Lessons in Security Monitoring
Modern Lessons in Security Monitoring
 
Web security 2012
Web security 2012Web security 2012
Web security 2012
 
Spiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout sessionSpiceworld 2011 - AppRiver breakout session
Spiceworld 2011 - AppRiver breakout session
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
 
The New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP IrelandThe New Mobile Landscape - OWASP Ireland
The New Mobile Landscape - OWASP Ireland
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 Threats
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
 
Oracle security-formula
Oracle security-formulaOracle security-formula
Oracle security-formula
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 

Plus de Skybox Security

Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelSkybox Security
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceSkybox Security
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskSkybox Security
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItSkybox Security
 
Secure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual IntelligenceSecure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual IntelligenceSkybox Security
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...Skybox Security
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewSkybox Security
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Skybox Security
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Skybox Security
 
Infosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementInfosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementSkybox Security
 
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability DiscoveryInfosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability DiscoverySkybox Security
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesSkybox Security
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Skybox Security
 
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline SecurityInfosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline SecuritySkybox Security
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkSkybox Security
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply Skybox Security
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewSkybox Security
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management Skybox Security
 

Plus de Skybox Security (20)

Network Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next LevelNetwork Security Trends for 2016: Taking Security to the Next Level
Network Security Trends for 2016: Taking Security to the Next Level
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Network Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack SurfaceNetwork Security Best Practices - Reducing Your Attack Surface
Network Security Best Practices - Reducing Your Attack Surface
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce RiskCAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
 
What's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix ItWhat's Wrong with Vulnerability Management & How Can We Fix It
What's Wrong with Vulnerability Management & How Can We Fix It
 
Secure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual IntelligenceSecure Data GI - Delivering Contextual Intelligence
Secure Data GI - Delivering Contextual Intelligence
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security?
 
Infosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change ManagementInfosec 2014: Tech Talk - Firewall Change Management
Infosec 2014: Tech Talk - Firewall Change Management
 
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability DiscoveryInfosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall ChangesInfosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
 
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline SecurityInfosec 2014: Intelligence as a Service: The Future of Frontline Security
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your NetworkRSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply RSA 2014: Firewall Change Management: Automate, Secure & Comply
RSA 2014: Firewall Change Management: Automate, Secure & Comply
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics Overview
 
Best Practices for Network Security Management
Best Practices for Network Security Management Best Practices for Network Security Management
Best Practices for Network Security Management
 

Dernier

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 

Dernier (20)

New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 

Gidi Cohen presentation on overcoming network complexity challenges

  • 1. Gidi Cohen CEO, Founder Skybox Security, Inc. Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 1
  • 2. Why can’t we curb the threat? Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 2
  • 3. The Network Complexity Challenge Enterprise network • 55,000 nodes • 300 firewalls • 25,000 rules • 65 network changes/day • 10,000 daily reported vulnerabilities Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 3
  • 4. Heterogeneous Networks are the Norm Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 4
  • 5. Vulnerabilities and Threats Abound buffer attack blocked rules Misconfigured firewall USBs Misconfigured firewall policy violation social networks social networks missing IPS signature blocked rules asset vulnerabilities default password threat origins Misconfigured firewall access violation blocked rules threat origins blocked rules access policy violations access policy violations buffer attack violation default password access default password Misconfigured firewall USBs USBs policy violation social networks blocked rules policy violation access violation missing IPS signature social networks threat originssocial networks policy violation access violation USBs missing IPS signature Misconfigured firewall threat origins social networks buffer attack buffer attack social networks social networks blocked rules missing IPS signature blocked rules access violation access violation Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 5
  • 6. Every Organization Feels the Pain  88% of organizations: experienced significant damage or disruption due to attacks or data breaches in past six months Damage to brand Minor Web DoS None, 10.0% Data breach of (e.g. attack, 1.7% customer or hactivism), 6.7% confidential Damage to records, 20.0% information systems or data, 18.3% Misuse or Service unauthorized down, 60.0% access to information, 35.0 % Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
  • 7. Vulnerability Management Program Key for Risk Reduction • Most respondents see their VM program as a key to reduce risk level and respond to threats To reduce our security risk level To proactively prevent threats before they happen To respond to new threats To provide an accurate assessment of our security status To meet compliance requirements To prioritize and minimize patching costs 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 4.0 4.5 Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
  • 8. Vulnerability Scans – Too Little, too Late Frequency and Coverage 350 Where you need to be 300 Daily updates Frequency x/year 250 90%+ hosts 200 150 Critical systems, DMZ Partner/External networks Avg. scan: every 30 days 100 Avg. scan: every 60-90 days 50-75% of hosts 50 <50% of hosts 0 10% 20% 30% 40% 50% 60% 70% 80% 90% % of Network Scanned Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
  • 9. Vulnerability Scanning: Not Effective We are concerned about disruptions from scanning 59% We don’t have the resources to analyze more frequent scan data 58% We don't have the resources to deal with broader patching activity 41% Some hosts are not scannable due to their use 34% The cost of licenses is prohibitive 29% Unable to gain credentialed access to scan portions of the network 12% We just don’t need to scan more 5% Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
  • 10. Old Gen Tech – Can’t Keep Up Vulnerability Scanners Too much  Disruptive to the network data  Not suitable for daily operations  Irrelevant for the Internet of Things Security Information & Event Management (SIEM) Reactive  Real-time is too late  Lacks context to deal with incidents Network Configuration Management Limited  Config management, not security view  No holistic view of network security Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 10
  • 11. Security is Unmanageable Painful, Costly, Reactive Unable to keep pace with Damaging attacks, business network changes, new services disruption, loss of IP Compliance reporting Inefficient processes, consumes scarce resources escalating management costs Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 11
  • 12. It’s going to get a lot worse (Mobile, Virtualization, Clouds) Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 12
  • 13. The Security Management Gap is 140 Widening Fast 120  BYOD and BYOC the new norm 100  Virtual servers now 50% of 80 deployments Security  Security programs can’t keep 60 challenges up 40  Can you achieve a 16X 20 improvement in 4 years? 0 2009 2010 2011 Ability to2013 2014 2012 execute How? Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 13
  • 14. Many Attacks, Similar Root Causes Scenario Attack Technique Contributing factors Buffer overflow Known vulnerabilities Data Breach SQL injection, RFI, XSS Policy compliance Cyber Theft DDOS Device misconfigurations Hacktivism Client-side attack Insiders APT combining techniques Vulnerabilities Espionage Known and zero-day Policy compliance Cyber Crime vulnerabilities Social engineering Custom malware Firewall bypass Firewall misconfiguration Unauthorized Stolen credentials Vulnerabilities Access Policy compliance Stepping stone Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 14
  • 15. The Missing Piece: Security Risk Management Holistic Visibility of the IT Infrastructure • Networks, routers, firewalls, … • End points – servers, desktops, virtual machines, mobile • Cloud and virtualization infrastructure Predictive Security Analytics  Cyber attack simulation – APT, malicious code  Network security analysis – firewalls, network path analysis  Security metrics Cost Saving - Integrated into Daily Operations • Proactive, automated operation • Scale to any environment • Integrated with existing infrastructure Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 15
  • 16. Future Architecture of Security Management SOC Console Security Risk Security Information & Management Event Management (SRM) (SIEM) Proactive, pre-attack Post-attack incident exposure management management Patch Management, Vulnerability Scanners, A lot of logs, events Asset Management, Threat Intelligence, network traffic Network & Security Configs, Mobile Device Management Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 16
  • 17. Proactive Security Risk Management prevents attacks Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 17
  • 18. Elements of a Predictive Approach  Situational Awareness – Where are we right now?  Contextual and current data  Network context – configuration, controls, policies  Vulnerability data  Threat data  Analytics – Where are the biggest risks?  Network modeling  Access Paths  Risk Analysis  Threat Impact  Operational – What should we do to prevent?  Must improve and simplify daily security activities or why bother  Actionable Intelligence  Secure Change Management process Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 18
  • 19. Situational Awareness Using a Network Model Firewall Router Load IPS Vulnerability Patch Balancer Scanner Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 19
  • 20. How is the Model Created? Gather info on  Import topology data network topology  Device configs  Routing tables  Automatically create a hierarchical model tree, grouping hosts by TCP/IP network  Add function, location, type  Analyze model to detect missing info – hosts, ACLs, routing rules for gateways Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 20
  • 21. Network Model Enables Analytics  Normalized view of the network security situation  Visualize entire network  Updated continuously  Multiple models (sandboxes): Live, Forensic, and What-if Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 21
  • 22. Network Path Analysis  Complete End-to- End path analysis  Highlighting ACL’s and routing rules  Supports NAT, VPN, Dynami c Routing and Authenticated rules Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 22
  • 23. Find Exploitable Vulnerabilities Vulnerabilities • CVE 2009-203 • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Compromised Partner Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 23
  • 24. Simulate all Possible Attacks Vulnerabilities • CVE 2009-203 • CVE 2006-722 • CVE 2006-490 Rogue Admin Internet Hacker Attack Compromised Simulations Partner Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 24
  • 25. Proactive Intelligence to Prevent Attack Connectivity Path Probable attack vector to Finance servers asset group This attack is a “multi-step” attack, crossing several network zones Business Impact Attack Vector How to Block Potential Attack? © 2012 Skybox Security Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 25
  • 26. Quantify and Prioritize Risks Vulnerability (CVSS Score & CIA Impact) X Exposure (Threat Origins & Network) X Business Impact (CIA Impact and Asset Importance) {Attack Simulation} Risk Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 26
  • 27. Plan Defensive Strategy Most Critical Actions Vulnerabilities Threats 27 Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.
  • 28. Example Attack Scenarios Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 28
  • 29. Attack Vector w/ Network Propagation Remote Code Execution 1. Buffer overflow vulnerability MS11-004 on FTP server in DMZ 2. Exploit to gain root control on the FTP server 3. FTP server trust relations with DNS server in core network 4. DNS server running Free BSD has BIND vulnerability - enables control of DNS server 5. Finance server compromised. Significant damage or data loss Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 29
  • 30. Prevent a Buffer Overflow Attack  Identifies all potential attack paths Buffer Overflow Attack  Attack simulation reveals a small number of exposed vulnerabilities  Issue an urgent request to patch the FTP server  Security team patches a single vulnerability to block potential attack and reduce high risk of Financial Server compromise Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 30
  • 31. Attack Vector w/ Network Propagation Firewall Bypass Attack Steps 1. DMZ firewall allowed access Firewall Bypass through TCP port 443 to internal network (which might be okay) 2. A misconfigured load balancer rule performed NAT to TCP port 80 3. Allowing port 80 access to the development network – a very risky situation Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 31
  • 32. Preventing a Firewall Bypass Attack  Automatically assess configurations of firewalls, load balancers, IPS devices, and routers  Create an up-to-date network model  Check policy rules such as: “No access from Internet to Internal except …”  End-to-end access path analysis – every possible path  Issues tickets to address violations in order of impact to business Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 32
  • 33. Wide Attack Surface Expose Client-Side Attack Vectors User opens infected email attachment or clicks link to a A vulnerability or misconfig on malicious or hacked website desktops is exploited and malware is installed Malware enables attacker to collect data from machine, continue attack within the network, and send data back to attacker Source: SANS Tutorial: HTTP Client-side Exploit Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 33
  • 34. Preventing a Client-Side Attack EMEA region at highest risk Retrieve exact list of vulnerable hosts Remediate in order Adobe Reader 9.x and of risk impact 8.x contribute the majority of the risk (76%) Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 34
  • 35. Reinvent your Security Program Add Proactive Security Tools Now  Situational awareness  Predictive Use the Force, Luke!  Risk-based analytics  Decision support Set the bar really high  Unbelievable scale  Adapt to new architectures Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc. 35
  • 36. Thank you Gidi Cohen CEO, Founder info@skyboxsecurity.com +1 (408) 441-8060 Disclaimer The views and opinions expressed during this conference are those of the speakers and do not necessarily reflect the views and opinions held by the Information Systems Security Association (ISSA), the Silicon Valley ISSA, the San Francisco ISSA or the San Francisco Bay Area InfraGard Members Alliance (IMA). Neither ISSA, InfraGard, nor any of its chapters warrants the accuracy, timeliness or completeness of the information presented. Nothing in this conference should be construed as professional or legal advice or as creating a professional-customer or attorney-client relationship. If professional, legal, or other expert assistance is required, the services of a competent professional should be sought. 36 Presenter - Gidi Cohen – Content Copyright ©2012 Skybox Security, Inc.