SlideShare une entreprise Scribd logo

Presentation infra and_datacentrre_dialogue_v2

Télécharger en tant que PPTX, PDF
Claus Cramon Houmann
Claus Cramon Houmann

Information Security done right - Defending enterprise IT in 2015. Cloudified.

Technologie
1  sur  44
World’s biggest Hack? • They’ve lost...everything • Was their security ”make believe”? • Can they survive?
Defending enterprise IT - Some best practices to mitigate cyber attacks Going Above and Beyond Compliance And staying away from Slide #1
About me • Father of 3, happily married. I live in Luxembourg • Head of IT for a Bank, and also independent IT/Infosec consultant. Any opinions presented here are my own and do not represent my employer. • CISO-as-a-service, CIO-as-a-service • Contributor to @TheAnalogies project (making IT and Infosec understandable to the masses) • Member of the I am the Cavalry movement – trying to make connected devices worthy of our trust • @ClausHoumann • Find my work on slideshare
Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf
Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf • The job of Enterprise-Defender is as much sorting through vendor bullshit, trying to not purchase crappy products while trying to build some actual skills • Tools are not the solution • No silver bullets exist
Infosec Vendors
Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf • The job of Enterprise-Defender is as much sorting through vendor bullshit, trying to not purchase crappy products while trying to build some actual skills • Tools are not the solution • No silver bullets exist • It’s an assymetrical conflict
It’s an assymetrical conflict X-wing
Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf • The job of Enterprise-Defender is as much sorting through vendor bullshit, trying to not purchase crappy products while trying to build some actual skills • Tools are not the solution • No silver bullets exist • It’s an assymetrical conflict • A lot of companies fail to focus on the basics • Train your people!
Train Harder And smarter
Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf • The job of Enterprise-Defender is as much sorting through vendor bullshit, trying to not purchase crappy products while trying to build some actual skills • Tools are not the solution • No silver bullets exist • It’s an assymetrical conflict • A lot of companies fail to focus on the basics • Train your people! • Do not rely on compliance for security
Compliance • Is • NOT • Security • Which any of you who ever attended a Security conference will have already heard • Compliance is preparing to fight yesteryears war
Want to beat assymetricality? Here’s how: • A strategic approach to security leveraging methods that work
Pyramids - This one is Joshua Cormans. Could be best definition of Defense-in-Depth Defensible Infrastructure Operational Excellence Situational Awareness Counter- measures
The Foundation Defensible Infrastructure Software and Hardware built as ”secure by default” is ideal here. Rugged DevOps. Your choices of tech impacts you ever after You must assemble carefully, like Lego Without backdoors or Golden Keys!
Mastery Operational Excellence Master all aspects of your Development, Operations and Outsourcing. Train like the Ninjas! DevOps (Rugged DevOps) Change Management Patch Management Asset Management Information classification & localization Basically, all the cornerstones of ITIL You name it. Master it.
Gain the ability to handle situations correctly – Floodlights ON Situational Awareness ”People don’t write software anymore, they assemble it” Quote Joshua Corman. -> Know which lego blocks you have in your infrastructure -> Actionable threat intelligence -> Automate as much as you can, example: IOC’s automatically fed from sources into SIEM with alerting on matches Are we affected by Poodle? Shellshock? WinShock? Heartbleed? Should we patch now? Next week? Are we under attack? Do we have compromised endpoint? Are there anomalies in our LAN traffic?
Counter that which you profit from countering • Decrease attacker ROI below critical threshold by applying countermeasures • Most Security tools fall within this category • Limit spending until you’re laid the foundational levels of the pyramid Counter- measures Footnote: Cyber kill chain is patented by Lockheed Martin.
Mapping to other strategic approaches Defensible Infrastructure Operational Excellence Situational Awareness Counter- measures Lockheed Martin patented Nigel Wilson -> @nigesecurityguy
Defense-in-Depth
Kill chain actions Source: Nige the security guy = Nigel Wilson
Defensive hot zones • Basketball and other sports analysis -> • – FIND the HOT zones of your opponents. • Defend there.
Defensive hot zones • Basketball and other sports analysis -> • – FIND the HOT zones of your opponents. • Defend there.
Hot zones! • You need to secure: – The (Mobile) user/ endpoints – The networks – Data in transit – The Cloud – Internal systems Sample protections added only, not the complete picture of course
Best Practices – High level • Create awareness – Security awareness training • Increase the security budget – Justify investments BEFORE the breach. – It’s easier when you’re actually being attacked. But too late. • Use the Cyber Kill Chain model or Nigel Wilsons ”Defensible Security Posture” to gain capability to thwart attackers • Training, skills and people!
Hot zone 1: Endpoints A safe dreamworld PC • Microsoft EMET 5.1 • No Java • No Adobe Flash Player/Reader • No AV (that one is for you @matalaz) • Kill all executable files on the Proxy layer (.exe .msi etc.) • (Not even needed but works if something evades the above): – Adblocking extension in browser – Invincea FreeSpace/Bromium Vsentry/Malwarebytes/Crowdstrike Falcon
Hot zone 1: A real world PC • Microsoft EMET 5.1 • Java • Adobe Flash Player/Reader • AV • Executable files kill you, so use: – Adblocking extension in browser – Invincea FreeSpace/Bromium Vsentry/Malwarebytes/Crowdstrike Falcon – Secure Web Gateway – White listing, black listing – No admin credentials left behind And then cross your fingers
Hot zone 1, more • PC defense should include: – Whitelisting – Blacklisting – Sandboxing – Registry defenses – Change roll-backs – HIPS – Domain policies – Log collection and review – MFA – ACL’s/Firewall rules – Heuristics detection/prevention – DNS audit and protection
Hot zone 2: The networks • Baselining everything • Spot anomalies • Monitor, observe, record • Advanced network level tools such as Netwitness, FireEye, CounterAct • Test your network resilience/security with fx Ixia BreakingPoint • Network Security Monitoring (NSM) • Don’t forget the insider threat
Hot zone 3+4: Data in Transit/Cloud • Trust in encryption • Remember you secure what you put in the cloud. The Cloud provider doesn’t • Great new mobile collaboration tools exist • SaaS monitoring and DLP tools exist -> ”CloudWalls” • Cloudcrypters • CloudTrail, CloudWatch, Config-log/change-trackers, vuln.mgmt • Story about the Vulnerability patched during Bash/Shellshock public confusion period • And this for home study: https://securosis.com/blog/security-best- practices-for-amazon-web-services
Cloud • Segmentation • Compartmentalisation • Need to know
Cloud • Concentration risk • Secure the administrative credentials and APIs • ENISA: – https://www.enisa.europa.eu/activities/risk- management/files/deliverables/cloud-computing-risk- assessment – https://resilience.enisa.europa.eu/cloud-computing- certification • A funny story about cloud certification providers hacking me
Hot Zone 5
Best practices • Use EMET • Use ad-blockers • Use advanced endpoint mitigation tools like Bromium Vsentry, Invincea FreeSpace, Malwarebytes, Crowdstrike Falcon • Identify potential attackers and profile them
A more defensible infrastructure • Avoid expense in depth • Research and find the best counter measures • Open Source tools can be awesome for example Suricata & Bro_IDS • Full packet capture and Deep packet inspection/Proxies for visibility • KNOW WHAT’S GOING ON IN YOUR NETWORKS • Watch and learn from attack patterns
Best practices - Mitigate risks Source: Dave Sweigert
Automate Threat Intelligence IOC • Use multiple IOC feeds • Automate daily: – IOC feed retrival, – Insertion into SIEM, – Correlation against all-time logfiles, – Alerting on matches • Example: Splunk Splice can do parts of this
You need to ally up! • Security and Infrastructure aren’t enemies • Security and the office of the CIO aren’t enemies • Ally up & Bromance! • Together, you can make things more defensible and retain usability
• 5G: The rise of the Android DDoS’er. 1 gbit/s connections from phones easily hacked. Obvious threat? • IPv6 – network reconnainsance surprisingly easily done: https://tools.ietf.org/html/draft-ietf-opsec-ipv6- host-scanning-04. Damn, no security through obscurity to get there • Countering Nation State Actors -> or more specifically their TTP’s becomes a MUST. Because the bad guys will learn from them & adapt their offense Future threat trends
And the unexpected extra win • Real security will actually make you compliant in many areas of compliance
Q & A • Ask me question, or I’ll ask you questions
Sources used – http://www.itbusinessedge.com – Heartbleed.com – https://nigesecurityguy.wordpress.com/ – Lockheed Martins ”Cyber Kill Chain” – Joshua Corman and David Etue from RSAC 2014 ”Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome” – Lego

Recommandé

Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About Them
Eoin Woods
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Rui Miguel Feio
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433
Terry Gilsenan
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 

Recommandé

Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
Claus Cramon Houmann
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About Them
Eoin Woods
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Rui Miguel Feio
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433
Terry Gilsenan
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
NCC Group
 
2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two
FRSecure
 
Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)
Rui Miguel Feio
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
FRSecure
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
Rui Miguel Feio
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
Lastline, Inc.
 
2019 FRSecure CISSP Mentor Program: Class Eleven
2019 FRSecure CISSP Mentor Program: Class Eleven2019 FRSecure CISSP Mentor Program: Class Eleven
2019 FRSecure CISSP Mentor Program: Class Eleven
FRSecure
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
Rui Miguel Feio
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
Security Weekly
 
2020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 22020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 2
FRSecure
 
Is talent shortage ws marco morana
Is talent shortage ws marco moranaIs talent shortage ws marco morana
Is talent shortage ws marco morana
Marco Morana
 
Web application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yoursWeb application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yours
David Busby, CISSP
 
2018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 12018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 1
FRSecure
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted List
Security Weekly
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
Scott Sutherland
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
justinkallhoff
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten
FRSecure
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
L49 slides
L49 slidesL49 slides
L49 slides
sgibson28
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Claus Cramon Houmann
 
APT - Project
APT - Project APT - Project
APT - Project
Dev Lavaniya
 

Contenu connexe

Tendances

Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Security Weekly
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted List
Security Weekly
 

Tendances (20)

2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two2019 FRecure CISSP Mentor Program: Session Two
2019 FRecure CISSP Mentor Program: Session Two
 
Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)Cyber security and the mainframe (v1.3)
Cyber security and the mainframe (v1.3)
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
 
Introduction to Malware - Part 1
Introduction to Malware - Part 1 Introduction to Malware - Part 1
Introduction to Malware - Part 1
 
2019 FRSecure CISSP Mentor Program: Class Eleven
2019 FRSecure CISSP Mentor Program: Class Eleven2019 FRSecure CISSP Mentor Program: Class Eleven
2019 FRSecure CISSP Mentor Program: Class Eleven
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
 
2020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 22020 FRSecure CISSP Mentor Program - Class 2
2020 FRSecure CISSP Mentor Program - Class 2
 
Is talent shortage ws marco morana
Is talent shortage ws marco moranaIs talent shortage ws marco morana
Is talent shortage ws marco morana
 
Web application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yoursWeb application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yours
 
2018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 12018 CISSP Mentor Program Session 1
2018 CISSP Mentor Program Session 1
 
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
Robots, Ninjas, Pirates and Building an Effective Vulnerability Management Pr...
 
The Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted ListThe Internet of Insecure Things: 10 Most Wanted List
The Internet of Insecure Things: 10 Most Wanted List
 
Declaration of malWARe
Declaration of malWAReDeclaration of malWARe
Declaration of malWARe
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
 
L49 slides
L49 slidesL49 slides
L49 slides
 

En vedette

Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
 

En vedette (11)

Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
 
APT - Project
APT - Project APT - Project
APT - Project
 
Intelligence Driven Security
Intelligence Driven SecurityIntelligence Driven Security
Intelligence Driven Security
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
 
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and DefenseNext Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and Defense
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
 
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade DetectionMalware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
 
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 

Similaire à Presentation infra and_datacentrre_dialogue_v2

Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 

Similaire à Presentation infra and_datacentrre_dialogue_v2 (20)

ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweat
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
 
C days2015
C days2015C days2015
C days2015
 
OWASP
OWASPOWASP
OWASP
 
The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009The Principles of Secure Development - BSides Las Vegas 2009
The Principles of Secure Development - BSides Las Vegas 2009
 
Developing A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response ProgramDeveloping A Cyber Security Incident Response Program
Developing A Cyber Security Incident Response Program
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
 
Corona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat ManagementCorona| COVID IT Tactical Security Preparedness: Threat Management
Corona| COVID IT Tactical Security Preparedness: Threat Management
 
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You..."Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
"Threat Model Every Story": Practical Continuous Threat Modeling Work for You...
 
Users awarness programme for Online Privacy
Users awarness programme for Online PrivacyUsers awarness programme for Online Privacy
Users awarness programme for Online Privacy
 

Dernier

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Dernier (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Presentation infra and_datacentrre_dialogue_v2

  • 1.
  • 2. World’s biggest Hack? • They’ve lost...everything • Was their security ”make believe”? • Can they survive?
  • 3. Defending enterprise IT - Some best practices to mitigate cyber attacks Going Above and Beyond Compliance And staying away from Slide #1
  • 4. About me • Father of 3, happily married. I live in Luxembourg • Head of IT for a Bank, and also independent IT/Infosec consultant. Any opinions presented here are my own and do not represent my employer. • CISO-as-a-service, CIO-as-a-service • Contributor to @TheAnalogies project (making IT and Infosec understandable to the masses) • Member of the I am the Cavalry movement – trying to make connected devices worthy of our trust • @ClausHoumann • Find my work on slideshare
  • 5. Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf
  • 6.
  • 7. Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf • The job of Enterprise-Defender is as much sorting through vendor bullshit, trying to not purchase crappy products while trying to build some actual skills • Tools are not the solution • No silver bullets exist
  • 9. Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf • The job of Enterprise-Defender is as much sorting through vendor bullshit, trying to not purchase crappy products while trying to build some actual skills • Tools are not the solution • No silver bullets exist • It’s an assymetrical conflict
  • 10. It’s an assymetrical conflict X-wing
  • 11. Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf • The job of Enterprise-Defender is as much sorting through vendor bullshit, trying to not purchase crappy products while trying to build some actual skills • Tools are not the solution • No silver bullets exist • It’s an assymetrical conflict • A lot of companies fail to focus on the basics • Train your people!
  • 13. Cyber Security: ”State of the (European) Union” • Threats are abundant and on the rise • http://map.ipviking.com/ is a good way to illustrate/visualize this • Existing tools, and even Next-Generation APT tools dont work: – Examples: https://blog.mrg-effitas.com/wp- content/uploads/2014/11/Crysys_MRG_APT_detection_test_2014.pdf – http://archive.hack.lu/2014/Bypasss_sandboxes_for_fun.pdf • The job of Enterprise-Defender is as much sorting through vendor bullshit, trying to not purchase crappy products while trying to build some actual skills • Tools are not the solution • No silver bullets exist • It’s an assymetrical conflict • A lot of companies fail to focus on the basics • Train your people! • Do not rely on compliance for security
  • 14. Compliance • Is • NOT • Security • Which any of you who ever attended a Security conference will have already heard • Compliance is preparing to fight yesteryears war
  • 15. Want to beat assymetricality? Here’s how: • A strategic approach to security leveraging methods that work
  • 16. Pyramids - This one is Joshua Cormans. Could be best definition of Defense-in-Depth Defensible Infrastructure Operational Excellence Situational Awareness Counter- measures
  • 17. The Foundation Defensible Infrastructure Software and Hardware built as ”secure by default” is ideal here. Rugged DevOps. Your choices of tech impacts you ever after You must assemble carefully, like Lego Without backdoors or Golden Keys!
  • 18. Mastery Operational Excellence Master all aspects of your Development, Operations and Outsourcing. Train like the Ninjas! DevOps (Rugged DevOps) Change Management Patch Management Asset Management Information classification & localization Basically, all the cornerstones of ITIL You name it. Master it.
  • 19. Gain the ability to handle situations correctly – Floodlights ON Situational Awareness ”People don’t write software anymore, they assemble it” Quote Joshua Corman. -> Know which lego blocks you have in your infrastructure -> Actionable threat intelligence -> Automate as much as you can, example: IOC’s automatically fed from sources into SIEM with alerting on matches Are we affected by Poodle? Shellshock? WinShock? Heartbleed? Should we patch now? Next week? Are we under attack? Do we have compromised endpoint? Are there anomalies in our LAN traffic?
  • 20. Counter that which you profit from countering • Decrease attacker ROI below critical threshold by applying countermeasures • Most Security tools fall within this category • Limit spending until you’re laid the foundational levels of the pyramid Counter- measures Footnote: Cyber kill chain is patented by Lockheed Martin.
  • 21. Mapping to other strategic approaches Defensible Infrastructure Operational Excellence Situational Awareness Counter- measures Lockheed Martin patented Nigel Wilson -> @nigesecurityguy
  • 23. Kill chain actions Source: Nige the security guy = Nigel Wilson
  • 24. Defensive hot zones • Basketball and other sports analysis -> • – FIND the HOT zones of your opponents. • Defend there.
  • 25. Defensive hot zones • Basketball and other sports analysis -> • – FIND the HOT zones of your opponents. • Defend there.
  • 26. Hot zones! • You need to secure: – The (Mobile) user/ endpoints – The networks – Data in transit – The Cloud – Internal systems Sample protections added only, not the complete picture of course
  • 27. Best Practices – High level • Create awareness – Security awareness training • Increase the security budget – Justify investments BEFORE the breach. – It’s easier when you’re actually being attacked. But too late. • Use the Cyber Kill Chain model or Nigel Wilsons ”Defensible Security Posture” to gain capability to thwart attackers • Training, skills and people!
  • 28. Hot zone 1: Endpoints A safe dreamworld PC • Microsoft EMET 5.1 • No Java • No Adobe Flash Player/Reader • No AV (that one is for you @matalaz) • Kill all executable files on the Proxy layer (.exe .msi etc.) • (Not even needed but works if something evades the above): – Adblocking extension in browser – Invincea FreeSpace/Bromium Vsentry/Malwarebytes/Crowdstrike Falcon
  • 29. Hot zone 1: A real world PC • Microsoft EMET 5.1 • Java • Adobe Flash Player/Reader • AV • Executable files kill you, so use: – Adblocking extension in browser – Invincea FreeSpace/Bromium Vsentry/Malwarebytes/Crowdstrike Falcon – Secure Web Gateway – White listing, black listing – No admin credentials left behind And then cross your fingers
  • 30. Hot zone 1, more • PC defense should include: – Whitelisting – Blacklisting – Sandboxing – Registry defenses – Change roll-backs – HIPS – Domain policies – Log collection and review – MFA – ACL’s/Firewall rules – Heuristics detection/prevention – DNS audit and protection
  • 31. Hot zone 2: The networks • Baselining everything • Spot anomalies • Monitor, observe, record • Advanced network level tools such as Netwitness, FireEye, CounterAct • Test your network resilience/security with fx Ixia BreakingPoint • Network Security Monitoring (NSM) • Don’t forget the insider threat
  • 32. Hot zone 3+4: Data in Transit/Cloud • Trust in encryption • Remember you secure what you put in the cloud. The Cloud provider doesn’t • Great new mobile collaboration tools exist • SaaS monitoring and DLP tools exist -> ”CloudWalls” • Cloudcrypters • CloudTrail, CloudWatch, Config-log/change-trackers, vuln.mgmt • Story about the Vulnerability patched during Bash/Shellshock public confusion period • And this for home study: https://securosis.com/blog/security-best- practices-for-amazon-web-services
  • 34. Cloud • Concentration risk • Secure the administrative credentials and APIs • ENISA: – https://www.enisa.europa.eu/activities/risk- management/files/deliverables/cloud-computing-risk- assessment – https://resilience.enisa.europa.eu/cloud-computing- certification • A funny story about cloud certification providers hacking me
  • 36. Best practices • Use EMET • Use ad-blockers • Use advanced endpoint mitigation tools like Bromium Vsentry, Invincea FreeSpace, Malwarebytes, Crowdstrike Falcon • Identify potential attackers and profile them
  • 37. A more defensible infrastructure • Avoid expense in depth • Research and find the best counter measures • Open Source tools can be awesome for example Suricata & Bro_IDS • Full packet capture and Deep packet inspection/Proxies for visibility • KNOW WHAT’S GOING ON IN YOUR NETWORKS • Watch and learn from attack patterns
  • 38. Best practices - Mitigate risks Source: Dave Sweigert
  • 39. Automate Threat Intelligence IOC • Use multiple IOC feeds • Automate daily: – IOC feed retrival, – Insertion into SIEM, – Correlation against all-time logfiles, – Alerting on matches • Example: Splunk Splice can do parts of this
  • 40. You need to ally up! • Security and Infrastructure aren’t enemies • Security and the office of the CIO aren’t enemies • Ally up & Bromance! • Together, you can make things more defensible and retain usability
  • 41. • 5G: The rise of the Android DDoS’er. 1 gbit/s connections from phones easily hacked. Obvious threat? • IPv6 – network reconnainsance surprisingly easily done: https://tools.ietf.org/html/draft-ietf-opsec-ipv6- host-scanning-04. Damn, no security through obscurity to get there • Countering Nation State Actors -> or more specifically their TTP’s becomes a MUST. Because the bad guys will learn from them & adapt their offense Future threat trends
  • 42. And the unexpected extra win • Real security will actually make you compliant in many areas of compliance
  • 43. Q & A • Ask me question, or I’ll ask you questions
  • 44. Sources used – http://www.itbusinessedge.com – Heartbleed.com – https://nigesecurityguy.wordpress.com/ – Lockheed Martins ”Cyber Kill Chain” – Joshua Corman and David Etue from RSAC 2014 ”Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome” – Lego

Notes de l'éditeur

  1. Or join these
  2. The Egyptians built their pyramids from the bottom up. Because, that’s how you build pyramids. Start there!
  3. Laying a secure foundation matters supremely. History proves this
  4. As with any art, practice makes master. So, Practice!
  5. Automation is key for threat intelligence, threat detection and threat remediation
  6. Dont start by blindly buying tools, do the basics, master it and work from there
  7. In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables
  8. In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables
  9. In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables
  10. In reality, you will have AV, Java and others. And you probably cannot enforce killing all executables