SlideShare une entreprise Scribd logo

Cybersecurity 5 road_blocks

C
Cyphort

This document discusses implementing effective cybersecurity postures. It outlines an agenda for a presentation including discussing Obama's 2013 executive order on critical infrastructure cybersecurity and the NIST Cybersecurity Framework. It identifies that everything is now critical infrastructure and weaknesses can be exploited. It discusses overcoming potential roadblocks like understanding business risks, planning for the full threat mitigation cycle, dealing with consequences, getting options for mitigation, and preparing for worst-case recovery scenarios. The presentation aims to provide clarity and help audiences be thoughtful and logical in their cybersecurity approaches.

Technologie
1  sur  19
Télécharger pour lire hors ligne
Getting Down To Business: Implementing Effective & Sustainable Cybersecurity Postures
Your speakers today @FengminGong Co-Founder & Chief Strategy Officer Shel Sharma Product Marketing Director
Agenda o Obama Executive Order o Cybersecurity Framework 1.0 o Time To GSD o Overcome 5 Top Road Blocks o Q&A CyphortLabsT-shirt
We monitor threats & help customers ______ 24X7 monitoring for malware events ________ Assist customers with their forensics and Incident Response We enhance malware detection accuracy ________ False positives/negatives ________ Deep-dive research & technology prototyping We work with security ecosystem ________ Best practice for cyber defense ________ Actionable threat intelligence
o Obama’s Executive Order 13636, February 12, 2013 o Call to action “Improving Critical Infrastructure Cybersecurity” o Critical Infrastructure: “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
You Can Be The Weakest Link To Cybersecurity! o With the connected world, everything is critical to threat penetration, from retail stores, to government, to IoT devices! o RSA Secure Token breach via HR employee o Target breach via HVAC contractor access o OPM breach via contractors (USIS & KeyPoint) o Jeep Cherokee via (Sprint cellular + Harman Kardon Uconnect 8.4N/RA4 radio)
NIST Cybersecurity Framework 1.0 o NIST spear-headed joint government- private effort o Framework meant for voluntary following o Advocate best approach to managing cybersecurity risks in the face of advanced threats and evolving IT & ICS infrastructure
From Board Visibility 2 GSD! Business risks CEO/CISO accountability “5 headcounts, take care of it for me!” What are our crown jewels, where? What’s the most urgent? Who/where are our threat sources? What tools are most effective for our needs? “We need to implement a solution to manage the risks for today and ongoing, with grace!” Process, tools, operations
Clarity: Be Thoughtful, Be Logical
Risk Mgmt Cycle Government Businesses Tool Vendors Netizens Identify objectives Foster good behaviors Priority & Objective Business asset & IT integration Privacy & Security awareness Protect assets Encourage best practices Proactive Posture Kill chain & impact delineation Practice security Detect incidents Promote sound approaches Visibility: attack surface & threat vector Deployment flexibility & scale Follow policy Respond to incidents Compel business responsibility Time to containment & resolution Workflow automation, API Follow policy Recover from breaches Compel stronger consumer protection Time to restoration Context aware & forensics Follow policy Defensive Stake Holders And Roles
Top 5 Potential Road Blocks 1. Understand business specific risks 2. Plan for complete threat mitigation cycle 3. Anticipate to deal with consequences 4. Ask for ready-to-take mitigation options 5. Prepare for the worst-case recovery
Understand Your Business Risks o Different threats, different priorities o OPM – personnel records o Health care – patient records o Financial – client records, transaction system o Design house – blueprint, schematics o Internet service provider – customer account info o Where others failed o Compliance as the ends instead of means
Plan For Full Mitigation Cycle o Watch for attacks at all stages of kill chain o Monitor all access paths to your protected assets o Spectacular failures o RSA attack combined flash 0day+spear-phishing o Mr. Snowden went directly for exfiltration o OPM attack opted USIS & KeyPoint as stepping stones o Ashley Madison hack likely with insider involvement Exploit Download Install Exfiltrate
Focus On Dealing With Consequences o “Consequence Focus” forces clarity on objectives o Stopping an BO exploit against the file server is neither sufficient nor necessary for stopping code theft on the server o Need multi-prone: protect, detect, respond, and recover o Murphy’s law also holds for “prevention” o Others’ failure, your gain o “Deploy and forget” IPS defense does not work o Think what you can protect, detect, respond, and recover!
Your Plan, Your Choice o What’s missing from your tools? o Timely, relevant and specific detection o Prioritized ready-to-take actions o Ecosystem friendly tools o Some example failures o Firewalls will block IP/port/Apps, if you tell them “what exactly” o IPS/SWG will block a communication/URL, if you tell them so o AV will quarantine or even clean up an endpoint, if it were able to spot most of malware
Prepare For The Worst o Don’t plan for “Armageddon” or “Singularity” o Plan for the worst you can handle o Privileged user gets infected by RAT malware o Unauthorized access to your source repository o Cryptolocker infection on file share server o Some well-known lessons o No worst consideration o No robust backup/restore practice for server or endpoints o No compartmentization or isolation control o No least-privilege practice
Any Questions?
Thank You! Previous MMW slides on http://cyphort.com/labs/ malwares-wanted/

Recommandé

Malware self protection-matrix
Malware self protection-matrixMalware self protection-matrix
Malware self protection-matrixCyphort
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLMalware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLCyphort
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareCyphort
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemCyphort
 
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansMalware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansCyphort
 
Malware Most Wanted: Evil Bunny
Malware Most Wanted: Evil BunnyMalware Most Wanted: Evil Bunny
Malware Most Wanted: Evil BunnyCyphort
 

Recommandé

Malware self protection-matrix
Malware self protection-matrixMalware self protection-matrix
Malware self protection-matrixCyphort
 
Most notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsMost notable apt_ attacks_of_2015_and_2016 predictions
Most notable apt_ attacks_of_2015_and_2016 predictionsCyphort
 
Mmw mac malware-mac
Mmw mac malware-macMmw mac malware-mac
Mmw mac malware-macCyphort
 
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLMalware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOL
Malware's Most Wanted: Malvertising Attacks on Huffingtonpost, Yahoo, AOLCyphort
 
Malware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareMalware's Most Wanted: The Many Faces of Malware
Malware's Most Wanted: The Many Faces of MalwareCyphort
 
Malware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemMalware Most Wanted: Security Ecosystem
Malware Most Wanted: Security EcosystemCyphort
 
Malware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansMalware's Most Wanted: Financial Trojans
Malware's Most Wanted: Financial TrojansCyphort
 
Malware Most Wanted: Evil Bunny
Malware Most Wanted: Evil BunnyMalware Most Wanted: Evil Bunny
Malware Most Wanted: Evil BunnyCyphort
 
EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityCyphort
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence Cyphort
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
 
Malware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareMalware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareCyphort
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesCyphort
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedThomas Roccia
 
42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to Respond42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to RespondThomas Roccia
 
Malware Evasion Techniques
Malware Evasion TechniquesMalware Evasion Techniques
Malware Evasion TechniquesThomas Roccia
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentStefano Maccaglia
 
Break IT Down by Josh Smith
Break IT Down by Josh SmithBreak IT Down by Josh Smith
Break IT Down by Josh SmithEC-Council
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Defender economics
Defender economicsDefender economics
Defender economicsaddelindh
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler Marci Bontadelli
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020Jonathan Cran
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Devendra kashyap
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 

Contenu connexe

Tendances

EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityCyphort
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence Cyphort
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
 
Malware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareMalware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareCyphort
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesCyphort
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedThomas Roccia
 
42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to Respond42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to RespondThomas Roccia
 
Malware Evasion Techniques
Malware Evasion TechniquesMalware Evasion Techniques
Malware Evasion TechniquesThomas Roccia
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentStefano Maccaglia
 
Break IT Down by Josh Smith
Break IT Down by Josh SmithBreak IT Down by Josh Smith
Break IT Down by Josh SmithEC-Council
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareKaspersky
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...CODE BLUE
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
 
Defender economics
Defender economicsDefender economics
Defender economicsaddelindh
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler Marci Bontadelli
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020Jonathan Cran
 

Tendances (18)

EverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in CybersecurityEverSec + Cyphort: Big Trends in Cybersecurity
EverSec + Cyphort: Big Trends in Cybersecurity
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence MMW April 2016 Ransomware Resurgence
MMW April 2016 Ransomware Resurgence
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
 
Malware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things MalwareMalware's Most Wanted: Linux and Internet of Things Malware
Malware's Most Wanted: Linux and Internet of Things Malware
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
 
Wannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons LearnedWannacry | Technical Insight and Lessons Learned
Wannacry | Technical Insight and Lessons Learned
 
42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to Respond42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to Respond
 
Malware Evasion Techniques
Malware Evasion TechniquesMalware Evasion Techniques
Malware Evasion Techniques
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Break IT Down by Josh Smith
Break IT Down by Josh SmithBreak IT Down by Josh Smith
Break IT Down by Josh Smith
 
What you need to know about ExPetr ransomware
What you need to know about ExPetr ransomwareWhat you need to know about ExPetr ransomware
What you need to know about ExPetr ransomware
 
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
[CB19] Cyber Threat Landscape in Japan – Revealing Threat in the Shadow by C...
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
Defender economics
Defender economicsDefender economics
Defender economics
 
MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020
 

Similaire à Cybersecurity 5 road_blocks

Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Devendra kashyap
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security FrameworkJerod Brennen
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Darwin Jayson Mariano
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docxchristiandean12115
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessSecurityOn-Demand
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015anpapathanasiou
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
Please answer the following questions in essay fashion giving as m.docx
Please answer the following questions in essay fashion giving as m.docxPlease answer the following questions in essay fashion giving as m.docx
Please answer the following questions in essay fashion giving as m.docxmattjtoni51554
 
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...CODE BLUE
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Five Mistakes of Incident Response
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident ResponseAnton Chuvakin
 
Information security for business majors
Information security for business majorsInformation security for business majors
Information security for business majorsPaul Melson
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeKevin Duffey
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 

Similaire à Cybersecurity 5 road_blocks (20)

Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Common Sense Security Framework
Common Sense Security FrameworkCommon Sense Security Framework
Common Sense Security Framework
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]Process Safety Blind Spots: EXPOSED [Infographic]
Process Safety Blind Spots: EXPOSED [Infographic]
 
Assessing Your security
Assessing Your securityAssessing Your security
Assessing Your security
 
1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx1.5 Pages are requiredYou have been hired .docx
1.5 Pages are requiredYou have been hired .docx
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
 
Understanding the 8 Keys to Security Success
Understanding the 8 Keys to Security SuccessUnderstanding the 8 Keys to Security Success
Understanding the 8 Keys to Security Success
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Please answer the following questions in essay fashion giving as m.docx
Please answer the following questions in essay fashion giving as m.docxPlease answer the following questions in essay fashion giving as m.docx
Please answer the following questions in essay fashion giving as m.docx
 
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
Five Mistakes of Incident Response
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident Response
 
Information security for business majors
Information security for business majorsInformation security for business majors
Information security for business majors
 
Be Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crimeBe Angry - why CEOs should join the coalition against cyber crime
Be Angry - why CEOs should join the coalition against cyber crime
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 

Plus de Cyphort

MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler Cyphort
 
Machine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wantedMachine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wantedCyphort
 
Dissecting Cryptowall
Dissecting CryptowallDissecting Cryptowall
Dissecting CryptowallCyphort
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyphort
 
Mmw anti sandbox_techniques
Mmw anti sandbox_techniquesMmw anti sandbox_techniques
Mmw anti sandbox_techniquesCyphort
 
Mmw anti sandboxtricks
Mmw anti sandboxtricksMmw anti sandboxtricks
Mmw anti sandboxtricksCyphort
 
If you have three wishes
If you have three wishesIf you have three wishes
If you have three wishesCyphort
 
The A and the P of the T
The A and the P of the TThe A and the P of the T
The A and the P of the TCyphort
 
Malware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareCyphort
 
Zeus Dissected
Zeus DissectedZeus Dissected
Zeus DissectedCyphort
 
ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing KeynoteCyphort
 
Malware's Most Wanted (MMW): Backoff POS Malware
Malware's Most Wanted (MMW): Backoff POS Malware Malware's Most Wanted (MMW): Backoff POS Malware
Malware's Most Wanted (MMW): Backoff POS Malware Cyphort
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanCyphort
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Cyphort
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanCyphort
 
Digging deeper into the IE vulnerability CVE-2014-1776 with Cyphort
Digging deeper into the IE vulnerability CVE-2014-1776 with CyphortDigging deeper into the IE vulnerability CVE-2014-1776 with Cyphort
Digging deeper into the IE vulnerability CVE-2014-1776 with CyphortCyphort
 

Plus de Cyphort (16)

MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler MMW June 2016: The Rise and Fall of Angler
MMW June 2016: The Rise and Fall of Angler
 
Machine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wantedMachine learning cyphort_malware_most_wanted
Machine learning cyphort_malware_most_wanted
 
Dissecting Cryptowall
Dissecting CryptowallDissecting Cryptowall
Dissecting Cryptowall
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Mmw anti sandbox_techniques
Mmw anti sandbox_techniquesMmw anti sandbox_techniques
Mmw anti sandbox_techniques
 
Mmw anti sandboxtricks
Mmw anti sandboxtricksMmw anti sandboxtricks
Mmw anti sandboxtricks
 
If you have three wishes
If you have three wishesIf you have three wishes
If you have three wishes
 
The A and the P of the T
The A and the P of the TThe A and the P of the T
The A and the P of the T
 
Malware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adwareMalware's Most Wanted: How to tell BADware from adware
Malware's Most Wanted: How to tell BADware from adware
 
Zeus Dissected
Zeus DissectedZeus Dissected
Zeus Dissected
 
ISC2014 Beijing Keynote
ISC2014 Beijing KeynoteISC2014 Beijing Keynote
ISC2014 Beijing Keynote
 
Malware's Most Wanted (MMW): Backoff POS Malware
Malware's Most Wanted (MMW): Backoff POS Malware Malware's Most Wanted (MMW): Backoff POS Malware
Malware's Most Wanted (MMW): Backoff POS Malware
 
Malware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojanMalware's most wanted-zberp-the_financial_trojan
Malware's most wanted-zberp-the_financial_trojan
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
 
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware TrojanMalware's Most Wanted: CryptoLocker—The Ransomware Trojan
Malware's Most Wanted: CryptoLocker—The Ransomware Trojan
 
Digging deeper into the IE vulnerability CVE-2014-1776 with Cyphort
Digging deeper into the IE vulnerability CVE-2014-1776 with CyphortDigging deeper into the IE vulnerability CVE-2014-1776 with Cyphort
Digging deeper into the IE vulnerability CVE-2014-1776 with Cyphort
 

Dernier

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Dernier (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

Cybersecurity 5 road_blocks

  • 1.
  • 2. Getting Down To Business: Implementing Effective & Sustainable Cybersecurity Postures
  • 3. Your speakers today @FengminGong Co-Founder & Chief Strategy Officer Shel Sharma Product Marketing Director
  • 4. Agenda o Obama Executive Order o Cybersecurity Framework 1.0 o Time To GSD o Overcome 5 Top Road Blocks o Q&A CyphortLabsT-shirt
  • 5. We monitor threats & help customers ______ 24X7 monitoring for malware events ________ Assist customers with their forensics and Incident Response We enhance malware detection accuracy ________ False positives/negatives ________ Deep-dive research & technology prototyping We work with security ecosystem ________ Best practice for cyber defense ________ Actionable threat intelligence
  • 6. o Obama’s Executive Order 13636, February 12, 2013 o Call to action “Improving Critical Infrastructure Cybersecurity” o Critical Infrastructure: “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
  • 7. You Can Be The Weakest Link To Cybersecurity! o With the connected world, everything is critical to threat penetration, from retail stores, to government, to IoT devices! o RSA Secure Token breach via HR employee o Target breach via HVAC contractor access o OPM breach via contractors (USIS & KeyPoint) o Jeep Cherokee via (Sprint cellular + Harman Kardon Uconnect 8.4N/RA4 radio)
  • 8. NIST Cybersecurity Framework 1.0 o NIST spear-headed joint government- private effort o Framework meant for voluntary following o Advocate best approach to managing cybersecurity risks in the face of advanced threats and evolving IT & ICS infrastructure
  • 9. From Board Visibility 2 GSD! Business risks CEO/CISO accountability “5 headcounts, take care of it for me!” What are our crown jewels, where? What’s the most urgent? Who/where are our threat sources? What tools are most effective for our needs? “We need to implement a solution to manage the risks for today and ongoing, with grace!” Process, tools, operations
  • 11. Risk Mgmt Cycle Government Businesses Tool Vendors Netizens Identify objectives Foster good behaviors Priority & Objective Business asset & IT integration Privacy & Security awareness Protect assets Encourage best practices Proactive Posture Kill chain & impact delineation Practice security Detect incidents Promote sound approaches Visibility: attack surface & threat vector Deployment flexibility & scale Follow policy Respond to incidents Compel business responsibility Time to containment & resolution Workflow automation, API Follow policy Recover from breaches Compel stronger consumer protection Time to restoration Context aware & forensics Follow policy Defensive Stake Holders And Roles
  • 12. Top 5 Potential Road Blocks 1. Understand business specific risks 2. Plan for complete threat mitigation cycle 3. Anticipate to deal with consequences 4. Ask for ready-to-take mitigation options 5. Prepare for the worst-case recovery
  • 13. Understand Your Business Risks o Different threats, different priorities o OPM – personnel records o Health care – patient records o Financial – client records, transaction system o Design house – blueprint, schematics o Internet service provider – customer account info o Where others failed o Compliance as the ends instead of means
  • 14. Plan For Full Mitigation Cycle o Watch for attacks at all stages of kill chain o Monitor all access paths to your protected assets o Spectacular failures o RSA attack combined flash 0day+spear-phishing o Mr. Snowden went directly for exfiltration o OPM attack opted USIS & KeyPoint as stepping stones o Ashley Madison hack likely with insider involvement Exploit Download Install Exfiltrate
  • 15. Focus On Dealing With Consequences o “Consequence Focus” forces clarity on objectives o Stopping an BO exploit against the file server is neither sufficient nor necessary for stopping code theft on the server o Need multi-prone: protect, detect, respond, and recover o Murphy’s law also holds for “prevention” o Others’ failure, your gain o “Deploy and forget” IPS defense does not work o Think what you can protect, detect, respond, and recover!
  • 16. Your Plan, Your Choice o What’s missing from your tools? o Timely, relevant and specific detection o Prioritized ready-to-take actions o Ecosystem friendly tools o Some example failures o Firewalls will block IP/port/Apps, if you tell them “what exactly” o IPS/SWG will block a communication/URL, if you tell them so o AV will quarantine or even clean up an endpoint, if it were able to spot most of malware
  • 17. Prepare For The Worst o Don’t plan for “Armageddon” or “Singularity” o Plan for the worst you can handle o Privileged user gets infected by RAT malware o Unauthorized access to your source repository o Cryptolocker infection on file share server o Some well-known lessons o No worst consideration o No robust backup/restore practice for server or endpoints o No compartmentization or isolation control o No least-privilege practice
  • 19. Thank You! Previous MMW slides on http://cyphort.com/labs/ malwares-wanted/

Notes de l'éditeur

  1. There is a new defense paradigm, justifiably learned from traditional warfare: focusing on attack consequences Two main reasons behind this paradigm shift, … When you pay attention, other’s failure is your gain, …