Are Cybersecurity threats increasing? Learn about protecting your business with a security program and understanding ransomware threats. Join us as Google's Biodun Awojobi and Wade Walters join us to discuss "Security Programs and Ransomware in the Cloud." We expect to have additional Cybersecurity events in future to cover security posture, Zero Trust, Google's Cybersecurity products & more!
#cybersecurity #ransomware #google #gdg #gdgcloudsouthlake
6. NIST Cybersecurity Framework: 5 Functions
Activities to take action
regarding a detected
cybersecurity incident.
Identify
Develop an organizational
understanding for managing
risk to systems, people,
assets, data, & capabilities.
Protect
Outline appropriate
safeguards to ensure delivery
of critical infrastructure
service.
Detect
Define the appropriate
activities to identify the
occurrence of an event &
enable timely discovery.
Respond Recover
Identify appropriate activities to
maintain plans for resilience & restore
any capabilities or services that were
impaired due to an incident.
7. NIST Cybersecurity Framework: 5 Functions
Activities to take action
regarding a detected
cybersecurity incident.
Identify
Develop an organizational
understanding for managing
risk to systems, people,
assets, data, & capabilities.
Protect
Outline appropriate
safeguards to ensure delivery
of critical infrastructure
service.
Detect
Define the appropriate
activities to identify the
occurrence of an event &
enable timely discovery.
Respond Recover
I
Identify appropriate activities to
maintain plans for resilience & restore
any capabilities or services that were
impaired due to an incident.
8. Defense in depth at scale
Service
deployment
Operational &
device security
Hardware
infrastructure
Storage
services
Identity
Internet
communication
10. NIST Cybersecurity Framework: 5 Functions
Activities to take action
regarding a detected
cybersecurity incident.
Identify
Develop an organizational
understanding for managing
risk to systems, people,
assets, data, & capabilities.
Protect
Outline appropriate
safeguards to ensure delivery
of critical infrastructure
service.
Detect
Define the appropriate
activities to identify the
occurrence of an event &
enable timely discovery.
Respond Recover
I
Identify appropriate activities to
maintain plans for resilience & restore
any capabilities or services that were
impaired due to an incident.
12. Application security
Identity & access management Endpoint security
Supported by an ecosystem of partners
Data security
Network security
Infrastructure security
Security monitoring
operations
Governance, risk &
compliance
and more...
13. NIST Cybersecurity Framework: 5 Functions
Identify
Develop an organizational
understanding for managing
risk to systems, people,
assets, data, & capabilities.
Protect
Outline appropriate
safeguards to ensure delivery
of critical infrastructure
service.
Detect
Define the appropriate
activities to identify the
occurrence of an event &
enable timely discovery.
Respond Recover
Identify appropriate activities to
maintain plans for resilience & restore
any capabilities or services that were
impaired due to an incident.
Data
Protection
Identity
Supply Chain
Protection
Zero Trust
Critical Asset Discovery
and Protection
Risk Manager and Risk
Protection
Logging, Configuration and
Monitoring
Detection and Investigation
Response
Rapid Recovery
Risk Manager and Risk
Protection
Products and Capabilities
Activities to take action
regarding a detected
cybersecurity incident.
Google
Cloud
Solutions
● Risk Assessment & Critical Asset
Discovery
● Asset Diagnostics on GCP
● Risk Management Modernization
● Secure Supply Chain
● Secure Collaboration
● Resilient by Design
● Autonomic Security Operations ● Autonomic Security Operations
● Ransomware Recovery Solution
● Risk Management
Modernization
15. Phishing
80%
of attacks start with a phishing
email.
Targeted threats are extremely
difficult to detect.
Attacker tactics remain consistent
Email-borne threats
94%
of malware was installed via
malicious emails and
attachments.
Attackers rapidly change tactics
to defeat email security
measures.
Ransomware
21%
of Americans have
have experienced a
ransomware attack .
46% say their company paid
the ransom.
16. Recent events
● REvil ransomware used against 1,500 Kaseya
customers
● Bombardier, Inc., data leaked by CLOP ransomware
(Feb ‘21)
● W&T Offshore hit by Nefilim that stole over 800 GB
of personnel
and financial data (May ‘20)
● Ragnar Locker ransomware used against
Portuguese energy company Energias de Portugal
and asked for 1,580 in BTC (Apr ‘20)
● WannaCry used against West Bengal State
Electricity Distribution Company (India), Iberdrola
(Spain), Petrobras (Brazil), Gas Natural (Spain), and
PetroChina (China).
20. Recent bad actor’s TTPs
On Network
Mimikatz, GSecDump, PSExec,
with POSH C2
Phishing Email
Account deletion theme
Launches Powershell
Achieves persistence
Word doc
Macro with a .NET loader
decrypting the payload
Attachment
Zipped format
21. Common theme
Distribution of Malware
AV-TEST Security Report 2019/2020
● The vast majority of malware and attacker tools run
on Windows
● Share of malware targeted to Windows is now
trending towards 83%
● Microsoft Exchange Server
○ 100 NVD listed vulns in the last 10 years,
11 critical vulns in the last 4 years
○ By comparison, Gmail had 10 vulns published with
none appearing in the NVD.
22. NIST Cybersecurity Framework: 5 Functions
Activities to take action
regarding a detected
cybersecurity incident.
Identify
Develop an organizational
understanding for managing
risk to systems, people,
assets, data, & capabilities.
Protect
Outline appropriate
safeguards to ensure delivery
of critical infrastructure
service.
Detect
Define the appropriate
activities to identify the
occurrence of an event &
enable timely discovery.
Respond Recover
I
Identify appropriate activities to
maintain plans for resilience & restore
any capabilities or services that were
impaired due to an incident.
24. Trust Nothing
Build in security controls and verification everywhere
with a Zero Trust approach
Detect Everything
Build on planet scale security analytics
and insights
Protect Everyone
Make everyone safer online with actionable
ML and threat intelligence
Three key themes
25. World-largest threat
observatory
• Massive amounts of data, instantaneous searching
• Any kind of threat observable (files, URLs, domains, IPs)
• Multi-angular characterization (AVs, whitelists, sandboxes, etc.)
• Diverse, global, crowdsourced, real-time
• Unparalleled history, going back to 2004
28. How do you spot threats fast?
Protect more when you see more
Network
Defends 1B+
Gmail accounts &
Chrome users
Scans 694,000
web pages every
minute for
malicious intent
Encrypts all
data at rest and
in transit
Checks 400+
million Android
devices for
health every day
Stop 10M spam
emails a minute
29. Email flow
External Website
Send
Delivery
Reject
AV
Sync
Warning banners
Restricted actions
Message open
Reclassification
Deep Scanning
Attachment download
Link click
Antivirus check
Preview
Suspicious prompt
Out of domain warning
Safe browsing check
Reply
Static Ana.
Sanitize
S/MIME Ver.
Prevent Downloads
AV
DLP
Whitelisting
2SV
APP
Password Entry
30. Google Safe Browsing built-in
Smart sandboxing
and site isolation
Enterprise-grade password
protection
Chrome browser
Proactive Enterprise Security
33. Proprietary + Confidential
‘Zero-trust’ model utilizing cryptographically secured identities
Right identity accessing the right machine authorized by the right code accessing
the right data at the right time and context
Binary
authorization
Data
protection
Machine
identity
IAM
User identity
Device identity
Machine identity
Service identity
Code identity
35. Password Alert
automatically detects and notifies
users if a corporate password is
being used on a personal account
Password Checkup
automatically checks to see if any of a
user’s saved passwords have been
compromised in an online data breach
and prompts the user to change their
password
Show UI
Enterprise-grade
Password Protection
36. Proprietary + Confidential
Protect against Account Takeovers
Enhanced account protection
Phishing-resistant 2nd factor of authentication
that verifies user’s identity and sign-in URL
Open ecosystem
Works with popular browsers and a growing
ecosystem of services that support FIDO
37. 2FA It’s a spectrum of assurance
SMS / Voice Backup codes Authenticator
(TOTP)
Mobile Push FIDO security keys
Assurance
Different types of two-factor authentication (2FA) exist, all providing various levels of
assurance and convenience
Phishing-resistant
38. Common
vulnerabilities
Open Attachment
Retrieve
Encryption Keys
Encrypt files
Scan the network
Ransom demand
Encryption keys
exfiltration
Phishing Email
Malicious App
Open URL
Initial Attack Command &
Control
Extract &
Exfiltrate
Identify & Recon Exploitation &
Installation
Discover & Spread
Ransomware Kill chain Addressed
Supply Chain Attacks
40. NIST Cybersecurity Framework: 5 Functions
Activities to take action
regarding a detected
cybersecurity incident.
Identify
Develop an organizational
understanding for managing
risk to systems, people,
assets, data, & capabilities.
Protect
Outline appropriate
safeguards to ensure delivery
of critical infrastructure
service.
Detect
Define the appropriate
activities to identify the
occurrence of an event &
enable timely discovery.
Respond Recover
I
Identify appropriate activities to
maintain plans for resilience & restore
any capabilities or services that were
impaired due to an incident.
41. Proprietary + Confidential
Apply intel
Intelligent data fusion
Modern threat detection
Continuous IoC Matching
Self-managed
Hunt at Google speed
Disruptive economics
42. NIST Cybersecurity Framework: 5 Functions
Activities to take action
regarding a detected
cybersecurity incident.
Identify
Develop an organizational
understanding for managing
risk to systems, people,
assets, data, & capabilities.
Protect
Outline appropriate
safeguards to ensure delivery
of critical infrastructure
service.
Detect
Define the appropriate
activities to identify the
occurrence of an event &
enable timely discovery.
Respond Recover
I
Identify appropriate activities to
maintain plans for resilience & restore
any capabilities or services that were
impaired due to an incident.
43. Proprietary + Confidential
Backup & recover
Actifio
Disk
ON-PREMISES
VMware, SAP, Oracle,
etc.
Local Cache.
Instant Recovery
2
Low RPO.
Incremental forever data capture
1
Replicate to Cloud.
Incremental Forever
3
Benefits
• Built-in integrations for application-consistent data capture
• Eliminate local backup footprint & burden
• Take advantage of cost-effective Google Cloud Storage
GCP
NL/CL
4 Days to Decades.
Google Nearline/Coldline.
44. NIST Cybersecurity Framework: 5 Functions
Identify
Develop an organizational
understanding for managing
risk to systems, people,
assets, data, & capabilities.
Protect
Outline appropriate
safeguards to ensure delivery
of critical infrastructure
service.
Detect
Define the appropriate
activities to identify the
occurrence of an event &
enable timely discovery.
Respond Recover
Identify appropriate activities to
maintain plans for resilience & restore
any capabilities or services that were
impaired due to an incident.
Data
Protection
Identity
Supply Chain
Protection
Zero Trust
Critical Asset Discovery
and Protection
Risk Manager and Risk
Protection
Logging, Configuration and
Monitoring
Detection and Investigation
Response
Rapid Recovery
Risk Manager and Risk
Protection
Products and Capabilities
Activities to take action
regarding a detected
cybersecurity incident.
Google
Cloud
Solutions
● Risk Assessment & Critical Asset
Discovery
● Asset Diagnostics on GCP
● Risk Management Modernization
● Secure Supply Chain
● Secure Collaboration
● Resilient by Design
● Autonomic Security Operations ● Autonomic Security Operations
● Ransomware Recovery Solution
● Risk Management
Modernization
45. Proprietary + Confidential
Recommendations and next steps
● Establish a Ransomware Protection strategy
● Conduct a Cyber Resilience assessment to evaluate risk of ransomware
● Execute a quick diagnostic service to analyze telemetry data for indicators of compromise (IOCs)
● Evaluate off-network segregated backup capabilities for critical workloads
● Conduct periodic user awareness campaigns