SlideShare une entreprise Scribd logo

GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and Ransomware in the Cloud

J
James Anderson

Are Cybersecurity threats increasing? Learn about protecting your business with a security program and understanding ransomware threats. Join us as Google's Biodun Awojobi and Wade Walters join us to discuss "Security Programs and Ransomware in the Cloud." We expect to have additional Cybersecurity events in future to cover security posture, Zero Trust, Google's Cybersecurity products & more! #cybersecurity #ransomware #google #gdg #gdgcloudsouthlake

Technologie
1  sur  46
Télécharger pour lire hors ligne
Proprietary + Confidential A Cybersecurity Framework: Protecting Against Ransomware Biodun Awojobi Manager, Customer Engineering August 2021 Wade Walters Customer Engineer, Security August 2021
Modern Security Approaches
Proprietary + Confidential Data breaches 1 Misconfiguration of technologies 2 Insufficient identity/access/credential management 3 Account hijacking 4 Insider threat 5 Weak control plane 6 Limited cloud usage visibility 7 Nefarious use of cloud services 8 … Lack of cloud security architecture and strategy, weak control plane, metastructure failures. Common Threats
MITRE ATT&CK FRAMEWORK
ATT&CK for Enterprise 5 EXPLOIT DELIVER WEAPONIZE RECON CONTROL EXECUTE MAINTAIN Source: The MITRE Corporation
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Defense in depth at scale Service deployment Operational & device security Hardware infrastructure Storage services Identity Internet communication
Traditional Hybrid Environments On-Prem Cloud(s) Firewalls IDS/IPS Endpoint XDR/NDR SIEM SIEM Load Balancers ACLs Containers Identity Identity SOAR SOAR Physical Vulnerability Scanning Vulnerability Scanning APIs Encryption Compliance Encryption Compliance Authentication Authentication UEBA UEBA VPN Isolation/Segmentation BC/DR BC/DR MFA/2FA MFA/2FA
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Application security Scanning and testing | API security Identity & access management Managing user lifecycle | Managing application access | Assuring identities Endpoint security Patch & vuln mgmt | Preventing compromise (A/V, EDR) | Device mgmt (config, policy, etc.) Security program activities Data security Finding sensitive data | Enforcing controls | Preventing exfil / loss Network security Defining / enforcing perimeter | Segmentation | Managing remote access | DoS defense Infrastructure security Hardening, config mgmt | Patch & vuln mgmt | Policy enforcement Security monitoring operations Threat prevention Threat detection Incident response Governance, risk & compliance Understanding risk Defining and enforcing policy Achieving certifications Demonstrating compliance
Application security Identity & access management Endpoint security Supported by an ecosystem of partners Data security Network security Infrastructure security Security monitoring operations Governance, risk & compliance and more...
NIST Cybersecurity Framework: 5 Functions Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident. Data Protection Identity Supply Chain Protection Zero Trust Critical Asset Discovery and Protection Risk Manager and Risk Protection Logging, Configuration and Monitoring Detection and Investigation Response Rapid Recovery Risk Manager and Risk Protection Products and Capabilities Activities to take action regarding a detected cybersecurity incident. Google Cloud Solutions ● Risk Assessment & Critical Asset Discovery ● Asset Diagnostics on GCP ● Risk Management Modernization ● Secure Supply Chain ● Secure Collaboration ● Resilient by Design ● Autonomic Security Operations ● Autonomic Security Operations ● Ransomware Recovery Solution ● Risk Management Modernization
What are we all facing?
Phishing 80% of attacks start with a phishing email. Targeted threats are extremely difficult to detect. Attacker tactics remain consistent Email-borne threats 94% of malware was installed via malicious emails and attachments. Attackers rapidly change tactics to defeat email security measures. Ransomware 21% of Americans have have experienced a ransomware attack . 46% say their company paid the ransom.
Recent events ● REvil ransomware used against 1,500 Kaseya customers ● Bombardier, Inc., data leaked by CLOP ransomware (Feb ‘21) ● W&T Offshore hit by Nefilim that stole over 800 GB of personnel and financial data (May ‘20) ● Ragnar Locker ransomware used against Portuguese energy company Energias de Portugal and asked for 1,580 in BTC (Apr ‘20) ● WannaCry used against West Bengal State Electricity Distribution Company (India), Iberdrola (Spain), Petrobras (Brazil), Gas Natural (Spain), and PetroChina (China).
How do these attacks work?
Common vulnerabilities Open Attachment Retrieve Encryption Keys Encrypt files Scan the network Ransom demand Encryption keys exfiltration Phishing Email Malicious App Open URL Initial Attack Command & Control Extract & Exfiltrate Identify & Recon Exploitation & Installation Discover & Spread Ransomware Kill chain Supply Chain Attacks
Why are these attacks still successful?
Recent bad actor’s TTPs On Network Mimikatz, GSecDump, PSExec, with POSH C2 Phishing Email Account deletion theme Launches Powershell Achieves persistence Word doc Macro with a .NET loader decrypting the payload Attachment Zipped format
Common theme Distribution of Malware AV-TEST Security Report 2019/2020 ● The vast majority of malware and attacker tools run on Windows ● Share of malware targeted to Windows is now trending towards 83% ● Microsoft Exchange Server ○ 100 NVD listed vulns in the last 10 years, 11 critical vulns in the last 4 years ○ By comparison, Gmail had 10 vulns published with none appearing in the NVD.
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Google Cloud’s approach
Trust Nothing Build in security controls and verification everywhere with a Zero Trust approach Detect Everything Build on planet scale security analytics and insights Protect Everyone Make everyone safer online with actionable ML and threat intelligence Three key themes
World-largest threat observatory • Massive amounts of data, instantaneous searching • Any kind of threat observable (files, URLs, domains, IPs) • Multi-angular characterization (AVs, whitelists, sandboxes, etc.) • Diverse, global, crowdsourced, real-time • Unparalleled history, going back to 2004
Most Common Vectors…. The threat is real... Phishing Malware Credential Theft
Phishing
How do you spot threats fast? Protect more when you see more Network Defends 1B+ Gmail accounts & Chrome users Scans 694,000 web pages every minute for malicious intent Encrypts all data at rest and in transit Checks 400+ million Android devices for health every day Stop 10M spam emails a minute
Email flow External Website Send Delivery Reject AV Sync Warning banners Restricted actions Message open Reclassification Deep Scanning Attachment download Link click Antivirus check Preview Suspicious prompt Out of domain warning Safe browsing check Reply Static Ana. Sanitize S/MIME Ver. Prevent Downloads AV DLP Whitelisting 2SV APP Password Entry
Google Safe Browsing built-in Smart sandboxing and site isolation Enterprise-grade password protection Chrome browser Proactive Enterprise Security
Malware
Antivirus Services Policy Context-based Protections AV Engines Security Sandbox Multiple services + technologies Different specializations to cover a wide range of malware Protections range from volume abuse to detecting unknown malware Simplified picture; leverage every bit of data to increase coverage
Proprietary + Confidential ‘Zero-trust’ model utilizing cryptographically secured identities Right identity accessing the right machine authorized by the right code accessing the right data at the right time and context Binary authorization Data protection Machine identity IAM User identity Device identity Machine identity Service identity Code identity
Credential Theft
Password Alert automatically detects and notifies users if a corporate password is being used on a personal account Password Checkup automatically checks to see if any of a user’s saved passwords have been compromised in an online data breach and prompts the user to change their password Show UI Enterprise-grade Password Protection
Proprietary + Confidential Protect against Account Takeovers Enhanced account protection Phishing-resistant 2nd factor of authentication that verifies user’s identity and sign-in URL Open ecosystem Works with popular browsers and a growing ecosystem of services that support FIDO
2FA It’s a spectrum of assurance SMS / Voice Backup codes Authenticator (TOTP) Mobile Push FIDO security keys Assurance Different types of two-factor authentication (2FA) exist, all providing various levels of assurance and convenience Phishing-resistant
Common vulnerabilities Open Attachment Retrieve Encryption Keys Encrypt files Scan the network Ransom demand Encryption keys exfiltration Phishing Email Malicious App Open URL Initial Attack Command & Control Extract & Exfiltrate Identify & Recon Exploitation & Installation Discover & Spread Ransomware Kill chain Addressed Supply Chain Attacks
Increasing your posture
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Proprietary + Confidential Apply intel Intelligent data fusion Modern threat detection Continuous IoC Matching Self-managed Hunt at Google speed Disruptive economics
NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
Proprietary + Confidential Backup & recover Actifio Disk ON-PREMISES VMware, SAP, Oracle, etc. Local Cache. Instant Recovery 2 Low RPO. Incremental forever data capture 1 Replicate to Cloud. Incremental Forever 3 Benefits • Built-in integrations for application-consistent data capture • Eliminate local backup footprint & burden • Take advantage of cost-effective Google Cloud Storage GCP NL/CL 4 Days to Decades. Google Nearline/Coldline.
NIST Cybersecurity Framework: 5 Functions Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident. Data Protection Identity Supply Chain Protection Zero Trust Critical Asset Discovery and Protection Risk Manager and Risk Protection Logging, Configuration and Monitoring Detection and Investigation Response Rapid Recovery Risk Manager and Risk Protection Products and Capabilities Activities to take action regarding a detected cybersecurity incident. Google Cloud Solutions ● Risk Assessment & Critical Asset Discovery ● Asset Diagnostics on GCP ● Risk Management Modernization ● Secure Supply Chain ● Secure Collaboration ● Resilient by Design ● Autonomic Security Operations ● Autonomic Security Operations ● Ransomware Recovery Solution ● Risk Management Modernization
Proprietary + Confidential Recommendations and next steps ● Establish a Ransomware Protection strategy ● Conduct a Cyber Resilience assessment to evaluate risk of ransomware ● Execute a quick diagnostic service to analyze telemetry data for indicators of compromise (IOCs) ● Evaluate off-network segregated backup capabilities for critical workloads ● Conduct periodic user awareness campaigns
Thank you.

Recommandé

Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 

Recommandé

Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.Ransomware Detection: Don’t Pay Up. Backup.
Ransomware Detection: Don’t Pay Up. Backup.marketingunitrends
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Webinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessWebinar: Backup vs. Ransomware - 5 Requirements for Backup Success
Webinar: Backup vs. Ransomware - 5 Requirements for Backup SuccessStorage Switzerland
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyVeriato
 
The Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryThe Cost of Doing Nothing: A Ransomware Backup Story
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
 
Ransomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityRansomware Resiliency, Recoverability and Availability
Ransomware Resiliency, Recoverability and AvailabilityLai Yoong Seng
 
How to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterHow to Recover from a Ransomware Disaster
How to Recover from a Ransomware DisasterSpanning Cloud Apps
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware EventArt Ocain
 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemClickSSL
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of RansomwareUnitrends
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryBright Technology
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsDavid Sweigert
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
CCA study group
CCA study groupCCA study group
CCA study groupIIBA UK Chapter
 

Contenu connexe

Tendances

Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?marketingunitrends
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatETech 7
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous MalwareHTS Hosting
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions ErnestStaats
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...OK2OK
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension Inc.
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowIBM Security
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverAlienVault
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemClickSSL
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of RansomwareUnitrends
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Radware
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníMarketingArrowECS_CZ
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryBright Technology
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsDavid Sweigert
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
 

Tendances (20)

Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
 
IT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest ThreatIT security in 2021: Why Ransomware Is Still The Biggest Threat
IT security in 2021: Why Ransomware Is Still The Biggest Threat
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomware
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
Ransomware: A Perilous Malware
Ransomware: A Perilous MalwareRansomware: A Perilous Malware
Ransomware: A Perilous Malware
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
 
Next Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA ComplianceNext Dimension and Veeam | Solutions for PIPEDA Compliance
Next Dimension and Veeam | Solutions for PIPEDA Compliance
 
WannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do NowWannaCry Ransomware Attack: What to Do Now
WannaCry Ransomware Attack: What to Do Now
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than EverNew USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
New USM v5.0 - Get Complete Security Visibility Faster & Easier Than Ever
 
What is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your SystemWhat is Ransomware? How You Can Protect Your System
What is Ransomware? How You Can Protect Your System
 
Take the Ransom Out of Ransomware
Take the Ransom Out of RansomwareTake the Ransom Out of Ransomware
Take the Ransom Out of Ransomware
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
 
Ransomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive SummaryRansomware - Information And Protection Guide - Executive Summary
Ransomware - Information And Protection Guide - Executive Summary
 
Cyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber CriminalsCyber Kill Chain vs. Cyber Criminals
Cyber Kill Chain vs. Cyber Criminals
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurAnticipate and Prevent Cyber Attack Scenarios, Before They Occur
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
 

Similaire à GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and Ransomware in the Cloud

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016Francisco González Jiménez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
QRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptxQRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptxDmitry718707
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Priyanka Aash
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding'Self-Employed'
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Cloudera, Inc.
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...Jürgen Ambrosi
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Responsexband
 

Similaire à GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and Ransomware in the Cloud (20)

Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Exploring the Defender's Advantage
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
QRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptxQRadar Security Intelligence Overview.pptx
QRadar Security Intelligence Overview.pptx
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Steven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer cloudingSteven Porter Seville | Ideas about Computer clouding
Steven Porter Seville | Ideas about Computer clouding
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
Delivering User Behavior Analytics at Apache Hadoop Scale : A new perspective...
 
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
2° Ciclo Microsoft Fondazione CRUI 7° Seminario: Proteggersi dai Cyber Attack...
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
 

Plus de James Anderson

GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...James Anderson
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...James Anderson
 
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesGDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesJames Anderson
 
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...James Anderson
 
GDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfGDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfJames Anderson
 
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfGraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfJames Anderson
 
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ... GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...James Anderson
 
A3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdfA3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdfJames Anderson
 
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...James Anderson
 
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsGDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsJames Anderson
 
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...James Anderson
 
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...James Anderson
 
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...James Anderson
 
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...James Anderson
 
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...James Anderson
 
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneGDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneJames Anderson
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...James Anderson
 
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...James Anderson
 
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...James Anderson
 

Plus de James Anderson (20)

GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
GDG Cloud Southlake 31: Santosh Chennuri and Festus Yeboah: Empowering Develo...
 
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
GDG Cloud Southlake 30 Brian Demers Breeding 10x Developers with Developer Pr...
 
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for KubernetesGDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
GDG Cloud Southlake 29 Jimmy Mesta OWASP Top 10 for Kubernetes
 
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
 
GDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfGDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdf
 
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdfGraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
GraphQL Insights Deck ( Sabre_GDG - Sept 2023).pdf
 
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ... GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
GDG Cloud Southlake #25: Jacek Ostrowski & David Browne: Sabre's Journey to ...
 
A3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdfA3 - AR Code Planetarium CST.pdf
A3 - AR Code Planetarium CST.pdf
 
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
GDG Cloud Southlake #24: Arty Starr: Enabling Powerful Software Insights by V...
 
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language ModelsGDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
GDG Cloud Southlake #23:Ralph Lloren: Social Engineering Large Language Models
 
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
GDG Cloud Southlake no. 22 Gutta and Nayer GCP Terraform Modules Scaling Your...
 
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
GDG Cloud Southlake #21:Alexander Snegovoy: Master Continuous Resiliency in C...
 
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
GDG Cloud Southlake #20:Stefano Doni: Kubernetes performance tuning dilemma: ...
 
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
GDG Cloud Southlake #19: Sullivan and Schuh: Design Thinking Primer: How to B...
 
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
GDG Cloud Southlake #18 Yujun Liang Crawl, Walk, Run My Journey into Google C...
 
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for EveryoneGDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
GDG Cloud Southlake #17: Meg Dickey-Kurdziolek: Explainable AI is for Everyone
 
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
GDG Cloud Southlake #16: Priyanka Vergadia: Scalable Data Analytics in Google...
 
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
GDG Cloud Southlake #15: Mihir Mistry: Cybersecurity and Data Privacy in an A...
 
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
GDG Cloud Southlake #14: Jonathan Schneider: OpenRewrite: Making your source ...
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Dernier (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and Ransomware in the Cloud

  • 1. Proprietary + Confidential A Cybersecurity Framework: Protecting Against Ransomware Biodun Awojobi Manager, Customer Engineering August 2021 Wade Walters Customer Engineer, Security August 2021
  • 3. Proprietary + Confidential Data breaches 1 Misconfiguration of technologies 2 Insufficient identity/access/credential management 3 Account hijacking 4 Insider threat 5 Weak control plane 6 Limited cloud usage visibility 7 Nefarious use of cloud services 8 … Lack of cloud security architecture and strategy, weak control plane, metastructure failures. Common Threats
  • 5. ATT&CK for Enterprise 5 EXPLOIT DELIVER WEAPONIZE RECON CONTROL EXECUTE MAINTAIN Source: The MITRE Corporation
  • 6. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 7. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 8. Defense in depth at scale Service deployment Operational & device security Hardware infrastructure Storage services Identity Internet communication
  • 9. Traditional Hybrid Environments On-Prem Cloud(s) Firewalls IDS/IPS Endpoint XDR/NDR SIEM SIEM Load Balancers ACLs Containers Identity Identity SOAR SOAR Physical Vulnerability Scanning Vulnerability Scanning APIs Encryption Compliance Encryption Compliance Authentication Authentication UEBA UEBA VPN Isolation/Segmentation BC/DR BC/DR MFA/2FA MFA/2FA
  • 10. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 11. Application security Scanning and testing | API security Identity & access management Managing user lifecycle | Managing application access | Assuring identities Endpoint security Patch & vuln mgmt | Preventing compromise (A/V, EDR) | Device mgmt (config, policy, etc.) Security program activities Data security Finding sensitive data | Enforcing controls | Preventing exfil / loss Network security Defining / enforcing perimeter | Segmentation | Managing remote access | DoS defense Infrastructure security Hardening, config mgmt | Patch & vuln mgmt | Policy enforcement Security monitoring operations Threat prevention Threat detection Incident response Governance, risk & compliance Understanding risk Defining and enforcing policy Achieving certifications Demonstrating compliance
  • 12. Application security Identity & access management Endpoint security Supported by an ecosystem of partners Data security Network security Infrastructure security Security monitoring operations Governance, risk & compliance and more...
  • 13. NIST Cybersecurity Framework: 5 Functions Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident. Data Protection Identity Supply Chain Protection Zero Trust Critical Asset Discovery and Protection Risk Manager and Risk Protection Logging, Configuration and Monitoring Detection and Investigation Response Rapid Recovery Risk Manager and Risk Protection Products and Capabilities Activities to take action regarding a detected cybersecurity incident. Google Cloud Solutions ● Risk Assessment & Critical Asset Discovery ● Asset Diagnostics on GCP ● Risk Management Modernization ● Secure Supply Chain ● Secure Collaboration ● Resilient by Design ● Autonomic Security Operations ● Autonomic Security Operations ● Ransomware Recovery Solution ● Risk Management Modernization
  • 14. What are we all facing?
  • 15. Phishing 80% of attacks start with a phishing email. Targeted threats are extremely difficult to detect. Attacker tactics remain consistent Email-borne threats 94% of malware was installed via malicious emails and attachments. Attackers rapidly change tactics to defeat email security measures. Ransomware 21% of Americans have have experienced a ransomware attack . 46% say their company paid the ransom.
  • 16. Recent events ● REvil ransomware used against 1,500 Kaseya customers ● Bombardier, Inc., data leaked by CLOP ransomware (Feb ‘21) ● W&T Offshore hit by Nefilim that stole over 800 GB of personnel and financial data (May ‘20) ● Ragnar Locker ransomware used against Portuguese energy company Energias de Portugal and asked for 1,580 in BTC (Apr ‘20) ● WannaCry used against West Bengal State Electricity Distribution Company (India), Iberdrola (Spain), Petrobras (Brazil), Gas Natural (Spain), and PetroChina (China).
  • 17. How do these attacks work?
  • 18. Common vulnerabilities Open Attachment Retrieve Encryption Keys Encrypt files Scan the network Ransom demand Encryption keys exfiltration Phishing Email Malicious App Open URL Initial Attack Command & Control Extract & Exfiltrate Identify & Recon Exploitation & Installation Discover & Spread Ransomware Kill chain Supply Chain Attacks
  • 19. Why are these attacks still successful?
  • 20. Recent bad actor’s TTPs On Network Mimikatz, GSecDump, PSExec, with POSH C2 Phishing Email Account deletion theme Launches Powershell Achieves persistence Word doc Macro with a .NET loader decrypting the payload Attachment Zipped format
  • 21. Common theme Distribution of Malware AV-TEST Security Report 2019/2020 ● The vast majority of malware and attacker tools run on Windows ● Share of malware targeted to Windows is now trending towards 83% ● Microsoft Exchange Server ○ 100 NVD listed vulns in the last 10 years, 11 critical vulns in the last 4 years ○ By comparison, Gmail had 10 vulns published with none appearing in the NVD.
  • 22. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 24. Trust Nothing Build in security controls and verification everywhere with a Zero Trust approach Detect Everything Build on planet scale security analytics and insights Protect Everyone Make everyone safer online with actionable ML and threat intelligence Three key themes
  • 25. World-largest threat observatory • Massive amounts of data, instantaneous searching • Any kind of threat observable (files, URLs, domains, IPs) • Multi-angular characterization (AVs, whitelists, sandboxes, etc.) • Diverse, global, crowdsourced, real-time • Unparalleled history, going back to 2004
  • 26. Most Common Vectors…. The threat is real... Phishing Malware Credential Theft
  • 28. How do you spot threats fast? Protect more when you see more Network Defends 1B+ Gmail accounts & Chrome users Scans 694,000 web pages every minute for malicious intent Encrypts all data at rest and in transit Checks 400+ million Android devices for health every day Stop 10M spam emails a minute
  • 29. Email flow External Website Send Delivery Reject AV Sync Warning banners Restricted actions Message open Reclassification Deep Scanning Attachment download Link click Antivirus check Preview Suspicious prompt Out of domain warning Safe browsing check Reply Static Ana. Sanitize S/MIME Ver. Prevent Downloads AV DLP Whitelisting 2SV APP Password Entry
  • 30. Google Safe Browsing built-in Smart sandboxing and site isolation Enterprise-grade password protection Chrome browser Proactive Enterprise Security
  • 32. Antivirus Services Policy Context-based Protections AV Engines Security Sandbox Multiple services + technologies Different specializations to cover a wide range of malware Protections range from volume abuse to detecting unknown malware Simplified picture; leverage every bit of data to increase coverage
  • 33. Proprietary + Confidential ‘Zero-trust’ model utilizing cryptographically secured identities Right identity accessing the right machine authorized by the right code accessing the right data at the right time and context Binary authorization Data protection Machine identity IAM User identity Device identity Machine identity Service identity Code identity
  • 35. Password Alert automatically detects and notifies users if a corporate password is being used on a personal account Password Checkup automatically checks to see if any of a user’s saved passwords have been compromised in an online data breach and prompts the user to change their password Show UI Enterprise-grade Password Protection
  • 36. Proprietary + Confidential Protect against Account Takeovers Enhanced account protection Phishing-resistant 2nd factor of authentication that verifies user’s identity and sign-in URL Open ecosystem Works with popular browsers and a growing ecosystem of services that support FIDO
  • 37. 2FA It’s a spectrum of assurance SMS / Voice Backup codes Authenticator (TOTP) Mobile Push FIDO security keys Assurance Different types of two-factor authentication (2FA) exist, all providing various levels of assurance and convenience Phishing-resistant
  • 38. Common vulnerabilities Open Attachment Retrieve Encryption Keys Encrypt files Scan the network Ransom demand Encryption keys exfiltration Phishing Email Malicious App Open URL Initial Attack Command & Control Extract & Exfiltrate Identify & Recon Exploitation & Installation Discover & Spread Ransomware Kill chain Addressed Supply Chain Attacks
  • 40. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 41. Proprietary + Confidential Apply intel Intelligent data fusion Modern threat detection Continuous IoC Matching Self-managed Hunt at Google speed Disruptive economics
  • 42. NIST Cybersecurity Framework: 5 Functions Activities to take action regarding a detected cybersecurity incident. Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover I Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident.
  • 43. Proprietary + Confidential Backup & recover Actifio Disk ON-PREMISES VMware, SAP, Oracle, etc. Local Cache. Instant Recovery 2 Low RPO. Incremental forever data capture 1 Replicate to Cloud. Incremental Forever 3 Benefits • Built-in integrations for application-consistent data capture • Eliminate local backup footprint & burden • Take advantage of cost-effective Google Cloud Storage GCP NL/CL 4 Days to Decades. Google Nearline/Coldline.
  • 44. NIST Cybersecurity Framework: 5 Functions Identify Develop an organizational understanding for managing risk to systems, people, assets, data, & capabilities. Protect Outline appropriate safeguards to ensure delivery of critical infrastructure service. Detect Define the appropriate activities to identify the occurrence of an event & enable timely discovery. Respond Recover Identify appropriate activities to maintain plans for resilience & restore any capabilities or services that were impaired due to an incident. Data Protection Identity Supply Chain Protection Zero Trust Critical Asset Discovery and Protection Risk Manager and Risk Protection Logging, Configuration and Monitoring Detection and Investigation Response Rapid Recovery Risk Manager and Risk Protection Products and Capabilities Activities to take action regarding a detected cybersecurity incident. Google Cloud Solutions ● Risk Assessment & Critical Asset Discovery ● Asset Diagnostics on GCP ● Risk Management Modernization ● Secure Supply Chain ● Secure Collaboration ● Resilient by Design ● Autonomic Security Operations ● Autonomic Security Operations ● Ransomware Recovery Solution ● Risk Management Modernization
  • 45. Proprietary + Confidential Recommendations and next steps ● Establish a Ransomware Protection strategy ● Conduct a Cyber Resilience assessment to evaluate risk of ransomware ● Execute a quick diagnostic service to analyze telemetry data for indicators of compromise (IOCs) ● Evaluate off-network segregated backup capabilities for critical workloads ● Conduct periodic user awareness campaigns