Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

CyberCamp 2015: Low Hanging Fruit

39 365 vues

Publié le

La labor de gestionar la seguridad de una empresa suele ser como bailar sobre el alambre. Hay que permitir que el negocio siga funcionando, estar a la última, proteger lo ya implantado e innovar en cosas nuevas. Eso sí, de forma más eficiente cada año y con menos presupuesto. Todo ello, con el objetivo de no que no pase nada. La conclusión de esto es que al final siempre queda Long Hanging Fruit para que cualquiera se aproveche.

Publié dans : Technologie
  • Soyez le premier à commenter

CyberCamp 2015: Low Hanging Fruit

  1. 1. Low-Hanging Fruit Chema Alonso (@chemaalonso)
  2. 2. Low-Hanging Fruit means easy-to-find bugs
  3. 3. Google Project Zero
  4. 4. Clear
  5. 5. Yet another App!!
  6. 6. Security Boundaries
  7. 7. Bypassing Security
  8. 8. “Buzz-Words”-Tech Post-Quantum Cryptography Anti-APT Machine Learning Cyber-resilience
  9. 9. How to be Rich in 10 Steps 1. Run a Company 2. Point out the limits of security tech 3. Call previous tech useless 4. Do some tech to solve one single problem 5. Create a Buzz-Word 6. Viral it 7. Influence to Create a Magic Quadrant 8. Go IPO 9. Sell the tech to some big corporates 10. Sell the Company
  10. 10. DLP (Data Loss Prevention)
  11. 11. DLP (Data Loss Prevention)
  12. 12. OWASP Top Ten 10
  13. 13. Department of Homeland Security
  14. 14. Be Secure or Feel Secure
  15. 15. Pretending to be Secure
  16. 16. Complexity of Security • Manage – People – Tech – Process • To get – Integrity – Confidentiality – Availability • Reaching – Acceptable Risk – Resilience – Compliance
  17. 17. Doing What/When/Where? How? • Hardening Systems – Defense in depth – Minimum Attack Surface – Minimum Privilege • Hardening People – Influence – Awareness – Persistence Pentesting • Hardening process – Providers – Software development
  18. 18. Do the Basics • Security 101 – Patch known-bugs – Change Default Passwords – Harden Default Configurations – Don´t code with easy bugs – Tech security to your people – Pentesting – Apply Secure Cryptography – ACLs – Design a secure Network – …
  19. 19. Do the Basics • Security 102 – Continuous monitoring – Adaptive Authentication / 2FA – Persistent Pentesting – Code Reviews – Harden your network – Data Loss Prevention – .... • Security 103 – Predictive Data Leaks – Privileged Accounts Control – Digital Surveillance – ... • Security 201 – CSIRT – Anti-APTs – Machine Learnig – ... • Security 202 – Hidden Links – Malware investigation – Shadow IT – ....
  20. 20. NetWork Hidden Links
  21. 21. Malware Investigation
  22. 22. Persistent Pentesting
  23. 23. Maturity Prevent Detect Managed incidents response Respond
  24. 24. Do the Basics • Balance between Physical & Digital Security • Do the Basics • Do the Basics (Clear?) • Do more than the basics • Buy super-fashion Tech
  25. 25. Questions? • Chema Alonso • @chemaalonso • http://www.elladodelmal.com

×