Is there a magic security bullet anymore? Can we ever feel safe because we have a UTM or Layer 7 Firewalls? Can one security product vendor get it all done for you? What is the right combination of products and processes that can achieve the highest possible security posture for your organization?
These are questions that CIO’s and IT Executives have been asking themselves as of late with the rise of advanced persistent threats (APTs). Unlike traditional Malware and Viruses, new Crimeware and APTs completely hijack your equipment and operate in stealth so that they are more capable of going undetected.
This topic has become an issue of National Security; the biggest businesses in the US are struggling, even with their dedicated security teams.
So, what is a medium business of 100-5000 users to do?
Don’t wait for your installed products to find Malware and Crimeware! Traditional tools are woeful and inadequate.
Over the next 3 months, the CIO Executive Series will review 13 new approaches to Malware/Crimeware defense in order to better prepare you for the upcoming battle you’re sure to fight.
We will help you change the rules of the game by becoming proactive in rooting out malware!
Make it hard for these malicious APTs to operate in stealth.
GO HUNTING!
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
5 of 13 Ways To Prevent Advanced Persistent Threads (APTs)
1. The Next Cyber Security Threat is Here - Are
You Prepared?
APTs– AdvancedPersistentThreats
Part1 –
Learn5 or 13 Waysto PreventAPTs
Moderator:BillMurphyandJamesCrifasi
Live Tweet from the event!
@TheRedZoneCIO
2. Schedule of Events
8:30am to 9:00am – Sign In & Breakfast
9:00am to 11:30am – Education Sessions)
11:30am to 12:30pm – lunch
(sponsored by ThunderDG & Thycotic Software)
Live Tweet from the event!
@TheRedZoneCIO
3. RedZone’s Chief Lieutenant Series
Sister of The CIO Executive Series which is a TOP IT Executive
Network specializing in bringing CIO’s together to
collaborate, network, and stay current on industry trends.
Just under 300 senior C-Suite IT executive members
Founded in 2000 | 13 years of experience bringing CIO’s together
Host a number of events – both virtual and physical – each year
Host a “Special Event” annually | Past events have included:
A Golf Outing, Dinner & Receptions
Live Tweet from the event!
@TheRedZoneCIO
4. President and Founder
• RedZone Technologies
• ThunderDG
• MA DR Solutions
• Beyond Limits Magazine
Keep In Touch With Bill:
@TheRedZoneCIO
CIO Executive Series Group
billm@redzonetech.net
About Bill Murphy
Live Tweet from the event!
@TheRedZoneCIO
5. About James Crifasi
Live Tweet from the event!
@TheRedZoneCIO
• CTO of RedZone Technologies
• Co-founder ThunderDG
• Co-founder MA DR
• University of Maryland Graduate | B.A. Criminology &
Criminal Justice | B.S. Computer Science – Algorithmic
Theory & AI | M.S. Interdisciplinary Management
• Keep In Touch With James: jcrifasi@redzonetech.net
6. Sponsors
RedZone Technologies
Assessment: IT Architecture and Design
Integration: Security| Disaster Recovery| Infrastructure
Managed Service Programs
Cloud Brokerage
(410) 897-9494
www.redzonetech.net
ThunderDG
Employee Policy Management, Education, and Awareness
www.thunderdg.com
Thycotic Software
Password Management
www.thycotic.com
Live Tweet from the event!
@TheRedZoneCIO
7. Agenda – 5 of 13 Methods to Prevent APTs –
Advanced Persistent Threats
1. MDM, BYOD & Mobility
2. Password - Roles Based Access Control to apps, servers & network devices
3. Configuration and Change Control
4. Prevent and Silence Outbound Hijackers
5. DCS policies - Security Education, Training, Awareness
Live Tweet from the event!
@TheRedZoneCIO
8. Agenda – 5 of 13 Methods to Prevent APTs –
Advanced Persistent Threats
1. VMWare Horizon Suite – View 5 | VDI
2. Thycotic Software – Password Security
3. C3 – Security Change Control for switches and routers
4. Bluecoat - Prevent and Silence Outbound Hijackers
5. ThunderDG – Policy and Education
.
Live Tweet from the event!
@TheRedZoneCIO
10. Reality Shift in IT
Live Tweet from the event!
@TheRedZoneCIO
• System communication is fundamentally changing – many
transactions occur over the web
• Network defenses are covering a shrinking portion of the attack
surface
• Cloud is changing our notion of a perimeter
• Worker mobility is redefining the IT landscape
• Security Model good people vs. bad people to enabling partial trust
• There are more “levels” of access: Extranets, partner
access, customer access
11. Reality Shift for Attackers
Live Tweet from the event!
@TheRedZoneCIO
• Cyber criminals are becoming organized and profit-driven
• An entire underground economy exists to support
cybercrime
• Attackers are shifting their methods to exploit both
• technical and human weaknesses
• Attackers after much more than traditional monetizable
data (PII, etc.)
• Hacktivism
• State-sponsored attacks
• IP attacks/breaches
12. What is an APT
Advanced Persistent Threat
Live Tweet from the event!
@TheRedZoneCIO
APTs are silent. They leave clues and trails but are essentially
designed not to be found.
• Spear Phishing
• Phishing
• Rootkits
• Traditional Hacker Tool Variants
• Worms
• Etc.
13. Economics of Phishing
Live Tweet from the event!
@TheRedZoneCIO
Hundreds of millions $!
Source: Bill Duane Talk on Authentication
14. Go Hunting!
Live Tweet from the event!
@TheRedZoneCIO
Change the rules of the game by becoming proactive in rooting out
malware..
15. Make It Hard….
Live Tweet from the event!
@TheRedZoneCIO
for these malicious Advanced Persistent Threats (APTs) to operate in
stealth.
16. Make It Hard….
Live Tweet from the event!
@TheRedZoneCIO
“Most costly breaches come from
simple
failures, not from attacker
ingenuity”
- RSA 2013 Conf Chair Hugh Thompson
17. Where Do You Start?
Live Tweet from the event!
@TheRedZoneCIO
23. #1
Live Tweet from the event!
@TheRedZoneCIO
BYOD | MDM | Mobile Security
VMWare Horizon Suite
24. Live Tweet from the event!
@TheRedZoneCIO
Point Solutions vs. Integrated
25. VMWare Horizon Suite
Live Tweet from the event!
@TheRedZoneCIO
• Centralized data!
• Control and enforce data policy centrally
• Embrace all devices
• Stop doing MDM & get into data application management
• User centric philosophy
• Address application, data, VDI within one solution set
27. Horizon View & Mirage
Live Tweet from the event!
@TheRedZoneCIO
28. Key Features of Horizon Suite
Live Tweet from the event!
@TheRedZoneCIO
1. Single end-user workspace
• Easy, secure access to all apps/data from any
mobile device
2. Centralized IT Management
3. File Sharing Capabilities
• Offline & online
• Document versioning, commenting & auditing
capabilities
29. VMWare and APT Defense
Live Tweet from the event!
@TheRedZoneCIO
1. Can you deliver a secure desktop in minutes?
• Efficiency with security is important to keep costs low.
2. IT being able to get the user back to a last known Golden Image is
critical!
30. Key Features of Horizon Suite
Live Tweet from the event!
@TheRedZoneCIO
• Enterprise-Level Security
• Data encryption on mobile devices
• Endpoint registration & remote wipe
capabilities
• Integration with Horizon View
• Easy access to Virtual Desktops & apps via
Horizon View
• Access View from any HTML5 browser via
remote protocol
31. Lessons Learned From Our
Experience With Horizon Suite
Live Tweet from the event!
@TheRedZoneCIO
1. Beta lockdown and engineering review
2. Make changes once to all departmental profiles
3. One of the key values of VDI is the ability to
restore a workstation back to a Golden
image, which is free of Malware/Crimeware.
32. #2
Live Tweet from the event!
@TheRedZoneCIO
Passwords & RBAC
Thycotic Software
Secret Server
33. Passwords | RBAC
Live Tweet from the event!
@TheRedZoneCIO
GAME OVER IF THE DOMAIN CONTROLLER IS
COMPROMISED!
34. Secret Server & RBAC
Live Tweet from the event!
@TheRedZoneCIO
In the wrong hands, privileged accounts
represent the biggest threat to enterprises
because these accounts can breach personal
data, complete unauthorized transactions, cause
denial-of-service attacks, and hide activity by
deleting audit data.
- Information Security Magazine, 2009
35. Live Tweet from the event!
@TheRedZoneCIO
Source:
www.unitedmedia.com/comics/dilbert
36. Privileged Accounts
Live Tweet from the event!
@TheRedZoneCIO
• UNIX / Linux Root
Accounts
• Windows Local
Admin Accounts
• AD
• Database
• Server
• Router
• Firewall
• Service Accounts are difficult to manage because they
don’t belong to a specific person
• Access & Passwords are shared by a team of administrators
• No accountability
Privileged Account Challenges
37. Privileged Accounts – Why Worry?
Live Tweet from the event!
@TheRedZoneCIO
• Powerful accounts that run your network
• The passwords are not being changed
• Extremely difficult to know where they are being
used
• Needed for emergency situations
• Vulnerable to multiple types of attacks
38. What is Secret Server?
Live Tweet from the event!
@TheRedZoneCIO
• Web-based password repository
• Distribute, organize & automatically
update privileged accounts from a
central location
• Complete reporting & auditing capabilities to
show who has access & when passwords are being
used
42. What’s In It For Me?
Live Tweet from the event!
@TheRedZoneCIO
• Accountability
• Access Management
• Risk Management
• Security
• Compliance
• Reduced Labor costs
43. #3
Live Tweet from the event!
@TheRedZoneCIO
Security – Configuration and Change
Control
C3
44. C3 – Configuration and Change
Control
Live Tweet from the event!
@TheRedZoneCIO
• Systems are down – What happened?
• Are you dependent on the guy with the most
certifications to bail you out?
45. C3 – Configuration and Change
Control
Live Tweet from the event!
@TheRedZoneCIO
• Audit Changes?
• Who made the change?
• What changed?
46. C3 | Configuration Change Control
Live Tweet from the event!
@TheRedZoneCIO
47. C3 | Configuration Change Control
Live Tweet from the event!
@TheRedZoneCIO
48. C3 Features
Live Tweet from the event!
@TheRedZoneCIO
• Sends emails to specified individuals when changes are made to the
network configuration and highlights what those changes were
• Allows you to quickly visually identify system changes
• Consolidates all changes into a single change alert
• Allows for companies/organizations to hire less experienced (and less
expensive) talent so that they can be less dependent on certified (more
expensive) individuals
• System is managed by RedZone
49. Benefits of RZ Managing C3
Live Tweet from the event!
@TheRedZoneCIO
RedZone audits all C3 systems monthly, in which we...
• Review the change logs & talk to the client to make sure that their IT
professionals are receiving the change reports
• Ensure a valid backup for each system C3 is monitoring is taking place *
• Check that all of the clients’ existing devices are recognized and checked by
C3and that they haven’t add any new devices to, or removed any old devices
from, the network
Because, let’s face it, machines and automation are great, but if systems are not
being maintained by actual people, they can become inefficient or – even worse
– a handicap.
*Note: None of your data ever leaves your network; RedZone will never back up
your system to our network
50. #4
Live Tweet from the event!
@TheRedZoneCIO
Outbound Hijackers
Blue Coat
51. Outbound Hijackers
Live Tweet from the event!
@TheRedZoneCIO
• Prevent and silence outbound hijackers
• There are over 300 known hacker tools that are designed not to be
found
• Find the trails they leave behind
• Silence Outbound Hijackers Management
• There are specific sites to which an employee can go
• There is a tight acceptable use of internet
• Outbound Protocol Management & Control
• Lockdown of outbound UDP, for example
• Bluecoat Application Identification
54. #5
Live Tweet from the event!
@TheRedZoneCIO
DCS Policy | Security Policies and
End User Education and Awareness
ThunderDG
55. Live Tweet from the event!
@TheRedZoneCIO
Do You Have A DCS Policy?
56. Live Tweet from the event!
@TheRedZoneCIO
“In the absence of security education or
experience, people (employees, users,
customers, …) naturally make poor
security
decisions with technology”
- Hugh Thompson, RSA Conf 2013
57. DCS Policies
Live Tweet from the event!
@TheRedZoneCIO
• Implement and enforce DCS Policies to prevent “drive by” malware
infections
• What alarms go off when someone clicks something?
• Policy, as well as complimentary training, is a major element in
helping people be more secure because it ensures people fully
understand the policy and why it is in place
58. ThunderDG & DCS Policy
Management
Live Tweet from the event!
@TheRedZoneCIO
Complete solution for employee policy management w/ 3 key features
1. Electronic delivery, storage & tracking of employee policies
2. Electronic signing of employee policies
3. Integration with employee training portal to ensure full
understanding of policies
62. Features & Benefits of ThunderDG
Live Tweet from the event!
@TheRedZoneCIO
ThunderDG allows you to…
• Send internal policies & contracts to thousands of signers instantly
• Send documents for both approval & signature in 1 easy step
• Create custom forms & workflows to help comply with company
standards
• Create a document library for standard forms & contracts
• Access complete document history & audit
So you can…
• Increase ROI
• Save time and money via the paperless, automated process
• Gain insight into your entire policy signing process
• Improve performance & enforce best practices
64. Upcoming Events
Live Tweet from the event!
@TheRedZoneCIO
Virtual Roundtable Collaboration - Wednesday, April 24th from 9am to
10am
Mobile Device Management Policies
Let us know if you’re interested in attending and we’ll be sure to
email you the link to register.
65. Upcoming Events
Live Tweet from the event!
@TheRedZoneCIO
Physical Event – Open To All Members
APT Crimeware & Malware | Part 2
You just attended Part 1 (we will provide a recap of the event on the
website shortly and will email you when that is available).
In Part 2, we will be reviewing:
• Application Whitelisting
• Data Loss Prevention (DLP)
• End User Policy Education, Training & Awareness
• Aggressive Patching for Servers, Workstations & 3rd Party Apps
Wednesday, May 15th from 8:30am to 12:30pm
Eggspectations in Columbia
We will email you with registration information as soon as it’s available.
66. Upcoming Events
Live Tweet from the event!
@TheRedZoneCIO
Physical Event – Open To All Members
APT Crimeware & Malware | Part 3
This will be the third and final installment of the APT Crimeware & Malware
Event Series and will focus on:
• Dropbox & Cloud Storage Mitigation
• Multi-Factor Authentication
• File Permission Security Audit
• Deep Defense APT
• How to Go Hunting!
Wednesday, June 12th from 8:30am to 12:30pm
Eggspectations in Columbia
We will email you with registration information as soon as it’s available.
67. Continue The Discussion
Follow the CIO Executive Series Group on LinkedIn!
Follow @TheRedZoneCIO on Twitter!
Live Tweet from the event!
@TheRedZoneCIO
68. Contacts
Kristine Wilson
Managing Coordinator | CIO Executive Series
Marketing Manager | RedZone Technologies
(410) 897-9494
kwilson@redzonetech.net
Live Tweet from the event!
@TheRedZoneCIO