Defensive strategies

Post on 30-May-2015

219 views 1 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

How to build a defense in depth and promotion for www.defense-in-depth.com Free advise for all

transcript

12023-04-12

Defensive strategies 

How to build a defense-in-depth

Claus Cramon Houmann

Banque Öhman

2Öhman

Banque Öhman 2023-04-12

Key take aways:

• Never ever rely on a single solution• Defense in depth. In Depth...• Both threat prevention and threat detection are important• If the bad guys want to get in bad enough, they will – be able

to reduce the ”dwell time” they have inside your systems• The ”CLICKER” is the colleague who clicks on that ”interesting

link or attachment” in a suspicious e-mail...

3Öhman

Banque Öhman 2023-04-12

1 Single 0-day or unpatched system is all ”they” need

4Öhman

Banque Öhman 2023-04-12

Breach methods

– Hacking (Fx SQL injection against DB servers)– Malware (fx phishing)– Social engineering – Physical

5Öhman

Banque Öhman 2023-04-12

Source: Verizon’s 2012 Data Breach investigations report

6Öhman

Banque Öhman 2023-04-12

Defense-in-depth. Isnt is simple and beatiful?

7Öhman

Banque Öhman

8Öhman

Banque Öhman 2023-04-12

Where to start a defense-in-depth?• First establish where you are as an IT-security organization

today, then find out where you want to be• Get the right people. • As your organizations “Infosec level”

matures – you may be able to pass or almost pass a pentest. Most low hanging fruits have been “picked” already

• This makes it very hard for “them” to get in via hacking methods

• -> they will try malware next

9Öhman

Banque Öhman 2023-04-12Advanced targettedMalware leveraging 0-days or recentlypatched vulnerabilities =CIO/CISO nightmare

• The CLICKER becomes your biggest external threat!

10Öhman

Banque Öhman 2023-04-12

Mitigating the “CLICKER”

• There are now innovative next-generation tools available for advanced threat prevention and/or detection = AMP’s– Microvirtualization– Advanced code handling/analysis/reverse-engineering tools– Network level Sandboxing or detection based on behavioural

analysis/packet inspection– System and registry level lockdown of process/user-rights– Cloud based Big Data analytical/defense tools– Whitelisting tech– Others – this “market segment” is booming right now

11Öhman

Banque Öhman 2023-04-12

Risk assessments match?

• The approach to pick the lowest hanging apples first should be identical to the approach your IT risk management would recommend

• Mitigating the easy-value-for-money threats first

12Öhman

Banque Öhman 2023-04-12

Why is the AMP market booming?

• The AV industry in the traditional sense has declared their tools insufficient and the war on malware lost

• Hacking is increasing supported by big budgets – think nation-state-sponsored APT’s

• 0-days abound in the Wild – being purchased by “hackers” – unofficial hackers or nation-state sponsored hackers alike

• The black market cyber-industry is a huge! economy

13Öhman

Banque Öhman 2023-04-12

The future of defense strategies

• Whatever the name (Defense-in-depth, layered defense, defensible security posture) – almost everyone in IT/Infosec agree that you need to think in

security at all levels• Defenders are always behind attackers

– Defenders need to share knowledge, experience and methodologies better and faster

• Develop capabilities to stop attackers at several points in the cyber kill chain

14Öhman

Banque Öhman 2023-04-12

Conclusion

• To build a defense-in-depth you want to:– Have capabilities within Threat Prevention, Detection, Alerting,

Incident Response, some kind of IOC / Threat sharing community. AMP’s + more.

• To be able to this way both block+detect known and unknown attacks/payloads, and when penetrated, regain control and limit losses

15Öhman

Banque Öhman 2023-04-12

Can I help? Can you help?

• There are people trying to help us: on twitter #wearethecavalry for example

• In the UK: Strategic security advisors alliance• My plan:

– Turn www.defense-in-depth.com into the WIKIPEDIA of IT-security/Infosec

http://www.defense-in-depth.com/

16Öhman

Banque Öhman 2023-04-12

About me

• Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids• CISSP, ITIL Certified Expert, Prince2 practitioner• You can contact me anytime:

– Skype: Claushj0707– Twitter: @claushoumann or @improveitlux

• Sources used:– Verizon: Data Breach investigations report 2012– @gollmann from IOactive Blog posts– http://nigesecurityguy.wordpress.com/2013/10/02/advanced-threat-d

efense-part-1/ and other blog posts

– @RobertMLee

http://nigesecurityguy.wordpress.com/2013/10/02/advanced-threat-defense-part-1/
http://nigesecurityguy.wordpress.com/2013/10/02/advanced-threat-defense-part-1/
http://nigesecurityguy.wordpress.com/2013/10/02/advanced-threat-defense-part-1/

17Öhman

Banque Öhman 2023-04-12

Questions?

18Öhman

Banque Öhman 2023-04-12

More questions?

Top related

DEFENSIVE MARKETING STRATEGIES. - MIT · 2007. 4. 5. · Title: DEFENSIVE MARKETING STRATEGIES. Created Date: 5/25/2001 2:03:39 PM
Documents
Chapter 5 DEFENSIVE DRIVING Chapter 5 DEFENSIVE DRIVING.
Documents
Business Strategies and Patent drafting: Offensive ...€¦ · Business Strategies and Patent drafting: Offensive & Defensive Patenting & Design- ... Patent Strategy ... selling or
Documents
Assessing offensive/defensive strategies in a football ... · offensive/defensive strategy aiming to maximize the goals scored and minimize the goals against. Once the match is over,
Documents
Business Strategy and Policy Lecture-25 1. Recap DEFENSIVE STRATEGIES Retrenchment Divestiture Liquidation Defensive Strategies 2.
Documents
Defensive Driver Program...Defensive driving utilizes safe driving strategies to enable motorists to address identified hazards in a . predictable manner. These strategies help employees,
Documents
Defensive strategies of Cladobranchia (Gastropoda ...
Documents
Defensive and evasive ip strategies
Small Business & Entrepreneurship
MGT703: STRATEGIC MANAGEMENT...2008/11/18  · •Defensive strategies •Strategies for using the internet •Appropriate functional-area strategies •First-mover advantages and
Documents
Koc defensive strategies
Entertainment & Humor
Defensive Strategies Buspoli
Documents
Fraud Trends: and Defensive Strategies Security Mitigation ...€¦ · Spear Phishing, Ransomware and Defensive Strategies Cyber Security Risk and Mitigation Strategies • Randy
Documents
DEFENSIVE OPERATIONS DEFENSIVE OPERATIONS TC9B83.
Documents
MBA Part-II (Semester-IV)smspup.ac.in/images/58201515424th sem.doc · Web viewTypes of Strategies- Integration, Intensive, Diversification and Defensive Strategies. Porter’s Generic
Documents
Defensive Driving Presentation Defensive Driving Presentation (Construction Vehicle Hazards)
Documents
Chapter Thirteen Defensive Strategies. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall13-2 Defensive Strategies Defensive strategic.
Documents
FOIA: Offensive and Defensive Strategies...Defensive Strategies February 2014 Rick Oehler Don Carney Perkins Coie LLP | PerkinsCoie.com Offensive and Defensive FOIA “Offensive”
Documents
Capture the Flag & Related Topics. 2 Strategies? Offensive strategies, defensive strategies, others? Q: Where is a good place for blue to lie in wait?
Documents
3 Defensive Strategies & 3 Offensive Strategies in Downturn€¦ · – The U.S. recession of 1980—1981 had a great influence on the Midwest – The recession of 1990—1991 hurt
Documents
FIRA Simurosot: A CBR approach for defensive strategiesee11b127/files/MBR/Team19-projectreport.pdf · FIRA Simurosot: A CBR approach for defensive strategies Surajkumar Harikumar
Documents

Copyright © 2018 DOCUMENTS