SlideShare una empresa de Scribd logo

Rebooting the Enterprise Security Program for Defensibility - ISSA International 2013

Rafal Los
Rafal Los

These are the talk slides from ISSA International - discussing the need to reboot Enterprise Security to facilitate better defensibility, more intelligent security, and better operational capabilities.

TecnologíaEmpresariales
1 de 48
Inconceivable! Rebooting the Enterprise Security Program for Defensibility Rafal M. Los – Principal, Strategic Security Services ISSA International 2013 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com
. whoami Rafal Los Principal, Strategic Security Services HP Enterprise Security Services Advisory group delivering on strategy, operationalization, and tactical response. Detect, Respond, Resolve in a meaningful way. Rafal@HP.com +1 (404) 606-6056 2 Rafal Los, Principal, Strategic Security Services, with HP Enterprise Security Services, brings a pragmatic approach to enterprise security. Combining nearly 15 years of technical, consulting and management skills in Information Security, Rafal draws on his extensive experience to help organizations build intelligent, defensible and operationally efficient security programs. He is an advocate for focus on sound security fundamentals and for the principles of "right defenses, right place, right reason". He is also a contributor to open standards and organizations - volunteering his time to groups such as OWASP and the Cloud Security Alliance. His blog, Following the White Rabbit, is his unique perspective on the various aspects of enterprise security, emerging technologies, and current events and can be found at http://hp.com/go/white-rabbit. Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization's security and riskmanagement strategy internally and externally. Rafal prides himself on being able to add a 'tint of corporate realism' to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill. © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Security Risk Defensibility © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
To quote Enigo Montoya: “You keep using that word, I do not think it means what you think it means.” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Security of yesterday © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Security of today © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
your current security is the equivalent of the Maginot Line © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
© Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
your enemy will attack where you are weak © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
meanwhile … © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
security must enable the enterprise © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
security must maximize enterprise resources © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
security must adjust to adversaries © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
HOW?! © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
let’s start with adjusting goals © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
we know secure is a myth © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
© Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
so what is more realistic? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Detect the incident Respond to the threat Resolve the issue © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
disrupt the attack(ers) © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
The adversary attack ecosystem Research Infiltration Discovery Their ecosystem Our enterprise Capture Exfiltration 21 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Discovery Their ecosystem Our enterprise Capture Exfiltration 22 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Their ecosystem Our enterprise Capture Exfiltration 23 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Our enterprise Capture Exfiltration 24 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Protecting the Capture target asset Our enterprise Exfiltration 25 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Protecting the Capture target asset Our enterprise Planning Exfiltration damage mitigation 26 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
I know what you’re thinking! © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
“Oh, great, more products?” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
maybe? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Products (alone) don’t solve this Security products don’t get fully implemented Processes and operational capabilities need to be developed Resources primarily spent on prevent Need to detect, respond, resolve 30 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
How well do you do BASICS? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
assets in your environment © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
changes to your environment © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
situational awareness and context © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
let’s do “security intelligence” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
structured + unstructured data sets refined analyzed data raw data intelligence © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Your logs are raw data © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
data analysis means… © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
finding this: © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
in this: © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
NON-TRIVIAL ACTIVITY © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
so now what? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
now you make decisions © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
in ‘real time’ © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Developing a scoring methodology (one way) 1 Tiered Scoring process 2 3 Threat Index (1~5) 2 potential impact • Human-based analysis of the threat – Severity 1 – Severe – Severity 2 – Urgent – Severity 3 – Important – Severity 4 – Low – Severity 5 – Inconsequential 3 1 applicability 45 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
The SPR Framework Measure & Improve • Part 1 • Assessment of business ‘criticals’ • Define ‘what’, ‘why’, ‘from whom’ for defensibility Baseline Triage • Part 2 • Mitigate immediate deficiencies • Identify and triage active threats • Part 3 • Define strategic ‘how’ • Align to organizational goals, needs, resources Tactics • Part 4 • Define tactical feedback • Strengthen tactical response Strategy Developed by: Rafal Los 46 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Measurably improving enterprise security 12-month plan to get you there Improve ability to detect, respond, resolve Implement strategy and measure effectiveness Develop a goal-oriented strategy Understand your current operational state 47 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
Thank you © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com

Recomendados

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsHP Enterprise Italia
 
Moving beyond Vulnerability Testing
Moving beyond Vulnerability TestingMoving beyond Vulnerability Testing
Moving beyond Vulnerability TestingCapgemini
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 

Recomendados

5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsHP Enterprise Italia
 
Moving beyond Vulnerability Testing
Moving beyond Vulnerability TestingMoving beyond Vulnerability Testing
Moving beyond Vulnerability TestingCapgemini
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo PivotalOpenSourceHub
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013Ben Ten (0xA)
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk
 
The New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure WorldThe New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure WorldEric Kavanagh
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůMarketingArrowECS_CZ
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynoteMassTLC
 
Security asap
Security asapSecurity asap
Security asapmorisson
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...Tunde Ogunkoya
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsImperva
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Tunde Ogunkoya
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not EnoughOnapsis Inc.
 
SAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crimeSAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crimeOnapsis Inc.
 
Agile risk management
Agile risk managementAgile risk management
Agile risk managementAgileConsortiumINT
 

Más contenido relacionado

La actualidad más candente

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo PivotalOpenSourceHub
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013Ben Ten (0xA)
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk
 

La actualidad más candente (8)

CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Data Science Perspective and DS demo
Data Science Perspective and DS demo Data Science Perspective and DS demo
Data Science Perspective and DS demo
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
 
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
Splunk GDPR Security Roundtable: Zurich - 22 Nov 2017 PT2
 

Similar a Rebooting the Enterprise Security Program for Defensibility - ISSA International 2013

The New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure WorldThe New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure WorldEric Kavanagh
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůMarketingArrowECS_CZ
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynoteMassTLC
 
Security asap
Security asapSecurity asap
Security asapmorisson
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...Tunde Ogunkoya
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCBIZ, Inc.
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsImperva
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Tunde Ogunkoya
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsNowSecure
 
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not EnoughOnapsis Inc.
 
SAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crimeSAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crimeOnapsis Inc.
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziOscar Romano
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
 
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxviaForensics
 
Succeeding in the Age of Co-Creation
Succeeding in the Age of Co-CreationSucceeding in the Age of Co-Creation
Succeeding in the Age of Co-CreationFlorian Vollmer
 
Black swan decision making sikich 2014 rev 0
Black swan decision making sikich 2014 rev 0Black swan decision making sikich 2014 rev 0
Black swan decision making sikich 2014 rev 0Geary Sikich
 

Similar a Rebooting the Enterprise Security Program for Defensibility - ISSA International 2013 (20)

The New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure WorldThe New Normal: Dealing with the Reality of an Unsecure World
The New Normal: Dealing with the Reality of an Unsecure World
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
 
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit KeynotePaul Sonderegger, Oracle MassTLC Big Data Summit Keynote
Paul Sonderegger, Oracle MassTLC Big Data Summit Keynote
 
Security asap
Security asapSecurity asap
Security asap
 
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
DeltaGRiC_Consulting_SMAC_Digital Innovation Security Conference_Presentation...
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
 
Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015Delta g ric_consulting_presentation_erpscan_2015
Delta g ric_consulting_presentation_erpscan_2015
 
Cybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar AssociationsCybersecurity Fundamentals for Bar Associations
Cybersecurity Fundamentals for Bar Associations
 
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
A Holistic View on SAP Security Why Securing Production Systems Is Not Enough
 
SAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crimeSAP Forensics Detecting White Collar Cyber-crime
SAP Forensics Detecting White Collar Cyber-crime
 
Agile risk management
Agile risk managementAgile risk management
Agile risk management
 
Milton smith 2013
Milton smith 2013Milton smith 2013
Milton smith 2013
 
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos RienziReporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
Reporte de Seguridad Anual de Cisco 2014 - Por Carlos Rienzi
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
 
Via forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linuxVia forensics thotcon-2013-mobile-security-with-santoku-linux
Via forensics thotcon-2013-mobile-security-with-santoku-linux
 
Succeeding in the Age of Co-Creation
Succeeding in the Age of Co-CreationSucceeding in the Age of Co-Creation
Succeeding in the Age of Co-Creation
 
Black swan decision making sikich 2014 rev 0
Black swan decision making sikich 2014 rev 0Black swan decision making sikich 2014 rev 0
Black swan decision making sikich 2014 rev 0
 

Más de Rafal Los

The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security MetricsRafal Los
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Rafal Los
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterpriseRafal Los
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationRafal Los
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Rafal Los
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Rafal Los
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Rafal Los
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Rafal Los
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsRafal Los
 

Más de Rafal Los (20)

The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security Metrics
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3
 
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based DefectsStarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
StarWest 2009 - Detective Work For Testers: Finding Workflow Based Defects
 

Último

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Rebooting the Enterprise Security Program for Defensibility - ISSA International 2013

  • 1. Inconceivable! Rebooting the Enterprise Security Program for Defensibility Rafal M. Los – Principal, Strategic Security Services ISSA International 2013 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com
  • 2. . whoami Rafal Los Principal, Strategic Security Services HP Enterprise Security Services Advisory group delivering on strategy, operationalization, and tactical response. Detect, Respond, Resolve in a meaningful way. Rafal@HP.com +1 (404) 606-6056 2 Rafal Los, Principal, Strategic Security Services, with HP Enterprise Security Services, brings a pragmatic approach to enterprise security. Combining nearly 15 years of technical, consulting and management skills in Information Security, Rafal draws on his extensive experience to help organizations build intelligent, defensible and operationally efficient security programs. He is an advocate for focus on sound security fundamentals and for the principles of "right defenses, right place, right reason". He is also a contributor to open standards and organizations - volunteering his time to groups such as OWASP and the Cloud Security Alliance. His blog, Following the White Rabbit, is his unique perspective on the various aspects of enterprise security, emerging technologies, and current events and can be found at http://hp.com/go/white-rabbit. Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization's security and riskmanagement strategy internally and externally. Rafal prides himself on being able to add a 'tint of corporate realism' to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill. © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 3. Security Risk Defensibility © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 4. To quote Enigo Montoya: “You keep using that word, I do not think it means what you think it means.” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 5. Security of yesterday © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 6. Security of today © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 7. your current security is the equivalent of the Maginot Line © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 8. © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 9. your enemy will attack where you are weak © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 10. meanwhile … © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 11. security must enable the enterprise © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 12. security must maximize enterprise resources © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 13. security must adjust to adversaries © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 14. HOW?! © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 15. let’s start with adjusting goals © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 16. we know secure is a myth © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 17. © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 18. so what is more realistic? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 19. Detect the incident Respond to the threat Resolve the issue © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 20. disrupt the attack(ers) © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 21. The adversary attack ecosystem Research Infiltration Discovery Their ecosystem Our enterprise Capture Exfiltration 21 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 22. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Discovery Their ecosystem Our enterprise Capture Exfiltration 22 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 23. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Their ecosystem Our enterprise Capture Exfiltration 23 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 24. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Our enterprise Capture Exfiltration 24 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 25. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Protecting the Capture target asset Our enterprise Exfiltration 25 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 26. Disrupting the adversary Educating users Research Counter-intelligence Infiltration Blocking access Discovery Identifying attacks Their ecosystem Protecting the Capture target asset Our enterprise Planning Exfiltration damage mitigation 26 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 27. I know what you’re thinking! © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 28. “Oh, great, more products?” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 29. maybe? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 30. Products (alone) don’t solve this Security products don’t get fully implemented Processes and operational capabilities need to be developed Resources primarily spent on prevent Need to detect, respond, resolve 30 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 31. How well do you do BASICS? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 32. assets in your environment © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 33. changes to your environment © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 34. situational awareness and context © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 35. let’s do “security intelligence” © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 36. structured + unstructured data sets refined analyzed data raw data intelligence © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 37. Your logs are raw data © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 38. data analysis means… © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 39. finding this: © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 40. in this: © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 41. NON-TRIVIAL ACTIVITY © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 42. so now what? © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 43. now you make decisions © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 44. in ‘real time’ © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 45. Developing a scoring methodology (one way) 1 Tiered Scoring process 2 3 Threat Index (1~5) 2 potential impact • Human-based analysis of the threat – Severity 1 – Severe – Severity 2 – Urgent – Severity 3 – Important – Severity 4 – Low – Severity 5 – Inconsequential 3 1 applicability 45 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 46. The SPR Framework Measure & Improve • Part 1 • Assessment of business ‘criticals’ • Define ‘what’, ‘why’, ‘from whom’ for defensibility Baseline Triage • Part 2 • Mitigate immediate deficiencies • Identify and triage active threats • Part 3 • Define strategic ‘how’ • Align to organizational goals, needs, resources Tactics • Part 4 • Define tactical feedback • Strengthen tactical response Strategy Developed by: Rafal Los 46 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 47. Measurably improving enterprise security 12-month plan to get you there Improve ability to detect, respond, resolve Implement strategy and measure effectiveness Develop a goal-oriented strategy Understand your current operational state 47 © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com ISSA International Conference 2013
  • 48. Thank you © Copyright 2013 Rafal Los – Rafal@IsHackingYou.com

Notas del editor

  1. A debit card processing company was breached in India.  To breach into these companies, it is likely that profiles were developed on key employees… There are experts who build profilesI want to attack company X. I find out who the top execs are. I might go on LinkedIn. I look at their Facebook posts. I know his friends. Places he’s been. Restaurants he checks into. Find out what he likes to do. It makes the victim easy to attack because the profiler know things about him or her that not many people should know.If you are an expert profiler, you can build these profiles and sell them on the black market, i.e, the internet to the highest bidder. I have 10 profiles from company X. Who wants them? Hackers buy these profiles because it is more efficient than doing the profiling themselves. It will take way less time to buy them than build them myself. These hackers then breached the company.  They might have used a phishing attack and installed malware to break into the network and use the employee’s credentials. They may build their own toolkits. Or go online and rent bot.net networks for $18/day. Or buy a Zeus kit for $7K or so. They only had to be right once.  It could be likely that after these companies were breached that these hackers raised their hand and sold these breach points to the highest bidder. I have 50 access points. Who wants to buy that? After the breach, we don’t know how long the adversary was there.  It could have been months… years?  Then the person who’s really good at using those access points, figuring out where your sensitive data is, being able to map your environment, figure out your configurations. They create this map… They raise their hand. Sell it on the Internet and sell it to the next person.Eventually they criminals were able to access some critical databases and change the account profile including withdrawal limits and account codes. This information was taken out of the company and provided to their colleagues or sold to a third party.  And from there the cards were made and the teams hit the streets to withdraw cash from the ATMs.  This information is monetized and feeds this entire ecosystem. Are there vertically integrated bad guys? Yes. Nation states, large criminal organizations. But is someone is more efficient and more effective at doing one of those stages, why wouldn’t you just buy it? When talking about cyber security, we focus too much on the specific actors, whether state-sponsored, a “hacktivist” or a cyber criminal. We need to focus on the full marketplace in which these actors participate. The market organizes these actors around the market processes for breach, enabling disparate parties to collaborate. As actors specialize in this marketplace – in order to make more money – innovation is extraordinary. This criminal ecosystem is much more efficient at creating, sharing and acting on the security intelligence than the ecosystem that exists to defend our customers. The standardization of Security policies has done a great deal to raise the bar for our industry. But it will continue to fail to make us secure because it lacks the focus on the adversary. No framework discussed in committee will be able to evolve as fast as a marketplace. We need to build our response in a way that disrupts the adversary at every step of their process.
  2. For us, we need to define a new defense in depth. New defense in depth. Build our capabilities at each stage of their value chain. Obviously we do some of these things.We teach people how to be less vulnerable. How do you go on the internet without clicking on the links that will download the latest virus to your laptop. You are only as secure as the behavior of your employees. We need to do more work here.We spend money building capabilities trying how to keep the adversary out of the organization. We may stop 10,000 attacks, but they only have to be right 1 time. And, they are extremely good at evading us.
  3. For us, we need to define a new defense in depth. New defense in depth. Build our capabilities at each stage of their value chain. Obviously we do some of these things.We teach people how to be less vulnerable. How do you go on the internet without clicking on the links that will download the latest virus to your laptop. You are only as secure as the behavior of your employees. We need to do more work here.We spend money building capabilities trying how to keep the adversary out of the organization. We may stop 10,000 attacks, but they only have to be right 1 time. And, they are extremely good at evading us.
  4. We need to look at solutions that help us determine that something is afoot. In building out the capabilities for disrupting the discovery and capture stages, Big data and the ability to process large data sets in real time and at scale is powerful. We need to look at the data that you have in your organization to find something that is unusual. If a verified employee, i.e., the individual who’s profile was hacked, starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off. Now, what these criminals are looking for is your critical data. IP, customer information, etc.  What are you doing to protect your critical data? Is it encrypted? You should know when it is being moved. Accessed inappropriately or being sent outside the organization in an email, a post on a Facebook account or stored on cloud storage. The increase in the types of information that can be correlated from all over the enterprise and from data outside the enterprise is phenomenal. Organizations are monitoring the cyber black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders. Finally, the adversary will beat us at some point. What capabilities do we have for responding after they have won.
  5. We need to look at solutions that help us determine that something is afoot. In building out the capabilities for disrupting the discovery and capture stages, Big data and the ability to process large data sets in real time and at scale is powerful. We need to look at the data that you have in your organization to find something that is unusual. If a verified employee, i.e., the individual who’s profile was hacked, starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off. Now, what these criminals are looking for is your critical data. IP, customer information, etc.  What are you doing to protect your critical data? Is it encrypted? You should know when it is being moved. Accessed inappropriately or being sent outside the organization in an email, a post on a Facebook account or stored on cloud storage. The increase in the types of information that can be correlated from all over the enterprise and from data outside the enterprise is phenomenal. Organizations are monitoring the cyber black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders. Finally, the adversary will beat us at some point. What capabilities do we have for responding after they have won.
  6. We need to look at solutions that help us determine that something is afoot. In building out the capabilities for disrupting the discovery and capture stages, Big data and the ability to process large data sets in real time and at scale is powerful. We need to look at the data that you have in your organization to find something that is unusual. If a verified employee, i.e., the individual who’s profile was hacked, starts doing something uncharacteristic like accessing file shares they haven’t before or changing database records, you should know about it. If data flows don’t match predicted processes, alerts should be set off. Now, what these criminals are looking for is your critical data. IP, customer information, etc.  What are you doing to protect your critical data? Is it encrypted? You should know when it is being moved. Accessed inappropriately or being sent outside the organization in an email, a post on a Facebook account or stored on cloud storage. The increase in the types of information that can be correlated from all over the enterprise and from data outside the enterprise is phenomenal. Organizations are monitoring the cyber black markets for your enterprise’s sensitive data and including data from the cloud infrastructures in your security operations environment. We are working with companies to combine employee sentiment with abnormal access behavior to find malicious insiders. Finally, the adversary will beat us at some point. What capabilities do we have for responding after they have won.
  7. How the SPR framework looks at your organization, to analyze and devise a forward-moving plan for measureable improvement.