....because now more than ever our data is exposed and vulnerable and needs to be secured. Today we create and consume more data than ever before. Data is constantly moving from one location to another being accessed from anywhere at anytime. Join Network Solutions, Rook Security and Aptera Software, Inc. for this recorded presentation to gain valuable insight into the most current advances in defending your invaluable data WHEREVER it is and the positive business outcomes associated! - Trends in network traffic anomaly detection and thwarting hackers - The value of monitoring your company's information outside your network - Real-time 24x7 monitoring - Securing Authentication

1. NSI / Rook Security Lunch & Learn: Proactive Security
October 27-29, 2015

2. // What We’ll Discuss
■ Intro
■ Disclaimers and Promises
■ Proactive Security
■ Group Participation
■ Supply Chain
■ Hacker Communications and Dark Web
■ Wrap Up / Q&A

3. // Who I am...
Mike Patterson is the Vice President, Strategy at Rook Security, an IT Security firm providing
security strategy, crisis management, and next generation security operations services. Prior
to Rook, Mike spent 2+ years as a strategy consultant at Monitor Group, a top-tier
management consulting firm, where he advised on a number of projects ranging from market
entry strategy for HIV medications for a large pharmaceutical company to market selection
support for a large chemical company. After Monitor, Mike spent over six years inside the
sales organization of Turner Broadcasting in a variety of capacities and was one of the few
individuals to have represented all Turner brands by the time he left in 2013 to join Rook.
In addition to being responsible for many of Rook’s special projects, Mike’s area of expertise
lays in the cross-section of financial planning, internal strategy, sales operations and pricing.
Mike has an undergraduate degree in Finance and Marketing from the Tippie School of
Business from The University of Iowa and was a Hawkinson Scholar. He lives in Chicago with
his wife and enjoys running, reading and competing in various strategy games, especially
poker, chess and backgammon.

4. // I work for Rook Security

5. // Disclaimers and Promises
■ Disclaimers:
This advice is free - it does not come with guarantees. Use at your discretion...
I am a company officer, not a full-time security operations professional. I have my technical limits.
If I can’t answer something, follow up with me and I will find someone at Rook who can.
I focus on presentation content...not transitions and fancy clip art / visuals...
■ Promises
I will not sell you anything
I will not pitch you anything
I will tell you how it is and what we see

6. // Proactive Security
■ In a nutshell, this is everything you can do to improve your security and mitigate your chances of an incident
originating from beyond your immediate network.
Don’t look this up in Webster’s...it’s not an official definition.
■ Many traditional technologies sit at the perimeter or monitor for intrusion, but they have their limits
■ There are many other ways to take security into your own hands, but time is precious...
■ So...let’s look at two use cases today:
Supply chain
Hacker communications and dark web

7. // Group Participation
■ Where outside of your organization does your sensitive data reside? PII, IP, financials, customer data,
credentials...

8. // Group Participation
■ Let’s see what the survey says…
■ Here’s a starting list:
Law firms
Accounting firms
Banks
Marketing services firms
Cloud-based providers
Outsourced printing partners
Contract manufacturers
Payroll services
Credit bureaus
Data mining organizations
Et al

9. // Group Participation
■ Here’s where counsel and risk officers smack their heads…
■ At which of those locations have you done the following?
Asked about their security capabilities?
Made them document details of their security program, provide 3P audits / assessments of their
organization (SSAE16, NIST, ISO, etc.)
Actually done a review / assessment of what they claim to be doing?
Reviewed their capabilities and progress annually?
Followed an onboarding process for these partners that involved IT?
■ Do your existing technologies monitor these locations? How about your people and processes?

10. // Supply Chain Risk
■ Supply chain risk has been behind some damaging breaches:
Target (HVAC contractor)
BHP Billiton and Potash Corp. hostile takeover (7 law firms targeted)
T-Mobile (Experian)
■ 80% of breaches allegedly start in the supply chain
■ How to get started addressing this?

11. // Supply Chain Risk - How to Mitigate
■ Insert the IT organization into the onboarding process for new vendors, especially those getting key data
■ New vendors should document their security capabilities before doing business with the company
■ Consider investing in assessments of key partners
Risk-based approach:
Cloud-based application hosting financial data for a public company
Law firm reviewing your new office lease
■ Look for clients who perform regular audits against standards such as SSAE16, ISO, NIST, but evidence of
any security plan can be effective.
■ Trust but verify.
■ Build security reviews and breach notification protocol into your MSA’s
■ Regularly review and push your partners for answers on how they will secure your data...they should be
prepared for and used to this. If they aren’t, I would suggest that you tread lightly.

12. // Side Note on Supply Chain Risk - When the Shoe is on the Other Foot
■ If you can audit your downstream partners, your upstream partners can certainly audit you!
■ Consider:
Building a playbook to common questions and communicating these to your partners
Investing in your security program and using it as a point of competitive advantage and differentiating
point

13. // Hacker Communications and Dark Web
■ First, a Dark Web “Definition”: Area of the internet not commonly viewable by search engines. Hidden sites and hidden by
design.
Requires special browser to navigate
Lots of shady and illegal activity
As Gollum would say in LOTR: “Very nasty place. Full of...enemies.”
■ Information on targets is frequently exchanged and traded, whether by contract or via publically available pastes of data that
can be used for new attacks
Think of Ashley Madison attack - List of customers first shared across dark web, then publically searchable on the
common internet.
However, the public only sees a small number of breached databases posted to the dark web. Many companies never
know they are breached and have their information floating across the dark web.
■ However, many successful breaches can have the breadcrumbs traced back to the dark web: initial venting and organizing of
crowd-sourced attacks, attack recon, pastes of exfiltrated data, etc.
■ Knowing hackers are targeting you or have compromised you can greatly aid your response time

14. // What to Do
Start an open source intelligence program:
■ Easy
○ Start google alerts on your assets, domains, etc
■ Examples: Acme + Sweatshop, ceoemail@acme.com, Acme + Tangodown
○ Utilize Twitter monitoring tools like Tweetdeck
■ Examples: Acme DoS, Acme TangoDown, etc
■ Anonymous may conduct much of their operations in the dark, but they are active in broadcasting their
targets and victims. Follow their activity along with other hacker groups.
■ Intermediate
○ Leverage Open Source tools for paste-site monitoring
■ DumpMon (Github), Pastemon (Github), etc.
■ Advanced
○ Write custom monitoring tools
■ Allows for monitoring sites beyond most open source solutions
○ Build and maintain dossiers on attackers known to have an interest in your company, whether by intent or by
past attacks waged against you
■ Operations, associates, IP addresses, malware, etc.

15. // Thank You and Q/A