SlideShare una empresa de Scribd logo

Reading the Security Tea Leaves

Descargar como PPT, PDF
Ed Bellis
Ed Bellis

Lessons learned from processing over 50 million vulnerabilities daily against security breaches in the wild.

Tecnología
1 de 36
SECURITY TEA LEAVES NOVEMBER 2013 Ed Bellis Matt Johansen Founder & CEO of Risk I/O Threat Research Center Manager @ebellis @mattjay
SPEAKERS Ed Bellis CoFounder, CEO • Contributing Author, Beautiful Security • Manages 50M+ vulnerabilities daily • Background in Baseball • Former Orbitz CISO, 20+ years experience • I'm hiring… a lot… © 2013 Risk IO, Inc. Matt Johansen Threat Research Center Manager • BlackHat, DEFCON, RSA Speaker • Oversees assessment of 15,000+ websites • Background in Penetration Testing • Hacker turned Management • I'm hiring… a lot… © 2013 WhiteHat Security, Inc. 2
NICE TO MEET YOU ✓ Data-Driven Vulnerability Intelligence Platform ✓ DataWeek 2012 Top Security Innovator ✓ Chicago & San Francisco ✓ Processing 50M+ Vulnerabilities Daily © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 3
ABOUT WhiteHat Security, Inc. 3970 Freedom Cir #200, Santa Clara, CA 95054  Founded 2001  Head quartered in Santa Clara, CA  Employees: 260+  WhiteHat Sentinel: SaaS end-to-end website risk management platform (static and dynamic analysis)  Customers: 500+ (banking, retail, healthcare, etc.) Founded in 2001 by Jeremiah Grossman–a former Yahoo! information security officer–WhiteHat combines a revolutionary, cloud-based technology platform with a team of leading security experts to help customers in the toughest, most regulated industries, including e-commerce, financial services, information technology, healthcare and more. Dozens of companies in the Fortune 500 rely on WhiteHat to help them prevent website attacks that could cost them millions. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 4
REPORT WhiteHat Stats Report In a recent customer survey for our 2012 WhiteHat Stats report we were asked what the major reason to fix a vulnerability was. Answer: Compliance We also asked if a choice was made to NOT fix a vulnerability what the major reason was. Answer: Compliance. Something wrong with this picture. How do we better prioritize finding and fixing vulnerabilities in our web applications? © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 5
COUNTERTERRORISM Known Groups Past Incidents, Close Calls Threat Intel, Analysts Targets, Layouts © 2013 Risk IO, Inc. Surveillance © 2013 WhiteHat Security, Inc. 6
INFOSEC? © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 7
DATA Data pieces Industry Vuln Data Industry Attack Data WhiteHat Stats Report Imperva WAF traffic report. Verizon DBIR In House Vuln Data Find your vulns! © 2013 Risk IO, Inc. In House Attack Data What are the attackers using against YOU! © 2013 WhiteHat Security, Inc. 8
DEFEND LIKE YOU’VE DONE IT BEFORE Groups, Motivations Learning from Breache s Asset Topology, Actual Vulns on System © 2013 Risk IO, Inc. Vulnerability Definitions Exploits © 2013 WhiteHat Security, Inc. 9
WORK WITH WHAT YOU’VE GOT Akamai, Safenet NVD, MITRE ExploitDB, Metasploit © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 10
ARTICLES Blackhats Talking to Blackhats gives us great intelligence, even if it’s not always 100% reliable intel. For those of you who didn’t see the blog posts: • Blackhat part 1 • Blackhat part 2 • Blackhat part 3 © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 11
DATA Most Used Vulns? “What are the most used web based vulnerabilities?” Answer: • “Adam” admits that he doesn’t keep track • However, he believed that in his world XSS and SQL injection are the most used © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 12
VULNERABILITY OWASP 2013 RC “As you read the OWASP top 10 release candidate for 2013 does the order make sense in terms of how risky and/or common they are for companies to have in their sites if you are going to attack them?” Answer: • OWASP release candidate is unhelpful (to put it politely). • Concept of top 10 vulnerabilities are is “stupid, flawed and inaccurate.” • For it to be accurate he felt that you would have to update it daily, which is, of course practically impossible. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 13
VULNERABILITY Esoteric Vulns? “How do you feel about LDAP injection, XML injection and XPath injection?” Answer: • “gangs” tend not to share information • However he wasn’t aware of anyone who was using those. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 14
VULNERABILITY Useful Vulns? “What are the characteristics of a "good" web application vulnerability?” Answer: • Fast to exploit • Persistent • Full access (root) • Ability to deface/redirect • Ability to wipe IP logs © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 15
VULNERABILITY Preferred Vulns? “Do blackhats prefer command injection, SQL injection and brute force?” Answer: • It depended on the target and the value of the compromise • However, he indicated again that if it’s vulnerable that’s a problem, and it doesn’t really matter how it’s exploited. • The one exception to that is that he did concur with me is that “new” attacks tend not to be used much. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 16
VULNERABILITY Prioritization “How would would you prioritize fixes?” Answer: • “Adam” said the hardest vuln to exploit/find would be last to be fixed and the easiest to exploit/find first. • In his opinion SQL injection would probably be the first to get fixed. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 17
VULNERABILITY Additional Vulns “Any web-application issues that are extremely useful to attackers that aren't on the OWASP top 10?“ Answer: • Clickjacking • Denial of Service/DDoS © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 18
VULNERABILITY Best Practice? “if followed perfectly, is the OWASP top 10 is enough to stop credit card theft through web application vulnerabilities?” Answer: • The whole idea of testing for only 10 is “crazy”. • He felt that the banks are just as bad in many cases as the merchants. • Small online merchants should be banned outright from handling payment info © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 19
BLACKHATS Blackhats From these answers we know: • Blackhats don’t care about lists – the top 10 should only be used for prioritization, not as a matter of completeness or “best practice” • We were right to focus our energies on certain classes of attack first during human review, but also we know to start focusing on those vulns first during automated scans as well. • Most valuable vulns to attackers are the most valuable vulns to our customers, so why shouldn’t we prioritize ourselves similarly, while still maintaining the same coverage? © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 20
SHOW ME THE MONEY © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 21
CVSS AND REMEDIATION METRICS © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 22
CVSS AND REMEDIATION METRICS LESSONS FROM A CISO © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 23
THE KICKER - LIVE BREACH DATA © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 24
CVSS AND REMEDIATION - NOPE © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 25
CVSS - A VERY GENERAL GUIDE FOR REMEDIATION - YEP © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 26
THE ONE BILLION DOLLAR QUESTION Probability(You Will Be Breached On A Particular Open Vulnerability)? 1.98% © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 27
I LOVE IT WHEN YOU CALL ME BIG DATA © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 28
ENTER, THE SECURITY MENDOZA LINE Alex Hutton comes up with Security Mendoza Line Josh Corman expands the Security Mendoza Line “Compute power grows at the rate of doubling about every 2 years” Wouldn’t it be nice if we had something that helped us divide who we considered “Amateur” and who we considered “Professional”? “Casual attacker power grows at the rate of Metasploit” http://riskmanagementinsight.com/riskanalysis/? p=294 http://blog.cognitivedissidents.com/2011/11/01/introto-hdmoores-law/ © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 29
I LOVE IT WHEN YOU CALL ME BIG DATA © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 30
DATA How do we utilize this? Data! • We have another piece of the puzzle. What the bad guys are actually using. • Prioritization of testing and finding. • Prioritization of mitigating and fixing. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 31
PRIORITY Prioritize Testing & Finding Use all the Industry and in house data to figure out what to try to test for across your entire web footprint. SQLi being used heavily by attackers? FIND ALL OF THEM! Command Injection not being used as much? Find it but not until you find every single SQLi. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 32
FIXING Prioritize Mitigating & Fixing Nobody likes the pile of bug tickets that show up after a vulnerability assessment. Virtual Patch to buy time. IDS blaring alarms of XSS? Turn up the WAF rules for XSS. Will help block low hanging fruit scanners. Prioritize your bug tickets for Devs in swallowable chunks. What sounds better. “Ok team lets figure out how to parameterize our SQL queries and go through site by site and implement that.” OR “$Web_Scanner found 120 pages of vulns! Fix them now!!!110101” © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 32
I LOVE IT WHEN YOU CALL ME BIG DATA Spray and Pray => 2% CVSS 10 => 4% Metasploit + ExploitDB => 30% © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 33
CASE STUDY Case Study RoR case study timeline (hope to get the actual visual from our customer) Shows importance of staying on top of bugs that are being actively exploited and prioritizing the finding and fixing of them. 1/10/2013 1/8/2013 1/9/2013 IDS signatures updated to Rails team releases patches Security Team notifies detect/prevent exploitation and blog post describing Developer Team about the critical vulnerabilities in the new vulnerabilities Rails framework 1/8/2013 1/9/2013 1/10/2013 1/11/2013 1/8/2013 Security Team receives 1/10/2013 notification from Intelligence Metasploit releases a team about Rails vulnerability command injection exploit 1/9/2013 for CVE-2012-0156 Security Team receives notification from WhiteHat with findings of Rails vulnerability 1/9/2013 Highest priority site upgraded to fully remediate the vulnerability © 2013 Risk IO, Inc. 2 Hours between workaround and first identified exploit attempt! 1/12/2013 1/13/2013 Another exploit attempt seen against large application from Germany 1/13/2013 1/14/2013 1/11/2013 Security Team receives first exploit attempt notification from IDS. The exploit was attempted from a Russian Federation IP address. 1/11/2013 The rest of the vulnerable applications apply temporary workaround patch © 2013 WhiteHat Security, Inc. 34
THANK YOU Ed Bellis Matt Johansen Founder & CEO of Risk I/O Threat Research Center Manager @ebellis @mattjay

Recomendados

Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdStrike
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeCosmin Bratu
 
Dev talks 2021 Data Science @crowdstrike
Dev talks 2021 Data Science @crowdstrikeDev talks 2021 Data Science @crowdstrike
Dev talks 2021 Data Science @crowdstrikeRuxandra Burtica
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 

Recomendados

Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
CrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdCasts Monthly: Mitigating Pass the Hash
CrowdCasts Monthly: Mitigating Pass the HashCrowdStrike
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeCosmin Bratu
 
Dev talks 2021 Data Science @crowdstrike
Dev talks 2021 Data Science @crowdstrikeDev talks 2021 Data Science @crowdstrike
Dev talks 2021 Data Science @crowdstrikeRuxandra Burtica
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Understanding Information Security Assessment Types
Understanding Information Security Assessment TypesUnderstanding Information Security Assessment Types
Understanding Information Security Assessment TypesHackerOne
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSylvain Martinez
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonStefan Streichsbier
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceThreatConnect
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityCyren, Inc
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cyber Solutions
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
 
Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityMighty Guides, Inc.
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Clare Nelson, CISSP, CIPP-E
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesMighty Guides, Inc.
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 
Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesEd Bellis
 
SecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza LineSecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza LineEd Bellis
 

Más contenido relacionado

La actualidad más candente

Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Understanding Information Security Assessment Types
Understanding Information Security Assessment TypesUnderstanding Information Security Assessment Types
Understanding Information Security Assessment TypesHackerOne
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityGeorg Knon
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSylvain Martinez
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonStefan Streichsbier
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeAdam Barrera
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMCrowdStrike
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceThreatConnect
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityCyren, Inc
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cyber Solutions
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
 
Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityMighty Guides, Inc.
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Clare Nelson, CISSP, CIPP-E
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesMighty Guides, Inc.
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCrowdStrike
 

La actualidad más candente (20)

Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security KeynoteSplunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And Detection
 
Understanding Information Security Assessment Types
Understanding Information Security Assessment TypesUnderstanding Information Security Assessment Types
Understanding Information Security Assessment Types
 
Webinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise SecurityWebinar: Neues zur Splunk App for Enterprise Security
Webinar: Neues zur Splunk App for Enterprise Security
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} HackathonPractical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} Hackathon
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
Dollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat IntelligenceDollars and Sense of Sharing Threat Intelligence
Dollars and Sense of Sharing Threat Intelligence
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud Security
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
 
Avoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to SecurityAvoiding Limitations of Traditional Approaches to Security
Avoiding Limitations of Traditional Approaches to Security
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 

Destacado

Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesEd Bellis
 
SecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza LineSecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza LineEd Bellis
 
An Economic Approach to Info Security
An Economic Approach to Info SecurityAn Economic Approach to Info Security
An Economic Approach to Info SecurityEd Bellis
 
SecTor - The Search For Intelligent Life
SecTor - The Search For Intelligent LifeSecTor - The Search For Intelligent Life
SecTor - The Search For Intelligent LifeEd Bellis
 
BSidesSF 2014 Fix What Matters:Why CVSS Sucks
BSidesSF 2014 Fix What Matters:Why CVSS SucksBSidesSF 2014 Fix What Matters:Why CVSS Sucks
BSidesSF 2014 Fix What Matters:Why CVSS SucksEd Bellis
 
Metricon 6 That's So Meta
Metricon 6 That's So MetaMetricon 6 That's So Meta
Metricon 6 That's So MetaEd Bellis
 
Bay threat2011
Bay threat2011Bay threat2011
Bay threat2011Ed Bellis
 
Security as Code
Security as CodeSecurity as Code
Security as CodeEd Bellis
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15Ed Bellis
 

Destacado (9)

Amateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your WorriesAmateur Hour: Why APTs Are The Least Of Your Worries
Amateur Hour: Why APTs Are The Least Of Your Worries
 
SecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza LineSecTor 2012 The Security Mendoza Line
SecTor 2012 The Security Mendoza Line
 
An Economic Approach to Info Security
An Economic Approach to Info SecurityAn Economic Approach to Info Security
An Economic Approach to Info Security
 
SecTor - The Search For Intelligent Life
SecTor - The Search For Intelligent LifeSecTor - The Search For Intelligent Life
SecTor - The Search For Intelligent Life
 
BSidesSF 2014 Fix What Matters:Why CVSS Sucks
BSidesSF 2014 Fix What Matters:Why CVSS SucksBSidesSF 2014 Fix What Matters:Why CVSS Sucks
BSidesSF 2014 Fix What Matters:Why CVSS Sucks
 
Metricon 6 That's So Meta
Metricon 6 That's So MetaMetricon 6 That's So Meta
Metricon 6 That's So Meta
 
Bay threat2011
Bay threat2011Bay threat2011
Bay threat2011
 
Security as Code
Security as CodeSecurity as Code
Security as Code
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 

Similar a Reading the Security Tea Leaves

How to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsHow to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsAujas
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014Imperva
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceImperva
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsRedhuntLabs2
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Evolving threat landscape
Evolving threat landscapeEvolving threat landscape
Evolving threat landscapeMotiv
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalImperva
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and ComplianceMarcus Clarke
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterAmazon Web Services
 

Similar a Reading the Security Tea Leaves (20)

How to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus AnalyticsHow to Enhance Vulnerability Management with Intelligence plus Analytics
How to Enhance Vulnerability Management with Intelligence plus Analytics
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
Top Security Trends for 2014
Top Security Trends for 2014Top Security Trends for 2014
Top Security Trends for 2014
 
Hiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known VulnerabilitiesHiding in Plain Sight: The Danger of Known Vulnerabilities
Hiding in Plain Sight: The Danger of Known Vulnerabilities
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
The cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surfaceThe cyber house of horrors - securing the expanding attack surface
The cyber house of horrors - securing the expanding attack surface
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
 
The Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat IntelligenceThe Value of Crowd-Sourced Threat Intelligence
The Value of Crowd-Sourced Threat Intelligence
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative World
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Evolving threat landscape
Evolving threat landscapeEvolving threat landscape
Evolving threat landscape
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack Survival
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually MatterStop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
 

Último

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Último (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Reading the Security Tea Leaves

  • 1. SECURITY TEA LEAVES NOVEMBER 2013 Ed Bellis Matt Johansen Founder & CEO of Risk I/O Threat Research Center Manager @ebellis @mattjay
  • 2. SPEAKERS Ed Bellis CoFounder, CEO • Contributing Author, Beautiful Security • Manages 50M+ vulnerabilities daily • Background in Baseball • Former Orbitz CISO, 20+ years experience • I'm hiring… a lot… © 2013 Risk IO, Inc. Matt Johansen Threat Research Center Manager • BlackHat, DEFCON, RSA Speaker • Oversees assessment of 15,000+ websites • Background in Penetration Testing • Hacker turned Management • I'm hiring… a lot… © 2013 WhiteHat Security, Inc. 2
  • 3. NICE TO MEET YOU ✓ Data-Driven Vulnerability Intelligence Platform ✓ DataWeek 2012 Top Security Innovator ✓ Chicago & San Francisco ✓ Processing 50M+ Vulnerabilities Daily © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 3
  • 4. ABOUT WhiteHat Security, Inc. 3970 Freedom Cir #200, Santa Clara, CA 95054  Founded 2001  Head quartered in Santa Clara, CA  Employees: 260+  WhiteHat Sentinel: SaaS end-to-end website risk management platform (static and dynamic analysis)  Customers: 500+ (banking, retail, healthcare, etc.) Founded in 2001 by Jeremiah Grossman–a former Yahoo! information security officer–WhiteHat combines a revolutionary, cloud-based technology platform with a team of leading security experts to help customers in the toughest, most regulated industries, including e-commerce, financial services, information technology, healthcare and more. Dozens of companies in the Fortune 500 rely on WhiteHat to help them prevent website attacks that could cost them millions. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 4
  • 5. REPORT WhiteHat Stats Report In a recent customer survey for our 2012 WhiteHat Stats report we were asked what the major reason to fix a vulnerability was. Answer: Compliance We also asked if a choice was made to NOT fix a vulnerability what the major reason was. Answer: Compliance. Something wrong with this picture. How do we better prioritize finding and fixing vulnerabilities in our web applications? © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 5
  • 7. INFOSEC? © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 7
  • 8. DATA Data pieces Industry Vuln Data Industry Attack Data WhiteHat Stats Report Imperva WAF traffic report. Verizon DBIR In House Vuln Data Find your vulns! © 2013 Risk IO, Inc. In House Attack Data What are the attackers using against YOU! © 2013 WhiteHat Security, Inc. 8
  • 9. DEFEND LIKE YOU’VE DONE IT BEFORE Groups, Motivations Learning from Breache s Asset Topology, Actual Vulns on System © 2013 Risk IO, Inc. Vulnerability Definitions Exploits © 2013 WhiteHat Security, Inc. 9
  • 10. WORK WITH WHAT YOU’VE GOT Akamai, Safenet NVD, MITRE ExploitDB, Metasploit © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 10
  • 11. ARTICLES Blackhats Talking to Blackhats gives us great intelligence, even if it’s not always 100% reliable intel. For those of you who didn’t see the blog posts: • Blackhat part 1 • Blackhat part 2 • Blackhat part 3 © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 11
  • 12. DATA Most Used Vulns? “What are the most used web based vulnerabilities?” Answer: • “Adam” admits that he doesn’t keep track • However, he believed that in his world XSS and SQL injection are the most used © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 12
  • 13. VULNERABILITY OWASP 2013 RC “As you read the OWASP top 10 release candidate for 2013 does the order make sense in terms of how risky and/or common they are for companies to have in their sites if you are going to attack them?” Answer: • OWASP release candidate is unhelpful (to put it politely). • Concept of top 10 vulnerabilities are is “stupid, flawed and inaccurate.” • For it to be accurate he felt that you would have to update it daily, which is, of course practically impossible. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 13
  • 14. VULNERABILITY Esoteric Vulns? “How do you feel about LDAP injection, XML injection and XPath injection?” Answer: • “gangs” tend not to share information • However he wasn’t aware of anyone who was using those. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 14
  • 15. VULNERABILITY Useful Vulns? “What are the characteristics of a "good" web application vulnerability?” Answer: • Fast to exploit • Persistent • Full access (root) • Ability to deface/redirect • Ability to wipe IP logs © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 15
  • 16. VULNERABILITY Preferred Vulns? “Do blackhats prefer command injection, SQL injection and brute force?” Answer: • It depended on the target and the value of the compromise • However, he indicated again that if it’s vulnerable that’s a problem, and it doesn’t really matter how it’s exploited. • The one exception to that is that he did concur with me is that “new” attacks tend not to be used much. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 16
  • 17. VULNERABILITY Prioritization “How would would you prioritize fixes?” Answer: • “Adam” said the hardest vuln to exploit/find would be last to be fixed and the easiest to exploit/find first. • In his opinion SQL injection would probably be the first to get fixed. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 17
  • 18. VULNERABILITY Additional Vulns “Any web-application issues that are extremely useful to attackers that aren't on the OWASP top 10?“ Answer: • Clickjacking • Denial of Service/DDoS © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 18
  • 19. VULNERABILITY Best Practice? “if followed perfectly, is the OWASP top 10 is enough to stop credit card theft through web application vulnerabilities?” Answer: • The whole idea of testing for only 10 is “crazy”. • He felt that the banks are just as bad in many cases as the merchants. • Small online merchants should be banned outright from handling payment info © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 19
  • 20. BLACKHATS Blackhats From these answers we know: • Blackhats don’t care about lists – the top 10 should only be used for prioritization, not as a matter of completeness or “best practice” • We were right to focus our energies on certain classes of attack first during human review, but also we know to start focusing on those vulns first during automated scans as well. • Most valuable vulns to attackers are the most valuable vulns to our customers, so why shouldn’t we prioritize ourselves similarly, while still maintaining the same coverage? © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 20
  • 21. SHOW ME THE MONEY © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 21
  • 22. CVSS AND REMEDIATION METRICS © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 22
  • 23. CVSS AND REMEDIATION METRICS LESSONS FROM A CISO © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 23
  • 24. THE KICKER - LIVE BREACH DATA © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 24
  • 25. CVSS AND REMEDIATION - NOPE © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 25
  • 26. CVSS - A VERY GENERAL GUIDE FOR REMEDIATION - YEP © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 26
  • 27. THE ONE BILLION DOLLAR QUESTION Probability(You Will Be Breached On A Particular Open Vulnerability)? 1.98% © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 27
  • 28. I LOVE IT WHEN YOU CALL ME BIG DATA © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 28
  • 29. ENTER, THE SECURITY MENDOZA LINE Alex Hutton comes up with Security Mendoza Line Josh Corman expands the Security Mendoza Line “Compute power grows at the rate of doubling about every 2 years” Wouldn’t it be nice if we had something that helped us divide who we considered “Amateur” and who we considered “Professional”? “Casual attacker power grows at the rate of Metasploit” http://riskmanagementinsight.com/riskanalysis/? p=294 http://blog.cognitivedissidents.com/2011/11/01/introto-hdmoores-law/ © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 29
  • 30. I LOVE IT WHEN YOU CALL ME BIG DATA © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 30
  • 31. DATA How do we utilize this? Data! • We have another piece of the puzzle. What the bad guys are actually using. • Prioritization of testing and finding. • Prioritization of mitigating and fixing. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 31
  • 32. PRIORITY Prioritize Testing & Finding Use all the Industry and in house data to figure out what to try to test for across your entire web footprint. SQLi being used heavily by attackers? FIND ALL OF THEM! Command Injection not being used as much? Find it but not until you find every single SQLi. © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 32
  • 33. FIXING Prioritize Mitigating & Fixing Nobody likes the pile of bug tickets that show up after a vulnerability assessment. Virtual Patch to buy time. IDS blaring alarms of XSS? Turn up the WAF rules for XSS. Will help block low hanging fruit scanners. Prioritize your bug tickets for Devs in swallowable chunks. What sounds better. “Ok team lets figure out how to parameterize our SQL queries and go through site by site and implement that.” OR “$Web_Scanner found 120 pages of vulns! Fix them now!!!110101” © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 32
  • 34. I LOVE IT WHEN YOU CALL ME BIG DATA Spray and Pray => 2% CVSS 10 => 4% Metasploit + ExploitDB => 30% © 2013 Risk IO, Inc. © 2013 WhiteHat Security, Inc. 33
  • 35. CASE STUDY Case Study RoR case study timeline (hope to get the actual visual from our customer) Shows importance of staying on top of bugs that are being actively exploited and prioritizing the finding and fixing of them. 1/10/2013 1/8/2013 1/9/2013 IDS signatures updated to Rails team releases patches Security Team notifies detect/prevent exploitation and blog post describing Developer Team about the critical vulnerabilities in the new vulnerabilities Rails framework 1/8/2013 1/9/2013 1/10/2013 1/11/2013 1/8/2013 Security Team receives 1/10/2013 notification from Intelligence Metasploit releases a team about Rails vulnerability command injection exploit 1/9/2013 for CVE-2012-0156 Security Team receives notification from WhiteHat with findings of Rails vulnerability 1/9/2013 Highest priority site upgraded to fully remediate the vulnerability © 2013 Risk IO, Inc. 2 Hours between workaround and first identified exploit attempt! 1/12/2013 1/13/2013 Another exploit attempt seen against large application from Germany 1/13/2013 1/14/2013 1/11/2013 Security Team receives first exploit attempt notification from IDS. The exploit was attempted from a Russian Federation IP address. 1/11/2013 The rest of the vulnerable applications apply temporary workaround patch © 2013 WhiteHat Security, Inc. 34
  • 36. THANK YOU Ed Bellis Matt Johansen Founder & CEO of Risk I/O Threat Research Center Manager @ebellis @mattjay