SLAIT Consulting Threat Management and Technical Controls SLAIT CONSULTING.com
SLAIT Consulting an ePlus Technology, Inc. Company Ivan Gil, Sr. Information Security Consultant Sr. Information Security Consultant assisting clients with their Information • Security programs including: Implementing Information Security Programs • Developing and review of Information Security Policies • Performing compliance assessments, Risk Assessments, Security Audits, System • Security Plans Conduct Vulnerability Scans and Penetration Testing • Conduct Phishing, Vishing, and Social Engineering Campaigns • 30+ years for Information Technology and the last 10 years in Cyber Security • SLAIT Consulting, Northrop Grumman (VITA Program), Nemesys Corp. • SLAIT CONSULTING.com
SLAIT Consulting Cyber Crime Evolution Organized crime is developing complex internal hierarchies and commoditizing their activities at a global level Law enforcement and information security professionals struggle to keep pace with nation state actors and a burgeoning criminal underground Resulting in • Business disruptions • Financial loss – FBI estimates $2.7 billion in 2018 • Reputational damage • This has resulted in … • Greater risk awareness • General increase for security budgets SLAIT CONSULTING.com
SLAIT Consulting Cyber Crime Evolution SLAIT CONSULTING.com
SLAIT Consulting Cyber Crime Evolution Although malware threats have become increasingly sophisticated, the infection vectors and delivery methods remain familiar. • Advanced Threats • Exploit Kits • Key loggers • Ransomware • Delivery Methods • Social Engineering (Phishing and it’s variants) • Malicious Website / Malvertising / Drive-by-Downloads • Application vulnerabilities (Apache Struts) SLAIT CONSULTING.com
SLAIT Consulting Cyber Crime Evolution SLAIT CONSULTING.com
SLAIT Consulting Cyber Crime Evolution SLAIT CONSULTING.com
SLAIT Consulting Advancements in Technology SLAIT CONSULTING.com
SLAIT Consulting Key Security Concerns & Challenges • Customers have a diverse array of security devices & systems generating events, alerts, and log data • Growing need to collect and preserve security data for correlation, analysis, and compliance • Increasing alert fatigue for limited security staffing resources • Limited monitoring due to lack of Security Operations Center – no 24x7 coverage • Lack of controls or policies to effectively manage security as well as compliance SLAIT CONSULTING.com
Defense In Depth SLAIT CONSULTING.com
SLAIT Consulting Cloud Services Evolution 2017 Cloud Adoption Statistics • 93% of organizations utilize cloud services in some form • 62% of organizations store personal data / customer information in the cloud • 40% of cloud services are commissioned without the involvement of IT • 49% of respondents slowed their cloud adoption due to lack of cybersecurity skills • 52% of respondents tracked a malware infection to a SaaS service SLAIT CONSULTING.com (2017 Ponemon Institute / Intel Security global surveys)
Innovative Solutions for Forward Thinking Companies Information Technology Controls IT Controls provide a framework for prioritizing security processes that are most effective against Advanced Threats such as targeted attacks. The main emphasis of a control is on standardization and automation that not only maximize security but enhances the operational effectiveness of your IT organization. IT security controls are often inconsistently applied (or not applied at all) for cloud based services. • OWASP Top 10 – A6: 2017 Security Misconfiguration • SANS/CIS Top 20 • Vulnerability Assessment & Remediation • Account Monitoring and Control SLAIT CONSULTING.com
Cloud vs. Client Security Responsibilities by Service Model • Need to understand which party is responsible for security domains. • Need to treat IaaS and PaaS as if you own the devices and applications • Verify the contractual agreements of what you own • Requirements for penetration testing require approval from Cloud provider SLAIT CONSULTING.com • Source: IBM
Security Models Change with Cloud Just some examples! Traditional Data Center Cloud Hosted • Soft interior – low segmentation in • Micro-segmentation – setup at time place today and containerization of implementation • Build in place has an “always on” • Dynamic scale up decreases threat threat model window • High degree of network based • Network detection pushed to flow detection/mitigation/interception logging; little to no NIDS or possible interception SLAIT CONSULTING.com
Innovative Solutions for Forward Thinking Companies Domains Compliance Vulnerability Threat Threat Management Management Response Management Network Vulnerability Threat Recon Services Security Assessment Threat Analysis Scanning Risk Assessment Application Forensic Analysis Threat Manage Services Vulnerability Testing Control / Policy Assessment Threat Monitoring Services Incident Response Penetration Testing PCI Compliance Breach Response Security Awareness Training SLAIT CONSULTING.com
Six Pillars of Security SIEM & LOG MANAGEMENT ASSET DISCOVERY & INVENTORY • Log Collection & Correlation • Active Network Scanning • Open Threat Exchange (OTX) Threat • Passive Network Scanning Data - AlienVault • Asset Inventory • SIEM Event Correlation • Software Inventory • Incident Response 24x7 Security BEHAVIORAL MONITORING VULNERABILITY ASSESSMENT Operations • Continuous Vulnerability Monitoring • Network IDS • Authenticated & Unauthenticated Center • NetFlow Analysis Vulnerability Scanning • Full Packet Capture • Threat Cloud Integration ENDPOINT RESPONSE ADVANCED THREAT DETECTION • “Flight Data Recorder” - CarbonBlack • Adaptive Threat Fabric • Live Response • Behavioral Analysis • Threat Actor Detection/Remediation • Dynamic Threat Sandbox SLAIT CONSULTING.com
SLAIT Consulting Incident Response Services Incident Response services help customers across all phases of the IR process to include identification, containment, eradication, and recovery. Incident Response support can be requested “ad hoc” by way of Letter of Engagement. Services available under the Incident Response domain include Virtual Bench, Breach Discovery, Tactical Development, Readiness Assessment, Live Fire Exercises, and Strategy Development Service Engagement IR services available “on demand” (subject to resource availability) on a Time & Materials basis – offered via Letter of Engagement. SLAIT CONSULTING.com
SLAIT Consulting Vulnerability Scan & Penetration Test Also know as “vulnerability scanning”, a vulnerability Also know as “pen test”, a penetration test identifies test for potential vulnerabilities or potential issues in vulnerabilities or potential issues in you you organization’s environment specifically operating organization’s environment. Penetration testing systems, software applications, and hardware comes in multiple forms: ❖ Network Penetration – Internal or External configurations. ❖ Web Application – testing of vulnerabilities in you Vulnerability testing comes in multiple forms: public website ❖ Network Vulnerability Scanning – Internal or ❖ Embedded Device – discovery of vulnerabilities in External devices you produce or want to use in your ❖ Web Application Vulnerability Scanning – testing environment ❖ Software Application – “Black box” or “gray box” of vulnerabilities in your public and internal website testing SLAIT CONSULTING.com
SLAIT Consulting Q & A SLAIT CONSULTING.com
SLAIT Consulting References FBI Cyber Crime Statistics 2018 https://www.fbi.gov/news/stories/ic3-releases-2018-internet-crime-report-042219 OWASP Top 10 2017 – https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf SLAIT CONSULTING.com
Innovative Solutions for Forward Thinking Companies SLAIT Security Services Ivan Gil 4405 Cox Rd., Suite #100, Glen Allen, VA 23060 T: (804) 632-8365 M: (804) 334-8074 www.slaitconsulting.com Follow Us On Our Social Sites SLAIT CONSULTING.com
Recommend
More recommend