turning your cybersecurity
play

Turning Your Cybersecurity Toddlers Into Warriors! Simple lessons - PowerPoint PPT Presentation

Turning Your Cybersecurity Toddlers Into Warriors! Simple lessons to fill the knowledge gap within your staff Shira Shamban Dome9 Security @shambanIT 0 1 2 3 4 5 You and your staff Are NOT going to keep up with Technology


  1. Turning Your Cybersecurity Toddlers… Into Warriors! Simple lessons to fill the knowledge gap within your staff Shira Shamban Dome9 Security @shambanIT 0

  2. 1

  3. 2

  4. 3

  5. 4

  6. 5

  7. You and your staff Are NOT going to keep up with Technology @shambanIT

  8. Today, Enterprises Average… different security vendors installed in their company to solve problems ZDNet – “Security landscape plagued by too many. Nov. 2016 @shambanIT

  9. You and your staff Are NOT going to keep up with Technology ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! @shambanIT

  10. @shambanIT 11

  11. Top 5 Causes of Data Breaches in Healthcare #1. Human Error: 33.5% The elephant in the figures is the #2. Misuse: 29.5% number of incidents where the discovery was measured in #3. Physical (mostly theft): 16.3% months or years …. #4. Hacking: 14.8% #5. Malware: 10.8% Protected Health Information Data Breach Report Verizon – March 2018 @shambanIT 12

  12. Top Three Causes – JDL Group – January 2018 63% of investigated breaches involved weak, #1. Password Problems stolen or default password Verizon recently reported ransomware is the #2. Ransomware & Malware fifth most common type of malware. Reuters reports 73% of data breaches happen #3. Human Error because of the people operating machines @shambanIT 14

  13. Why So Much Phishing? It Works... @shambanIT 15

  14. We All Have a Dave… @shambanIT 16

  15. Understanding the Basics of CD/CR Security @shambanIT 17

  16. We Don’t Need Faster Horses “If I had asked people what they wanted, they would have said faster horses.” ― Henry Ford @shambanIT 19

  17. So, what is the secret ingredient?

  18. Understanding the Basics of CD/CR Security • Whatever it is that you’re doing with your • Don’t monitor the logs, monitor the “I use the default AWS configuration” • 80% of the problems repeat themselves “I don’t need logs, I have an AV” “I keep all of my logs… I think” logs – It’s not working – time for a change unusual findings @shambanIT 21 21

  19. Logs Provide…

  20. The Secret Recipe… Your Logs are the Secret Ingredient ● How Long to Keep? ● Sources and Variety? ● Scalability ○ Easily add new (future) sources ● Detection Algorithms Used ○ How detailed/granularity ● Supporting User Interface @shambanIT

  21. Typical Attack Vector Criminal hacker User clicked Criminal hacker Money Username and Phishing email has privileged deployed bitcoin loss! link password stolen mining assets access to AWS Awareness URL scanning Least privilege Give very specific Enforce 2FA prevent policies to users program for email principle regarding assets Monitor activity patterns Monitor activity patterns Monitor login detect Detection tool Detection tool and unusual events, like and unusual events like patterns creating of new keys, new assets, unusual billing, users etc CPU, DNS requests A Complete 360 Degree View Is Impossible… Without Logs! @shambanIT

  22. Typical Attack Vector PII breach, including Criminal hacker User re-used Criminal hacker Criminal hacker moves around the Money loss, emails and password for has privileged encrypted DB, reputation, VPC, looking for asking for ransom compliance AWS account access to AWS passwords sensitive DB Enforce 2FA, Enforce strong least privilege Backup! prevent awareness password policy least privilege Monitor Internal Monitor login Monitor activity patterns Monitor unusual detect and unusual events, like port scan, failed haveibeenpwned patterns account activity creating of new keys, login attempts users etc Remember! Logging is For EVERYONE @shambanIT

  23. Love Your Logs!

  24. Focus On The Big Rocks First 30

  25. Automate Remediation Repetitive problems are easier to remediate Hire Expert(s) to Create Cluster - Address the Top 10 Recurring Problems Hire Expert(s) to Prepare Appropriate Solutions Allow Machine to Label Each Problem If Yes – Auto Remediate If No – Escalate to Human @shambanIT 31

  26. Remediation – What’s The Future…Crowdsourcing I have a problem Other people have that I wonder how they solved ow they solved problem (or similar) it it Security is improved! Others will share their own I will share my solution with the community solutions, we exchange knowledge @shambanIT 33

  27. Free Your Warriors! @shambanIT 34

  28. Any Questions? I Dare You! Thank You Shira Shamban @shambanIT Head of Security Research @shambanIT 35 shira@dome9.com

Recommend


More recommend