Turning Your Cybersecurity Toddlers… Into Warriors! Simple lessons to fill the knowledge gap within your staff Shira Shamban Dome9 Security @shambanIT 0
1
2
3
4
5
You and your staff Are NOT going to keep up with Technology @shambanIT
Today, Enterprises Average… different security vendors installed in their company to solve problems ZDNet – “Security landscape plagued by too many. Nov. 2016 @shambanIT
You and your staff Are NOT going to keep up with Technology ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!! @shambanIT
@shambanIT 11
Top 5 Causes of Data Breaches in Healthcare #1. Human Error: 33.5% The elephant in the figures is the #2. Misuse: 29.5% number of incidents where the discovery was measured in #3. Physical (mostly theft): 16.3% months or years …. #4. Hacking: 14.8% #5. Malware: 10.8% Protected Health Information Data Breach Report Verizon – March 2018 @shambanIT 12
Top Three Causes – JDL Group – January 2018 63% of investigated breaches involved weak, #1. Password Problems stolen or default password Verizon recently reported ransomware is the #2. Ransomware & Malware fifth most common type of malware. Reuters reports 73% of data breaches happen #3. Human Error because of the people operating machines @shambanIT 14
Why So Much Phishing? It Works... @shambanIT 15
We All Have a Dave… @shambanIT 16
Understanding the Basics of CD/CR Security @shambanIT 17
We Don’t Need Faster Horses “If I had asked people what they wanted, they would have said faster horses.” ― Henry Ford @shambanIT 19
So, what is the secret ingredient?
Understanding the Basics of CD/CR Security • Whatever it is that you’re doing with your • Don’t monitor the logs, monitor the “I use the default AWS configuration” • 80% of the problems repeat themselves “I don’t need logs, I have an AV” “I keep all of my logs… I think” logs – It’s not working – time for a change unusual findings @shambanIT 21 21
Logs Provide…
The Secret Recipe… Your Logs are the Secret Ingredient ● How Long to Keep? ● Sources and Variety? ● Scalability ○ Easily add new (future) sources ● Detection Algorithms Used ○ How detailed/granularity ● Supporting User Interface @shambanIT
Typical Attack Vector Criminal hacker User clicked Criminal hacker Money Username and Phishing email has privileged deployed bitcoin loss! link password stolen mining assets access to AWS Awareness URL scanning Least privilege Give very specific Enforce 2FA prevent policies to users program for email principle regarding assets Monitor activity patterns Monitor activity patterns Monitor login detect Detection tool Detection tool and unusual events, like and unusual events like patterns creating of new keys, new assets, unusual billing, users etc CPU, DNS requests A Complete 360 Degree View Is Impossible… Without Logs! @shambanIT
Typical Attack Vector PII breach, including Criminal hacker User re-used Criminal hacker Criminal hacker moves around the Money loss, emails and password for has privileged encrypted DB, reputation, VPC, looking for asking for ransom compliance AWS account access to AWS passwords sensitive DB Enforce 2FA, Enforce strong least privilege Backup! prevent awareness password policy least privilege Monitor Internal Monitor login Monitor activity patterns Monitor unusual detect and unusual events, like port scan, failed haveibeenpwned patterns account activity creating of new keys, login attempts users etc Remember! Logging is For EVERYONE @shambanIT
Love Your Logs!
Focus On The Big Rocks First 30
Automate Remediation Repetitive problems are easier to remediate Hire Expert(s) to Create Cluster - Address the Top 10 Recurring Problems Hire Expert(s) to Prepare Appropriate Solutions Allow Machine to Label Each Problem If Yes – Auto Remediate If No – Escalate to Human @shambanIT 31
Remediation – What’s The Future…Crowdsourcing I have a problem Other people have that I wonder how they solved ow they solved problem (or similar) it it Security is improved! Others will share their own I will share my solution with the community solutions, we exchange knowledge @shambanIT 33
Free Your Warriors! @shambanIT 34
Any Questions? I Dare You! Thank You Shira Shamban @shambanIT Head of Security Research @shambanIT 35 shira@dome9.com
Recommend
More recommend