Measuring Risk Ron Gula NSA Pen Tester Cloud Security Network IDS - - PowerPoint PPT Presentation

measuring risk
SMART_READER_LITE
LIVE PREVIEW

Measuring Risk Ron Gula NSA Pen Tester Cloud Security Network IDS - - PowerPoint PPT Presentation

Aug 29, 2022 154 likes •458 views

Measuring Risk Ron Gula NSA Pen Tester Cloud Security Network IDS Who is Ron Gula??? Vuln Management Cyber Companies THREAT X VULNERABILITY = RISK THREAT X VULNERABILITY = RISK Out of date browser on server One

slide-1
SLIDE 1

Measuring Risk

Ron Gula

slide-2
SLIDE 2

Who is Ron Gula???

  • NSA Pen Tester
  • Cloud Security
  • Network IDS
  • Vuln Management
  • Cyber Companies
slide-3
SLIDE 3
slide-4
SLIDE 4

THREAT X VULNERABILITY = RISK

slide-5
SLIDE 5

THREAT X VULNERABILITY = RISK

slide-6
SLIDE 6
  • Out of date browser on server
  • One server with 10 vulns versus Ten

servers with 1 vulns

  • “Low” and “Medium” vulns
slide-7
SLIDE 7
  • Severity
  • Asset
  • Age
  • Exploit
  • Malware
  • Patch Rollups
slide-8
SLIDE 8
slide-9
SLIDE 9

EVEN IF WE PATCHED 100% WE STILL HAVE ZERO DAYS

slide-10
SLIDE 10
  • Patch Management
  • Vuln Scanners
  • System Hardening
  • Network Monitors
  • EDR & Forensics
  • Web Proxy
  • GRC & Compliance
  • SIEM & Logs
  • Authentication
  • Asset Management
  • IT Provisioning
  • NAC and Firewall
  • Procurement
slide-11
SLIDE 11

If you know the enemy and know yourself you need not fear the results of a hundred battles.

slide-12
SLIDE 12

If you know the enemy and know yourself you need not fear the results of a hundred battles.

  • Complex OSes
  • BYOD and Mobile
  • On-Prem Apps
  • Cloud Apps
  • All Users
  • User Access
slide-13
SLIDE 13

If you know the enemy and know yourself you need not fear the results of a hundred battles.

  • Complex OSes
  • BYOD and Mobile
  • On-Prem Apps
  • Cloud Apps
  • All Users
  • User Access
  • Vulnerabilities
  • Activity Logging
  • System Configurations
  • Network Monitoring
  • Change Detection
  • Privileged Access
slide-14
SLIDE 14
slide-15
SLIDE 15

Access Control and Authentication Can you build a map of all ACLs and enclaves?

Can you build a list

  • f all

enclaves and access control lists on them?

slide-16
SLIDE 16

Can you build a list

  • f all users

and their authorized apps?

slide-17
SLIDE 17

MONITORING AUDIT

slide-18
SLIDE 18

DATA & APPS DATA & APPS DATA & APPS DATA & APPS DATA & APPS DATA & APPS

slide-19
SLIDE 19

TELEMETRY

Logs, Packets, Flows, Cloud APIs, Auth, Files, .etc

LOOK FOR BADNESS

NIDS, AV, BOTs, UBA, NBAD, APT, .etc

AUDIT FOR GOODNESS

Apps, Users, Transactions, Normal

slide-20
SLIDE 20

WHY CAN’T WE MODEL RISK?

  • Periodic & Imperfect Assessments
  • Imperfect Threat Model
  • Collection of Data
  • Lack of standards on “risk”
slide-21
SLIDE 21

RISK MEASURING ENABLES

  • Better Security Policy
  • Better Security Budgets
  • Fact based Security

WHAT IS THE #1 THING?

slide-22
SLIDE 22

FRAMEWORKS

  • Vendor Neutral
  • Cross-Organizational
  • Prescriptive
  • Written by Pen Tests & I.R.
slide-23
SLIDE 23
slide-24
SLIDE 24
slide-25
SLIDE 25
slide-26
SLIDE 26
slide-27
SLIDE 27

Conclusions

CONCLUSIONS

slide-28
SLIDE 28

Conclusions

CONCLUSIONS

slide-29
SLIDE 29

Conclusions

CONCLUSIONS

slide-30
SLIDE 30

Questions and Contact Information