Technical Controls SLAIT CONSULTING.com SLAIT Consulting an ePlus - - PowerPoint PPT Presentation

technical controls
SMART_READER_LITE
LIVE PREVIEW

Technical Controls SLAIT CONSULTING.com SLAIT Consulting an ePlus - - PowerPoint PPT Presentation

Apr 08, 2024 361 likes •594 views

SLAIT Consulting Threat Management and Technical Controls SLAIT CONSULTING.com SLAIT Consulting an ePlus Technology, Inc. Company Ivan Gil, Sr. Information Security Consultant Sr. Information Security Consultant assisting clients with their

slide-1
SLIDE 1

SLAITCONSULTING.com

Threat Management and Technical Controls

SLAIT Consulting

slide-2
SLIDE 2

SLAITCONSULTING.com

Ivan Gil,

  • Sr. Information Security Consultant

SLAIT Consulting an ePlus Technology, Inc. Company

  • Sr. Information Security Consultant assisting clients with their Information

Security programs including:

  • Implementing Information Security Programs
  • Developing and review of Information Security Policies
  • Performing compliance assessments, Risk Assessments, Security Audits, System

Security Plans

  • Conduct Vulnerability Scans and Penetration Testing
  • Conduct Phishing, Vishing, and Social Engineering Campaigns
  • 30+ years for Information Technology and the last 10 years in Cyber Security
  • SLAIT Consulting, Northrop Grumman (VITA Program), Nemesys Corp.
slide-3
SLIDE 3

SLAITCONSULTING.com

Cyber Crime Evolution

SLAIT Consulting

Organized crime is developing complex internal hierarchies and commoditizing their activities at a global level

Law enforcement and information security professionals struggle to keep pace with nation state actors and a burgeoning criminal underground Resulting in

  • Business disruptions
  • Financial loss – FBI estimates $2.7 billion in 2018
  • Reputational damage
  • This has resulted in…
  • Greater risk awareness
  • General increase for security budgets
slide-4
SLIDE 4

SLAITCONSULTING.com

Cyber Crime Evolution

SLAIT Consulting

slide-5
SLIDE 5

SLAITCONSULTING.com

Cyber Crime Evolution

SLAIT Consulting

Although malware threats have become increasingly sophisticated, the infection vectors and delivery methods remain familiar.

  • Advanced Threats
  • Exploit Kits
  • Key loggers
  • Ransomware
  • Delivery Methods
  • Social Engineering (Phishing and it’s variants)
  • Malicious Website / Malvertising / Drive-by-Downloads
  • Application vulnerabilities (Apache Struts)
slide-6
SLIDE 6

SLAITCONSULTING.com

Cyber Crime Evolution

SLAIT Consulting

slide-7
SLIDE 7

SLAITCONSULTING.com

Cyber Crime Evolution

SLAIT Consulting

slide-8
SLIDE 8

SLAITCONSULTING.com

Advancements in Technology

SLAIT Consulting

slide-9
SLIDE 9

SLAITCONSULTING.com

  • Customers have a diverse array of security devices & systems generating events,

alerts, and log data

Key Security Concerns & Challenges

SLAIT Consulting

  • Growing need to collect and preserve security data for correlation, analysis, and

compliance

  • Increasing alert fatigue for limited security staffing resources
  • Limited monitoring due to lack of Security Operations Center – no 24x7

coverage

  • Lack of controls or policies to effectively manage security as well as compliance
slide-10
SLIDE 10

SLAITCONSULTING.com

Defense In Depth

slide-11
SLIDE 11

SLAITCONSULTING.com

Cloud Services Evolution

SLAIT Consulting

2017 Cloud Adoption Statistics

  • 93% of organizations utilize cloud services in some form
  • 62% of organizations store personal data / customer information in the cloud
  • 40% of cloud services are commissioned without the involvement of IT
  • 49% of respondents slowed their cloud adoption due to lack of cybersecurity skills
  • 52% of respondents tracked a malware infection to a SaaS service

(2017 Ponemon Institute / Intel Security global surveys)

slide-12
SLIDE 12

SLAITCONSULTING.com

Information Technology Controls

Innovative Solutions for Forward Thinking Companies

IT Controls provide a framework for prioritizing security processes that are most effective against Advanced Threats such as targeted attacks. The main emphasis of a control is on standardization and automation that not only maximize security but enhances the operational effectiveness of your IT

  • rganization.

IT security controls are often inconsistently applied (or not applied at all) for cloud based services.

  • OWASP Top 10 – A6: 2017 Security Misconfiguration
  • SANS/CIS Top 20
  • Vulnerability Assessment & Remediation
  • Account Monitoring and Control
slide-13
SLIDE 13

SLAITCONSULTING.com

Cloud vs. Client Security Responsibilities by Service Model

  • Need to understand which party is

responsible for security domains.

  • Need to treat IaaS and PaaS as if you
  • wn the devices and applications
  • Source: IBM
  • Verify the contractual agreements of

what you own

  • Requirements for penetration testing

require approval from Cloud provider

slide-14
SLIDE 14

SLAITCONSULTING.com

Security Models Change with Cloud

Just some examples!

Traditional Data Center

  • Soft interior – low segmentation in

place today and containerization

  • Build in place has an “always on”

threat model

  • High degree of network based

detection/mitigation/interception possible

Cloud Hosted

  • Micro-segmentation – setup at time
  • f implementation
  • Dynamic scale up decreases threat

window

  • Network detection pushed to flow

logging; little to no NIDS or interception

slide-15
SLIDE 15

SLAITCONSULTING.com

Domains

Innovative Solutions for Forward Thinking Companies

Threat Response Threat Management Vulnerability Management Compliance Management

Threat Analysis Forensic Analysis Incident Response Breach Response Threat Recon Services Threat Manage Services Threat Monitoring Services Network Vulnerability Scanning Application Vulnerability Testing Penetration Testing Security Assessment Risk Assessment Control / Policy Assessment PCI Compliance Security Awareness Training

slide-16
SLIDE 16

SLAITCONSULTING.com

Six Pillars of Security

24x7 Security Operations Center

SIEM & LOG MANAGEMENT

  • Log Collection & Correlation
  • Open Threat Exchange (OTX) Threat

Data - AlienVault

  • SIEM Event Correlation
  • Incident Response

BEHAVIORAL MONITORING

  • Network IDS
  • NetFlow Analysis
  • Full Packet Capture
  • Threat Cloud Integration

ADVANCED THREAT DETECTION

  • Adaptive Threat Fabric
  • Behavioral Analysis
  • Dynamic Threat Sandbox

VULNERABILITY ASSESSMENT

  • Continuous Vulnerability Monitoring
  • Authenticated & Unauthenticated

Vulnerability Scanning

ASSET DISCOVERY & INVENTORY

  • Active Network Scanning
  • Passive Network Scanning
  • Asset Inventory
  • Software Inventory

ENDPOINT RESPONSE

  • “Flight Data Recorder” - CarbonBlack
  • Live Response
  • Threat Actor Detection/Remediation
slide-17
SLIDE 17

SLAITCONSULTING.com

Incident Response Services

SLAIT Consulting

Incident Response services help customers across all phases of the IR process to include identification, containment, eradication, and recovery. Incident Response support can be requested “ad hoc” by way of Letter of

  • Engagement. Services available under the Incident

Response domain include Virtual Bench, Breach Discovery, Tactical Development, Readiness Assessment, Live Fire Exercises, and Strategy Development Service Engagement IR services available “on demand” (subject to resource availability) on a Time & Materials basis – offered via Letter of Engagement.

slide-18
SLIDE 18

SLAITCONSULTING.com

Vulnerability Scan & Penetration Test

SLAIT Consulting

Also know as “vulnerability scanning”, a vulnerability test for potential vulnerabilities or potential issues in you organization’s environment specifically operating systems, software applications, and hardware configurations. Vulnerability testing comes in multiple forms: ❖ Network Vulnerability Scanning – Internal or External ❖ Web Application Vulnerability Scanning– testing

  • f vulnerabilities in your public and internal

website Also know as “pen test”, a penetration test identifies vulnerabilities or potential issues in you

  • rganization’s environment. Penetration testing

comes in multiple forms: ❖ Network Penetration – Internal or External ❖ Web Application – testing of vulnerabilities in you public website ❖ Embedded Device – discovery of vulnerabilities in devices you produce or want to use in your environment ❖ Software Application – “Black box” or “gray box” testing

slide-19
SLIDE 19

SLAITCONSULTING.com

SLAIT Consulting

Q & A

slide-20
SLIDE 20

SLAITCONSULTING.com

References

SLAIT Consulting

FBI Cyber Crime Statistics 2018 https://www.fbi.gov/news/stories/ic3-releases-2018-internet-crime-report-042219 OWASP Top 10 2017 – https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

slide-21
SLIDE 21

SLAITCONSULTING.com

SLAIT Security Services

Innovative Solutions for Forward Thinking Companies

Ivan Gil 4405 Cox Rd., Suite #100, Glen Allen, VA 23060 T: (804) 632-8365 M: (804) 334-8074 www.slaitconsulting.com

Follow Us On Our Social Sites