Turning Your Cybersecurity Toddlers Into Warriors! Simple lessons - - PowerPoint PPT Presentation

turning your cybersecurity
SMART_READER_LITE
LIVE PREVIEW

Turning Your Cybersecurity Toddlers Into Warriors! Simple lessons - - PowerPoint PPT Presentation

Oct 13, 2022 159 likes •484 views

Turning Your Cybersecurity Toddlers Into Warriors! Simple lessons to fill the knowledge gap within your staff Shira Shamban Dome9 Security @shambanIT 0 1 2 3 4 5 You and your staff Are NOT going to keep up with Technology

slide-1
SLIDE 1

Into Warriors!

Simple lessons to fill the knowledge gap within your staff

Turning Your Cybersecurity Toddlers…

@shambanIT

Shira Shamban Dome9 Security

slide-2
SLIDE 2

1

slide-3
SLIDE 3

2

slide-4
SLIDE 4

3

slide-5
SLIDE 5

4

slide-6
SLIDE 6

5

slide-7
SLIDE 7

You and your staff Are NOT going to keep up with Technology

@shambanIT

slide-8
SLIDE 8

Today, Enterprises Average…

ZDNet – “Security landscape plagued by too many. Nov. 2016

different security vendors installed in their company to solve problems

@shambanIT

slide-9
SLIDE 9
slide-10
SLIDE 10

ALERT!!!! ALERT!!!!

ALERT!!!! ALERT!!!!

ALERT!!!! ALERT!!!! ALERT!!!! ALERT!!!!

ALERT!!!! ALERT!!!!

You and your staff Are NOT going to keep up with Technology

@shambanIT

slide-11
SLIDE 11
slide-12
SLIDE 12

11

@shambanIT

slide-13
SLIDE 13

Top 5 Causes of Data Breaches in Healthcare

The elephant in the figures is the number of incidents where the discovery was measured in months or years….

12 Protected Health Information Data Breach Report Verizon – March 2018

#1. Human Error: 33.5% #2. Misuse: 29.5% #3. Physical (mostly theft): 16.3% #4. Hacking: 14.8% #5. Malware: 10.8%

@shambanIT

slide-14
SLIDE 14

Top Three Causes – JDL Group – January 2018

#3. Human Error

Reuters reports 73% of data breaches happen because of the people operating machines

14

#2. Ransomware & Malware #1. Password Problems

63% of investigated breaches involved weak, stolen or default password Verizon recently reported ransomware is the fifth most common type of malware.

@shambanIT

slide-15
SLIDE 15

15

Why So Much Phishing? It Works...

@shambanIT

slide-16
SLIDE 16

16

We All Have a Dave…

@shambanIT

slide-17
SLIDE 17

Understanding the Basics of CD/CR Security

17

@shambanIT

slide-18
SLIDE 18

We Don’t Need Faster Horses

“If I had asked people what they wanted, they would have said faster horses.”

19

― Henry Ford

@shambanIT

slide-19
SLIDE 19

So, what is the secret ingredient?

slide-20
SLIDE 20

Understanding the Basics of CD/CR Security

21

  • Don’t monitor the logs, monitor the

unusual findings

“I don’t need logs, I have an AV” “I keep all of my logs… “I use the default AWS configuration”

  • 80% of the problems repeat themselves
  • Whatever it is that you’re doing with your

logs – It’s not working – time for a change

21

I think”

@shambanIT

slide-21
SLIDE 21
slide-22
SLIDE 22

Logs Provide…

slide-23
SLIDE 23

Your Logs are the Secret Ingredient

  • How Long to Keep?
  • Sources and Variety?
  • Scalability

○ Easily add new (future) sources

  • Detection Algorithms Used

○ How detailed/granularity

  • Supporting User Interface

The Secret Recipe…

@shambanIT

slide-24
SLIDE 24

Phishing email User clicked link

Username and password stolen Criminal hacker has privileged access to AWS

Criminal hacker deployed bitcoin mining assets

Awareness program URL scanning for email Enforce 2FA Least privilege principle

Give very specific policies to users regarding assets

prevent

Detection tool Detection tool Monitor login patterns

detect

Monitor activity patterns and unusual events, like creating of new keys, users etc Monitor activity patterns and unusual events like new assets, unusual billing, CPU, DNS requests

Money loss!

Typical Attack Vector

A Complete 360 Degree View Is Impossible…

Without Logs!

@shambanIT

slide-25
SLIDE 25

PII breach, including emails and passwords

User re-used password for AWS account Criminal hacker has privileged access to AWS Criminal hacker moves around the VPC, looking for sensitive DB

Criminal hacker encrypted DB, asking for ransom

Enforce strong password policy awareness

Enforce 2FA, least privilege least privilege Backup!

haveibeenpwned

Monitor login patterns

Monitor Internal port scan, failed login attempts

Monitor activity patterns and unusual events, like creating of new keys, users etc

Monitor unusual account activity

prevent detect

Money loss, reputation, compliance

Remember! Logging is For EVERYONE

Typical Attack Vector

@shambanIT

slide-26
SLIDE 26

Love Your Logs!

slide-27
SLIDE 27

30

Focus On The Big Rocks First

slide-28
SLIDE 28

Automate Remediation

31

Repetitive problems are easier to remediate Hire Expert(s) to Create Cluster

  • Address the Top 10 Recurring Problems

Hire Expert(s) to Prepare Appropriate Solutions Allow Machine to Label Each Problem If Yes – Auto Remediate If No – Escalate to Human

@shambanIT

slide-29
SLIDE 29

33

I have a problem Other people have that problem (or similar) I wonder how they solved it I will share my solution with the community

  • w they solved

it Others will share their own solutions, we exchange knowledge Security is improved!

Remediation – What’s The Future…Crowdsourcing

@shambanIT

slide-30
SLIDE 30

Free Your Warriors!

34

@shambanIT

slide-31
SLIDE 31

35

Thank You Any Questions? I Dare You!

Shira Shamban Head of Security Research @shambanIT shira@dome9.com

@shambanIT