weaving security blankets make your own bespoke defensive toolkit presentation by max cizauskas for...

Weaving Security Blankets

Make your own bespoke defensive toolkit

Presentation by Max CizauskasFor BSides Toronto 2015

Benefits to you

1) More effective coverage of the tools you have

2) Clear out agent cruft

3) Free up resources to do more

Agent Fatigue

https://flic.kr/p/9ZeoJG

Reason why we're here

Wikipedia

More reasons

https://flic.kr/p/4M2YVp

Because… reasons

https://flic.kr/p/dbWTNt

Framework

Imma let you finish, but...

https://mlpforums.com/topic/29711-my-feelings-on-the-new-admin/

Culture affects framework

• Build our own

• Free tools & become experts

• Buy vs. Build

• Outsource it all

Security principles statement

Prerequisites

Prevention

Detection

Response

Prerequisites

Prevention

Detection

ResponseAnalysis

Deterrent

Framework

• Governance (policies, standards, procedures, relationships, measurements, education)

• Information oversight• Access management• Threat projections• Infrastructure protection (physical &

logical)• Penetration detection• Incident management

Another way

Protecting

Monitoring

Responding

(re)defining

Physical Logical

attack

misuse

Root cause analysis

recovery

Governance

awareness

AssetsNetwork

effectiveness

Measure capabilities

• Stop

• Look

• Listen

Matrix of capabilities

Product A Product B Product C Product D Product E Product FCapability 1 xCapability 2 o xCapability 3 o x xCapability 4Capability 5 x xCapability 6 oCapability 7 o xCapability 8 xCapability 9 x

Cross reference with threats

https://flic.kr/p/8PDoAN

Prioritize based on risks

wikipedia

Get from this...

https://flic.kr/p/8PDoAN

… to this

https://www.pinterest.com/lovelypitusa/crochet-men/

Questions?

Comments!feedback@in-security.org

@inSecurityShow

References

• NIST Framework for Improving Critical Infrastructure CyberSecurity 1.0 Feb 12 2014

• ISO/IEC 27032:2012 Information Technology – Security Techniques – Guidelines for cybersecurity

• SANS Top 20 Critical Security Controls

• Australian Signals Directorate Strategies to Mitigate Targeted Cyber Intrusion

weaving security blankets make your own bespoke defensive toolkit presentation by max cizauskas for...

security tools

security blanketsmake

security controls

free tools

weaving security blankets

nist framework

agent fatigue https

agent cruft

Documents

bsides london jedi mind tricks combined

digital forensics - bsides lisbon 2013

bsides philly finding a company's breakpoint

bsides magazine_ april 2007

honeywords - bsides london 2014

hacking food - bsides augusta 2017

faraday bsides latam 2016

nosql - no security? - the bsides edition

bsides manchester

overview of python - bsides detroit 2012

bsides algiers - certification electronique - lilia ounini

active defense - ohio infosec - active... · 2020. 3....

bsides sanders/allen

bsides detroit 2012

bsides algiers - metasploit framework - oussama elhamer

bsides manchester 2014 zap advanced features

honey potz - bsides slc 2015

bitcoin forensics : bsides delhi conference

bsidesottawa 2016 sponsorship kit v1 - security...

taking appsec to 11 - bsides austin 2016