cybersecurity 5 road_blocks
TRANSCRIPT
Getting Down To Business:Implementing Effective & Sustainable
Cybersecurity Postures
Your speakers today
@FengminGongCo-Founder & Chief Strategy Officer
Shel SharmaProduct Marketing Director
Agenda
o Obama Executive Ordero Cybersecurity Framework 1.0o Time To GSDo Overcome 5 Top Road Blockso Q&A
Cyph
ort L
abs T
-shi
rt
We monitor threats & help customers
______24X7 monitoring for
malware events
________Assist customers with
their forensics and Incident Response
We enhance malware detection accuracy
________False positives/negatives
________Deep-dive research &
technology prototyping
We work with security ecosystem
________ Best practice for cyber
defense
________Actionable threat
intelligence
o Obama’s Executive Order 13636, February 12, 2013 o Call to action “Improving Critical Infrastructure Cybersecurity”o Critical Infrastructure: “systems and assets, whether physical or
virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
You Can Be The Weakest Link To Cybersecurity!
o With the connected world, everything is critical to threat penetration, from retail stores, to government, to IoT devices!
o RSA Secure Token breach via HR employeeo Target breach via HVAC contractor accesso OPM breach via contractors (USIS & KeyPoint)o Jeep Cherokee via (Sprint cellular + Harman
Kardon Uconnect 8.4N/RA4 radio)
NIST Cybersecurity Framework 1.0
o NIST spear-headed joint government-private effort
o Framework meant for voluntary following
o Advocate best approach to managing cybersecurity risks in the face of advanced threats and evolving IT & ICS infrastructure
From Board Visibility 2 GSD!
Business risksCEO/CISO accountability“5 headcounts, take care
of it for me!”
What are our crown jewels, where?What’s the most urgent?
Who/where are our threat sources?What tools are most effective for our
needs?“We need to implement a solution to
manage the risks for today and ongoing, with grace!”
Process, tools, operations
Clarity: Be Thoughtful, Be Logical
Risk Mgmt Cycle Government Businesses Tool Vendors Netizens
Identify objectives
Foster good behaviors
Priority & Objective Business asset & IT integration
Privacy & Securityawareness
Protect assets Encourage best practices
Proactive Posture Kill chain & impact delineation
Practice security
Detect incidents Promote sound approaches
Visibility: attack surface & threat vector
Deployment flexibility & scale
Follow policy
Respond to incidents
Compel business responsibility
Time to containment & resolution
Workflow automation, API
Follow policy
Recover from breaches
Compel stronger consumer protection
Time to restoration Context aware & forensics
Follow policy
Defensive Stake Holders And Roles
Top 5 Potential Road Blocks1. Understand business specific risks2. Plan for complete threat mitigation cycle3. Anticipate to deal with consequences4. Ask for ready-to-take mitigation options5. Prepare for the worst-case recovery
Understand Your Business Riskso Different threats, different priorities
o OPM – personnel recordso Health care – patient recordso Financial – client records, transaction systemo Design house – blueprint, schematicso Internet service provider – customer account
infoo Where others failed
o Compliance as the ends instead of means
Plan For Full Mitigation Cycle
o Watch for attacks at all stages of kill chain
o Monitor all access paths to your protected assetso Spectacular failures
o RSA attack combined flash 0day+spear-phishingo Mr. Snowden went directly for exfiltrationo OPM attack opted USIS & KeyPoint as stepping stoneso Ashley Madison hack likely with insider involvement
Exploit Download Install Exfiltrate
Focus On Dealing With Consequences
o “Consequence Focus” forces clarity on objectiveso Stopping an BO exploit against the file server is neither sufficient
nor necessary for stopping code theft on the servero Need multi-prone: protect, detect, respond, and recover
o Murphy’s law also holds for “prevention”
o Others’ failure, your gaino “Deploy and forget” IPS defense does not worko Think what you can protect, detect, respond, and recover!
Your Plan, Your Choice
o What’s missing from your tools?o Timely, relevant and specific detectiono Prioritized ready-to-take actionso Ecosystem friendly tools
o Some example failureso Firewalls will block IP/port/Apps, if you tell them “what
exactly”o IPS/SWG will block a communication/URL, if you tell them soo AV will quarantine or even clean up an endpoint, if it were
able to spot most of malware
Prepare For The Worsto Don’t plan for “Armageddon” or “Singularity”o Plan for the worst you can handle
o Privileged user gets infected by RAT malwareo Unauthorized access to your source repositoryo Cryptolocker infection on file share server
o Some well-known lessonso No worst considerationo No robust backup/restore practice for server or
endpointso No compartmentization or isolation controlo No least-privilege practice
Any Questions?
Thank You!
Previous MMW slides on
http://cyphort.com/labs/malwares-wanted/