![Page 1: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/1.jpg)
Weaving Security Blankets
Make your own bespoke defensive toolkit
Presentation by Max CizauskasFor BSides Toronto 2015
![Page 2: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/2.jpg)
Benefits to you
1) More effective coverage of the tools you have
2) Clear out agent cruft
3) Free up resources to do more
![Page 3: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/3.jpg)
Agent Fatigue
https://flic.kr/p/9ZeoJG
![Page 4: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/4.jpg)
Reason why we're here
Wikipedia
![Page 5: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/5.jpg)
More reasons
https://flic.kr/p/4M2YVp
![Page 6: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/6.jpg)
Because… reasons
https://flic.kr/p/dbWTNt
![Page 7: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/7.jpg)
Framework
![Page 8: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/8.jpg)
Imma let you finish, but...
https://mlpforums.com/topic/29711-my-feelings-on-the-new-admin/
![Page 9: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/9.jpg)
Culture affects framework
• Build our own
• Free tools & become experts
• Buy vs. Build
• Outsource it all
![Page 10: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/10.jpg)
Security principles statement
![Page 11: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/11.jpg)
Prerequisites
Prevention
Detection
Response
![Page 12: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/12.jpg)
Prerequisites
Prevention
Detection
ResponseAnalysis
Deterrent
![Page 13: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/13.jpg)
Framework
• Governance (policies, standards, procedures, relationships, measurements, education)
• Information oversight• Access management• Threat projections• Infrastructure protection (physical &
logical)• Penetration detection• Incident management
![Page 14: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/14.jpg)
Another way
Protecting
Monitoring
Responding
(re)defining
Physical Logical
attack
misuse
Root cause analysis
recovery
Governance
awareness
AssetsNetwork
effectiveness
![Page 15: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/15.jpg)
Measure capabilities
• Stop
• Look
• Listen
![Page 16: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/16.jpg)
Matrix of capabilities
Product A Product B Product C Product D Product E Product FCapability 1 xCapability 2 o xCapability 3 o x xCapability 4Capability 5 x xCapability 6 oCapability 7 o xCapability 8 xCapability 9 x
![Page 17: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/17.jpg)
Cross reference with threats
https://flic.kr/p/8PDoAN
![Page 18: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/18.jpg)
Prioritize based on risks
wikipedia
![Page 19: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/19.jpg)
Get from this...
https://flic.kr/p/8PDoAN
![Page 20: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/20.jpg)
… to this
https://www.pinterest.com/lovelypitusa/crochet-men/
![Page 22: Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015](https://reader033.vdocuments.us/reader033/viewer/2022051517/5697bfe01a28abf838cb32d9/html5/thumbnails/22.jpg)
References
• NIST Framework for Improving Critical Infrastructure CyberSecurity 1.0 Feb 12 2014
• ISO/IEC 27032:2012 Information Technology – Security Techniques – Guidelines for cybersecurity
• SANS Top 20 Critical Security Controls
• Australian Signals Directorate Strategies to Mitigate Targeted Cyber Intrusion