the prescription for protection - avoid treatment errors to the malware problem
TRANSCRIPT
© 2016 JURINNOV, LLC All Rights Reserved.
The Prescription for ProtectionAvoid Treatment Errors to the Malware
Problem
Advanced Persistent Threats Summit
Eric Vanderburg and Bogdan Salamakha
JUNE 15, 2016
© 2016 JURINNOV, LLC All Rights Reserved.
Eric VanderburgDirector of Cybersecurity
Over 40 certificationsLicensed private investigatorMBA with an IS concentration BS, Technology AAB, Computer Information Systems18 years experience in information assurance and cybersecurityAuthorExpert witness
© 2016 JURINNOV, LLC All Rights Reserved.
Bogdan SalamakhaPenetration Tester and Security Researcher
MPSC (Metasploit Pro Certified Specialist)Penetration tester and security researcherOperates JURINNOV’s honeynetSpecializations include: Vulnerability assessmentEthical hackingSecurity analysisIncident response
© 2016 JURINNOV, LLC All Rights Reserved.
Traditional Malware
Your data or your money
Encrypts or blocks access to data and demands money to gain access
Examples:
Reveton
CryptoLocker
CryptoWall
General viruses, trojans and worms• Spread quickly
• Destroy data
• Open backdoors
• Make computers sluggish
• Hijacks browser sessions
• Steals data
Coordinated malware
• The cloud for crooks• Over 700 million bots
worldwide• 12% of bots active• Malicious bots responsible
for 29% of worldwide Internet traffic
• 90% of security events are from bot activity
Ransomware Bots
Right Client - AuthenticationThey come to you in sheep's clothing, but inwardly they are ferocious wolves.-Matthew 7:15 NIV
© 2016 JURINNOV, LLC All Rights Reserved.
Right Client - Authentication Drive by malware•Web filtering• Block Javascript for sites unless you need it• Ad blocking• Browser updates
Software downloads• AppLocker• Java application signature verification•Microsoft code signing• Utilize official app stores • Microsoft Store• Ubuntu Software Center
© 2016 JURINNOV, LLC All Rights Reserved.
Right Client - Authentication Mobile apps•Utilize official repositories• Read reviews•Developer reputation•Developer professionalism
Email attachments•Discretionary execution• Protected mode•Macros
Right Route – Gaps and StrategiesProductivity is never an accident. It is always the result of a commitment to excellence, intelligent planning, and focused effort. -Paul J. Meyer
© 2016 JURINNOV, LLC All Rights Reserved.
Right Route – Gaps and Strategies•Gap assessments• SWOT• Priorities•Vision•Data inventory Data classification• Patient information• Engineering documents• Competitive advantage information / IP• Financial information
© 2016 JURINNOV, LLC All Rights Reserved.
Right Route – Gaps and Strategies• Identify best practices• Security governance framework• Policies and procedures• Top level support• Trained staff• Identify required third parties
© 2016 JURINNOV, LLC All Rights Reserved.
What is greatest threat for your industry?
Right Drug – Security ControlsI am dying from the treatment of too many physicians. -Alexander the Great
© 2016 JURINNOV, LLC All Rights Reserved.
Right Drug
Technical controls
Procedural controls
Training
© 2016 JURINNOV, LLC All Rights Reserved.
Network Security
NAC
Firewall
IPS / IDS
Content security
Wireless
Monitoring
Security Management
Compliance
Security Operations
System Management
Vulnerability Management
Patch Management
Change Management
Data Security
Encryption
DLP
Database Security
Identity and Access
Management
Federation
Web access management
Provisioning
Directories
Authentication
Virtualization
Segmentation
Hypervisor isolation
Parent/child relationships
Hypervisor authentication
Cloud
Provider resiliency
Data exchange protocols
Incident detection / notification
Application Security
Security Development
Web Application Assessment
Application Testing
Web Application
Firewalls
Endpoint Security
Remote Access / VPN
Device Control
Disk Encryption
Mobile Security
A/V
Right Drug – Technical Controls
© 2016 JURINNOV, LLC All Rights Reserved.
Right Drug – Procedural Controls• Incident response• Ticket escalation and tracking• Customize for: • Traditional malware• Bots• Ransomware• Procedures
© 2016 JURINNOV, LLC All Rights Reserved.
Right Drug – Procedural Controls•Investigative procedures• Evidence handling• Third party services•Notification procedures• Customer notifications• Legal requirements• Public relations•Incident debriefs•Table top exercise / scenario
© 2016 JURINNOV, LLC All Rights Reserved.
Right Drug – Training• Incident reporting• Recognizing spam and phishing• Data classifications• Data sensitivity levels• Data availability levels• Storage locations• Transmission restrictions• Passwords• Warning signs
Right Dose – Security and Business BalanceI tried being reasonable, I didn't like it. –Clint Eastwood
© 2016 JURINNOV, LLC All Rights Reserved.
Right Dose – Finding the Balance• Defining an acceptable minimum• Compliance requirements• Due diligence• Industry standards• Competitive analysis•Risk analysis• Impact + likelihood vs. cost to remediate
Acceptable Minimum
Risk analysis
Competitors
Compliance & Standards
© 2016 JURINNOV, LLC All Rights Reserved.
Right Dose – Security and Business Balance• Combining similar controls• Streamlining existing controls• SSO• Automation• Start with security• Solicit feedback and involvement
Right Time – Staying up to Date“The early bird gets the worm, but the second mouse gets the cheese.”― Willie Nelson
© 2016 JURINNOV, LLC All Rights Reserved.
Right Time – Staying up to Date• Don’t stop now!• Awareness• Continuous improvement and Metrics• Updates and NAC• Right place in the adoption curve
© 2016 JURINNOV, LLC All Rights Reserved.
Questions