defense in depth is dead, long live depth in defense · defense in depth is dead, long live depth...

#RSAC

Matt Alderman

Defense in Depth is Dead, Long Live Depth in Defense

VP, StrategyTenable Network Security@maldermania

#RSAC

Eliminate Blind Spots

#RSAC

Prioritize Threats & Weaknesses

#RSAC

Reduce Exposure & Loss

#RSAC

Defense in Depth is Broken

#RSAC

It’s Time to Transform Security

#RSAC

• Physical & Virtual Devices• Applications & Databases• Mobile Devices• Cloud Services

• Vulnerability Assessment• Configuration Audit• Malware Detection

• Log Collection• Activity Monitoring• Packet Inspection• Threat Intelligence

• Event Correlation• Anomaly Detection• Behavior Analysis• Dashboards and Reports

• Notification and Alerting• Remediation Workflow• Patch Management

• Patch Installation• Configuration Changes• Port/Service Modification• Device Isolation

Depth in Defense Approach

Action Visibility

Context

#RSAC

Visibility Context Action

Benefits of Depth in Defense

#RSAC

Applying Depth in Defense

Do you have continuous visibility into unknown or shadow assets?

Do you have continuous visibility into the security “state” of your assets?

Do you have critical context to prioritize threats and weaknesses?

Do you have critical context to measure security posture and assurance?

Are you able to take decisive actions to respond to attacks?

Are you able to take decisive actions to protect your assets?

#RSAC

Thank You

Matt Aldermanmalderman@tenable.com@maldermania

#RSAC

John G. O’Leary, CISSP

Garbo, D-Day and Ultimate Social Engineering

O’Leary Management Education

#RSAC

The Setting

#RSAC

The Setting

#RSAC

Operation Fortitude Spies -

#RSAC

Juan Pujol Garcia

Graduate of Royal Poultry School

Ran poultry farm outside Barcelona

Cinema proprietor

Cavalry officer

hated chickens

feared horses

terrible businessman

#RSAC

Try and Try Again

Jan 1941 - British in Madrid

“No Thanks”

Juan or Ariceli

British wanted Spain neutral

Plan B - got the Germans to believe he wanted to spy for them

#RSAC

Lisbon to London

#RSAC

Garbo’s “Network”

#RSAC

Garbo’s Influence

#RSAC

Tweaking the Nazis

olbeks

#RSAC

Imaginary Agents, Realistic problems

Girlfriend

Gambling debts

Fear of capture

No appreciation

Fistfights

#RSAC

Finances

$1.4 million from Germans for Double Cross

Funding their own deception

Skimming by middlemen

#RSAC

D-Day Deception

Start with truth, but little value

Gradually add lies

Still some nuggets of truth

Point away from Normandy

#RSAC

Early 1944, not just reports

Analysis

Drawing conclusions

Aim - not just influence, but replace their intelligence service

D-Day Deception

#RSAC

Post-D-Day – June 9

Stop the Panzers

“It’s just a diversion”

“Patton’s coming with FUSAG”

#RSAC

Awards and Commendations

#RSAC

Aftermath

Pujol effectively disappeared with his Iron CrossDivorced AracelliRemarried – new family in VenezuelaQuiet, relatively anonymous life Still followed trade craft and didn’t trust anyone

#RSAC

Aftermath

D-Day ceremonies in 1970’s

Brought to tears by rows of crosses at Normandy

“I didn’t do enough”Oct 10, 1988

#RSAC

Lessons

Know your audience

Know your “mark”

Don’t be too perfect

#RSAC

Lessons

Complain a lot

#RSAC

Lessons

Emphasize the prime deception point but don’t come right out and say it; let them draw conclusions

#RSAC

Lessons

Strengthen your handTell them about Normandy 3 hours before invasionChastise them for not responding

#RSAC

Lessons

Architecture - Less is More

Deception - More is More

#RSAC

Lessons

What they think is important

What they do is crucial

#RSAC

Final Words

#RSAC

John G. O’Leary, CISSP

Garbo, D-Day and Ultimate Social Engineering

O’Leary Management Education