defense in depth is dead, long live depth in defense · defense in depth is dead, long live depth...
TRANSCRIPT
#RSAC
Matt Alderman
Defense in Depth is Dead, Long Live Depth in Defense
VP, StrategyTenable Network Security@maldermania
#RSAC
Eliminate Blind Spots
#RSAC
Prioritize Threats & Weaknesses
#RSAC
Reduce Exposure & Loss
#RSAC
Defense in Depth is Broken
#RSAC
It’s Time to Transform Security
#RSAC
• Physical & Virtual Devices• Applications & Databases• Mobile Devices• Cloud Services
• Vulnerability Assessment• Configuration Audit• Malware Detection
• Log Collection• Activity Monitoring• Packet Inspection• Threat Intelligence
• Event Correlation• Anomaly Detection• Behavior Analysis• Dashboards and Reports
• Notification and Alerting• Remediation Workflow• Patch Management
• Patch Installation• Configuration Changes• Port/Service Modification• Device Isolation
Depth in Defense Approach
Action Visibility
Context
#RSAC
Visibility Context Action
Benefits of Depth in Defense
#RSAC
Applying Depth in Defense
Do you have continuous visibility into unknown or shadow assets?
Do you have continuous visibility into the security “state” of your assets?
Do you have critical context to prioritize threats and weaknesses?
Do you have critical context to measure security posture and assurance?
Are you able to take decisive actions to respond to attacks?
Are you able to take decisive actions to protect your assets?
#RSAC
John G. O’Leary, CISSP
Garbo, D-Day and Ultimate Social Engineering
O’Leary Management Education
#RSAC
The Setting
#RSAC
The Setting
#RSAC
Operation Fortitude Spies -
#RSAC
Juan Pujol Garcia
Graduate of Royal Poultry School
Ran poultry farm outside Barcelona
Cinema proprietor
Cavalry officer
hated chickens
feared horses
terrible businessman
#RSAC
Try and Try Again
Jan 1941 - British in Madrid
“No Thanks”
Juan or Ariceli
British wanted Spain neutral
Plan B - got the Germans to believe he wanted to spy for them
#RSAC
Lisbon to London
#RSAC
Garbo’s “Network”
#RSAC
Garbo’s Influence
#RSAC
Tweaking the Nazis
olbeks
#RSAC
Imaginary Agents, Realistic problems
Girlfriend
Gambling debts
Fear of capture
No appreciation
Fistfights
#RSAC
Finances
$1.4 million from Germans for Double Cross
Funding their own deception
Skimming by middlemen
#RSAC
D-Day Deception
Start with truth, but little value
Gradually add lies
Still some nuggets of truth
Point away from Normandy
#RSAC
Early 1944, not just reports
Analysis
Drawing conclusions
Aim - not just influence, but replace their intelligence service
D-Day Deception
#RSAC
Post-D-Day – June 9
Stop the Panzers
“It’s just a diversion”
“Patton’s coming with FUSAG”
#RSAC
Awards and Commendations
#RSAC
Aftermath
Pujol effectively disappeared with his Iron CrossDivorced AracelliRemarried – new family in VenezuelaQuiet, relatively anonymous life Still followed trade craft and didn’t trust anyone
#RSAC
Aftermath
D-Day ceremonies in 1970’s
Brought to tears by rows of crosses at Normandy
“I didn’t do enough”Oct 10, 1988
#RSAC
Lessons
Know your audience
Know your “mark”
Don’t be too perfect
#RSAC
Lessons
Complain a lot
#RSAC
Lessons
Emphasize the prime deception point but don’t come right out and say it; let them draw conclusions
#RSAC
Lessons
Strengthen your handTell them about Normandy 3 hours before invasionChastise them for not responding
#RSAC
Lessons
Architecture - Less is More
Deception - More is More
#RSAC
Lessons
What they think is important
What they do is crucial
#RSAC
Final Words
#RSAC
John G. O’Leary, CISSP
Garbo, D-Day and Ultimate Social Engineering
O’Leary Management Education