![Page 1: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/1.jpg)
EMERGING THREATS & STRATEGIES FOR DEFENSE
Paul Fletcher – Cyber Security Evangelist @_PaulFletcher
![Page 2: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/2.jpg)
Threats by Customer Environment
40.55%
28.01%
18.75%
10.60%
1.96% 0.13% 0.02% application-attack
brute-force
suspicious-activity
recon
trojan-activity
denial-of-service
other
40.79%
22.36%
15.67%
7.40%
5.29% 0.03% 0.02% application-attack
brute-force
trojan-activity
suspicious-activity
recon
denial-of-service
other
Cloud Environment On Premise Environment
Source: Alert Logic CSR 2015
Brute Force
Application Attack Application Attack
Brute Force
![Page 3: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/3.jpg)
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Threats by Customer Industry Vertical
Source: Alert Logic CSR 2015
Application Attack
Brute Force
Recon Suspicious Activity
DoS
![Page 4: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/4.jpg)
Global Analysis
![Page 5: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/5.jpg)
Internet of Things – Planes, Trains and Automobiles
![Page 6: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/6.jpg)
Internet of Things – Keyfobs and Garage Doors
![Page 7: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/7.jpg)
Latest “News”
Update as needed
![Page 8: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/8.jpg)
Latest Activity
• Darkode taken down on July 15, 2015 • Arrests made in 20 countries • Despite Coordinated law enforcement efforts • BotNet takedowns are more effective
![Page 9: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/9.jpg)
HOW DO WE DEFEND AGAINST THESE ATTACKS
![Page 10: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/10.jpg)
Security Architecture
Firewall/ACL Intrusion Detection
Deep Packet Forensics
Network DDOS
Netflow Analysis
Backup
Patch Mgmt Vulnerabilities
Server/App
Log Mgmt SDLC
Anti-Virus Encryption GPG/PGP
Host Anti Malware
FIM
NAC Scanner
Mail/Web Filter Scanner
IAM Central Storage
![Page 11: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/11.jpg)
Data Correlation is the Key
![Page 12: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/12.jpg)
Enterprise Cyber Security Teams
![Page 13: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/13.jpg)
24x7 Security Operations Center and Intelligence
Monitor intrusion detection and vulnerability scan
activity
Search for Industry trends and deliver intelligence on
lost or stolen data
Collect data from OSINT and Underground Sources to deliver Intelligence and
Content
Identify and implement required policy
changes
Escalate incidents and provide guidance to the response team to
quickly mitigate Incidents
Monitor for Zero-Day and New and
Emerging attacks
Cross product correlate data sources
to find anomalies
![Page 14: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/14.jpg)
SECURITY BEST PRACTICES
![Page 15: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/15.jpg)
10 Best Practices of Cloud Security
1. Secure your code 2. Create access management policies 3. Data Classification 4. Adopt a patch management approach 5. Review logs regularly 6. Build a security toolkit 7. Stay informed of the latest vulnerabilities that may affect you 8. Understand your cloud service providers security model 9. Understand the shared security responsibility 10. Know your adversaries
![Page 16: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/16.jpg)
1. Secure Your Code
• Test inputs that are open to the Internet • Add delays to your code to confuse bots • Use encryption when you can • Test libraries • Scan plugins • Scan your code after every update • Limit privileges • Stay informed
![Page 17: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/17.jpg)
2. Create Access Management Policies
• Identify data infrastructure that requires access • Define roles and responsibilities • Simplify access controls (KISS) • Continually audit access • Start with a least privilege access model
![Page 18: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/18.jpg)
3. Data Classification
• Identify data repositories and mobile backups • Identify classification levels and requirements • Analyze data to determine classification • Build Access Management policy around classification • Monitor file modifications and users
![Page 19: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/19.jpg)
4. Adopt a Patch Management Approach
• Inventory all production systems • Devise a plan for standardization, if possible • Compare reported vulnerabilities to production infrastructure • Classify the risk based on vulnerability and likelihood • Test patches before you release into production • Setup a regular patching schedule • Keep informed, follow bugtraqer • Follow a SDLC
![Page 20: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/20.jpg)
5. Importance of Log Management and Review
• Monitoring for malicious activity • Forensic investigations • Compliance needs • System performance
• All sources of log data is collected • Data types (Windows, Syslog) • Review process • Live monitoring • Correlation logic
![Page 21: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/21.jpg)
6. Build a Security Toolkit • Recommended Security Solutions
• Antivirus • IP tables/Firewall • Backups • FIM • Intrusion Detection System • Malware Detection • Web Application Firewalls • Forensic Image of hardware remotely • Future Deep Packet Forensics • Web Filters • Mail Filters • Encryption Solutions • Proxies • Log collection • SIEM Monitoring and Escalation • Penetration Testing
![Page 22: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/22.jpg)
7. Stay Informed of the Latest Vulnerabilities
• Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/
![Page 23: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/23.jpg)
8. Understand Your Service Providers Security Model • Understand the security offerings from your provider • Probe into the Security vendors to find their prime service • Hypervisor Example • Questions to use when evaluating cloud service providers
![Page 24: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/24.jpg)
9. Service Provider & Customer Responsibility Summary
Cloud Service Provider
Responsibility
Provider Services
Hosts
• Logical network segmentation • Perimeter security services • External DDoS, spoofing, and scanning prevented
• Hardened hypervisor • System image library • Root access for customer
• Access management • Patch management • Configuration hardening • Security monitoring • Log analysis
Apps
• Secure coding and best practices • Software and virtual patching • Configuration management
• Access management • Application level attack monitoring
• Network threat detection
• Security monitoring
Networks
Customer Responsibility
Compute Storage DB Network
![Page 25: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/25.jpg)
10. Understand your Adversaries
25
![Page 26: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/26.jpg)
To Follow our Research • Twitter:
- @AlertLogic - @StephenCoty - @_PaulFletcher
• Blog: - https://www.alertlogic.com/resources/blog
• Newsletter: - https://www.alertlogic.com/weekly-threat-report/
• Cloud Security Report - https://www.alertlogic.com/resources/cloud-security-report/
• Zero Day Magazine - http://www.alertlogic.com/zerodaymagazine/
• Websites to follow • http://www.securityfocus.com • http://www.exploit-db.com • http://seclists.org/fulldisclosure/ • http://www.securitybloggersnetwork.com/ • http://cve.mitre.org/ • http://nvd.nist.gov/ • https://www.alertlogic.com/weekly-threat-report/
![Page 27: Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fletcher](https://reader031.vdocuments.mx/reader031/viewer/2022030305/587059781a28aba2118b6221/html5/thumbnails/27.jpg)
Thank you.