strengthening the cyber-security resiliency...the challenge for companies is to maintain critical...
TRANSCRIPT
![Page 1: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/1.jpg)
Strengthening the cyber-security resiliencyMartin Zich, CISSPHPE Pointnext
27th Sep, MS Ignite 2018
![Page 2: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/2.jpg)
“An entity's ability to continuously deliver the intended outcome despite adverse cyber events…essentially brings the areas of information security, business continuity and (organizational) resilience together.” Wikipedia
2
![Page 3: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/3.jpg)
3
• In a matter of minutes, an organization's entire IT and communications infrastructure can be compromised from a cyber attack
• The challenge for companies is to maintain critical functions in the face of these inevitable breaches.
• Resilience to cyber attacks requires technical, procedural, and policy changes
Are you prepared for cyber attacks?
![Page 4: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/4.jpg)
notPetyaStory of a Disaster
4
2. Malware spreads over 2 main channels:– SMBv1 vulnerability, or– Hijacking credentials and open sessions
3. Malware gets executed:– Executes itself on all Windows nodes
where deployed over PSEXEC or WMI.– Special behavior on Domain controllers
(lists DHCP for clients identification).
4. Encrypts the machines and asks for ransom:– Trashes parts of MBR =
MasterBootRecord.– Schedules restart– Encrypts files (fake checkdisk) with one
128-bit AES key per drive (encrypted by 2048-bir RSA attacker‘s public key).
– Displays the message.
1. Initial attack vectors:– Client application updated by
malicious hacker (update to a “fat“ client which companies run in their environment).
– Tricks users/admins into click malicious email attachments (probably more rare).
– Taking advantage of SMBv1vulnerability discovered by NSA and leaked by Shadow Brokers.
![Page 5: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/5.jpg)
Cyber-security resiliency frameworkbest practice
5
Protect Detect Recover
![Page 6: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/6.jpg)
Setting the right mindset
1. Attach / built-in security into all designs
2. Adopt least-privilege and need-to-know principles as default
3. Keep narrowing down the attack surface
4. Never end the re-assessing and auditing
5. Assume breach
![Page 7: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/7.jpg)
Effective cyber resiliencyFramework
7
Continuous Risk
Management
Secure and resilient
infrastructure
Predictive and proactive
defense
Efficient Recovery processes
Protect
DetectRecover
Simplify. Unify. Innovate.
![Page 8: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/8.jpg)
Effective cyber resiliency
1‒ Enforce CMDB accuracy and management‒ Measure operational risk with infrastructure
KPI instrumentation‒ Revamp, retest, BC/DR plans ‒ Elevate risk lifecycle management, metrics
and governance model‒ Baseline risk and business impact analysis
8
Continuous Risk
Management
Framework
• Business-aligned• Measurable • Current and enforced • Outcome-based• Adaptive and pervasive• Scalable
Protect
![Page 9: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/9.jpg)
Effective cyber resiliency
9
Continuous Risk
Management
Secure and resilient
infrastructure
2
‒ Baseline security controls (lock-down the env.)
‒ Advance network segregation/ isolation/traffic management
‒ Optimize recovery with multi-level backup infrastructure
‒ Strengthen OS lifecycle and patch management
‒ Strengthen active directory (identity and access management) security controls
Framework
• Risk-aligned controls• Defense-in-depth • Quick threat isolation• Infrastructure preparedness• Infrastructure
instrumentation• Structured and consistent
Protect
![Page 10: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/10.jpg)
Effective cyber resiliency
10
Continuous Risk
Management
Secure and resilient
infrastructure
Predictive and proactive
defense
Detect
3‒ Enhance advanced threat detection and
threat analytics, including behavioral analytics
‒ Strengthen vulnerability management program with red teaming and application vulnerability testing
‒ Reinforce application integrity management including vendor application software
‒ Reinforce platform integrity management including hardening, application whitelisting and anomaly detection
Framework
• Risk mitigation• Proactive intelligence• Prepared• Operational effectiveness• Responsive• Cyber defense
Detect
![Page 11: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/11.jpg)
Effective cyber resiliency
11
DetectRecover
Continuous Risk
Management
Secure and resilient
infrastructure
Predictive and proactive
defense
Efficient Recovery processes
4
‒ Optimize and scale backup and recovery processes
‒ Leverage persistent data center instant backups/snapshots for quick recovery
‒ Evolve backup and recovery operations with automation and out-tasking
‒ Strengthen incident and crisis management including communication channels and processes
‒ Refine application testing and verification as part of recovery process
Framework
• Meet SLAs, RTO and RPO • Effective, efficient, fast• Adaptive and scalable• Accessible critical data• Automated• Tested
Recover
![Page 12: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/12.jpg)
Cyber resiliency frameworkRisk-driven, results focused, and continuous improvement
12
Continuous Risk
Management
Secure and resilient
infrastructure
Predictive and proactive
defense
Efficient Recovery processes
• Business-aligned• Measurable • Current and enforced • Outcome-based• Adaptive and pervasive• Scalable
• Meet SLAs, RTO and RPO • Effective, efficient, fast• Adaptive and scalable• Accessible critical data• Automated• Tested
• Risk-aligned controls• Defense-in-depth • Quick threat isolation• Infrastructure preparedness• Infrastructure
instrumentation• Structured and consistent
• Risk mitigation• Proactive intelligence• Prepared• Operational effectiveness• Responsive• Cyber defense
![Page 13: Strengthening the cyber-security resiliency...The challenge for companies is to maintain critical functions in ... ‒Enforce CMDB accuracy and management ‒Measure operational risk](https://reader035.vdocuments.mx/reader035/viewer/2022063023/5feb69987c7f4f4adf69182d/html5/thumbnails/13.jpg)
Outcomes you can achieveHPE Pointnext Security Portfolio
Hybrid IT security• Public & private cloud• Secure containers• Secure AzureStack• SAP security• DevSecOps• Platform protection
Intelligent edge security • Access Control • IoT security• Core network security• Digital workplace security
Data governance & management• Data lifecycle management• Data availability
Data security & privacy• Digital security • Digital transaction assurance• Storage & backup security• Data sanitization & retention
Unified security operations• Situational awareness• Security service
management• Security monitoring &
operations
Proactive threat & vulnerability management• Threat analytics & UEBA • Vulnerability detection &
remediation• Security hygiene for
endpoints
Risk & compliance• Risk & BIA analysis• Standards & compliance
readiness • Continuous security
improvement• Continuous compliance
monitoring
Continuity & resiliency• Business continuity
management• IT service continuity & DR• Cyber resiliency
Safeguard risk, compliance & continuity
Operationalize security & cyber defence
Ensure Data security & protection
Secure infrastructure, applications & access