Software that provides secure access to technology, everywhere.



Similar documents
Securing Remote Vendor Access with Privileged Account Security

Overcoming PCI Compliance Challenges

Additional Security Considerations and Controls for Virtual Private Networks

Using SIEM for Real- Time Threat Detection

Enterprise Cybersecurity: Building an Effective Defense

Into the cybersecurity breach

Defending Against Data Beaches: Internal Controls for Cybersecurity

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

RSA Security Anatomy of an Attack Lessons learned

Security & Threat Detection: Go Beyond Monitoring

Incident Response. Proactive Incident Management. Sean Curran Director

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Cyber Security Metrics Dashboards & Analytics

Enterprise Cybersecurity: Building an Effective Defense

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Critical Security Controls

BYPASSING THE ios GATEKEEPER

The webinar will begin shortly

Security and Privacy

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

KEY STEPS FOLLOWING A DATA BREACH

Protecting Your Data From The Inside Out UBA, Insider Threats and Least Privilege in only 10 minutes!

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate

Effective Methods to Detect Current Security Threats

Securing OS Legacy Systems Alexander Rau

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

How To Integrate Intelligence Based Security Into Your Organisation

Targeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge

After the Attack: RSA's Security Operations Transformed

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

All Information is derived from Mandiant consulting in a non-classified environment.

Can We Become Resilient to Cyber Attacks?

Teradata and Protegrity High-Value Protection for High-Value Data

Effective Methods to Detect Current Security Threats

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Protecting Your Organisation from Targeted Cyber Intrusion

Presented by: Mike Morris and Jim Rumph

Secret Server Qualys Integration Guide

Whose IP Is It Anyways: Tales of IP Reputation Failures

RSA Security Analytics

Effective Log Management

Next Generation Jump Servers for Industrial Control Systems

SPEAR PHISHING UNDERSTANDING THE THREAT

Concierge SIEM Reporting Overview

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

SIEM is only as good as the data it consumes

IT Security Strategy and Priorities. Stefan Lager CTO Services

Attachment A. Identification of Risks/Cybersecurity Governance

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Content Security: Protect Your Network with Five Must-Haves

Enterprise Apps: Bypassing the Gatekeeper

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

IBM Security Strategy

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

2012 Data Breach Investigations Report

INCIDENT RESPONSE CHECKLIST

Security Analytics for Smart Grid

ReadySpace Limited Unit J, 16/F Reason Group Tower, Castle PeakRoad, Kwai Chung, N.T.

Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only

Performing Advanced Incident Response Interactive Exercise

Redefining SIEM to Real Time Security Intelligence

Cisco & Big Data Security

Modern Approach to Incident Response: Automated Response Architecture

Data Center security trends

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

GOOD PRACTICE GUIDE 13 (GPG13)

TRIPWIRE NERC SOLUTION SUITE

UNCLASSIFIED. General Enquiries. Incidents Incidents

Under the Hood of the IBM Threat Protection System

How To Connect Log Files To A Log File On A Network With A Network Device (Network) On A Computer Or Network (Network Or Network) On Your Network (For A Network)

Logging In: Auditing Cybersecurity in an Unsecure World

Advanced Threats: The New World Order

Securing SharePoint 101. Rob Rachwald Imperva

Information Security Risk Assessment Methodology

A Decision Maker s Guide to Securing an IT Infrastructure

Understanding the Advanced Threat Landscape an MSPs Guide. IT Security: Enabled

APT Detection with Whitelisting and Log Monitoring

Unknown threats in Sweden. Study publication August 27, 2014

STARTER KIT. Infoblox DNS Firewall for FireEye

Active Response: Automated Risk Reduction or Manual Action?

Jort Kollerie SonicWALL

Network Security Policy

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Breach Found. Did It Hurt?

integrating cutting-edge security technologies the case for SIEM & PAM

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

DMZ Gateways: Secret Weapons for Data Security

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

How To Protect Your Online Banking From Fraud

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

MONTHLY WEBSITE MAINTENANCE PACKAGES

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Transcription:

Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1

Agenda What are we dealing with? How we handle it Disrupt the Kill Chain New Language [Q&A] 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 2

80+% of breaches involve a privileged account being exploited 243 days on average to detect a breach 63% of breaches caused by security vulnerabilities from a third-party 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 3

2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 4

2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 5

2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 6

2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 7

VPN 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 8

Once upon a time CORPORATE NETWORK REMOTE WORKER 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 9

Once upon a time CORPORATE NETWORK MitM ATTACK REMOTE WORKER Man in the Middle attacks were our biggest security threat. 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 10

VPNs allowed remote workers to securely connect to the network. CORPORATE NETWORK MitM ATTACK HIGH TRUST LEVEL VPN REMOTE WORKER 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 11

As more vendors and contractors needed access CORPORATE NETWORK LOW TRUST LEVEL VPN THIRD-PARTY VENDOR they were granted VPNs. 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 12

Hackers target third-party VPNs to gain a foothold into your network. CORPORATE NETWORK LOW TRUST LEVEL VPN COMPROMISED VENDOR 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 13

7steps to hack your sensitive systems https://www.brighttalk.com/webcast/9629/174185 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 14

Typical APT Threat Actor Phishing email RATs (Infected) Malicious host (Exploitation kit) Compromised asset Lateral movement / Trust exploitation The gold Email, IP, plans, Staging platform (possibly in DMZ) RATs (again) Data identification 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 15

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 16

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Broker the connection 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 17

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Outbound connections 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 18

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Multi-factor authentication 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 19

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Access to specific systems 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 20

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Application whitelist / blacklist 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 21

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Access timeframes 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 22

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Access approval workflow 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 23

How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Full audit trail with video 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 24

The Kill Chain responses Email and reputation based threat detections VPN Multi-Factor BOMGAR Auth SIEM aggregated and correlated EVERYTHING! Remote and network forensics, Malware analysis Reduced admin capabilities Log and analyze DNS, DHCP, Proxy Aggressive network threat detection, control and restrictions A use case for everything and everything in its use case. All else is an alert. Whitelisting on all servers Domain admin restricted from accessing AD servers 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 25

New Language VPN Mission Creep Not just Shrink the Attack Surface, Alter the Attack Surface Eliminate the foothold Damage mitigation Operationalize Security make the complex mundane, let Security People do Security Stuff Privileged Access not Remote Access 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 26

In the future we see a world where everyone can Connect Fearlessly. jschorr@bomgar.com 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 27

2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 28

C O N G R AT U L AT I O N S? 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 29

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information