Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1
Agenda What are we dealing with? How we handle it Disrupt the Kill Chain New Language [Q&A] 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 2
80+% of breaches involve a privileged account being exploited 243 days on average to detect a breach 63% of breaches caused by security vulnerabilities from a third-party 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 3
2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 4
2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 5
2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 6
2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 7
VPN 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 8
Once upon a time CORPORATE NETWORK REMOTE WORKER 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 9
Once upon a time CORPORATE NETWORK MitM ATTACK REMOTE WORKER Man in the Middle attacks were our biggest security threat. 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 10
VPNs allowed remote workers to securely connect to the network. CORPORATE NETWORK MitM ATTACK HIGH TRUST LEVEL VPN REMOTE WORKER 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 11
As more vendors and contractors needed access CORPORATE NETWORK LOW TRUST LEVEL VPN THIRD-PARTY VENDOR they were granted VPNs. 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 12
Hackers target third-party VPNs to gain a foothold into your network. CORPORATE NETWORK LOW TRUST LEVEL VPN COMPROMISED VENDOR 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 13
7steps to hack your sensitive systems https://www.brighttalk.com/webcast/9629/174185 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 14
Typical APT Threat Actor Phishing email RATs (Infected) Malicious host (Exploitation kit) Compromised asset Lateral movement / Trust exploitation The gold Email, IP, plans, Staging platform (possibly in DMZ) RATs (again) Data identification 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 15
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 16
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Broker the connection 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 17
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Outbound connections 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 18
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Multi-factor authentication 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 19
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Access to specific systems 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 20
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Application whitelist / blacklist 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 21
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Access timeframes 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 22
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Access approval workflow 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 23
How do you secure vendor access? CORPORATE NETWORK LOW TRUST LEVEL THIRD-PARTY VENDOR Full audit trail with video 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 24
The Kill Chain responses Email and reputation based threat detections VPN Multi-Factor BOMGAR Auth SIEM aggregated and correlated EVERYTHING! Remote and network forensics, Malware analysis Reduced admin capabilities Log and analyze DNS, DHCP, Proxy Aggressive network threat detection, control and restrictions A use case for everything and everything in its use case. All else is an alert. Whitelisting on all servers Domain admin restricted from accessing AD servers 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 25
New Language VPN Mission Creep Not just Shrink the Attack Surface, Alter the Attack Surface Eliminate the foothold Damage mitigation Operationalize Security make the complex mundane, let Security People do Security Stuff Privileged Access not Remote Access 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 26
In the future we see a world where everyone can Connect Fearlessly. jschorr@bomgar.com 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 27
2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 28
C O N G R AT U L AT I O N S? 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 29