trust mattas cyber security event slides
Post on 23-Jan-2018
406 Views
Preview:
TRANSCRIPT
1
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Taking StockPast and C urrent Landscape and W here to Focus Resources Today
2
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Matta is an award winning security consultancy based in London since 2001. In 2002 They were the first company to demonstrate how Google Dorking could be used in cybersecurity after mapping an internal network of the CIA -https:/ /www.trustmatta.com/downloads/pdf/Matta_Counterintelligence.pdf
In 2003 they set up the first 'Test the Tester' program nicknamed 'Sent inel' to evaluate the quality and effect iveness of penetrat ion testers, which they ran on behalf of Financial inst itut ions against all the big global security firms for several years.
Mat taAward winning security since 2001
You can observe a lot just by watching. (Yogi Berra)
At this time, the technical director also released the first book on professional penetration testing - O 'R eilly's 'Network Security Assessment'
M ore recently, they have spoken at Black Hat, and won the prestigiousPW NIE Award for security R esearch. Today they are focused on helpingcompanies with some of the more difficult challenges in Cybersecurity"
3
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Nick Basket tFO UNDER
Nick founded Mat ta in 2001, and is a founding member of the Cyber Security Council. He advises a number of companies on cyber security st rategy at board level. Helping them develop effect ive st rategies that fit their business model, as well as advising smaller security companies on how to commercialise their ideas.
Chairman, Non Executive Director, Cybersecurity and M ining Companies
About Me
4
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
What We Do?Your great subtitle in this line
Blended product and consultancy service to outsource finding malware on clients network.
Advanced behavioural analysis means we find M alware and anomylous traffic quickly and accurately.
MalgorithmicsO ld school hacking using modern techniques . W e break into systems and applications and give a board report on how we did it.
Red TeamM atta 360 is a full service secure systems administration and escrow service
Matta 360Pre-configured security configurations ready to roll out across your network:- W ireless- SSL- R DP
Power PacksPenetration testing, code auditing, secure design services and more.
Consultancy
5
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Agenda
● Security by the numbers● Excit ing regulatory developments● Pract ical Advice on Internal Network Security
6
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Security By Numbers
7
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Profile of CyberSecurity is Increasing
● Reputat ional damage amplified by social media● Difficult to quant ify, but has real impact on GDP● Has potent ial to materially negat ively affect a countries
compet it iveness through loss of IPR
8
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Impact at Nat ion Level
* Abreviated numbers from McAfee economic impact report
9
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
90% 74% £3m £311k
Big Co Breachesincrease from 81% in 2014
Little Co B reaches increase from 60% in 2014
M ax Cost to B igCoThe costs of the most expensive breaches ranged from £1.46m to £3.14m
M ax Cost to LittleCosmaller companies costed their breaches at between £75-£311k
++ Breaches ++ CostsM ore Breaches more costs
* All figures for 2015 - source PwC 2015 breach report
10
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
FTP
SSL
SMB
RDP
Wireless
Config MistakesCommon Areas of M isconfigurtion
11
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Excit ing Regulatory Developments
12
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Changes
● GDPR● EU Safe Harbour● Briefly CISA Impact to EU● Update on Directors Responsibilit ies
13
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● The EU General Data Protect ion Regulat ion● Under “t rilogue” negot iat ion● Due 2015/16 and effect ive two years’ later● Now is the t ime to prepare● Just looking at key changes
GDPR
* Informat ion provided by Sheridans Solicitors
14
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● Increased fines to €1,000,000 / 2%global annual turnover● Applies to both data controllersand processors● Requirement for Privacy Impact Assessments● Minimisat ion and privacy by design● Consent more difficult to obtain
GDPR
* Informat ion provided by Sheridans Solicitors
15
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
The 8th data protect ion principle provides that “Personal datashall not be t ransferred to a country or territory outside theEuropean Economic Area (EEA) unless that country or territoryensures an adequate level of protect ion for the rights andfreedoms of data subjects in relat ion to the processing of personaldata.”Does not apply to data which simply passes through a country int ransit to another dest inat ion in the EEA.
Internat ional Transfers (pre GDPR)
* Informat ion provided by Sheridans Solicitors
16
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● Safe Harbour was supposed to ensure EU data principles were maintained cross border
● Snowden revelations promted legal student, Schrems to challenge the effectiveness
● EU courts agreed and companies can no longer transfer EU citizens data to the US
17
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
To t ransfer personal data outside of the EEA:
● Consent● Adequate Protect ion● Model Clauses
● Limited Except ions● Binding Corporate Rules
Safe Harbor is no more.
As of the morning of Tuesday 6 October, any data t ransfers which were legit imate only on the basis of Safe Harbor are now unlawful.
* Informat ion provided by Sheridans Solicitors
18
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● Proposed asa threat intelligence sharing law● Offers indmenity in Ant i-Trust and FOI Act● Advocates - will help indust ry react to threats● Opponents - enablesmasssurveilance and putsdata at risk● Passed by Senate end of Oct , not law yet
CISA
19
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● Sep 2015, ICO chief saysDirectorsshould be personally liable● Feb 2015, FCA int roducesSMRfor NED’s● Legal responsibilit ies isusually with C-Level execs
Board Responsibilit ies
20
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● Sep 2015, ICO chief says Directorsshould be personally liable
● Feb 2015, FCA int roducesSMRfor NED’s● Legal responsibilit ies is usually with C-
Level execs
The Indust ry Track Record
Measures of Maturity
Immature Basic Managed Established Predictable Optimizing
People • Leadership at all levels • Culture: skills, competencies and expected behaviours
Process• Threat surveillance and intelligence • Incident and event response• Testing (technical, procedural, scenario)
Structure • Accountability and Responsibilities • Integration of cyber-resilience into enterprise-wide risk management and governance processes
Information• Confidentiality; Integrity; and Availability• Prioritised information assets (differentiated protection)• Release, Retention and Disposal of information assets
Technology
• Firewalls • Secure Configuration • User Access Control • Malware Protection • Patch Management
Cyber Resilience Base Line Review
Threats
Governance & Accountability
Analysis, Educate, Exercise and Implement
Leadership & Culture
Common Vision and Purpose
Stakeholders
22
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Pract ical Internal Security
23
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Are You Doing This?
24
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Many companies do not know what is on their network.
Consider 802.1x on switches to harvest MAC addresses you can then query to determine what ’s out there
Improve visibility of t raffic.
● Baseline what is anomylous
● Decide what ’s important and then measure it
● Hold quarterly reviews● Communicate upwards
Stronger 3rd party controls. Review:
● Development process● Procurement● 3rd party relat ionships
Some IdeasSpending time on what’s important
Segregate internal network.
Still too many flat networks without adequate protection between segments
25
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Time Matrix
Not UrgentImportant
UrgentNot Important
Not UrgentNot Important
UrgentImportant
Not Urgent Urgent
Not Important
Important
26
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● You define malware● Product -led solut ions● Why most companies fail to manage the threat
The Most Pernicious Threat
27
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
How Long it Takes
28
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● Run assembler code to check if you’re on the metal● Check some regist ry set t ings that VM’s / Sandboxesoften have● Enumerate Services● Look for Enterprise Apps (what no exchange server?…hmmm)● Install a stub and don’t run without it● Bind the executable to the original machine via a digital signature and
only run if verified● Spawn dummy processesand monitor if they are being monitored● Just wait ...
Host Malware Evasion
29
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
● Period – 7 days● Total number of records: 10,416,501● 4,237 active IPs being monitored● 1.2GB meta data analysed per week● 12 infected machines with confidence 100%● 4 of them run unknown malware● 3 suspected infections.. confidence (various)● http://www.sophos.com/en-us/threat-center/threat-
analyses/viruses-and-spyware/Troj~Foreign-R/detailed-analysis.aspx
Client ’s 1st week on Malgorithmics
30
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Authent icat ionW hen is less security more secure
31
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Secure by DesignFixing it later is not as effective as
building it right. Building it right
means you less maintenance costHold the Code
You may think you own your code,
but what happens when there’s a
dispute with your developers?
Integrate SecurityUse DR EAD and a methodical
approach to ensure processes are
baked inDedicate a ResourceIf you can’t dedicate a resource for
managing external systems, consider
outsourcing it.
Validate, ValidateM istakes happen at any time, not
just once a year. R educe validation
costs with a secure design
Cloud Sysadmin and Code EscrowExternal systems need better management
33
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Install from Githubhttps:/ /github.com/jordan-wright/dumpmon follow the readme instruct ions
Choose Mongo or text file configure to use Mongo DB or just write out to a text file
Edit the REGEXEdit the REGEX to search for data you need to monitor
DumpmonM onitor the pastebin eco systems
34
https:/ /www.trustmatta.com© 2015 Matta Consult ing Limited. All Rights Reserved.
Switchboard: +44(0)203 051 3420info@trustmatta.com
Direct: +44 (0)203 051 3420 x2010
nick.baskett@trustmatta.com
Contact UsW e are nice people
top related