Beyond the Fortress Network David C. Broussard

Principal Consultant

@dbroussa

Blogs.catapultsystems.com/dbroussard

Who am I?

The Fortress Network

Security in the old mindset

What are we concerned about again?

Did it work?

−

−

Bad EXTERNAL actor

−

−

−

−

−

−

Story Time

−

−

−

−

−

−

Story Time 2

−

−

−

−

−

−

−

−

Malicious INTERNAL Actor

−

−

−

−

−

−

Story Time 3

−

−

−

−

−

Story Time 4

−

−

−

−

−

−

−

Core questions about security

DELIVERY

Employee A opens infected

email on workstation2

A

Malware

EXPLOITATION

Employee B opens infected

email using mobile device2

BMalware

Infected phone disables

Antivirus; and compromised

credentials used to access

Email service

3Control Evasion

Password/Hash Dumping

3Threat Actor gather

credentials on

compromised machine

COMMAND AND

CONTROL

Credentials harvested after

Employee attempts login

to bogus site2

4Threat Actors move

laterally within network

using compromised

credentials

Compromised Credential

ACTIONS ON

OBJECTIVE

5Threat Actors use compromised

devices/accounts to exfiltrate PII

48 Hours 200+ Days

PII

Leak/Exfiltrate Data

Threat Actor targets employees

via phishing campaign1

Phishing

3Compromised credentials

used to access service

Mobile Device Management

−

−

−

−

Risk Based Access

Data Loss Prevention and Encryption

Threat Detection and Prevention

−

−

−

−

Tools that you didn’t know you had

http://get.catapultsystems.com/0365-business-registration

http://get.catapultsystems.com/0365-bootcamp-registration-it-track/

@CloudWhisperers

Learn More