Security for Enterprise Hobbits

Transcript

1. Enterprise Security,
   Threat Detection, Hunting
   and things..
   

   View Slide

2. OR....
   

   View Slide

3. A hobbits Guide to Surviving
   Mordor Security
   L
   ord of the Pings
   

   View Slide

4. Your Merry Guide
   •
   •
   •
   •
   

   View Slide

5. The Journey to There and Back
   Chapters
   1. The Old Forest
   • What Creatures creep in the
   Forests of the Old
   2. The voice of Saruman
   • Why can’t we just let him have
   the damn ring?
   3. Council of Elrond
   • Forming of the Fellowship
   4. Mount Doom!
   5. Homeward Bound
   

   View Slide

6. The Elder Wizards of Twitterverse
   

   View Slide

7. The Old Forest
   Chapter ~1~
   

   View Slide

8. The Old Forest Vendor Based
   Security
   •
   •
   •
   

   View Slide

9. The Old Forest Compliance based
   Security
   •
   •
   •
   

   View Slide

10. The Old Forest
    Silo based Security
    •
    •
    •
    

    View Slide

11. The Old Forest
    Managed Security
    •
    •
    •
    https://twitter.com/sawaba/status/736604203523657732
    http://thinkst.com/stuff/itweb2016/itweb-thinkst-2016.pdf
    

    View Slide

12. This is Arwen
    We’ve made her sad
    so sad
    

    View Slide

13. The Old Forest
    And this is Sean Bean.
    He dies in this movie.
    

    View Slide

14. The Voice of Saruman
    Chapter ~2~
    

    View Slide

15. Something seems.. off..
    

    View Slide

16. Security Fails
    •
    •
    •
    

    View Slide

17. IDS / IPS typically work by spotting abnormal usage...
    

    View Slide

18. ..but smart attacks look like normal usage
    https://twitter.com/haroonmeer/status/729401101770997761
    

    View Slide

19. https://twitter.com/addelindh/status/72539
    8045676941313
    https://storify.com/thegrugq/dan-guido-
    reads-the-vdbir
    Magic is Real
    

    View Slide

20. Breaching Perimeter – low payoff
    ..so why even bother?
    https://www.troopers.de/media/filer_public/12/29/12298918-04d6-4f26-96d3-4205d09dd70d/andreas_lindhdefendereconomics.pdf
    

    View Slide

21. Compromising users and end-points
    ..Stealing your Domain creds
    

    View Slide

22. Your users shall pass
    

    View Slide

23. Choose your battles.
    Maybe one with better odds?.
    

    View Slide

24. This is Arwen.
    Again
    Still sad
    so sad
    

    View Slide

25. Oh, right. Sean Bean Again.
    Just doing his thing
    

    View Slide

26. The Council of Elrond
    Chapter ~3~
    

    View Slide

27. The Old Forest
    Breaking Silos
    •
    •
    •
    https://speakerdeck.com/markofu/leveling-up-
    security-at-riot-games-brucon-2015
    

    View Slide

28. The Old Forest
    Building Culture
    https://speakerdeck.com/iodboi/crafting-an-effective-security-
    organisation-qcon-nyc
    

    View Slide

29. The Old Forest
    DevOpsSec
    •
    •
    •
    https://speakerdeck.com/markofu/feedback-security
    

    View Slide

30. The Old Forest
    Be realistic
    •
    •
    •
    •
    

    View Slide

31. Useful Surival Tips
    Operational Security
    

    View Slide

32. Seven Rings for the Dwarf L
    ords
    Security
    Intelligence
    Technical
    Analysis
    Capability
    Development
    Monitoring
    Communication
    Incident
    Response
    Forensics
    

    View Slide

33. Sounds Massive? And hard?
    

    View Slide

34. Breaking News! Sean Bean is.. No..Hold, it...
    ...Sometimes he takes his sweet time..
    

    View Slide

35. There are no
    Happy Arwen
    Pics
    So this is Tauriel.
    She’s a badass
    

    View Slide

36. Why is Offence fun?
    

    View Slide

37. While Defence is Boring and Horrible?
    

    View Slide

38. Hacking
    •
    •
    •
    •
    •
    

    View Slide

39. Hunting
    •
    •
    •
    •
    •
    

    View Slide

40. Hacking + Hunting
    •
    •
    •
    •
    

    View Slide

41. And this is Sean Bean..
    ..On his way to Film The Game of Thrones
    I’m sure that works out better for him
    

    View Slide

42. Tauriel is pleased?
    Why can’t Elves just be happy For once??!
    Fine …I’ll just use hobbits from now on..
    ..No...?
    

    View Slide

43. Mount Doom!
    Chapter ~4~
    

    View Slide

44. In Summary..
    •
    •
    •
    

    View Slide

45. ToDO:
    •
    •
    •
    

    View Slide

46. Homeward Bound
    Chapter ~5~
    

    View Slide

47. •
    •
    •
    •
    •
    • https://github.com/Graylog2
    •
    • http://opensoc.github.io/
    Tools
    

    View Slide

48. • Thinkst, Canary Tools, Canary Tokens
    •
    •
    • https://github.com/google/grr
    •
    • https://osquery.io/
    • Netflix Scumblr
    • https://github.com/Netflix/scumblr
    Tools
    

    View Slide

49. View Slide

50. Meanwhile.. at the Game of Thrones set
    God Damnit, Sean!
    

    View Slide

51. ~The End~
    

    View Slide