Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security for Enterprise Hobbits

0xtero
June 09, 2016

Security for Enterprise Hobbits

A look into normal enterprise security, monitoring and threat detection its challenges and failings. Some possible ideas and philosophical musings on how this could be solved.

0xtero

June 09, 2016
Tweet

Other Decks in Technology

Transcript

  1. Enterprise Security,
    Threat Detection, Hunting
    and things..

    View full-size slide

  2. A hobbits Guide to Surviving
    Mordor Security
    L
    ord of the Pings

    View full-size slide

  3. Your Merry Guide




    View full-size slide

  4. The Journey to There and Back
    Chapters
    1. The Old Forest
    • What Creatures creep in the
    Forests of the Old
    2. The voice of Saruman
    • Why can’t we just let him have
    the damn ring?
    3. Council of Elrond
    • Forming of the Fellowship
    4. Mount Doom!
    5. Homeward Bound

    View full-size slide

  5. The Elder Wizards of Twitterverse

    View full-size slide

  6. The Old Forest
    Chapter ~1~

    View full-size slide

  7. The Old Forest Vendor Based
    Security



    View full-size slide

  8. The Old Forest Compliance based
    Security



    View full-size slide

  9. The Old Forest
    Silo based Security



    View full-size slide

  10. The Old Forest
    Managed Security



    https://twitter.com/sawaba/status/736604203523657732
    http://thinkst.com/stuff/itweb2016/itweb-thinkst-2016.pdf

    View full-size slide

  11. This is Arwen
    We’ve made her sad
    so sad

    View full-size slide

  12. The Old Forest
    And this is Sean Bean.
    He dies in this movie.

    View full-size slide

  13. The Voice of Saruman
    Chapter ~2~

    View full-size slide

  14. Something seems.. off..

    View full-size slide

  15. Security Fails



    View full-size slide

  16. IDS / IPS typically work by spotting abnormal usage...

    View full-size slide

  17. ..but smart attacks look like normal usage
    https://twitter.com/haroonmeer/status/729401101770997761

    View full-size slide

  18. https://twitter.com/addelindh/status/72539
    8045676941313
    https://storify.com/thegrugq/dan-guido-
    reads-the-vdbir
    Magic is Real

    View full-size slide

  19. Breaching Perimeter – low payoff
    ..so why even bother?
    https://www.troopers.de/media/filer_public/12/29/12298918-04d6-4f26-96d3-4205d09dd70d/andreas_lindhdefendereconomics.pdf

    View full-size slide

  20. Compromising users and end-points
    ..Stealing your Domain creds

    View full-size slide

  21. Your users shall pass

    View full-size slide

  22. Choose your battles.
    Maybe one with better odds?.

    View full-size slide

  23. This is Arwen.
    Again
    Still sad
    so sad

    View full-size slide

  24. Oh, right. Sean Bean Again.
    Just doing his thing

    View full-size slide

  25. The Council of Elrond
    Chapter ~3~

    View full-size slide

  26. The Old Forest
    Breaking Silos



    https://speakerdeck.com/markofu/leveling-up-
    security-at-riot-games-brucon-2015

    View full-size slide

  27. The Old Forest
    Building Culture
    https://speakerdeck.com/iodboi/crafting-an-effective-security-
    organisation-qcon-nyc

    View full-size slide

  28. The Old Forest
    DevOpsSec



    https://speakerdeck.com/markofu/feedback-security

    View full-size slide

  29. The Old Forest
    Be realistic




    View full-size slide

  30. Useful Surival Tips
    Operational Security

    View full-size slide

  31. Seven Rings for the Dwarf L
    ords
    Security
    Intelligence
    Technical
    Analysis
    Capability
    Development
    Monitoring
    Communication
    Incident
    Response
    Forensics

    View full-size slide

  32. Sounds Massive? And hard?

    View full-size slide

  33. Breaking News! Sean Bean is.. No..Hold, it...
    ...Sometimes he takes his sweet time..

    View full-size slide

  34. There are no
    Happy Arwen
    Pics
    So this is Tauriel.
    She’s a badass

    View full-size slide

  35. Why is Offence fun?

    View full-size slide

  36. While Defence is Boring and Horrible?

    View full-size slide

  37. Hacking





    View full-size slide

  38. Hunting





    View full-size slide

  39. Hacking + Hunting




    View full-size slide

  40. And this is Sean Bean..
    ..On his way to Film The Game of Thrones
    I’m sure that works out better for him

    View full-size slide

  41. Tauriel is pleased?
    Why can’t Elves just be happy For once??!
    Fine …I’ll just use hobbits from now on..
    ..No...?

    View full-size slide

  42. Mount Doom!
    Chapter ~4~

    View full-size slide

  43. In Summary..



    View full-size slide

  44. ToDO:



    View full-size slide

  45. Homeward Bound
    Chapter ~5~

    View full-size slide






  46. • https://github.com/Graylog2

    • http://opensoc.github.io/
    Tools

    View full-size slide

  47. • Thinkst, Canary Tools, Canary Tokens


    • https://github.com/google/grr

    • https://osquery.io/
    • Netflix Scumblr
    • https://github.com/Netflix/scumblr
    Tools

    View full-size slide

  48. Meanwhile.. at the Game of Thrones set
    God Damnit, Sean!

    View full-size slide