Security for Enterprise Hobbits

Transcript

1. Enterprise Security, Threat Detection, Hunting and things..

2. OR....

3. A hobbits Guide to Surviving Mordor Security L ord of

   the Pings

4. Your Merry Guide • • • •

5. The Journey to There and Back Chapters 1. The Old

   Forest • What Creatures creep in the Forests of the Old 2. The voice of Saruman • Why can’t we just let him have the damn ring? 3. Council of Elrond • Forming of the Fellowship 4. Mount Doom! 5. Homeward Bound

6. The Elder Wizards of Twitterverse

7. The Old Forest Chapter ~1~

8. The Old Forest Vendor Based Security • • •

9. The Old Forest Compliance based Security • • •

10. The Old Forest Silo based Security • • •

11. The Old Forest Managed Security • • • https://twitter.com/sawaba/status/736604203523657732 http://thinkst.com/stuff/itweb2016/itweb-thinkst-2016.pdf

12. This is Arwen We’ve made her sad so sad

13. The Old Forest And this is Sean Bean. He dies

    in this movie.

14. The Voice of Saruman Chapter ~2~

15. Something seems.. off..

16. Security Fails • • •

17. IDS / IPS typically work by spotting abnormal usage...

18. ..but smart attacks look like normal usage https://twitter.com/haroonmeer/status/729401101770997761

19. https://twitter.com/addelindh/status/72539 8045676941313 https://storify.com/thegrugq/dan-guido- reads-the-vdbir Magic is Real

20. Breaching Perimeter – low payoff ..so why even bother? https://www.troopers.de/media/filer_public/12/29/12298918-04d6-4f26-96d3-4205d09dd70d/andreas_lindhdefendereconomics.pdf

21. Compromising users and end-points ..Stealing your Domain creds

22. Your users shall pass

23. Choose your battles. Maybe one with better odds?.

24. This is Arwen. Again Still sad so sad

25. Oh, right. Sean Bean Again. Just doing his thing

26. The Council of Elrond Chapter ~3~

27. The Old Forest Breaking Silos • • • https://speakerdeck.com/markofu/leveling-up- security-at-riot-games-brucon-2015

28. The Old Forest Building Culture https://speakerdeck.com/iodboi/crafting-an-effective-security- organisation-qcon-nyc

29. The Old Forest DevOpsSec • • • https://speakerdeck.com/markofu/feedback-security

30. The Old Forest Be realistic • • • •

31. Useful Surival Tips Operational Security

32. Seven Rings for the Dwarf L ords Security Intelligence Technical

    Analysis Capability Development Monitoring Communication Incident Response Forensics

33. Sounds Massive? And hard?

34. Breaking News! Sean Bean is.. No..Hold, it... ...Sometimes he takes

    his sweet time..

35. There are no Happy Arwen Pics So this is Tauriel.

    She’s a badass

36. Why is Offence fun?

37. While Defence is Boring and Horrible?

38. Hacking • • • • •

39. Hunting • • • • •

40. Hacking + Hunting • • • •

41. And this is Sean Bean.. ..On his way to Film

    The Game of Thrones I’m sure that works out better for him

42. Tauriel is pleased? Why can’t Elves just be happy For

    once??! Fine …I’ll just use hobbits from now on.. ..No...?

43. Mount Doom! Chapter ~4~

44. In Summary.. • • •

45. ToDO: • • •

46. Homeward Bound Chapter ~5~

47. • • • • • • https://github.com/Graylog2 • • http://opensoc.github.io/

    Tools

48. • Thinkst, Canary Tools, Canary Tokens • • • https://github.com/google/grr

    • • https://osquery.io/ • Netflix Scumblr • https://github.com/Netflix/scumblr Tools
49. None

50. Meanwhile.. at the Game of Thrones set God Damnit, Sean!

51. ~The End~