The Next Cyber Security Threat is Here - Are You Prepared? APTs – Advanced Persistent Threats Part 1 – Learn 5 or 13 Ways to Prevent APTs Moderator: Bill Murphy and James Crifasi Live Tweet from the event! @TheRedZoneCIO
May 07, 2015
The Next Cyber Security Threat is Here - Are You Prepared?
APTs – Advanced Persistent Threats Part 1 –
Learn 5 or 13 Ways to Prevent APTs
Moderator: Bill Murphy and James Crifasi
Live Tweet from the event! @TheRedZoneCIO
Schedule of Events
8:30am to 9:00am – Sign In & Breakfast
9:00am to 11:30am – Education Sessions)
11:30am to 12:30pm – lunch (sponsored by ThunderDG & Thycotic Software)
Live Tweet from the event! @TheRedZoneCIO
RedZone’s Chief Lieutenant Series
Sister of The CIO Executive Series which is a TOP IT Executive Network specializing in bringing CIO’s together to collaborate,
network, and stay current on industry trends.
Just under 300 senior C-Suite IT executive members
Founded in 2000 | 13 years of experience bringing CIO’s together
Host a number of events – both virtual and physical – each year
Host a “Special Event” annually | Past events have included:A Golf Outing, Dinner & Receptions
Live Tweet from the event! @TheRedZoneCIO
President and Founder • RedZone Technologies• ThunderDG• MA DR Solutions• Beyond Limits Magazine
Keep In Touch With Bill:@TheRedZoneCIOCIO Executive Series [email protected]
About Bill Murphy
Live Tweet from the event! @TheRedZoneCIO
About James Crifasi
Live Tweet from the event! @TheRedZoneCIO
• CTO of RedZone Technologies• Co-founder ThunderDG• Co-founder MA DR
• University of Maryland Graduate | B.A. Criminology & Criminal Justice | B.S. Computer Science – Algorithmic Theory & AI | M.S. Interdisciplinary Management
• Keep In Touch With James: [email protected]
Sponsors
RedZone Technologies Assessment: IT Architecture and Design Integration: Security| Disaster Recovery| Infrastructure Managed Service Programs Cloud Brokerage (410) 897-9494 www.redzonetech.net
ThunderDG Employee Policy Management, Education, and Awareness www.thunderdg.com
Thycotic Software Password Management www.thycotic.com
Live Tweet from the event! @TheRedZoneCIO
Agenda – 5 of 13 Methods to Prevent APTs – Advanced Persistent Threats
1. MDM, BYOD & Mobility
2. Password - Roles Based Access Control to apps, servers & network devices
3. Configuration and Change Control
4. Prevent and Silence Outbound Hijackers
5. DCS policies - Security Education, Training, Awareness
Live Tweet from the event! @TheRedZoneCIO
Agenda – 5 of 13 Methods to Prevent APTs – Advanced Persistent Threats
1. VMWare Horizon Suite – View 5 | VDI
2. Thycotic Software – Password Security
3. C3 – Security Change Control for switches and routers
4. Bluecoat - Prevent and Silence Outbound Hijackers
5. ThunderDG – Policy and Education
.
Live Tweet from the event! @TheRedZoneCIO
Set The Stage
Live Tweet from the event! @TheRedZoneCIO
Reality Shift in IT
Live Tweet from the event! @TheRedZoneCIO
• System communication is fundamentally changing – many transactions occur over the web
• Network defenses are covering a shrinking portion of the attack surface
• Cloud is changing our notion of a perimeter• Worker mobility is redefining the IT landscape• Security Model good people vs. bad people to enabling partial trust
• There are more “levels” of access: Extranets, partner access,
customer access
Reality Shift for Attackers
Live Tweet from the event! @TheRedZoneCIO
• Cyber criminals are becoming organized and profit-driven• An entire underground economy exists to support
cybercrime• Attackers are shifting their methods to exploit both• technical and human weaknesses• Attackers after much more than traditional monetizable
data (PII, etc.)• Hacktivism• State-sponsored attacks• IP attacks/breaches
What is an APTAdvanced Persistent Threat
Live Tweet from the event! @TheRedZoneCIO
APTs are silent. They leave clues and trails but are essentially designed not to be found.
• Spear Phishing• Phishing• Rootkits• Traditional Hacker Tool Variants• Worms• Etc.
Economics of Phishing
Live Tweet from the event! @TheRedZoneCIO
Hundreds of millions $!
Source: Bill Duane Talk on Authentication
Go Hunting!
Live Tweet from the event! @TheRedZoneCIO
Change the rules of the game by becoming proactive in rooting out malware..
Make It Hard….
Live Tweet from the event! @TheRedZoneCIO
for these malicious Advanced Persistent Threats (APTs) to operate in stealth.
Make It Hard….
Live Tweet from the event! @TheRedZoneCIO
“Most costly breaches come from simple
failures, not from attacker ingenuity”
- RSA 2013 Conf Chair Hugh Thompson
Where Do You Start?
Live Tweet from the event! @TheRedZoneCIO
Security Defense? Whack-A-Mole? No!
Live Tweet from the event! @TheRedZoneCIO
Plan
Live Tweet from the event! @TheRedZoneCIO
Cunning – Be Different
Live Tweet from the event! @TheRedZoneCIO
Security Scoreboard
Live Tweet from the event! @TheRedZoneCIO
Security Scoreboard
Live Tweet from the event! @TheRedZoneCIO
#1
Live Tweet from the event! @TheRedZoneCIO
BYOD | MDM | Mobile Security
VMWare Horizon Suite
Live Tweet from the event! @TheRedZoneCIO
Point Solutions vs. Integrated
VMWare Horizon Suite
Live Tweet from the event! @TheRedZoneCIO
• Centralized data!
• Control and enforce data policy centrally
• Embrace all devices
• Stop doing MDM & get into data application management
• User centric philosophy
• Address application, data, VDI within one solution set
VMWare Horizon Suite
Live Tweet from the event! @TheRedZoneCIO
Horizon View & Mirage
Live Tweet from the event! @TheRedZoneCIO
Key Features of Horizon Suite
Live Tweet from the event! @TheRedZoneCIO
1. Single end-user workspace • Easy, secure access to all apps/data from any
mobile device2. Centralized IT Management3. File Sharing Capabilities
• Offline & online• Document versioning, commenting & auditing
capabilities
VMWare and APT Defense
Live Tweet from the event! @TheRedZoneCIO
1. Can you deliver a secure desktop in minutes?• Efficiency with security is important to keep costs low.
2. IT being able to get the user back to a last known Golden Image is critical!
Key Features of Horizon Suite
Live Tweet from the event! @TheRedZoneCIO
• Enterprise-Level Security• Data encryption on mobile devices• Endpoint registration & remote wipe
capabilities • Integration with Horizon View
• Easy access to Virtual Desktops & apps via Horizon View
• Access View from any HTML5 browser via remote protocol
Lessons Learned From Our Experience With Horizon Suite
Live Tweet from the event! @TheRedZoneCIO
1. Beta lockdown and engineering review2. Make changes once to all departmental profiles3. One of the key values of VDI is the ability to
restore a workstation back to a Golden image, which is free of Malware/Crimeware.
#2
Live Tweet from the event! @TheRedZoneCIO
Passwords & RBAC
Thycotic SoftwareSecret Server
Passwords | RBAC
Live Tweet from the event! @TheRedZoneCIO
GAME OVER IF THE DOMAIN CONTROLLER IS COMPROMISED!
Secret Server & RBAC
Live Tweet from the event! @TheRedZoneCIO
In the wrong hands, privileged accounts represent the biggest threat to enterprises because these accounts can breach personal data, complete unauthorized transactions, cause denial-of-service attacks, and hide activity by deleting audit data.
- Information Security Magazine, 2009
Live Tweet from the event! @TheRedZoneCIO
Source: www.unitedmedia.com/comics/dilbert
Privileged Accounts
Live Tweet from the event! @TheRedZoneCIO
• UNIX / Linux Root Accounts
• Windows Local Admin Accounts
• AD
• Database• Server• Router• Firewall
• Service Accounts are difficult to manage because they don’t belong to a specific person
• Access & Passwords are shared by a team of administrators
• No accountability
Privileged Account Challenges
Privileged Accounts – Why Worry?
Live Tweet from the event! @TheRedZoneCIO
• Powerful accounts that run your network
• The passwords are not being changed
• Extremely difficult to know where they are being used
• Needed for emergency situations
• Vulnerable to multiple types of attacks
What is Secret Server?
Live Tweet from the event! @TheRedZoneCIO
• Web-based password repository
• Distribute, organize & automatically update privileged accounts from a central location
• Complete reporting & auditing capabilities to show who has access & when passwords are being used
Mission Impossible Access
Live Tweet from the event! @TheRedZoneCIO
How Secret Server Works
Live Tweet from the event! @TheRedZoneCIO
Secret Server ROI
Live Tweet from the event! @TheRedZoneCIO
What’s In It For Me?
Live Tweet from the event! @TheRedZoneCIO
• Accountability
• Access Management
• Risk Management
• Security
• Compliance
• Reduced Labor costs
#3
Live Tweet from the event! @TheRedZoneCIO
Security – Configuration and Change Control
C3
C3 – Configuration and Change Control
Live Tweet from the event! @TheRedZoneCIO
• Systems are down – What happened?• Are you dependent on the guy with the most
certifications to bail you out?
C3 – Configuration and Change Control
Live Tweet from the event! @TheRedZoneCIO
• Audit Changes?• Who made the change? • What changed?
C3 | Configuration Change Control
Live Tweet from the event! @TheRedZoneCIO
C3 | Configuration Change Control
Live Tweet from the event! @TheRedZoneCIO
C3 Features
Live Tweet from the event! @TheRedZoneCIO
• Sends emails to specified individuals when changes are made to the network configuration and highlights what those changes were
• Allows you to quickly visually identify system changes• Consolidates all changes into a single change alert• Allows for companies/organizations to hire less experienced (and less
expensive) talent so that they can be less dependent on certified (more expensive) individuals
• System is managed by RedZone
Benefits of RZ Managing C3
Live Tweet from the event! @TheRedZoneCIO
RedZone audits all C3 systems monthly, in which we...• Review the change logs & talk to the client to make sure that their IT
professionals are receiving the change reports• Ensure a valid backup for each system C3 is monitoring is taking place *• Check that all of the clients’ existing devices are recognized and checked by
C3and that they haven’t add any new devices to, or removed any old devices from, the network
Because, let’s face it, machines and automation are great, but if systems are not being maintained by actual people, they can become inefficient or – even worse – a handicap.
*Note: None of your data ever leaves your network; RedZone will never back up your system to our network
#4
Live Tweet from the event! @TheRedZoneCIO
Outbound Hijackers
Blue Coat
Outbound Hijackers
Live Tweet from the event! @TheRedZoneCIO
• Prevent and silence outbound hijackers
• There are over 300 known hacker tools that are designed not to be found
• Find the trails they leave behind
• Silence Outbound Hijackers Management• There are specific sites to which an employee can go• There is a tight acceptable use of internet
• Outbound Protocol Management & Control• Lockdown of outbound UDP, for example• Bluecoat Application Identification
Outbound Protection Methods
Live Tweet from the event! @TheRedZoneCIO
• Firewall
• PC
• Network
Outbound Hijackers & Blue Coat
Live Tweet from the event! @TheRedZoneCIO
#5
Live Tweet from the event! @TheRedZoneCIO
DCS Policy | Security Policies and End User Education and Awareness
ThunderDG
Live Tweet from the event! @TheRedZoneCIO
Do You Have A DCS Policy?
Live Tweet from the event! @TheRedZoneCIO
“In the absence of security education orexperience, people (employees, users,
customers, …) naturally make poor security
decisions with technology” - Hugh Thompson, RSA Conf 2013
DCS Policies
Live Tweet from the event! @TheRedZoneCIO
• Implement and enforce DCS Policies to prevent “drive by” malware infections
• What alarms go off when someone clicks something?
• Policy, as well as complimentary training, is a major element in helping people be more secure because it ensures people fully understand the policy and why it is in place
ThunderDG & DCS Policy Management
Live Tweet from the event! @TheRedZoneCIO
Complete solution for employee policy management w/ 3 key features1. Electronic delivery, storage & tracking of employee policies2. Electronic signing of employee policies3. Integration with employee training portal to ensure full
understanding of policies
ThunderDG
Live Tweet from the event! @TheRedZoneCIO
ThunderDG
Live Tweet from the event! @TheRedZoneCIO
How ThunderDG Works
Live Tweet from the event! @TheRedZoneCIO
Features & Benefits of ThunderDG
Live Tweet from the event! @TheRedZoneCIO
ThunderDG allows you to…• Send internal policies & contracts to thousands of signers instantly• Send documents for both approval & signature in 1 easy step• Create custom forms & workflows to help comply with company
standards• Create a document library for standard forms & contracts• Access complete document history & audit
So you can…• Increase ROI• Save time and money via the paperless, automated process• Gain insight into your entire policy signing process• Improve performance & enforce best practices
Questions?
Live Tweet from the event! @TheRedZoneCIO
Upcoming Events
Live Tweet from the event! @TheRedZoneCIO
Virtual Roundtable Collaboration - Wednesday, April 24th from 9am to 10am
Mobile Device Management Policies
Let us know if you’re interested in attending and we’ll be sure to email you the link to register.
Upcoming Events
Live Tweet from the event! @TheRedZoneCIO
Physical Event – Open To All MembersAPT Crimeware & Malware | Part 2You just attended Part 1 (we will provide a recap of the event on the website shortly and will email you when that is available).In Part 2, we will be reviewing:• Application Whitelisting • Data Loss Prevention (DLP)• End User Policy Education, Training & Awareness• Aggressive Patching for Servers, Workstations & 3rd Party AppsWednesday, May 15th from 8:30am to 12:30pmEggspectations in Columbia
We will email you with registration information as soon as it’s available.
Upcoming Events
Live Tweet from the event! @TheRedZoneCIO
Physical Event – Open To All MembersAPT Crimeware & Malware | Part 3This will be the third and final installment of the APT Crimeware & Malware Event Series and will focus on:• Dropbox & Cloud Storage Mitigation• Multi-Factor Authentication• File Permission Security Audit• Deep Defense APT• How to Go Hunting!Wednesday, June 12th from 8:30am to 12:30pmEggspectations in Columbia
We will email you with registration information as soon as it’s available.
Continue The Discussion
Follow the CIO Executive Series Group on LinkedIn!
Follow @TheRedZoneCIO on Twitter!
Live Tweet from the event! @TheRedZoneCIO
ContactsKristine WilsonManaging Coordinator | CIO Executive SeriesMarketing Manager | RedZone Technologies(410) [email protected]
Live Tweet from the event! @TheRedZoneCIO