Cover Your SaaS - DeepSec Your SaaS Protecting Your Cloud With Analytics ... Cover Your SaaS ......

Click here to load reader

  • date post

    28-Apr-2018
  • Category

    Documents

  • view

    222
  • download

    3

Embed Size (px)

Transcript of Cover Your SaaS - DeepSec Your SaaS Protecting Your Cloud With Analytics ... Cover Your SaaS ......

  • Cover Your SaaSProtecting Your Cloud With Analytics and Machine Learning

  • Cover Your SaaS

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2

    IAN [email protected][email protected]

    Ian Trump, CD, CPM, BA, CEH is Global Cyber Security Strategist at SolarWinds working across all lines of business to define, create and execute security solutions and promote a safe, secure Internet for enterprises world-wide.

    1989 to 1992 Canadian Forces (CF), Military Intelligence Branch

    2002 to 2013, CF Military Police (Reserves), retired as a Public Affairs Officer in 2013.

    2009 to 2010, Royal Canadian Mounted Police, Criminal Intelligence Analyst.

    2010 Founding Partner and CTO Octopi Managed Services Inc. (OMS).

  • Cover Your SaaS

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3

    Malware connoisseur and aficionado.

    First Home in Edinburgh, Scotland.

    Second Home in Terminal 5, Heathrow.

    Third Home in Winnipeg, Manitoba.

    IAN [email protected][email protected]

  • DARPA & DEFCON

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4

    Seven team projects were invited to Las Vegas to compete on the floor in a 96-round game of Capture the Flag.

    The difference in this game is that the players in the game were totally autonomous.

    ForAllSecures Mayhem, took first place and a 2 million dollar prize

    Mayhem was trounced, by human competitors.

    This was a powerful and public message to all other nations.

    These 7 systems have the capability of discovering vulnerabilities, building exploits and autonomously attacking systems.

  • GLOBAL TRENDS DRIVING GROWTH

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5

    SaaSPopularity continues to drive growth (stats) Trust Model is VitalCustomer is placing important data into customer hands

    SaaS Security Has Unique Attack VectorsTraditional security controls fail, attack surface is amplified (end-point & platform)

  • SAAS ATTACK VECTORS

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6

    ExternalHackers, DDOS, etc. (Carbonite, Teamviewer, etc.) InternalMalicious insider (Shionogi)

    PhysicalData center catastrophe (Delta Airlines)

    MarketDisplacement and innovation (Shadow IT)

    CustomerThe most important part of your business

  • IMPORTANCE OF SAAS SECURITY

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7

    60% would take legal action against an organization if their details were stolen and used for criminal purposes as a result of a data breach. 70% consumer respondents would now give less personal information to organizations in light of recent data breaches.

    51% now consider security to be a main or important consideration when purchasing. 48% would be willing to pay more in order to work with a provider that has better data security.

  • COMPTIA WORLD-WIDE VIEW

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8

    Top drivers for changing approaches to cybersecurity

    1. Change in IT operations (e.g. cloud, mobility)

    2. Reports of security breaches at other firms

    3. Internal security breach or incident

    4. Change in business operations or client base

    5. Knowledge gained from training/certification

  • SNAPSHOT OF AMERICAN CYBER CRIME 2015

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 9

    By Victim Top 4

    1. Non-Payment/Non-Delivery

    2. 419/Overpayment

    3. Identity Theft

    4. Auction

  • SNAPSHOT OF AMERICAN CYBER CRIME 2015

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 10

    By Loss Top 4

    1. Business Email Compromise

    2. Confidence Fraud/Romance

    3. Non-Payment/Non-Delivery

    4. Investment

  • WHAT DO THESE NUMBER MEAN?

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11

    FBI/DOJ Metrics are not tracking Hosted Services Vs. On Premise Cyber Crime.

    Cyber crime is not just a technical problem, to be solved by technology alone.

    The vast majority of breaches are against (and successful) On Premise infrastructure.

    Analysis indicates user education provides the largest cyber crime reduction

    Technological solutions are promoted over best practices.

    If cyber crime goes unreported, policy makers have no visibility on the cyber crime problem.

  • EXAMPLE: WORDPRESS ATTACKS

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12

    NEVER use admin as your primary WordPress username.

    Use complex passwords.

    Dont publicly display your WordPress username.

    Limit the number of IPs users can login from in order to prevent brute force login

    attempts.

    Use a hosted service.

    Move SSH to a non-standard port.

    Keep your WordPress plugins up to date with your current version of WordPress.

    If at all possible, use a Gmail account for your admin login rather than one attached to

    your domain name.

    Backup server in the cloud and local.

  • STOP DOING THIS

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 13

    FoxGlove Security penetration tester Justin Kennedy:

    1. SQL Injection;2. Insecure Authorization;3. Insecure Direct Object Reference;4. Stored Cross-site Scripting;5. Insecure Authentication;6. Insecure Password Reset;7. Guessed Password;8. Default Credentials;9. Single Factor Authentication,10. Insecurely Configured Application Server.

  • COMBATING THE FUD

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14

    When reporting and discussing the scale and impact of malware and cyber crime in general:

    Move away from sensationalism

    Move away from the consequence of breach

    Who is not as important as how

    Compromise indicators are more important than financial costs

    Data derived from large enterprise is not relevant to SMB/SME

    We need a standards-based scorecard free from disclosure litigation

  • END POINT SECURITY STRATEGY 2017

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 15

    In August 2016, CompTIA identified and recommended a Foundational Security Package which all MSPs should be offering to their customers. It identifies the key technologies required and is supported by UK cyber security essentials, SANS institute and multiple best practice recommendations world wide.

    BackupAnti-VirusMail Scanning/ProtectionAccess ControlPatching and UpdatingSecure WirelessControl Physical Access

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 16

  • OUR SAAS

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 17

    Entered the hosted RMM tool vertical approximately 7 years ago, 30% + growth, recently acquired by SolarWinds

    17,000 + Customers world wide in 110 countries.

    Rackspace & AWS for hosting.

    3M+ endpoints under management by customers.

    1 TB of log and external data per day.

    70+ Analytical LogicCards provided by algorithms examining the customer data.

  • OUR ALGORITHIMS

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 18

    Data Science team creates algorithms for a variety of insights, not just security needs.

    Data Science team and Dev Ops Team working together

    Protect customer instances & the platform

    Vital ground is authentication of users for customer instances

    Vital ground is infrastructure network heuristics and behavior for platform

    Protection of customer data & customer instances is vital!

  • PROTECTING THE CUSTOMER

    A good relationship has trust on both sides.

  • KILL CHAIN ANALYSIS

    11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 20

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 21

    MITIGATIONMATRIX

    Email

    Prote

    ction

    , Web

    Prote

    ction

    , Fire

    wall,

    Defin

    ition (

    sand

    box)

    Anti-

    Virus

    , Use

    r Awa

    renes

    s

    Traini

    ng Atta

    ck S

    urfac

    e Red

    uctio

    n,

    Patch

    Man

    agem

    ent, B

    ehav

    ior

    Base

    d AV,

    User

    Aware

    ness

    Traini

    ng

    Harde

    n Sys

    tems (

    GPOs

    ),

    Remo

    ve Ad

    min,

    Beha

    vior-

    base

    d AV,

    User

    Aware

    ness

    Traini

    ng

    Fire W

    all R

    ules/C

    apab

    ility,

    Netw

    ork S

    egme

    ntatio

    n, We

    b

    Prote

    ction

    , NID

    S, SI

    EM,

    Open

    DNS

    Anti-V

    irus,

    HIDS

    , Bac

    kup &

    Reco

    very,

    Heu

    ristic

    AV

    WAN to LAN End Point End Point LAN to WAN End Point

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 22

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 23

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 24

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 25

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 26

    BETA

    BETA

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 27

  • 11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 28

  • PROTECTING THE PLATFORM

    Its the data being sent out

    from the system that is