Cover Your SaaSProtecting Your Cloud With Analytics and Machine Learning

Cover Your SaaS

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2

IAN TRUMP@phat_hobbitIan.trump@solarwinds.com

Ian Trump, CD, CPM, BA, CEH is Global Cyber Security Strategist at SolarWinds working across all lines of business to define, create and execute security solutions and promote a safe, secure Internet for enterprises world-wide.

1989 to 1992 Canadian Forces (CF), Military Intelligence Branch

2002 to 2013, CF Military Police (Reserves), retired as a Public Affairs Officer in 2013.

2009 to 2010, Royal Canadian Mounted Police, Criminal Intelligence Analyst.

2010 Founding Partner and CTO Octopi Managed Services Inc. (OMS).

Cover Your SaaS

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3

Malware connoisseur and aficionado.

First Home in Edinburgh, Scotland.

Second Home in Terminal 5, Heathrow.

Third Home in Winnipeg, Manitoba.

IAN TRUMP@phat_hobbitIan.trump@solarwinds.com

DARPA & DEFCON

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4

Seven team projects were invited to Las Vegas to compete on the floor in a 96-round game of Capture the Flag.

The difference in this game is that the players in the game were totally autonomous.

ForAllSecures Mayhem, took first place and a 2 million dollar prize

Mayhem was trounced, by human competitors.

This was a powerful and public message to all other nations.

These 7 systems have the capability of discovering vulnerabilities, building exploits and autonomously attacking systems.

GLOBAL TRENDS DRIVING GROWTH

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5

SaaSPopularity continues to drive growth (stats) Trust Model is VitalCustomer is placing important data into customer hands

SaaS Security Has Unique Attack VectorsTraditional security controls fail, attack surface is amplified (end-point & platform)

SAAS ATTACK VECTORS

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6

ExternalHackers, DDOS, etc. (Carbonite, Teamviewer, etc.) InternalMalicious insider (Shionogi)

PhysicalData center catastrophe (Delta Airlines)

MarketDisplacement and innovation (Shadow IT)

CustomerThe most important part of your business

IMPORTANCE OF SAAS SECURITY

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7

60% would take legal action against an organization if their details were stolen and used for criminal purposes as a result of a data breach. 70% consumer respondents would now give less personal information to organizations in light of recent data breaches.

51% now consider security to be a main or important consideration when purchasing. 48% would be willing to pay more in order to work with a provider that has better data security.

COMPTIA WORLD-WIDE VIEW

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8

Top drivers for changing approaches to cybersecurity

1. Change in IT operations (e.g. cloud, mobility)

2. Reports of security breaches at other firms

3. Internal security breach or incident

4. Change in business operations or client base

5. Knowledge gained from training/certification

SNAPSHOT OF AMERICAN CYBER CRIME 2015

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 9

By Victim Top 4

1. Non-Payment/Non-Delivery

2. 419/Overpayment

3. Identity Theft

4. Auction

SNAPSHOT OF AMERICAN CYBER CRIME 2015

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 10

By Loss Top 4

1. Business Email Compromise

2. Confidence Fraud/Romance

3. Non-Payment/Non-Delivery

4. Investment

WHAT DO THESE NUMBER MEAN?

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11

FBI/DOJ Metrics are not tracking Hosted Services Vs. On Premise Cyber Crime.

Cyber crime is not just a technical problem, to be solved by technology alone.

The vast majority of breaches are against (and successful) On Premise infrastructure.

Analysis indicates user education provides the largest cyber crime reduction

Technological solutions are promoted over best practices.

If cyber crime goes unreported, policy makers have no visibility on the cyber crime problem.

EXAMPLE: WORDPRESS ATTACKS

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12

NEVER use admin as your primary WordPress username.

Use complex passwords.

Dont publicly display your WordPress username.

Limit the number of IPs users can login from in order to prevent brute force login

attempts.

Use a hosted service.

Move SSH to a non-standard port.

Keep your WordPress plugins up to date with your current version of WordPress.

If at all possible, use a Gmail account for your admin login rather than one attached to

your domain name.

Backup server in the cloud and local.

STOP DOING THIS

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 13

FoxGlove Security penetration tester Justin Kennedy:

1. SQL Injection;2. Insecure Authorization;3. Insecure Direct Object Reference;4. Stored Cross-site Scripting;5. Insecure Authentication;6. Insecure Password Reset;7. Guessed Password;8. Default Credentials;9. Single Factor Authentication,10. Insecurely Configured Application Server.

COMBATING THE FUD

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14

When reporting and discussing the scale and impact of malware and cyber crime in general:

Move away from sensationalism

Move away from the consequence of breach

Who is not as important as how

Compromise indicators are more important than financial costs

Data derived from large enterprise is not relevant to SMB/SME

We need a standards-based scorecard free from disclosure litigation

END POINT SECURITY STRATEGY 2017

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 15

In August 2016, CompTIA identified and recommended a Foundational Security Package which all MSPs should be offering to their customers. It identifies the key technologies required and is supported by UK cyber security essentials, SANS institute and multiple best practice recommendations world wide.

BackupAnti-VirusMail Scanning/ProtectionAccess ControlPatching and UpdatingSecure WirelessControl Physical Access

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 16

OUR SAAS

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 17

Entered the hosted RMM tool vertical approximately 7 years ago, 30% + growth, recently acquired by SolarWinds

17,000 + Customers world wide in 110 countries.

Rackspace & AWS for hosting.

3M+ endpoints under management by customers.

1 TB of log and external data per day.

70+ Analytical LogicCards provided by algorithms examining the customer data.

OUR ALGORITHIMS

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 18

Data Science team creates algorithms for a variety of insights, not just security needs.

Data Science team and Dev Ops Team working together

Protect customer instances & the platform

Vital ground is authentication of users for customer instances

Vital ground is infrastructure network heuristics and behavior for platform

Protection of customer data & customer instances is vital!

PROTECTING THE CUSTOMER

A good relationship has trust on both sides.

KILL CHAIN ANALYSIS

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 20

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 21

MITIGATIONMATRIX

Email

Prote

ction

, Web

Prote

ction

, Fire

wall,

Defin

ition (

sand

box)

Anti-

Virus

, Use

r Awa

renes

s

Traini

ng Atta

ck S

urfac

e Red

uctio

n,

Patch

Man

agem

ent, B

ehav

ior

Base

d AV,

User

Aware

ness

Traini

ng

Harde

n Sys

tems (

GPOs

),

Remo

ve Ad

min,

Beha

vior-

base

d AV,

User

Aware

ness

Traini

ng

Fire W

all R

ules/C

apab

ility,

Netw

ork S

egme

ntatio

n, We

b

Prote

ction

, NID

S, SI

EM,

Open

DNS

Anti-V

irus,

HIDS

, Bac

kup &

Reco

very,

Heu

ristic

AV

WAN to LAN End Point End Point LAN to WAN End Point

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 22

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 23

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 24

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 25

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 26

BETA

BETA

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 27

11/30/16 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 28

PROTECTING THE PLATFORM

Its the data being sent out

from the system that is