Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth”...
Transcript of Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth”...
![Page 1: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/1.jpg)
Defense in Depth
Creating Effective Layers of CyberSecurity to Protect Your Stores
![Page 2: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/2.jpg)
Defense in DepthCreating Effective Layers of CyberSecurity to
Protect Your Stores
Hosts: Allie Russell & Jenny Bullard
Moderator: Kara Gunderson
Chair, Data Security Committee
POS Manager, CITGO Petroleum
Presenters:Brett Stewart
CTO, [email protected]
DeWayne Mangan PCIP, ISADirector of Infrastructure, [email protected]
Mark Palmer PCIP, ISA, QIRDirector of Technical Solutions, [email protected]
![Page 3: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/3.jpg)
3/24/2019 3
Agenda
•Housekeeping•About Conexxus•Presentation•Q & A
![Page 4: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/4.jpg)
3/24/2019 4
HousekeepingThis webinar is being recorded and will be made available in approximately 30 days.
• YouTube (youtube.com/conexxusonline)
• Website Link (conexxus.org)
Slide Deck • Survey Link – Presentation provided at end
Participants• Ask questions via webinar interface
• Please, no vendor specific questions
Email: [email protected]
![Page 5: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/5.jpg)
3/24/2019 5
About Conexxus
• We are an independent, non-profit, member driven technology organization
• We set standards…• Data exchange• Security• Mobile commerce
• We provide vision• Identify emerging tech/trends
• We advocate for our industry• Technology is policy
![Page 6: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/6.jpg)
3/24/2019 6
2019 Conexxus Webinar Schedule*Month/Date Webinar Title Speaker Company
January 24, 2019 Managed Detection and ResponseTom Callahan
Mark CarlControlScan
February 2019 PCI DSS for Petro Merchants Elizabeth Terry PCI SSC
March 2019Defense In Depth
Creating Effective Layers of CyberSecurity to Protect Your Stores
Mark PalmerDeWayne Mangan
Brett StewartAcumera
April 2019Don’t get Phished! Train Your Employees
to Avoid RansomwareGeoffrey Vaughan
Ed AdamsSecurity
Innovation
May 2019Firewall compliance! The basics, the
benefits, and the securitySimon Gamble Mako Networks
June 2019 TBDDavid EzellIan Jacobs
ConexxusW3C
![Page 7: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/7.jpg)
3/24/2019 7
2019 Conexxus Webinar Schedule*Month/Date Webinar Title Speaker Company
July 2019 Skimming TBD TBD
August 2019 TBD TBD TBD
September 2019 Updated Data Science Presentation Ashwin SwamyThomas Duncan
Omega ATCOmega ATC
November 2019 Outdoor EMVBrian Russell
Linda TothVerifoneConexxus
December 2019 TBD TBD TBD
![Page 8: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/8.jpg)
3/24/2019 8
Conexxus thanks our 2018 Annual Diamond Sponsors!
![Page 9: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/9.jpg)
Defense in Depth
Creating Effective Layers of CyberSecurity to Protect Your Stores
![Page 10: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/10.jpg)
3/24/2019 10
Defense-in-Depth Presentation Topics
• DiD defined, aka “layered approach”
• Three threat scenarios1. IoT Attack Vector
2. Phishing Attack Vector
3. Remote Vendor Access Attack Vector
• Summary
• Questions
![Page 11: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/11.jpg)
3/24/2019 11
Is your store network a box of bon-bons?
If you have a single layer of cybersecurity defense, think of that as a thin hard shell, with all the sweet stuff available anywhere you pierce that shell
![Page 12: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/12.jpg)
3/24/2019 12
Awareness: People [12]
Physical [9]
PerimeterSecurity [1,11]
NetworkSegmentation [1,8,10,11]
Host andApplication [2,5,6,10]
Critical Assets
Or is it an onion?
If your network is an onion, there are many layers of defense* before critical assets are reached.
• References in [ ] are to the relevantsection of the PCI DSS
![Page 13: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/13.jpg)
3/24/2019 13
“Defense in Depth” (aka “Layered Approach”)
“Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component of defense being compromised or circumvented.
An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers.
Different security products may be deployed to defend different potential vectors within the network, reducing the chance a shortfall in any one defense could leading to a wider failure.
Paraphrase of Wikipedia definition
![Page 14: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/14.jpg)
3/24/2019 14
Defense in Depth of limited value without….
“Defense-in-depth needs to encompass … both visibility and continuous monitoring. After all, you can’t secure what you can’t see. Without insight and visibility, the veritable castle walls of cyber defense will continue to have gaping holes and attackers will continue to leap through these holes and storm the castle.”
Julie Cullivan, CIO, ForeScout
[10,11,12]
![Page 15: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/15.jpg)
3/24/2019 15
Three Relevant Attack Vectors, discussed…
• IoT devices, like DVRs, ATGs, Frozen Barrel Machines, etc
• Employee web browsing
• Remote access to devices, especially the POS
![Page 16: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/16.jpg)
3/24/2019 16
IoT Device Security: Conexxus Resources
Link
![Page 17: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/17.jpg)
3/24/2019 17
”Internet of Things” (IoT) in your store…
• Tank Gauge
• Video Camera
• ATMs
• Menu Boards
• Safe
• Overhead Music Player …
![Page 18: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/18.jpg)
3/24/2019 18
Breach Vector: “IoT” in the store
Link
![Page 19: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/19.jpg)
3/24/2019 19
Why be concerned about IoT devices?
Cyber Criminals suborn an IoT device, then use it to launch a more concerted attack on higher-value targets like POS, resulting in:
• Loss of customer trust
• Loss of customer data
• Damage to brand name
• Fines related to losses
![Page 20: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/20.jpg)
3/24/2019 20
Example IoT Vulnerability
Link
![Page 21: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/21.jpg)
3/24/2019 21
Defend the ATG
• Awareness – Employee training
• Physical – Lock the backroom!
• Restrict connection to Internet
• Use anomaly-detecting IDS
• Place the ATG in it’s own segment
• Disable default access (pw protect)
![Page 22: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/22.jpg)
3/24/2019 22
Video Cameras Exploited
• Sophos researchers claim to have found 540,000 exploitable cameras.
Pixelated image at right was originally 4K HD, with Card Data easily visible
Link
![Page 23: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/23.jpg)
3/24/2019 23
Defend the DVR
• Awareness – Employee training
• Physical – Lock the backroom!
• Restrict connection to Internet
• Use anomaly-detecting IDS
• Place the DVR in it’s own segment
• Disable default access (pw protect)
![Page 24: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/24.jpg)
3/24/2019 24
ATM Jackpotting
![Page 25: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/25.jpg)
3/24/2019 25
Defend the ATM – Just the basics!
Link
![Page 26: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/26.jpg)
3/24/2019 26
IoT Device Attack Vector
• The PCI DSS offers a great list of controls –implement them!
• Ask your IT department or network vendor• Can you visualize ALL devices attached to my network?• How quickly can you detect/isolate a rogue device?• Can you place protective remote access layers in front
of devices like ATGs and DVRs?• Are you providing an IDS that detects anomalous
network traffic patterns?• Are all the IoT devices on a different segment than
Cardholder data?• What do you do (MDR) when something happens?
![Page 27: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/27.jpg)
3/24/2019 27
Browser Security: Conexxus Resources
Link
![Page 28: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/28.jpg)
3/24/2019 28
Employee Browsing
• More than just time management concerns
• Multiple points of access (manager’s workstation, training machines, time clock consoles, multi-purpose tablets, etc)
• Just clicking on a malicious link is enough to infect a machine
• Advanced Persistent Threats (APTs) hide activity from users and are only detectable at a network level
![Page 29: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/29.jpg)
3/24/2019 29
Why be concerned with Employee Browsing?
• One in 61 emails in your inbox now contains a malicious link (Link)
• 4% of people will click on any given phishing campaign (Link)
• Phishing in the news:
Fake Dun & Bradstreet Company Complaint delivers Trickbot
A reminder about government-backed phishing (Google)
North Korean hackers go on phishing expedition before summit
Top phishing subject line of 2018 relates to password changes
![Page 30: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/30.jpg)
3/24/2019 30
Employee Browsing - Example
Google Chrome Zero-Day Exploit - March 2019 (CVE-2019-5786)
“It appears to exploit this vulnerability, all an attacker needs to do is [trick] victims into just opening, or redirecting them to, a specially-crafted webpage without requiring any further interaction.” Link
![Page 31: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/31.jpg)
3/24/2019 31
Employee Browsing - Example
LinkedIn Direct Messages Exploited Via “more_eggs” Backdoor
“...the threat actors began the phishing attack via LinkedIn DM by sending fake job offers. They then reach the recipient users by emails as follow-up reminders. These emails contain malicious URLs that redirect the victims to legit-looking websites.” Link
![Page 32: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/32.jpg)
3/24/2019 32
Additional Layers of Protection for Browsers• Awareness Training!
• WebFilter• Use whitelisting• Use categories to augment whitelisting strategy• Apply to entire network
• IDS• Threat intel feeds to augment firewall rules• Pre-determined Managed Detection & Response plan
• Segmentation• Isolation & evaluation of HQ access needs
![Page 33: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/33.jpg)
3/24/2019 33
Basic Browsing with No Web Filter
Store Hostile
1. Look up name on DNS server2. DNS server returns IP address3. IP address is referenced4. Malware now on Computer
![Page 34: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/34.jpg)
3/24/2019 34
Browsing with Web Filter – Everything is checked
Store
Continuously Updated Threat Intel• Domain Reputation • IP Reputation • Indications of Compromise
1. Reliable DNS by WebFilter2. Phish site is resolved3. Access is blocked4. Alarm is raised
![Page 35: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/35.jpg)
3/24/2019 35
Important Web Filter Benefits
Restrict by Category
Explicitly Grant Access to Domains
![Page 36: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/36.jpg)
3/24/2019 36
Defend Business Browsing
Next Conexxus Webinar offers advice for people and process defense layer.
Physical – Lock the manager’s office!Perimeter Security
Web FilterIDS
SegmentationSegment away from Cardholder Data
![Page 37: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/37.jpg)
3/24/2019 37
Browsing Device Attack Vector
• The PCI DSS offers a great list of controls – implement them!
• Watch the upcoming Phishing Awareness Webinar• Phishing still a very common and effective vector
• Ask your IT department or network vendor• Can you divert all browsing to a webfilter ?
• How quickly can you detect/isolate an attack?
• What do you do (MDR) when something happens?
• Are all the browsing devices on a different segment than Cardholder data?
• Are you providing an IDS that notes anomalous network traffic?
![Page 38: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/38.jpg)
3/24/2019 38
Remote Access: Conexxus Resources
![Page 39: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/39.jpg)
3/24/2019 39
Why the concern about Remote Access?
• Because so many breaches happen this way
![Page 40: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/40.jpg)
3/24/2019 40
Famous breaches with a remote access vector
From ConexxusNovember 2016 Webinar
![Page 41: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/41.jpg)
3/24/2019 41
Huddle House Breached This Way In February
![Page 42: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/42.jpg)
3/24/2019 42
“Best Defense…No Be There”
If there is no vendor access, then vendor access cannot be a source of a breach.
Many PCI controls are relevant• Vendor Password Management [2,8] • How does a vendor do agent access control? [7]• Is there always-on access to the store? [12]
![Page 43: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/43.jpg)
3/24/2019 43
Defend Remote Access
People: rules for enabling remote accessPerimeter Security
IDSEphemeral Connections
SegmentationSegment away from Cardholder Data
Application Level Password management
![Page 44: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/44.jpg)
3/24/2019 44
Remote Access Attack Vector
• The PCI DSS offers a great list of controls –implement them!
• Ask your IT department or network vendor• Is there an AoC for the support center of vendors accessing critical data ?
• Can vendors access my stores from anywhere at will ?
• Do vendors have permanent or ephemeral remote access to my stores ?
• Can vendors initiate access to the store without our knowledge or permission ?
• Is all access by vendors logged ? How do I see the logs ?
• Will vendor access for support self-terminate ?
![Page 45: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/45.jpg)
3/24/2019 45
Summary
• Be an onion, not a box of bon-bons !
• Segment !
• Make sure you can visualize EVERYTHING attached to your network
• The PCI DSS is a great source of guidance to add layers of security
• Ask your IT department or vendors specific questions about the presence of controls.
![Page 46: Defense in Depth - conexxus.org · Defense in Depth (aka Layered Approach) “Defense in Depth” is the use of multiple computer security techniques to mitigate the risk of one component](https://reader034.fdocuments.net/reader034/viewer/2022050523/5fa6e5d17222271d0f608825/html5/thumbnails/46.jpg)
3/24/2019 46
Q&A