SlideShare a Scribd company logo

The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk

BeyondTrust
BeyondTrust

In this presentation from their joint webinar, security experts and trainers at CQURE, Greg Tworek and Mike Jankowski-Lorek, help you put on your hacker cap to better identify dangerous vulnerabilities, strengthen your systems, and STOP the data breaches that litter the news sites today. They will also demonstrate how to exploit systems and how (from the hacker perspective) this can be proactively mitigated. Catch the full on-demand webinar here: https://www.beyondtrust.com/resources/webinar/hackers-playbook-think-like-cybercriminal-reduce-risk/?access_code=de936e36f25bb91acaae7593959af3c1

Related slideshows

No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...The role of big data, artificial intelligence and machine learning in cyber i...
The role of big data, artificial intelligence and machine learning in cyber i...
 
1 of 45
Download to read offline
The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk @paulacqure @CQUREAcademy CONSULTING Greg Tworek CQURE Consulting: Director CQURE Academy: Trainer Mike Jankowski - Lorek CQURE: Cloud Solutions & Machine Learning Expert CQURE Academy: Trainer
What does CQURE Team do? Consulting services  High quality penetration tests with useful reports Applications Websites External services (edge) Internal services + configuration reviews  Incident response emergency services – immediate reaction!  Security architecture and design advisory  Forensics investigation  Security awareness For management and employees info@cqure.us Trainings  Security Awareness trainings for executives  CQURE Academy: over 40 advanced security trainings for IT Teams  Certificates and exams  Delivered all around the world only by a CQURE Team: training authors
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
by Paula Januszkiewicz Discounts for Beyond Trust webinar attendees! Interested? Drop us quick email at: info@cqure.us More info: https://cqureacademy.com/trainings
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
Agenda
According to the industry’s statistics, by 2019 the market will need 6 mln security professionals. But only 4 to 5 million of them will have the needed qualifications. *Source: Financial Times
Awareness >> Behavior >> Culture must aim for a responsible security culture.
And here come statistics…
I know the traffic rules…. Awareness comes with experience I know the traffic rules….
Does it guarantee that I am a good driver? Behavior comes with awareness
Culture comes with understanding Did you know that one of the main reasons for information loss are…
7 Security Issues that should not happen in 2018
Here comes the 1st issue…
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
Question: Is this a phishing email? Answer on the next page…
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
Reason 1: Security is both a Reality and Feeling For End User Security is a feeling Success lies in influencing the “feeling” of security
Reason 2: Not every attack(er) is that smart Control efficiency Risk severity/ Attacker Smartness/ Attack Efficiency Technology & Processes Awareness & Competence Automatic security controls – AV, Updates Technology + Human – Firewall configuration, Choosing a secure Wifi Human – Recognizing a zero day attack, Phishing mails, Not posting business information in social media The very smart attacker 1 2 3 4 People exaggerate risks that are spectacular or uncommon
Technology…yes, but humans… of course! Aircrafts have become more advanced, but does it mean that pilot training requirements have reduced? Medical technology has become more advanced, but will you choose a hospital for it’s machines or the doctors?
Agenda
Summary: Introducing 12 Skills Understanding is the key to security Continuous vulnerability discovery Context-Aware Analysis Prioritization Remediation and Tracking Configuration reviews Put on the Hacker’s Shoes Prevention is the key to success
#1 Skill: Machine Learning for Threat Protection Implementation of the process execution prevention (AppLocker etc.) #2A Skill: Incident Response Plan #2B Skill: Malware Analysis Sandbox #3 Skill: Whitelisting #4 Skill: Privileged Access Management (+password management) #5 Skill: Working PKI Implementation #6 Skill: Hardware-based Credentials Protection 1 - 6
#7 Skill: PowerShell Level Master #8 Skill: Learn How to Talk Security to Employees #9 Skill: Event Tracing For Windows #10 Skill: Log Centralization #11 Skill: Mastered Newest Technologies (example: Windows 10 solutions) #12 Skill: Testing Yourself When You Can 7 - 12
Additional Resources Websites Ars Technica The Register The Hacker News Dark Reading Krebs on Security Computer World Threat Post Beta News Tech News World Tech Crunch ZDNetSecurity Affairs Computer Weekly Network World SC Magazine Wired Schneier on Security
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
by Paula Januszkiewicz Discounts for Beyond Trust webinar attendees! Interested? Drop us quick email at: info@cqure.us More info: https://cqureacademy.com/trainings
BeyondTrust Overview Privileged Access Management Vulnerability Management Threat & Behavioral Analytics
BeyondTrust delivers cyber security software that keeps the most powerful users and assets in an organization under control so there is less risk from a data breach. Our platform unifies the most effective technologies for addressing internal and external risk: Privileged Access Management Vulnerability Management Threat & Behavioral Analytics
Privilege abuse was behind 81% of insider misuse incidents. Source: Verizon 2017 Data Breach Investigations Report INSIDER THREATS • Excessive privileges • Unmanaged passwords • Accounts hijacked by attackers
In 75% of cases, attackers compromised the organization from outside and within minutes. Source: Verizon 2015 Data Breach Investigations Report EXTERNAL HACKING • Nation states • Crime rings • Hactivists
Average time to discover an attacker has breached a system: 256 days Source: Ponemon and IBM, “2015 Cost of Data Breach Study: Global Analysis” HIDDEN THREATS • Users & assets demonstrating risky behavior • Disparate evidence buried in data feeds • Advanced Persistent Threats
EMPLOYEES AND OTHER INSIDERS HAVE UNNECESSARY ACCESS Employees, vendors and other insiders are often given excessive access to systems and data – and that access can go unmonitored. Source: Verizon 2017 Data Breach Investigations Report 88% of cases, attackers compromise an organization using definable patterns established as early as 2014
Privilege abuse was behind 81% of insider misuse incidents. Source: Verizon 2017 Data Breach Investigations Report CREDENTIALS ARE SHARED AND UNMANAGED Passwords are created and shared, but aren’t audited, monitored or managed with discipline or accountability.
IT ASSETS COMMUNICATE UNCHECKED Desktops, laptops, servers and applications communicate and open paths to sensitive assets and data. Source: Verizon 2015 Data Breach Investigations Report 99% of successful attacks leverage known vulnerabilities
• Attackers look to exploit a user or system • Subsequently seek users with elevated credentials • Excessive Privileges • Unmanaged Passwords • Accounts Hijacked by Attackers External Hacking Insider Threats • Increasing frequency & sophistication • Users & assets demonstrating risky behavior • Disparate evidence buried in data feeds Hidden Threats Threats • Discover, manage and monitor all privileged accounts and SSH keys • Enforce least privilege across all Windows and Mac endpoints • Gain control and visibility over Privileged Activities • Dynamically adjust access policies based on user and asset risk • Aggregate users & asset data to centrally baseline and track behavior • Correlate diverse asset, user and threat activity to reveal critical risks • Identify potential malware threats buried in asset activity data • Notify BeyondTrust and Partner solutions of suspect activities Vulnerability Management Threat Analytics • Discover network, web, mobile, cloud and virtual infrastructure • Remediate vulnerabilities through prescriptive reporting • Protect endpoints against client-side attacks Privileged Access Management Asset and Privilege Vulnerabilities BeyondInsight Delivery 1 Reconnaissance 3 5 Installation 7 Action on Objectives 6Command & Control (C2) 4Exploitation 2 Weaponization Sample Kill Chain BeyondTrust Strategic Portfolio
RETINA VULNERABILITY MANAGEMENT POWERBROKER PRIVILEGED ACCOUNT MANAGEMENT PRIVILEGE MANAGEMENT ACTIVE DIRECTORY BRIDGING PRIVLEGED PASSWORD MANAGEMENT AUDITING & PROTECTION ENTERPRISE VULNERABILITY MANAGEMENT BEYONDSAAS CLOUD-BASED SCANNING NETWORK SECURITY SCANNER WEB SECURITY SCANNER BEYONDINSIGHT CLARITY THREAT ANALYTICS BEYONDINSIGHT IT RISK MANAGEMENT PLATFORM EXTENSIVE REPORTING CENTRAL DATA WAREHOUSE ASSET DISCOVERY ASSET PROFILING ASSET SMART GROUPS USER MANAGEMENT WORKFLOW & NOTIFICATION THIRD-PARTY INTEGRATION
Quick Poll + Q&A Thank you for attending today’s webinar!

More Related Content

The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk

  • 1. The Hacker Playbook: How to Think Like a Cybercriminal to Reduce Risk @paulacqure @CQUREAcademy CONSULTING Greg Tworek CQURE Consulting: Director CQURE Academy: Trainer Mike Jankowski - Lorek CQURE: Cloud Solutions & Machine Learning Expert CQURE Academy: Trainer
  • 2. What does CQURE Team do? Consulting services  High quality penetration tests with useful reports Applications Websites External services (edge) Internal services + configuration reviews  Incident response emergency services – immediate reaction!  Security architecture and design advisory  Forensics investigation  Security awareness For management and employees info@cqure.us Trainings  Security Awareness trainings for executives  CQURE Academy: over 40 advanced security trainings for IT Teams  Certificates and exams  Delivered all around the world only by a CQURE Team: training authors
  • 4. by Paula Januszkiewicz Discounts for Beyond Trust webinar attendees! Interested? Drop us quick email at: info@cqure.us More info: https://cqureacademy.com/trainings
  • 8. According to the industry’s statistics, by 2019 the market will need 6 mln security professionals. But only 4 to 5 million of them will have the needed qualifications. *Source: Financial Times
  • 9. Awareness >> Behavior >> Culture must aim for a responsible security culture.
  • 10. And here come statistics…
  • 11. I know the traffic rules…. Awareness comes with experience I know the traffic rules….
  • 12. Does it guarantee that I am a good driver? Behavior comes with awareness
  • 13. Culture comes with understanding Did you know that one of the main reasons for information loss are…
  • 14. 7 Security Issues that should not happen in 2018
  • 15. Here comes the 1st issue…
  • 19. Question: Is this a phishing email? Answer on the next page…
  • 24. Reason 1: Security is both a Reality and Feeling For End User Security is a feeling Success lies in influencing the “feeling” of security
  • 25. Reason 2: Not every attack(er) is that smart Control efficiency Risk severity/ Attacker Smartness/ Attack Efficiency Technology & Processes Awareness & Competence Automatic security controls – AV, Updates Technology + Human – Firewall configuration, Choosing a secure Wifi Human – Recognizing a zero day attack, Phishing mails, Not posting business information in social media The very smart attacker 1 2 3 4 People exaggerate risks that are spectacular or uncommon
  • 26. Technology…yes, but humans… of course! Aircrafts have become more advanced, but does it mean that pilot training requirements have reduced? Medical technology has become more advanced, but will you choose a hospital for it’s machines or the doctors?
  • 28. Summary: Introducing 12 Skills Understanding is the key to security Continuous vulnerability discovery Context-Aware Analysis Prioritization Remediation and Tracking Configuration reviews Put on the Hacker’s Shoes Prevention is the key to success
  • 29. #1 Skill: Machine Learning for Threat Protection Implementation of the process execution prevention (AppLocker etc.) #2A Skill: Incident Response Plan #2B Skill: Malware Analysis Sandbox #3 Skill: Whitelisting #4 Skill: Privileged Access Management (+password management) #5 Skill: Working PKI Implementation #6 Skill: Hardware-based Credentials Protection 1 - 6
  • 30. #7 Skill: PowerShell Level Master #8 Skill: Learn How to Talk Security to Employees #9 Skill: Event Tracing For Windows #10 Skill: Log Centralization #11 Skill: Mastered Newest Technologies (example: Windows 10 solutions) #12 Skill: Testing Yourself When You Can 7 - 12
  • 31. Additional Resources Websites Ars Technica The Register The Hacker News Dark Reading Krebs on Security Computer World Threat Post Beta News Tech News World Tech Crunch ZDNetSecurity Affairs Computer Weekly Network World SC Magazine Wired Schneier on Security
  • 34. by Paula Januszkiewicz Discounts for Beyond Trust webinar attendees! Interested? Drop us quick email at: info@cqure.us More info: https://cqureacademy.com/trainings
  • 35. BeyondTrust Overview Privileged Access Management Vulnerability Management Threat & Behavioral Analytics
  • 36. BeyondTrust delivers cyber security software that keeps the most powerful users and assets in an organization under control so there is less risk from a data breach. Our platform unifies the most effective technologies for addressing internal and external risk: Privileged Access Management Vulnerability Management Threat & Behavioral Analytics
  • 37. Privilege abuse was behind 81% of insider misuse incidents. Source: Verizon 2017 Data Breach Investigations Report INSIDER THREATS • Excessive privileges • Unmanaged passwords • Accounts hijacked by attackers
  • 38. In 75% of cases, attackers compromised the organization from outside and within minutes. Source: Verizon 2015 Data Breach Investigations Report EXTERNAL HACKING • Nation states • Crime rings • Hactivists
  • 39. Average time to discover an attacker has breached a system: 256 days Source: Ponemon and IBM, “2015 Cost of Data Breach Study: Global Analysis” HIDDEN THREATS • Users & assets demonstrating risky behavior • Disparate evidence buried in data feeds • Advanced Persistent Threats
  • 40. EMPLOYEES AND OTHER INSIDERS HAVE UNNECESSARY ACCESS Employees, vendors and other insiders are often given excessive access to systems and data – and that access can go unmonitored. Source: Verizon 2017 Data Breach Investigations Report 88% of cases, attackers compromise an organization using definable patterns established as early as 2014
  • 41. Privilege abuse was behind 81% of insider misuse incidents. Source: Verizon 2017 Data Breach Investigations Report CREDENTIALS ARE SHARED AND UNMANAGED Passwords are created and shared, but aren’t audited, monitored or managed with discipline or accountability.
  • 42. IT ASSETS COMMUNICATE UNCHECKED Desktops, laptops, servers and applications communicate and open paths to sensitive assets and data. Source: Verizon 2015 Data Breach Investigations Report 99% of successful attacks leverage known vulnerabilities
  • 43. • Attackers look to exploit a user or system • Subsequently seek users with elevated credentials • Excessive Privileges • Unmanaged Passwords • Accounts Hijacked by Attackers External Hacking Insider Threats • Increasing frequency & sophistication • Users & assets demonstrating risky behavior • Disparate evidence buried in data feeds Hidden Threats Threats • Discover, manage and monitor all privileged accounts and SSH keys • Enforce least privilege across all Windows and Mac endpoints • Gain control and visibility over Privileged Activities • Dynamically adjust access policies based on user and asset risk • Aggregate users & asset data to centrally baseline and track behavior • Correlate diverse asset, user and threat activity to reveal critical risks • Identify potential malware threats buried in asset activity data • Notify BeyondTrust and Partner solutions of suspect activities Vulnerability Management Threat Analytics • Discover network, web, mobile, cloud and virtual infrastructure • Remediate vulnerabilities through prescriptive reporting • Protect endpoints against client-side attacks Privileged Access Management Asset and Privilege Vulnerabilities BeyondInsight Delivery 1 Reconnaissance 3 5 Installation 7 Action on Objectives 6Command & Control (C2) 4Exploitation 2 Weaponization Sample Kill Chain BeyondTrust Strategic Portfolio
  • 44. RETINA VULNERABILITY MANAGEMENT POWERBROKER PRIVILEGED ACCOUNT MANAGEMENT PRIVILEGE MANAGEMENT ACTIVE DIRECTORY BRIDGING PRIVLEGED PASSWORD MANAGEMENT AUDITING & PROTECTION ENTERPRISE VULNERABILITY MANAGEMENT BEYONDSAAS CLOUD-BASED SCANNING NETWORK SECURITY SCANNER WEB SECURITY SCANNER BEYONDINSIGHT CLARITY THREAT ANALYTICS BEYONDINSIGHT IT RISK MANAGEMENT PLATFORM EXTENSIVE REPORTING CENTRAL DATA WAREHOUSE ASSET DISCOVERY ASSET PROFILING ASSET SMART GROUPS USER MANAGEMENT WORKFLOW & NOTIFICATION THIRD-PARTY INTEGRATION
  • 45. Quick Poll + Q&A Thank you for attending today’s webinar!