SlideShare a Scribd company logo

Understanding Your Attack Surface and Detecting & Mitigating External Threats

Download as PPTX, PDF
Ulf Mattsson
Ulf Mattsson

Understanding Your Attack Surface and Detecting & Mitigating External Threats Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how. Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How: What is a Digital Footprint? Breakdown of External Threats (Social, Mobile, Web) What are blended attacks? What is actually being targeting at your company? How are your brands, customers, and employees being attack outside of your company? How to become proactive in threat monitoring on the internet? Considerations in External Threat solutions Threat correspondence tracking considerations Is legal cease and desist letters adequate in stopping attacks? Examination of a phishing attack campaign How phishing kits work Analysis and lesson learned from recent published attacks What are the most important capability in a digital risk monitoring solution?

Related slideshows

Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
1 of 29
©2017 RiskIQ 1 YOU’RE AT WAR Understanding Your Digital Attack Surface and Mitigating External Threat Damage: The What, Why, How Ulf Mattsson CTO Security Solutions Atlantic Business Technologies ulf.mattsson@atlanticbt.com David Morris david.morris@morriscybersecurity.com Benjamin Powell Product Marketing Manager RISKIQ 1.888.415.4447
©2017 RiskIQ 2 The Presenters
©2017 RiskIQ 3 David Morris Thought Leader and Pioneer in the Cybersecurity space, Mr. Morris has founded, managed and advised several start-ups and later stage companies leading them to multi-million dollar revenues. His particular areas of technical expertise are: - Cryptography, Threat Intelligence, Third Party Risk Management, Biometric Systems, Penetration Tests and Vulnerability Assessments Currently Mr. Morris advises end-users, technology developers and investors in the area of Cybersecurity. david.morris@morriscybersecurity.com
©2017 RiskIQ 4 Ulf Mattsson Inventor of more than 55 US Patents Industry Involvement: • PCI DDS - PCI Security Standards Council Encryption & Tokenization Task Forces, Cloud & Virtualization SIGs • IFIP - International Federation for Information Processing • CSA - Cloud Security Alliance • ANSI - American National Standards Institute ANSI X9 Tokenization Work Group • NIST - National Institute of Standards and Technology NIST Big Data Working Group • User Groups Security: ISACA & ISSA Databases: IBM & Oracle
©2017 RiskIQ 5 Benjamin Powell Technical Marketing Manager at RiskIQ Skills & Competencies: Leadership, systems architecture, project management, staff development, professional services, pre and post-sales support, security architect & investigator, business development, problem resolution, communication skills, strategic planning, critical thinking, future focused, demand generation programs, partner marketing, and field marketing. Currently holds CEH 5
©2017 RiskIQ 6 YOU’RE AT WAR Understanding Your Digital Attack Surface and Mitigating External Threat Damage: The What, Why, How Benjamin Powell Product Marketing Manager
©2017 RiskIQ 7 What is your Digital Footprint? •Your digital footprint contains all of your external-facing assets •These include websites, servers, landing pages, web applications, and other assets put online (some of which were created outside official protocol and thus, unknown/unmanaged) •Without the knowledge and inventory of these assets by IT security teams, you can’t protect what you don’t know about ���Shadow IT –Rogue developers, rogue marketing teams
©2017 RiskIQ 8 What are blended attacks? Web Social Mobile • Domain infringement • Phishing • Brand abuse • Malware, exposed vulnerabilities • Phishing • Fake apps and rogue apps on third-party sites • Malware and compromise • Brand, exec imposters • Phishing • Scams and fraud
©2017 RiskIQ 9 How easy is it to become a victim of a phishing campaign? Freeware Application for phishing •Free fully functioning phishing application framework. –Linux, Windows, and Mac versions available •Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pen-testers and businesses conduct real-world phishing simulations. For Educational Purposes Only
©2017 RiskIQ 10 Real Email For Template In Phishing Attack Real Email Message View Source gophish Phish Email Template
©2017 RiskIQ 11 Importing Targeted Landing Pages For Attack Targeted Website gophish Targeted Landing Gage for phish Attack
©2017 RiskIQ 12 Phishing Campaign & Tracking Creating Phishing Campaign Tracking Phishing Campaign
©2017 RiskIQ 13 How to get proactive in monitoring the internet for threats? • Know your digital footprint • Patch and update your internet-facing servers and assets often • Monitor & block newly observed domains • Monitor what websites are linking to your assets (host pairs) • Track your correspondence of security incidents outside of email inboxes so everyone knows what is happening at any given time.
©2017 RiskIQ 14 Considerations in External Threat solutions • Automated discovery of assets in your digital footprint • Continuous monitoring of critical internet-facing assets • Reporting on risky infrastructure issues and potential vulnerabilities • Monitoring of the internet, mobile app stores, and social media for threats, impersonation, active attacks • Integrated, automated mitigation workflows with in-app correspondence tracking and audit trails • Dedicated support team to help with complicated threats
©2017 RiskIQ 15 Security Incident Response Steps 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned Sample Incident Handling Forms https://www.sans.org/score/incident-forms
©2017 RiskIQ 16 Common Attacks you should have a plan for • Domain infringement • Phishing attack • Fraudulent Social Media Profile • Malware being served from your website • Rogue mobile application • Website defacement • Vulnerable infrastructure • Web Compliance • Ransomware
©2017 RiskIQ 17 Lessons Learned 1. Create security incident response plans. 2. Practice your security incident response plans. 3. Use tools, services, or both that make your organization proactive in facing external threats. 4. Communication is key in handling security incidents. 5. Mitigate threats immediately by utilizing global black listing services with Google, Microsoft (95% of worlds browsers). 6. Learn from your drills and real incidents to become better and more proactive.
©2017 RiskIQ 18 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain (Typosquatting) ? –riskiq.om –risciq.com –risk-iq.com Yes or No? Answer: No
©2017 RiskIQ 19 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain? –riskiq.om –risciq.com –risk-iq.com •Now the domain has your logos on the website. Yes or No? Answer: Yes
©2017 RiskIQ 20 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain? –riskiq.om –risciq.com –risk-iq.com •Now the domain has your logos on the website. •Now the domain has a login page just like your real site. Yes or No? Answer: Yes, but it now a potential phishing attack as well
©2017 RiskIQ 21 Recently Seen Rogue Mobile App Scenarios •You have a mobile application on the Google Play Store and Apple iTunes. –You Charge $0 and it is free for everyone. –Threat actors down load your free application and upload it to one of the other 178 different app store around the world. –They state it is new and improved and charge $1.00
©2017 RiskIQ 22 RISKIQ Community Edition https://community.riskiq.com
©2017 RiskIQ 23 SecDevOps
©2017 RiskIQ 24 Security Tools for DevOps Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Fuzz testing is essentially throwing lots of random garbage Vulnerability Analysis Runtime Application Self Protection (RASP) Interactive Application Self- Testing (IAST)
©2017 RiskIQ 25 Security Metrics from DevOps # Vulnerabilities Time
©2017 RiskIQ 26 Generating Key Security Metrics # Vulnerabilities Time
©2017 RiskIQ 27
©2017 RiskIQ 28 Atlantic BT Application Security Solutions •Data Security. We map the flow of data across your digital footprint, applications environment, library framework, source code, and storage to pinpoint risks before they turn into attacks. •Secure Hosting. We create dynamic, cloud-based environments with inside-out security controls to protect your systems and storage from attacks and other service disruptions. •Application Security. We practice “secure by design” discipline in our software development. This protects your custom applications by automating secure coding standards and automation in testing at every step. •Active Application Monitoring and Vulnerability Management. We can monitor your systems, applications, and digital interactions for threats and ongoing security process improvements. https://www.atlanticbt.com/services/cybersecurity/
©2017 RiskIQ 29 Thank you! Ulf Mattsson CTO Security Solutions Atlantic Business Technologies ulf.mattsson@atlanticbt.com David Morris david.morris@morriscybersecurity.com Benjamin Powell Product Marketing Manager RISKIQ 1.888.415.4447

More Related Content

Understanding Your Attack Surface and Detecting & Mitigating External Threats

  • 1. ©2017 RiskIQ 1 YOU’RE AT WAR Understanding Your Digital Attack Surface and Mitigating External Threat Damage: The What, Why, How Ulf Mattsson CTO Security Solutions Atlantic Business Technologies ulf.mattsson@atlanticbt.com David Morris david.morris@morriscybersecurity.com Benjamin Powell Product Marketing Manager RISKIQ 1.888.415.4447
  • 2. ©2017 RiskIQ 2 The Presenters
  • 3. ©2017 RiskIQ 3 David Morris Thought Leader and Pioneer in the Cybersecurity space, Mr. Morris has founded, managed and advised several start-ups and later stage companies leading them to multi-million dollar revenues. His particular areas of technical expertise are: - Cryptography, Threat Intelligence, Third Party Risk Management, Biometric Systems, Penetration Tests and Vulnerability Assessments Currently Mr. Morris advises end-users, technology developers and investors in the area of Cybersecurity. david.morris@morriscybersecurity.com
  • 4. ©2017 RiskIQ 4 Ulf Mattsson Inventor of more than 55 US Patents Industry Involvement: • PCI DDS - PCI Security Standards Council Encryption & Tokenization Task Forces, Cloud & Virtualization SIGs • IFIP - International Federation for Information Processing • CSA - Cloud Security Alliance • ANSI - American National Standards Institute ANSI X9 Tokenization Work Group • NIST - National Institute of Standards and Technology NIST Big Data Working Group • User Groups Security: ISACA & ISSA Databases: IBM & Oracle
  • 5. ©2017 RiskIQ 5 Benjamin Powell Technical Marketing Manager at RiskIQ Skills & Competencies: Leadership, systems architecture, project management, staff development, professional services, pre and post-sales support, security architect & investigator, business development, problem resolution, communication skills, strategic planning, critical thinking, future focused, demand generation programs, partner marketing, and field marketing. Currently holds CEH 5
  • 6. ©2017 RiskIQ 6 YOU’RE AT WAR Understanding Your Digital Attack Surface and Mitigating External Threat Damage: The What, Why, How Benjamin Powell Product Marketing Manager
  • 7. ©2017 RiskIQ 7 What is your Digital Footprint? •Your digital footprint contains all of your external-facing assets •These include websites, servers, landing pages, web applications, and other assets put online (some of which were created outside official protocol and thus, unknown/unmanaged) •Without the knowledge and inventory of these assets by IT security teams, you can’t protect what you don’t know about –Shadow IT –Rogue developers, rogue marketing teams
  • 8. ©2017 RiskIQ 8 What are blended attacks? Web Social Mobile • Domain infringement • Phishing • Brand abuse • Malware, exposed vulnerabilities • Phishing • Fake apps and rogue apps on third-party sites • Malware and compromise • Brand, exec imposters • Phishing • Scams and fraud
  • 9. ©2017 RiskIQ 9 How easy is it to become a victim of a phishing campaign? Freeware Application for phishing •Free fully functioning phishing application framework. –Linux, Windows, and Mac versions available •Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pen-testers and businesses conduct real-world phishing simulations. For Educational Purposes Only
  • 10. ©2017 RiskIQ 10 Real Email For Template In Phishing Attack Real Email Message View Source gophish Phish Email Template
  • 11. ©2017 RiskIQ 11 Importing Targeted Landing Pages For Attack Targeted Website gophish Targeted Landing Gage for phish Attack
  • 12. ©2017 RiskIQ 12 Phishing Campaign & Tracking Creating Phishing Campaign Tracking Phishing Campaign
  • 13. ©2017 RiskIQ 13 How to get proactive in monitoring the internet for threats? • Know your digital footprint • Patch and update your internet-facing servers and assets often • Monitor & block newly observed domains • Monitor what websites are linking to your assets (host pairs) • Track your correspondence of security incidents outside of email inboxes so everyone knows what is happening at any given time.
  • 14. ©2017 RiskIQ 14 Considerations in External Threat solutions • Automated discovery of assets in your digital footprint • Continuous monitoring of critical internet-facing assets • Reporting on risky infrastructure issues and potential vulnerabilities • Monitoring of the internet, mobile app stores, and social media for threats, impersonation, active attacks • Integrated, automated mitigation workflows with in-app correspondence tracking and audit trails • Dedicated support team to help with complicated threats
  • 15. ©2017 RiskIQ 15 Security Incident Response Steps 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned Sample Incident Handling Forms https://www.sans.org/score/incident-forms
  • 16. ©2017 RiskIQ 16 Common Attacks you should have a plan for • Domain infringement • Phishing attack • Fraudulent Social Media Profile • Malware being served from your website • Rogue mobile application • Website defacement • Vulnerable infrastructure • Web Compliance • Ransomware
  • 17. ©2017 RiskIQ 17 Lessons Learned 1. Create security incident response plans. 2. Practice your security incident response plans. 3. Use tools, services, or both that make your organization proactive in facing external threats. 4. Communication is key in handling security incidents. 5. Mitigate threats immediately by utilizing global black listing services with Google, Microsoft (95% of worlds browsers). 6. Learn from your drills and real incidents to become better and more proactive.
  • 18. ©2017 RiskIQ 18 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain (Typosquatting) ? –riskiq.om –risciq.com –risk-iq.com Yes or No? Answer: No
  • 19. ©2017 RiskIQ 19 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain? –riskiq.om –risciq.com –risk-iq.com •Now the domain has your logos on the website. Yes or No? Answer: Yes
  • 20. ©2017 RiskIQ 20 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain? –riskiq.om –risciq.com –risk-iq.com •Now the domain has your logos on the website. •Now the domain has a login page just like your real site. Yes or No? Answer: Yes, but it now a potential phishing attack as well
  • 21. ©2017 RiskIQ 21 Recently Seen Rogue Mobile App Scenarios •You have a mobile application on the Google Play Store and Apple iTunes. –You Charge $0 and it is free for everyone. –Threat actors down load your free application and upload it to one of the other 178 different app store around the world. –They state it is new and improved and charge $1.00
  • 22. ©2017 RiskIQ 22 RISKIQ Community Edition https://community.riskiq.com
  • 24. ©2017 RiskIQ 24 Security Tools for DevOps Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Fuzz testing is essentially throwing lots of random garbage Vulnerability Analysis Runtime Application Self Protection (RASP) Interactive Application Self- Testing (IAST)
  • 25. ©2017 RiskIQ 25 Security Metrics from DevOps # Vulnerabilities Time
  • 26. ©2017 RiskIQ 26 Generating Key Security Metrics # Vulnerabilities Time
  • 28. ©2017 RiskIQ 28 Atlantic BT Application Security Solutions •Data Security. We map the flow of data across your digital footprint, applications environment, library framework, source code, and storage to pinpoint risks before they turn into attacks. •Secure Hosting. We create dynamic, cloud-based environments with inside-out security controls to protect your systems and storage from attacks and other service disruptions. •Application Security. We practice “secure by design” discipline in our software development. This protects your custom applications by automating secure coding standards and automation in testing at every step. •Active Application Monitoring and Vulnerability Management. We can monitor your systems, applications, and digital interactions for threats and ongoing security process improvements. https://www.atlanticbt.com/services/cybersecurity/
  • 29. ©2017 RiskIQ 29 Thank you! Ulf Mattsson CTO Security Solutions Atlantic Business Technologies ulf.mattsson@atlanticbt.com David Morris david.morris@morriscybersecurity.com Benjamin Powell Product Marketing Manager RISKIQ 1.888.415.4447