Understanding Your Attack Surface and Detecting & Mitigating External Threats
Download as PPTX, PDF2 likes1,134 views
The document discusses the importance of understanding and mitigating external threats to a company's digital footprint, which includes all external assets such as websites and applications. It outlines various cyber threats like phishing and malware attacks, and emphasizes proactive monitoring, response planning, and automated mitigation strategies to enhance security. In addition, the document details the roles of individual presenters and their expertise in cybersecurity.
Understanding Your Attack Surface and Detecting & Mitigating External Threats
- 1. ©2017 RiskIQ 1 YOU’RE AT WAR Understanding Your Digital Attack Surface and Mitigating External Threat Damage: The What, Why, How Ulf Mattsson CTO Security Solutions Atlantic Business Technologies ulf.mattsson@atlanticbt.com David Morris david.morris@morriscybersecurity.com Benjamin Powell Product Marketing Manager RISKIQ 1.888.415.4447
- 2. ©2017 RiskIQ 2 The Presenters
- 3. ©2017 RiskIQ 3 David Morris Thought Leader and Pioneer in the Cybersecurity space, Mr. Morris has founded, managed and advised several start-ups and later stage companies leading them to multi-million dollar revenues. His particular areas of technical expertise are: - Cryptography, Threat Intelligence, Third Party Risk Management, Biometric Systems, Penetration Tests and Vulnerability Assessments Currently Mr. Morris advises end-users, technology developers and investors in the area of Cybersecurity. david.morris@morriscybersecurity.com
- 4. ©2017 RiskIQ 4 Ulf Mattsson Inventor of more than 55 US Patents Industry Involvement: • PCI DDS - PCI Security Standards Council Encryption & Tokenization Task Forces, Cloud & Virtualization SIGs • IFIP - International Federation for Information Processing • CSA - Cloud Security Alliance • ANSI - American National Standards Institute ANSI X9 Tokenization Work Group • NIST - National Institute of Standards and Technology NIST Big Data Working Group • User Groups Security: ISACA & ISSA Databases: IBM & Oracle
- 5. ©2017 RiskIQ 5 Benjamin Powell Technical Marketing Manager at RiskIQ Skills & Competencies: Leadership, systems architecture, project management, staff development, professional services, pre and post-sales support, security architect & investigator, business development, problem resolution, communication skills, strategic planning, critical thinking, future focused, demand generation programs, partner marketing, and field marketing. Currently holds CEH 5
- 6. ©2017 RiskIQ 6 YOU’RE AT WAR Understanding Your Digital Attack Surface and Mitigating External Threat Damage: The What, Why, How Benjamin Powell Product Marketing Manager
- 7. ©2017 RiskIQ 7 What is your Digital Footprint? •Your digital footprint contains all of your external-facing assets •These include websites, servers, landing pages, web applications, and other assets put online (some of which were created outside official protocol and thus, unknown/unmanaged) •Without the knowledge and inventory of these assets by IT security teams, you can’t protect what you don’t know about –Shadow IT –Rogue developers, rogue marketing teams
- 8. ©2017 RiskIQ 8 What are blended attacks? Web Social Mobile • Domain infringement • Phishing • Brand abuse • Malware, exposed vulnerabilities • Phishing • Fake apps and rogue apps on third-party sites • Malware and compromise • Brand, exec imposters • Phishing • Scams and fraud
- 9. ©2017 RiskIQ 9 How easy is it to become a victim of a phishing campaign? Freeware Application for phishing •Free fully functioning phishing application framework. –Linux, Windows, and Mac versions available •Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pen-testers and businesses conduct real-world phishing simulations. For Educational Purposes Only
- 10. ©2017 RiskIQ 10 Real Email For Template In Phishing Attack Real Email Message View Source gophish Phish Email Template
- 11. ©2017 RiskIQ 11 Importing Targeted Landing Pages For Attack Targeted Website gophish Targeted Landing Gage for phish Attack
- 12. ©2017 RiskIQ 12 Phishing Campaign & Tracking Creating Phishing Campaign Tracking Phishing Campaign
- 13. ©2017 RiskIQ 13 How to get proactive in monitoring the internet for threats? • Know your digital footprint • Patch and update your internet-facing servers and assets often • Monitor & block newly observed domains • Monitor what websites are linking to your assets (host pairs) • Track your correspondence of security incidents outside of email inboxes so everyone knows what is happening at any given time.
- 14. ©2017 RiskIQ 14 Considerations in External Threat solutions • Automated discovery of assets in your digital footprint • Continuous monitoring of critical internet-facing assets • Reporting on risky infrastructure issues and potential vulnerabilities • Monitoring of the internet, mobile app stores, and social media for threats, impersonation, active attacks • Integrated, automated mitigation workflows with in-app correspondence tracking and audit trails • Dedicated support team to help with complicated threats
- 15. ©2017 RiskIQ 15 Security Incident Response Steps 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned Sample Incident Handling Forms https://www.sans.org/score/incident-forms
- 16. ©2017 RiskIQ 16 Common Attacks you should have a plan for • Domain infringement • Phishing attack • Fraudulent Social Media Profile • Malware being served from your website • Rogue mobile application • Website defacement • Vulnerable infrastructure • Web Compliance • Ransomware
- 17. ©2017 RiskIQ 17 Lessons Learned 1. Create security incident response plans. 2. Practice your security incident response plans. 3. Use tools, services, or both that make your organization proactive in facing external threats. 4. Communication is key in handling security incidents. 5. Mitigate threats immediately by utilizing global black listing services with Google, Microsoft (95% of worlds browsers). 6. Learn from your drills and real incidents to become better and more proactive.
- 18. ©2017 RiskIQ 18 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain (Typosquatting) ? –riskiq.om –risciq.com –risk-iq.com Yes or No? Answer: No
- 19. ©2017 RiskIQ 19 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain? –riskiq.om –risciq.com –risk-iq.com •Now the domain has your logos on the website. Yes or No? Answer: Yes
- 20. ©2017 RiskIQ 20 Domain Infringement? •A domain that has the same spelling and a different Top Level Domain? –riskiq.om –risciq.com –risk-iq.com •Now the domain has your logos on the website. •Now the domain has a login page just like your real site. Yes or No? Answer: Yes, but it now a potential phishing attack as well
- 21. ©2017 RiskIQ 21 Recently Seen Rogue Mobile App Scenarios •You have a mobile application on the Google Play Store and Apple iTunes. –You Charge $0 and it is free for everyone. –Threat actors down load your free application and upload it to one of the other 178 different app store around the world. –They state it is new and improved and charge $1.00
- 22. ©2017 RiskIQ 22 RISKIQ Community Edition https://community.riskiq.com
- 24. ©2017 RiskIQ 24 Security Tools for DevOps Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Fuzz testing is essentially throwing lots of random garbage Vulnerability Analysis Runtime Application Self Protection (RASP) Interactive Application Self- Testing (IAST)
- 25. ©2017 RiskIQ 25 Security Metrics from DevOps # Vulnerabilities Time
- 26. ©2017 RiskIQ 26 Generating Key Security Metrics # Vulnerabilities Time
- 27. ©2017 RiskIQ 27
- 28. ©2017 RiskIQ 28 Atlantic BT Application Security Solutions •Data Security. We map the flow of data across your digital footprint, applications environment, library framework, source code, and storage to pinpoint risks before they turn into attacks. •Secure Hosting. We create dynamic, cloud-based environments with inside-out security controls to protect your systems and storage from attacks and other service disruptions. •Application Security. We practice “secure by design” discipline in our software development. This protects your custom applications by automating secure coding standards and automation in testing at every step. •Active Application Monitoring and Vulnerability Management. We can monitor your systems, applications, and digital interactions for threats and ongoing security process improvements. https://www.atlanticbt.com/services/cybersecurity/
- 29. ©2017 RiskIQ 29 Thank you! Ulf Mattsson CTO Security Solutions Atlantic Business Technologies ulf.mattsson@atlanticbt.com David Morris david.morris@morriscybersecurity.com Benjamin Powell Product Marketing Manager RISKIQ 1.888.415.4447