Presentation is loading. Please wait.

Presentation is loading. Please wait.

Art of Stepping on the Same Rake, Volume 2

Published byKimberly Franklin Modified over 6 years ago

Similar presentations

Presentation on theme: "Art of Stepping on the Same Rake, Volume 2"— Presentation transcript:

1 Art of Stepping on the Same Rake, Volume 2
Hold Security, LLC Alex Holden, CISSP Chief Information Security Officer @HoldSecurity

2 WHO AM I AND WHY AM I HERE? Hold Security Threat Intelligence Program
5,000,000,000 stolen credentials recovered 2,000,000 site breaches identified Thousands of breaches prevented Adobe System Breach 2013 Target Brands Breach 2013 JP Morgan Chase breach 2014 Yahoo! Breach insights Insights into 60% of major security breaches since 2009

3 ABOUT ME 10 years CISO in a major brokerage firm
Security researcher and bug hunter Pen tester and auditor Hacker Hunter

4 CURRENT DEFENSES Policies / Regulations End-User Protection Anti-Virus
Server Defenses Spam Control Network Perimeter Firewalls IDS/IPS DLP Logging and Monitoring Awareness

5 WITH ALL THESE DEFENSES ARE YOU PROTECTED FROM THEM?

6 Defamation and Reputation Loss Stolen Secrets Stolen Data Availability
WHAT IS A THREAT TO YOU? Defamation and Reputation Loss Stolen Secrets Stolen Data Availability

7 PERIMETER – WHO KEEPS MOVING THE CHALK OUTLINE?
Brick and Mortar Cloud Vendors/Partners Employees Customers

8 INSIDE THE HACKER’S MIND
Exploit Infect Explore Abuse Profit

9 EXTORTION

10 WHAT ABOUT ANTI VIRUS? (This screenshot has been altered for viewing purposes)

11 Virtual Carding Basics
LEARN TO BE A HACKER Carding University Virtual Carding Basics Hacker University Job After Graduation Professor’s Insight

12 BLACK MARKETS ECONOMICS
Supply and Demand Respect and order amongst the thieves Destroying the competition

13 IDENTIFYING VIABLE THREATS
What is a Cyber Threat to You? Who Decides Which Threat is Viable? Do I Need to Have a Breach to React? Threats Hiding in Plain Sight

14 POSITIVE AND NEGATIVE BEHAVIOR MODELS
Stopping Malicious Attempts Fitting Detection Model Heuristics Model Lists of Bad Things

15 POSITIVE BEHAVIOR REWARDED
All Sins Forgiven Stolen Credentials Symbionts

16 ANONYMITY Hiding = blending in Sophistication and ease of use

17 WHAT DO HACKERS THINK ABOUT OUR DEFENSES?
Don’t Read Your Disclaimers, Security Statements, or Your Audit Reports Don’t Care That You Can’t Patch Your Mission Critical System Today Don’t Get Discouraged If Your Firewall Rejected Their First Access Attempt

18 CREDENTIALS Topic of the day – Mega Breaches
Infinite keys to a plethora of keyholes End-user re-education Authentication - Something you know - Something you have - Something you are

19 DEFENSE Learn about your enemy Tune your defenses toward the threat
- Fantasy Football Tune your defenses toward the threat Fortify against hackers NOT auditors Make yourself an unattractive target

20 Viruses 0days Credentials
DEFENSE 101 Viruses 0days Credentials Misconfigurations

21 CONCLUSIONS Hackers are winning We are improving
Information stolen today may be abused today and in 2025 Defense is easy

22 aholden@HoldSecurity.com - www.holdsecurity.com
THANK YOU Hold Security, LLC Alex Holden, CISSP -

Download ppt "Art of Stepping on the Same Rake, Volume 2"

Similar presentations

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.

Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Brandon Traffanstedt Systems Engineer - Southeast

Brandon Traffanstedt Systems Engineer - Southeast
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
Scott Hervoyavich December 6 th, 2011 CYBERCRIME.

Scott Hervoyavich December 6 th, 2011 CYBERCRIME.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
E Safety & Security Tools 13 th March 2009 Martin Quinn - The Westfield Centre.

E Safety & Security Tools 13 th March 2009 Martin Quinn - The Westfield Centre.
Is Endpoint security dead?

Is Endpoint security dead?
Securing Information Systems

Securing Information Systems
Protect your Digital Enterprise

Protect your Digital Enterprise
Barracuda NG Firewall ™

Barracuda NG Firewall ™
Advanced Endpoint Security Data Connectors-Charlotte January 2016

Advanced Endpoint Security Data Connectors-Charlotte January 2016
Securing Information Systems

Securing Information Systems
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Ilija Jovičić Sophos Consultant.

Ilija Jovičić Sophos Consultant.

Similar presentations

Ads by Google