SecTor - The Search For Intelligent Life

50 %
50 %
Information about SecTor - The Search For Intelligent Life
Technology

Published on October 20, 2011

Author: ebellis

Source: slideshare.net

Description

For years businesses have been mining and culling data warehouses to measure every layer of their business right down to the clickstream information of their web sites. These business intelligence tools have helped organizations identify points of poor product performance, highlighting areas of current and potential future demand, key performance indicators, etc. In the information security field we still tend to look at our information in silos. Dedicated engineers solely focused on web application security, network security, compliance and so on, all while bemoaning a lack of support and information.

What if Information Security teams operated with the same insight as the product, marketing and business intelligence groups within their organization? Imagine if you had a data warehouse covering all of your applications, infrastructure, logs, vulnerability assessments, incidents, financial information, and meta data. What could you do with this readily available information?

By gathering and using both internal and public data, information security teams can utilize decision support systems allowing them to prioritize remediation efforts and react faster to issues. When looking through disparate data sources with a security lens, a security team can mine information that may expose threats through multiple vectors or paths.

In this talk, Ed will cover some of the many sources of security data publicly available and how to apply them to add context to your security data and tools to help make more intelligent decisions. Ed also points out a number of ways to repurpose information and tools your company is already using in order to glean a clearer view into your information security program and the threats that may effect it.

The Search For Intelligent Life SecTor 2011

Or......The First 4 Stages of SecurityIntelligence...

Nice To Meet YouAbout Me CoFounder HoneyApps Former CISO Orbitz Contributing Author Beautiful Security CSO Magazine/Online AuthorHoneyApps Vulnerability Management as a Service 16 Hot Startups - eWeek 3 Startups to Watch - Information Week

Stage 1: Ignorance is Bliss

Stage 2: Where are all of my vulnerabilities? “Back in my Yahoo days I performed hundreds of web application vulnerability assessments. To streamline the workload, I created an assessment methodology consisting of a few thousand security tests averaging 40 hours to complete per website. Yahoo had over 600 websites enterprise-wide. To assess the security of every website would have taken over 11 years to complete and the other challenge was these websites would change all the time which decayed the value of my reports.” Jeremiah Grossman Founder, WhiteHat Security

Stage 3: Scan & Dump“thanks for the 1000 page report,now what?!”

Why This OccursLack of Communication Lack of DataLack of CoordinationSilos, Silos, Everywhere

Stage 4: A New BeginningOr......Using What You Got!

Vulnerability Management: A Case Study Building the WarehouseWebApp VulnerabilityType: XSSSeverityThreatSubtype: (persistent,reflected,etc)Asset URL/URIConfirmed?Dates Found/OpenedDates ClosedDescriptionAttack Parameters

Vulnerability Management: A Case Study Building the WarehouseWebApp Vulnerability Asset:URLType: XSS Platform / CodeSeverity Web Server VersionThreat Application Server VersionSubtype: (persistent,reflected,etc) Database VersionAsset URL/URIConfirmed?Dates Found/OpenedDates ClosedDescriptionAttack Parameters

Vulnerability Management: A Case Study Building the WarehouseWebApp Vulnerability Asset:URLType: XSS Platform / CodeSeverity Web Server VersionThreat Application Server VersionSubtype: (persistent,reflected,etc) Database VersionAsset URL/URIConfirmed? Asset:HostDates Found/Opened Host Operating SystemDates Closed Other Applications/VersionsDescription IP AddressesAttack Parameters Mac Address Open Services/Ports

Vulnerability Management: A Case StudyWebApp Vulnerability Asset:URLType: XSS Platform / CodeSeverity Web Server VersionThreat Application Server Version Database VersionSubtype: (persistent,reflected,etc)Asset URL/URI Asset:HostConfirmed?Dates Found/Opened Host Operating SystemDates Closed Applications/Versions OtherDescription Addresses IPAttack Parameters Mac Address Open Services/Ports

Vulnerability Management: A Case Study Meta DataWebApp Vulnerability Asset:URLType: XSS Platform / CodeSeverity Web Server Version Business Unit VERIS dataThreat Application Server Version Internal IP Address Database VersionSubtype: (persistent,reflected,etc) Geographic Location External IP AddressAsset URL/URI Asset:HostConfirmed? Development Team Network LocationDates Found/Opened Host Operating System Ops Team Site NameDates Closed Applications/Versions Other Compliance RegulationDescription Addresses IP Security Policy Asset GroupAttack Parameters Mac Address Open Services/Ports

Vulnerability Management: A Case Study Meta DataWebApp Vulnerability Asset:URLType: XSS Platform / CodeSeverity Web Server VersionThreatUnit Application Server Version Business VERIS data Database VersionSubtype: (persistent,reflected,etc) Internal IP AddressAsset URL/URI Geographic Location External IP AddressConfirmed? Asset:Host Development Team Network LocationDates Found/Opened Host Operating SystemDates Closed Applications/Versions Ops Team Other Site NameDescription Addresses IP Compliance RegulationAttack Parameters Mac Address Security Policy Asset Group Open Services/Ports

Vulnerability Management: A Case Study Meta DataWebApp Vulnerability Asset:URL Apply Internal Threat DataType: XSS Platform / CodeSeverity Web Server VersionThreatUnit Application Server Version Business VERIS data Firewall Application Database VersionSubtype: (persistent,reflected,etc) Internal IP AddressAsset URL/URI Geographic Location External IP AddressConfirmed? Asset:Host Development Team Network Location IDS/IPSDates Found/Opened Host Operating SystemDates Closed Applications/Versions Ops Team OtherDescription Addresses IP Compliance Regulation Site Name WAFAttack Parameters Mac Address Security Policy Asset Group Open Services/Ports

Vulnerability Management: A Case Study Meta DataWebApp Vulnerability Asset:URLType: XSS Platform / CodeSeverity Web Server Version Apply Internal ThreatThreat Unit Application Server Version Business Internal IP Address VERIS data Database VersionSubtype: (persistent,reflected,etc)Asset URL/URI Geographic Location External IP Address Firew Asset:HostApplicatiConfirmed? Team Development Network LocationDates Found/Opened Host Operating SystemDates Team Other Applications/Versions Ops Closed Site Name IDS/ IPCompliance RegulationDescription Addresses WA Asset GroupAttack Parameters Security Mac Address Policy Open Services/Ports

Vulnerability Management: A Case Study Apply External Threat Data Meta DataWebApp Vulnerability Asset:URLType: XSS Platform / CodeSeverity Web Server Version Apply Internal ThreatThreat Unit Application Server Version Business Internal IP Address VERIS data Database VersionSubtype: (persistent,reflected,etc)Asset URL/URI Geographic Location External IP Address Firew Asset:HostApplicatiConfirmed? Team Development Network LocationDates Found/Opened Host Operating SystemDates Team Other Applications/Versions Ops Closed Site Name IDS/ IPCompliance RegulationDescription Addresses WA Asset GroupAttack Parameters Security Mac Address Policy Open Services/Ports

Vulnerability Management: A Case Study Apply External Threat Data Meta DataWebApp Vulnerability Asset:URL Example Data SourcesType: XSS Platform / CodeSeverity Web Server Version Apply Internal ThreatThreat Unit Application Server Version Business Internal IP Address VERIS data ❖DataLossDB Database VersionSubtype: (persistent,reflected,etc) ❖Verizon DBIRAsset URL/URI Geographic Location External IP Address Firew Asset:HostApplicatiConfirmed? Team ❖WHID DevelopmentDates Found/Opened Host Operating System Network Location ❖Trustwave Global Security ReportDates Team Other Applications/Versions Ops Closed Site Name ❖FS-ISAC IDS/ IPCompliance RegulationDescription Addresses ❖SANS ISC WA Asset GroupAttack Parameters Security Mac Address ❖Veracode State of S/W Security Policy Open Services/Ports ❖ExploitDB

Vulnerability Management: A Case StudyWebApp Vulnerability Asset:URL Meta Data Type: XSS Platform / Code Severity Web Server Version Threat Application Server Version Apply Internal Threat Database Version Subtype: (persistent,reflected,etc) Business Unit Internal IP Address VERIS data Asset URL/URI Asset:Host Geographic Location External IP Address Confirmed? Firew Applicati Dates Found/Opened Network Location Host Operating System Development Team Dates Closed Applications/Versions Ops TeamOther Site Name Description Compliance Regulation IP AddressesIDS/ Attack Parameters Mac Address Asset Group WA Security Policy Open Services/Ports

Vulnerability Management: A Case StudyWebApp Vulnerability Asset:URL Meta Data Type: XSS Platform / Code Severity Web Server Version Remediation Statistics Threat Application Server Version Apply Internal Threat Database Version Subtype: (persistent,reflected,etc) Business Unit Internal IP Address VERIS data Asset URL/URI Internal Bug Tracking Reports Asset:Host Geographic Location External IP Address Confirmed? Firew Applicati Dates Found/Opened Network Location Host Operating System Development Team Denim Group Remediation Study Dates Closed Applications/Versions Ops TeamOther Site Name Description Compliance Regulation IP AddressesIDS/ Attack Parameters Mac Address Asset Group Build and Development Process WA Security Policy Open Services/Ports

Data Lenses: Views into the Warehouse Applying Filters To Glean Information

Data Lenses: Views into the Warehouse Applying Filters To Glean Information

Data Lenses: Views into the Warehouse Applying Filters To Glean Information

Data Lenses: Views into the Warehouse Applying Filters To Glean Information

Data Lenses: Views into the Warehouse Applying Filters To Glean Information

Data Lenses: Views into the Warehouse Laundry List of Low Hanging Fruit

Data Lenses: Views into the Warehouse Laundry List of Low Hanging Fruit

Data Lenses: Views into the Warehouse Laundry List of Low Hanging Fruit

Data Lenses: Views into the Warehouse Laundry List of Low Hanging Fruit

Data Lenses: Views into the Warehouse HD Moore’s Law

Data Lenses: Views into the Warehouse HD Moore’s Law

Data Lenses: Views into the Warehouse Most vulnerable apps - apply training

Data Lenses: Views into the Warehouse Most vulnerable apps - apply training

Data Lenses: Views into the Warehouse How affective was that training?

Got MSSP?The Alex Hutton FormulaMy(vuln posture * other threat activity) / (other vuln posture * other threat activity)

Got MSSP?The Alex Hutton FormulaMy(vuln posture * other threat activity) / (other vuln posture * other threat activity) OR When Will Our Luck Run Out?

(we need more of this)

using what we have

The Twitter Poll

The Twitter Poll

The Twitter Poll

My Favorite Non-Sec ToolsTeaLeafGreenPlumZettasetRubySelenium

Resources ReferencedVerizon DBIR http://www.verizonbusiness.com/dbir/WASC Web App Security Stats http://projects.webappsec.org/w/page/VERIS Framework https://www2.icsalabs.com/veris/ 13246989/Web-Application-Security-StatisticsDenim Group - Real Cost of S/W FS-ISAC http://www.fsisac.com/Remediation WHID http://projects.webappsec.org/w/page/http://www.slideshare.net/denimgroup/real-cost-of- 13246995/Web-Hacking-Incident-Database/software-remediation SANS Internet Storm CenterDataLoss DB http://datalossdb.org/ http://isc.sans.org/TrustWave Global Security Report XForce http://xforce.iss.net/https://www.trustwave.com/GSR Veracode SOSS http://www.veracode.com/ images/pdf/soss/veracode-state-of-software-ExploitDB security-report-volume2.pdfhttp://www.exploit-db.com/

Q&Afollow us the blog http://blog.honeyapps.com/ twitter @ebellis And one more thing.... @risk_io We’re Hiring! https://www.risk.io/jobs

Add a comment

Related presentations

Related pages

The Search For Intelligent Life SecTor 2011

Stage 2: Where are all of my vulnerabilities? “Back in my Yahoo days I performed hundreds of web application vulnerability assessments. To streamline the
Read more

Intelligent Metadata Enabled Solutions - Public Sector

Concept Searching Technologies provide intelligent metadata enabled solutions for the Public Sector. ... Keyword search is still the predominant approach ...
Read more

SecTor 2011 - "The Search for Intelligent Life" - Ed ...

"The Search for Intelligent Life" - Ed Bellis ... "Security When Nanoseconds Count" - James Arlen "It's Not About the "Warm Fuzzy" – How to Plan for a ...
Read more

Search for Intelligent Life - Florida Trend

Search for Intelligent Life. Barbara Miracle | 11/1/1999. ... (IT) workforce. Jobs in Florida's software sector grew by 84% from 1989 to 1996, ...
Read more

Discover International – Intelligent recruitment for ...

Select a sector to search jobs in ... Work with Discover to experience our intelligent approach and how recruitment should be. Discover International.
Read more

Presentations | SecTor 2016

Presentations; Presentations. 2016; 2015; 2014; 2013; ... “Welcome to SecTor 2016” ... “The Search for Intelligent Life” – Ed Bellis
Read more

List of Sector General species - Wikipedia

List of Sector General species This article has ... (SNLU): Cryogenic, crystalline, methane-based intelligent life form described as a "sentient snowflake." W
Read more

Research and Intelligence within the Public Sector

Research and Intelligence within the Public Sector. ... documents during a search based on the ... of intelligent metadata at source ...
Read more

Search for Jobs by Sector at Search and Select ...

For us at Search & Select this isn’t just a mission statement, ... Life Assurance; ... Browse Jobs by Sector. Accountancy; Accountant; Actuary;
Read more