Modern IT Security. Jerry Craft Sr. Security & Networking Consultant

Modern IT Security

Jerry Craft

Sr. Security & Networking Consultant

Arcsight Managed Services

Bio

• Senior Security & Networking Consultant for Nth Generation Computing • Ethical Hacker and Penetration Tester

• Networking Practice Lead with 15+ years experience in networking. • SANS Institute Instructor for Ethical Hacking & Penetration Testing.

• Former FVP & Information Security Officer for Farmers and Merchants Bank • Responsible for: Cybersecurity, Bank Robberies, FBI Investigations, Secret

U.S. Data Breaches

August 5, 2014

July 1, 2014 through July 23, 2014

Yes, just the month of July of this year.

Source: Privacy Rights Clearinghouse

Modern IT Security

Latest Security Threats

Douglas County School District – Castle Rock, Colorado – July 16, 2014

• Laptop Stolen containing social security numbers and bank account info. OrangeBurg-Calhoun Technical College – Orangeburg, South Carolina – July 14, 2014

• Unencrypted Laptops stolen from a staff members office • Information from 6-7 years back stolen; data unknown

VENDOR Management

Atlantic Automotive Corporation – Towson, Maryland – July 15, 2014

• Third party vendor compromise of names, addresses and credit card info.

INTERNAL Compromise

Bank of the West – San Francisco, CA – July 15, 2014

• Email Scam that was originated by internal employee logins compromised • Customer names, account numbers, loan numbers, SSN numbers

Modern IT Security

Latest Security Threats

Goodwill Industries International, Inc. – Rockville, Maryland – July 14, 2014

• Fraudulent activity discovered via compromised credit cards similar to Target.

HACKING

CNET – New York, NY -- July 11, 2014

• Russian hackers infiltrated servers of CNET by the name of W0rm posting images of remote access to CNET.com, with a screenshot of a shell proving compromise.

ESPIONAGE

Boeing, Seattle, Washington – July 11, 2014

• Chinese aviation firm stealing data about US Military aircraft by hacking into the computer networks of Boeing and other U.S. companies according to federal complaint

Lockheed Martin, Fortworth, Texas – July 11, 2014

Modern IT Security

Latest Security Threats

University of Illinois, Chicago, Illinois – July 11, 2014

• “A website security breach allowed personal information and social security numbers being exposed.

Legal Sea Foods, Boston, Massachusetts – July 7, 2014

• “…A data breach occurred on a mail order web sales and e-commerce

environment.” “…names, credit card card numbers, experiation dates, and CVC codes may have been breached.”

MALWARE Threats

Penn State College of Medicine, Philadelphia, Pennsylvania – July 10, 2014

• “…school of medicine was found to be infected with malware that enabled it to communicate with an unauthorized computer outside of the network.”

Modern IT Security

Latest Security Threats

Vermont Health Exchange, Williston, Vermont – July 1, 2014

• “A Romanian hacker accessed the Vermont Health Exchange’s development server last December gaining access 15 times and going undetected for a month.”

• “…counter-forensics activity performed by the attacker to cover his/her tracks found.”

• “…This individual was able to gain access to the server because the default

password on that server was never changed, (in violation of guidelines laid out in the state’s official policy) along with the fact that the access to the server was never restricted…”

SUMMARY:

Security is not only about firewalls, antivirus, and encryption. Security is about having a full business approach to securing the enterprise.

Nth Security Services

August 5, 2014

Nth Security Services

Security Services Offered

• Vulnerability Assessments – Find the holes before the attackers do! • Web Application Assessment – Are your web apps safe from attack?

• Physical Security Assessment – Can we pickup your data and walk out with it? • Red Team Assessment – So you think your data is safe?

• PCI-DSS / HIPAA Readiness – Are you ready for your next audit?

• ISO / Regulatory Gap Assessment – So you have auditors coming in? • Security Roadmap – Do you have a plan for security?

• Policy Development – Pick a policy, any policy…

• Risk Assessment – What systems are the most important to you and are they secure?

• Firewall Assessment – Your FW is in place, but is it setup with best practices? • Arcsight Managed Services – So you have Arcsight and you need some help?

Discovery

The Adversary Ecosystem

Research Our enterprise Their ecosystem Infiltration Capture Exfiltration

Discovery

Nth’s Consulting Services

Red Team / Physical Assessment

Web Application Assessment

Security Training Security Consulting

SIEM – IT Change, Fraud, Cybersecurity, and Risk

Arcsight Managed Services

SIEM Qualifications

• SIEM – Security Information and Event Management.

• Installed & managed many different SIEM tools over last 15+ years • ISS RealSecure

• Cisco Mars • NetForensics

• SIEM helped me identify Fraud, CyberSecurity Risks, unusual internal activity, review IT configuration management, and perform employee investigations.

ArcSight Delivers actionable intelligence

Collect, store and analyze…

everything

Collection Consolidation Correlation Collaboration

Collection Consolidation Correlation Collaboration

Collection Consolidation Correlation Collaboration

Collection Consolidation Correlation Collaboration

Arcsight differentiates on four key capabilities

• Collect events from any system or application • Add context for assets, users, and business processes • Extend to new data types easily

Correlation

• Pattern recognition and anomaly detection to identify modern advanced threats • Analyze roles, identities, histories and trends to detect business risk violations • The more you collect, the smarter it gets

Collaboration

• Incorporates application security from HP Fortify • Integrates reputation data from HP DVLabs

• Cloud Connections Program to get visibility into cloud data in addition to physical and virtual layers

• Bi-directional integration with HP IT management, Autonomy, Vertica and Hadoop

Consolidation

• Universal Log Management of any data to support IT operations, security, compliance and application development

HP ArcSight Intelligence Platform

• Establish complete visibility

• Analyze events in real time to deliver insight • Respond quickly to prevent loss

• Measure security effectiveness across people,

process, and technology to improve over time

Data Capture Event Correlation Log Management App Monitoring Controls Monitoring User Monitoring Fraud Monitoring

A comprehensive platform for monitoring modern threats and risks, augmented by services expertise and the most advanced security user community, Protect724

Arcsight Managed Services

Did you know?

• That every system in your data center is writing data to a log file. • Windows events - Billy just logged on and deleted a file. • Network Devices – Core link is going up and down.

• Firewalls – You are being attacked from China. • IPS – I just stopped an attack from China.

Arcsight Managed Services

Logs Have Value!

• Server logs show you:

• Who accesses/deleted a file, data, or logged onto the domain. • What has changed in the server, service or component of a system. • When did these changes happen?

• Networking logs show you:

• Who is connecting to network devices

• What is flowing across your network over netflow or sflow • When did this happen?

• Firewall/IPS logs show you: • Who is attacking you?

• What was caught, and what did we miss?

Arcsight Managed Services

So what is the problem?

• PROBLEM: Some companies miss the opportunity to use log data to help identify common IT/Risk problems. And all they need is a tool to present the data in a standardized efficient way.

• Log data is a valuable tool to help companies identify: • Security & risk problems

• IT Operational problems • IT Configuration problems

Arcsight Managed Services

So what is the SOLUTION?

• SOLUTION: Centralized log management with SIEM.

• The ability to correlate log data into a centralized console

• Maintain data over time according to your log retention requirements. • Perform simple security data analytics.

• SIEM monitoring, alerting and case escalation with incident response management.

Arcsight Managed Services

How does it work?

• Have a system pull all the logs from these devices into one centralized console so that you can retain the data, and use it for various purposes.

Arcsight Managed Services

What do you GAIN?

• Visibility into all of this information in a single console!

• Security event identification, management and notification! • Incident response platform to maintain security cases.

Arcsight Managed Services

Better insight into risk and attacks

• Identify attack patterns

• See origins and destinations of attacks in granular detail

Arcsight Managed Services

Search Archive data with speed and ease

• Search weeks worth of data in seconds

• Common searching using a “Google like” interface • See trending in searches to identify patterns over time

Arcsight Managed Services

Full Console & Web Based Consoles

• Simple administration using web based consoles

Arcsight Managed Services

Deployment Options

• Many different deployment options:

• Hardware Appliances that can store these logs internally saving you from using SAN Storage on the logs.

• Software Installation when you want to use your own HP equipment. • Virtual Appliances that can be deployed in your VM infrastructure

Arcsight Managed Services

Arcsight Managed Services

• Nth Generation Arcsight Certified Engineer

• Installed Arcsight in different business verticals.

• Installation helps customers gather basic security defenses.

• Nth Generation Arcsight Managed Services

• Help customers understand SIEM, and build solution to meet customers needs. • Identify false positives, and help customer mitigate TRUE positives

• Manage solution to meet use cases identified by customer

• Manage solution to meet compliance regulations such as SOX, HIPAA, ISO, etc. • Help Train customer staff on solution.