Add to collection(s) Add to saved
  1. Science
  2. Physics
  3. Electricity And Magnetism
  4. Magnetism

Tumble, Twiddle, Spin and Roll the Black Hat

advertisement 
Incorporating
Cyber Threat Intelligence
into
Security Assessment
Programs
Security Assessment Team
SAT
BLUE
“Identifying Vulnerabilities”
SAT
Red
“Simulating Threats”
Identifying
what works and what needs working on
with respect to preventing, detecting, and
responding to cyber threats
Tumble, Twiddle, Spin & Roll
the
Black Hat
• Tumble – Terminology: what’s in a word?
• Twiddle – Threats: vulnerable, moi?
• Spin – CTI: how to use your intelligence?
• Roll – Reports: show’em the light!
Doggy Bag - “Um, I’ll take those thoughts
to go, please.”
Tumble
the
Black Hat
Tumbling the Black Hat
“I don’t think that word means what you think it means.”
The Buzzwords?
RED: Simulating Threats
Red Teaming, Pentesting
Black Box, Grey Box, White Box,
Purple Box, Pink Box…
Florescent Box (80s)
Tie-dye Box (70s)
Tandem Pentest
Blind Pentest, Double-Blind
Crystal Box Pentesting
Ethical Hacking
BLUE: Finding Vulnerabilities
Blue Teaming
Security Assessment
Vulnerability Assessment
Security Scan
Security Testing
“What works. What needs working on.”
Tumbling the Black Hat
“I don’t think that word means what you think it means.”
Builders Vs Breakers
Beyond the Security Auditor’s Perspective
• System boundaries - well-defined, political, arbitrary
Threats just look for vulnerabilities and exploit them
• Identify ‘failures’ – scripted, criteria open to interpretation
Threats just look for vulnerabilities and exploit them
• Technical generalists – they ‘scan,’ heavily restricted
Threats are diverse and…
they just look for vulnerabilities and exploit them
• Fancy graphs, bucket lists, detailed matrices about your state
of risk
Threats found vulnerabilities and exploited them
Twiddle
Black Hat
the
Twiddling the Black Hat
Vulnerable, moi?
Cyber Threat Intelligence
Get to know the bad guys and gals
• Who are the threats?
• What are their motivations?
• What are their objectives?
• What tools & techniques do
they use?
Twiddling the Black Hat
Vulnerable, moi?
Use your CTI collection Kung Fu to
Get to know yourself
1
• The “big picture”
• Business risks: financial, regulator,
market…
2
• Technology & mission
• What is on your networks?
Hacking at the
speed of light
A vulnerability,
isn’t a vulnerability,
isn’t a vulnerability
Spin
the
Black Hat
Spin the Black Hat
Using your cyber threat intelligence
Approaching
Blue/Red Team Security Assessments
From a threats perspective
• Priorities/Objectives
• Scope
• Duration
• Frequency
Driven by what matters,
Effective use of resources
Driven by the threat perspective
Not politics , personalities, or auditors
Take the time it takes to do good work
No “scans,” one day pentest
Continuous blue/red assessments
Once a year is not good enough
Spin the Black Hat
Using your cyber threat intelligence
Approaching
Blue/Red Team Security Assessments
From a threats perspective
• Test Points
• Information
• Rules of
Engagement
• People
Blue – Everything / Red - Threats
Use your access, be comprehensive
Blue – Everything / Red - Everything
No politics, personalities, or p…p…auditors
Realistic, use creativity
Not too constraining to be useful
Teams of security professionals
Security professionals are not one size fits all
Roll
the
Black Hat
Roll the Black Hat
Show’em the light!
The REPORT…is EVERYTHING
Don’t just hack around for the fun of it. It’s irresponsible.
A Few Ideas
Blue Team Reports
• Real world examples
• Language your customers understand
• Provide context – impact to mission
Red Team Reports
•
•
•
•
It is not about you!
Details - what did not work? Why?
Identify real problems, provide real solutions
Don’t forget DETECTION and INCIDENT RESPONSE
Roll the Black Hat
Show’em the light!
The Many Ways to Disseminate Information
Use your intelligence, use your results, and use your creativity
A Few Ideas
• Road show
• Tailored presentations – ‘techies’,
‘security,’ ‘management’
• Demo TTPs – “hacker series”
The
Doggy Bag
The
Doggy Bag
Some thoughts to take home
1. Assess from a threat perspective - Builders vs.
Breakers
2. Continuously discover “what works, does not
work, and what needs working on”
3. Assess prevention, detection, and response – all
three!
4. Understand the threats, understand your business,
and provide real solutions to real problems
5. Influence vs. dictate change
6. Free your people – let them be creative
The
End
Related documents
Business Plan Scope Sheet - Cleveland Clinic Academy
Business Plan Scope Sheet - Cleveland Clinic Academy
How Cities Work - Urban Systems Collaborative
How Cities Work - Urban Systems Collaborative
Introduction to Cybercrime and Security - IGRE
Introduction to Cybercrime and Security - IGRE
View session overview, activities and output
View session overview, activities and output
Expanding a Moment: Snapshot
Expanding a Moment: Snapshot
marketing plan guide - Waubetek Business Development Corporation
marketing plan guide - Waubetek Business Development Corporation
SWOT-Analysis-Worksheet
SWOT-Analysis-Worksheet
Helping Hats
Helping Hats
The concept of Human Security
The concept of Human Security
Introduction to Computer Security
Introduction to Computer Security
Download
advertisement