Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent...
-
Upload
cal-net-technology-group -
Category
Technology
-
view
415 -
download
0
Transcript of Cal Net TechTalk Webinar - Vulnerability Management 101-10 Essential Rules to Help Prevent...
Protecting your network, defending your data.
Vulnerability Management 101:
10 Essential Rules to Help
Prevent Cyberattacks
Cal Net Technology GroupSouthern California’s Premier IT Service Provider
CYBERCRIME TRENDS & TARGETS
IT Security Budget & Level of Protection
Val
ue
of
Exp
loit
able
Ass
ets
Enterprise
Small Business
Cybercriminal Sweet SpotMid-size Business
Data/Service Price Range
Credit Card # & CVV $4-$8 (US)
$7-$13 (UK/Australia/Canada)
$15-$18 (EU/Asia)
Credit Card including track data $12 (US)
$19-$20 (UK/Australia/Canada)
$28 (EU/Asia)
Fullz (identity and financial info) $25 (US)
$30-$40 (UK/Australia/Canada/EU/Asia)
Bank Account $70K-$150K < $300
Electronic Health Record (partial) $50
Infected Computers (1,000 – 15,000) $20 - $250
THE VALUE OF STOLEN DATA
205 days is the average amount of time organizations
had been compromised before they knew it– FireEye/Mandiant - 2015
The average cost for detection and escalation only subsequent to a security breach is approximately $417,700*
- Ponemon Institute & IBM 2015 – Cost of Data Breach Report
* Cost does not include: Average Total Cost of Data Breach $3.8 Million
Loss of business
(Brand)
Remediation and
mitigation costs
Notification
Identity Protection
THE 10 GOLDEN RULES OF CYBERSECURITY
Pardon me, but your vulnerability is showing.
Rule #1 Perform regular Internal and External Vulnerability Scans.
99.9%OF THE EXPLOITED
VULNERABILITIES
WERE COMPROMISED
MORE THAN A YEAR
AFTER THE CVE
WAS PUBLISHED.
About half of the CVEs
exploited in 2014 went
from publish to pwn in
less than a month.
VERIZON 2015 DATA BREACH INVESTIGATIONS REPORT
Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.
THE 10 GOLDEN RULES OF CYBERSECURITY
“There are only two types of companies: those that have been hacked and those that will be.”
-Robert Mueller, FBI Director
Rule #2 Have an Incident Response Plan tested and ready
INCIDENT RESPONSE PLAN
Defines Guidelines for Communications: How to protect communications around an incident to both employees and the public.
Defines Regulatory Thresholds, Notification Requirements and Compliance Considerations.
Provides a clear path for categorization and appropriate actions to mitigate exposure.
THE 10 GOLDEN RULES OF CYBERSECURITY
“The time to repair the roof is when the sun is shining”. - JFK
Rule #3 Integrate a Vulnerability Management strategy into your Enterprise Patch Management Program.
1) Discover2) Prioritize3) Assess Risk4) Report5) Remediate6) Rescan7) Trending & Metrics
VULNERABILITY MANAGEMENT LIFECYCLE
THE 10 GOLDEN RULES OF CYBERSECURITY
Your Firewall alone is like bringing a knife to a gunfight.
Rule #4 Focus on a Defense-in-depth strategy.
DEFENSE IN DEPTH
THE 10 GOLDEN RULES OF CYBERSECURITY
Ignorance is not bliss.
Rule #5 Use Security Information Event Management (SIEM) tools to provide visibility into your enterprise.
SECURITY INFORMATION EVENT MANAGEMENT (SIEM)
Centralize Security Logs
Correlate Security Events Alerts
Automate Compliance
Performance, Change and Availability Monitoring
Detect Botnets and Malware
Risk Prioritization
Uncover your attack surface
Powerful Dashboards, Reporting and Alerting
THE 10 GOLDEN RULES OF CYBERSECURITY
The check is in the mail.
Rule #6 Cyber Liability Insurance is a must have, but there are rules of engagement for it to be effective.
CYBER INSURANCE
1.Make sure your policy limits and sublimits are adequate
2.Request "retroactive" coverage for prior, unknown breaches
3.Watch out for "panel" and "prior consent" provisions that purport to tie your hands
in responding to a breach
4.Get coverage for claims resulting from your data vendors' errors and omissions,
not just your own
5.If you handle data for others, make sure your liability to them is covered too
6.Seek coverage for "loss" of data, not just data theft
THE 10 GOLDEN RULES OF CYBERSECURITY
Fool me once, shame on unencrypted data.
Rule #7 Encryption, Encryption, Encryption and more Encryption.
THE 10 GOLDEN RULES OF CYBERSECURITY
One Ransomware incident with your data is worth 10 DNS filters in your network.
Rule #8 Ensure you are using DNS Malware Protection in your overall defense-in-depth strategy.
RANSOMWARE
Cisco’s analysis of malware
validated as “known bad”
found that the majority of
that malware—91.3
percent—use the Domain
Name Service in one of
these three ways:
- To gain command and
control
- To exfiltrate data
- To redirect traffic
THE 10 GOLDEN RULES OF CYBERSECURITY
Mama always said “untrained is as untrained does”.
Rule #9 Leverage effective and ongoing Security Education and Awareness Training.
THE 10 GOLDEN RULES OF CYBERSECURITY
You don’t have to be a security expert to have a secure network.
Rule #10 Ensure you have the right skillsets for your Detective, Preventative and Response Security Strategy. Outsource to an expert when appropriate.
OVERVIEWCal Net Technology Group (CNTG)
Headquartered in Los Angeles
Full Spectrum of IT service capabilities
Consistent IT competency and
loyalty through employee membership
ITIL based servicing framework adoption
SLA and run-book based management
20 Years of IT Experience – Service First!
Strategic, planning, IT to business alignment
and IT governance services
Acquisition and disposition of physical and
virtual assets
Transitioning services
Unified communications, carrier management,
desktop, servers, storage, network and backup
expertise
Hosting, virtualization, disaster recovery,
security and governance offerings
Business process capabilities Including help
desk, ticket management and service
automation
Full Lifecycle of IT Requirements
01
C o n t a c t U s
( 8 6 6 ) 9 9 9 - 2 6 3 8
w w w . c a l n e t t e c h . c o m
Matt Lindley - Director of Security Services - Cal Net Technology(e) [email protected]
(p) (818) 721-4474
Interested in scheduling a FREE
Security Assessment?
THANKYOU!
CAL NET TECHNOLOGY GROUP