C yber T hreat I ntelligence into S ecurity A ssessment P rograms SAT BLUE SAT Red x201CSimulating Threatsx201D x201CIdentifying Vulnerabilitiesx201D Security Assessment Team Identify ID: 449563
Download Pdf The PPT/PDF document "Incorporating" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Incorporating C yber T hreat I ntelligence into S ecurity A ssessment P rograms SAT BLUE SAT Red “Simulating Threats” “Identifying Vulnerabilities” Security Assessment Team Identifying what works and what needs working on with respect to preventing, detecting, and responding to cyber threats T umble, T widdle , S pin & R oll the Black Hat • Tumble – Terminology: what’s in a word? • Twiddle – Threats: vulnerable, moi ? • Spin – CTI: how to use your intelligence? • Roll – Reports: show’em the light! Doggy Bag - “Um, I’ll take those thoughts to go, please.” Tumble the Black Hat The Buzzwords? Red Teaming, Pentesting Black Box, Grey Box, White Box, Purple Box, Pink Box… Florescent Box (80s) Tie - dye Box (70s) Tandem Pentest Blind Pentest , Double - Blind Crystal Box Pentesting Ethical Hacking “I don’t think that word means what you think it means.” Tumbling the Black Hat Blue Teaming Security Assessment Vulnerability Assessment Security Scan Security Testing RED : Simulating Threats BLUE : Finding Vulnerabilities “What works. What needs working on.” “I don’t think that word means what you think it means.” Tumbling the Black Hat Builders Vs Breakers • System boundaries - well - defined, political, arbitrary Threats just look for vulnerabilities and exploit them • Identify ‘failures’ – scripted, criteria open to interpretation Threats just look for vulnerabilities and exploit them • Technical generalists – they ‘scan,’ heavily restricted Threats are diverse and… they just look for vulnerabilities and exploit them • Fancy graphs, bucket lists, detailed matrices about your state of risk Threats found vulnerabilities and exploited them Beyond the Security Auditor’s Perspective Twiddle the Black Hat Vulnerable, moi? Twiddling the Black Hat Cyber Threat Intelligence Get to know the bad guys and gals • Who are the threats? • What are their motivations? • What are their objectives? • What tools & techniques do they use? Vulnerable, moi? Twiddling the Black Hat Get to know yourself • The “big picture” • Business risks: financial, regulator, market… • Technology & mission • What is on your networks? Use your CTI collection Kung Fu to Hacking at the speed of light A vulnerability, isn’t a vulnerability, isn’t a vulnerability 1 2 Spin the Black Hat Using your cyber threat intelligence Spin the Black Hat Approaching Blue / Red Team Security Assessments Driven by what matters, Effective use of resources Driven by the threat perspective Not politics , personalities, or auditors Take the time it takes to do good work No “scans,” one day pentest Continuous blue/red assessments Once a year is not good enough From a threats perspective • Priorities/Objectives • Scope • Duration • Frequency Blue – Everything / Red - Threats Use your access, be comprehensive Blue – Everything / Red - Everything No politics, personalities, or p…p…auditors Realistic, use creativity Not too constraining to be useful Teams of security professionals Security professionals are not one size fits all Spin the Black Hat • Test Points • Information • Rules of Engagement • People Using your cyber threat intelligence Approaching Blue / Red Team Security Assessments From a threats perspective Roll the Black Hat Show’em the light! Roll the Black Hat A Few Ideas The REPORT…is EVERYTHING Don’t just hack around for the fun of it. It’s irresponsible. Blue Team Reports • Real world examples • Language your customers understand • Provide context – impact to mission Red Team Reports • It is not about you! • Details - what did not work? Why? • Identify real problems, provide real solutions • Don’t forget DETECTION and INCIDENT RESPONSE Roll the Black Hat • Road show • Tailored presentations – ‘techies’, ‘security,’ ‘management’ • Demo TTPs – “hacker series” The Many Ways to Disseminate Information Use your intelligence, use your results, and use your creativity A Few Ideas Show’em the light! The Doggy Bag Some thoughts to take home The Doggy Bag 1. Assess from a threat perspective - Builders vs. Breakers 2. Continuously discover “what works, does not work, and what needs working on” 3. Assess prevention, detection, and response – all three! 4. Understand the threats, understand your business, and provide real solutions to real problems 5. Influence vs. dictate change 6. Free your people – let them be creative The End