Upload
jason-ader
View
75
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Turning Hedge Fund Security Inside-Out: Why Your Firm May Already Be Compromised…And What to Do About It
AgendaExternal Threat Management
Exploitation Methodology
Why You’re Already Compromised
Operational Management
Mobile Devices & BYOD
#ECIsecurity
eSentire™ Hedge FundCybersecurity Review
Hedge Fund Cybersecurity
• External Threats• External Vulnerability Assessment• Penetration Test• Disconnection from reality• Small External Footprint
Copyright © eSentire, Inc.#ECIsecurity
Reality: Most Successful Attack Vectors
Copyright © eSentire, Inc.
Malware Via Email
#ECIsecurity
Reality: Most Successful Attack Vectors
Copyright © eSentire, Inc.
Malware Via Drive-By-Download
#ECIsecurity
Reality: Most Successful Attack Vectors
Copyright © eSentire, Inc.
Malware Transferred Via USB
#ECIsecurity
Exploitation Methodology
Copyright © eSentire, Inc.
INFILTRATE
EXFILTRATE
…
…
…
PROFIT!
#ECIsecurity
Cyber Kill Chain
RECONNAISANCE
WEAPONIZATION
DELIVERY
EXPLOIT
INSTALLATION
COMMAND AND CONTROL (CIC)
ACTIONS or OBJECTIONSUsually Exfiltration
#ECIsecurity
Cyber Kill Chain (Mitigation And Detect)
RECONNAISANCE
WEAPONIZATION
DELIVERY
EXPLOIT
INSTALLATION
COMMAND AND CONTROL (CIC)
ACTIONS or OBJECTIONSUsually Exfiltration
MITIGATEDETECT
MITIGATEDETECT
MITIGATEDETECT
MITIGATEDETECT
MITIGATE
DETECT
MITIGATE
DETECT
MITIGATE
DETECT
#ECIsecurity
Defense and Mitigation Activities
DETECT
DENY
DISRUPT
DEGRADE
DECEIVE
DESTROY
#ECIsecurity
Course of Action Matrix
PHASE DETECT DENY DISRUPT DEGRADE DECEIVE DESTROY
RECON Web Analytics
FirewallACL
LinkedInHoneytoken
WEAPONIZE NIDS NIPS
DELIVERY VigilantUser
SMTPProxy
In-line AV
Executable Whitelisting
Queuing
EXPLOIT HIDS PatchingData
ExecutionProtection
INSTALL HIDS ‘chroot’ Jail AV
C&C NIDS FirewallACL NIPS Tarpit DNS
Redirect
ACTION/OBJAudit Log
Network TrafficForensics
Quality of Service Honeypot
Copyright © eSentire, Inc.#ECIsecurity
Multi-Dimensional Vulnerability AssessmentWe Assume Your Network Is Already Compromised
CONFIDENTIAL - Copyright © eSentire, Inc.
• External AND Internal VA• Technical AUP Rigor• Network Traffic Analysis• Patch Analysis• Active Directory Analysis• MS Domain Event Analysis• Defensibility Analysis
#ECIsecurity
eSentire™ Cybersecurity Analysis
• Every MDVA performed in the last two years has shown evidence of malicious activity on the inside
• The client usually does not know about it (e.g. silent drive-by download)
• In practically all cases, vector has nothing to do with a direct external attack perspective
• Demonstrates current problems and how to resolve moving forward
Copyright © eSentire, Inc.#ECIsecurity
Cybersecurity ‘Low-Hanging Fruit’
CONFIDENTIAL - Copyright © eSentire, Inc.
• Enforce strong passwords and 2FA
• Lockdown External Space• Remove Local Admin• Patch! MS, Adobe, JRE,
Browsers• Restrict EXE download and
install • Logging with NTP enabled
#ECIsecurity
CONFIDENTIAL - Copyright © eSentire, Inc.
Forget the Barbarians at the Gate
It’s the Ones Inside
Your Network You
Should Worry About
#ECIsecurity
Turning Hedge Fund Security Inside-Out
Operations to Support Your Technology Policies & Procedures:– Such as:
• Access Control• Acceptable Use• Information Security Management
Mobile Device Management– Bring Your Own Device
#ECIsecurity
Policies & ProceduresAccess Control Policy– Who has access to what?– Principle of Least Privilege: Not everyone needs access
to everything.– Keep an authentication/access log, e.g. AuthAnvil
#ECIsecurity
Policies & ProceduresAcceptable Use Policy– What is acceptable for employees to view/access at
work?• Network and system access• Personal email and communications• Blogs, wikis, chat rooms• Social media
#ECIsecurity
Information Security Incident Management Policy– Process for dealing with a security incident– Who is responsible for handling incidents? What does
the reporting & investigation process entail?
#ECIsecurity
Policies & Procedures
Securities/Insider Trading Policy– Make sure employees understand the repercussions
of insider trading!
#ECIsecurity
Policies & Procedures
Visitor/Contractor Premise Access Policy– Need to monitor access/activity of both internal and
external people– Use physical security checkpoints/surveillance
Personal Communications Device Policy– What is acceptable behavior for mobile devices?– Include information on data usage, texting, personal
usage and loss/theft procedures
#ECIsecurity
Policies & Procedures
Mobile Device ManagementBring Your Own Device (BYOD)– Be sure to:
• Educate employees about mobile device security.• Remind users to utilize caution when opening email and
attachments.• Implement security measures such as the use of passwords
and remote wipe capabilities.• Employ encryption tools.• Only connect to secure Wi-Fi networks.• Be careful with downloads.
#ECIsecurity
Eze Castle Integration OverviewFounded 1995
Headquarters
Additional Offices
260 Franklin Street, 12th Floor, Boston, Massachusetts, 02110
Chicago, Dallas, Geneva, Hong Kong, London, Los Angeles, Minneapolis, New York City, San Francisco, Singapore and Stamford
Core Services
• Strategic IT Consulting• Outsourced IT Solutions• Professional Services• Project & Technology Management• Communications Solutions• Network Design & Management• Internet Service
• Private Cloud Services• Business Continuity Planning• Disaster Recovery• Compliance Solutions• Storage Solutions• Colocation Services• E-Mail & IM Archiving
Awards Received
Learn more at www.eci.com.
260 Franklin Street, 12th floor Boston, MA 02110 617-217-3000 www.eci.com