Dennis Birchard – Principal Enterprise Security Architect

©2016 AKAMAI | FASTER FORWARDTM

THIS IS NOT FUD – THIS IS JUST ME

Fear, uncertainty and doubt (FUD) is a tactic used in sales,

marketing, public relations, politics and propaganda.

FUD is generally a strategic attempt to influence perception by

disseminating negative and dubious or false information.

PERCEIVED RISK

REALITY OF RISK

©2016 AKAMAI | FASTER FORWARDTM

WHAT IS THE FIRST WORD YOU SEE?

©2016 AKAMAI | FASTER FORWARDTM

How Do I Know When I’m Doing Enough?

©2016 AKAMAI | FASTER FORWARDTM

©2016 AKAMAI | FASTER FORWARDTM

OR

©2016 AKAMAI | FASTER FORWARDTM

Security Strategies

©2016 AKAMAI | FASTER FORWARDTM

Security ToolsPhishing Social Engineering Endpoint Security DNS Poisoning

DDOS WebApp Vuls Critical Vuls Identity and Access

©2016 AKAMAI | FASTER FORWARDTM

Good Security Hygiene

©2016 AKAMAI | FASTER FORWARDTM

1) Patch / Update – Firmware, Software, All

2) Limit Access – Admin vs Production & Non-Production

3) Monitor Admin Usage CLOSELY

4) Employee Recon

5) Policy Segmentation

6) Automation vs Manual Ad-Hoc

7) SIEM/Visualization

8) Documentation and Escalation Repositories

9) Escalation Training (Readiness - Red-Team Drills)

10) Evaluate / Optimize / Adherence

10 Easy Steps “Back to the Basics”

©2016 AKAMAI | FASTER FORWARDTM

PATCH PATCH PATCH and LIMIT ACCESS

©2016 AKAMAI | FASTER FORWARDTM

EMPLOYEE RECON and POLICY SEGMENTATION

VPN Concentrator wwwwww

ISP xcons

Public Internet

Relational Database

wwwwww

Users (good/bad)

DMZ

IPS/IDS

Remote Offices

LB

Name Servers

=

©2016 AKAMAI | FASTER FORWARDTM

AUTOMATE and VISUALIZE EVENT DATA

©2016 AKAMAI | FASTER FORWARDTM

DOCUMENTATION and ATTACK DRILLS

©2016 AKAMAI | FASTER FORWARDTM

TRAINING and ADHERENCE / OPTIMIZATION

©2016 AKAMAI | FASTER FORWARDTM

©2016 AKAMAI | FASTER FORWARDTM