Modern Cybersecurity Practices

Preface

What's at Stake?

• Some Statistics
• A Common Enemy, Improper Input Validation
• Conclusion
• Questions

Example Attack - The Initial Breach

• Company X - not that secure
• The exposure
• The Vulnerability
• Conclusion
• Questions

Example Attack - Lateral Movement

• Admin in the cloud - what can go wrong...?
• Adding our tools to the cloud
• Exploring the local network segment
• Using Credential Stuffing on Company X
• Attacking TESTSERVER-WEB1
• Finding User Credentials on a Compromised System
• Moving to the Next System
• Conclusion
• Questions

Example Attack - Data Exfiltration

• What are we doing here?
• What's in a database?
• Exploring the sales web server for clues
• Getting the Goodies
• Conclusion
• Questions

Example Attack - Going Out with a Bang

• Attack recap
• What else can be done with a foothold in the network?
• NotPetya
• Executing a payload on a group of computers
• Sealing company X's fate
• Conclusion
• Questions

Scrutinizing the Example Attack

• Security Issue 1: Not Properly Implemented Network Architecture Design
• Security Issue 2: Secure System Build and Change Management Practices
• Security Issue 3: IDS, IPS, and Endpoint Protection Systems
• Security issue 4: Credential management
• Security issue 5: User privilege management, privilege creep
• Security Issue 6: Security Monitoring
• Conclusion
• Questions

Adhere to a Security Standard

• What is the security standard?
• Common security standards
• NERC
• Security standards for Operation Technology (OT) Space
• How To Pick A Standards Framework?
• A Fitting Standard for Company X's Security Program
• Setting Goals and Expectations for the Security Program
• Conclusion
• Questions

Defining Security Policies, Procedures, Standards, and Guidelines

• Risk
• Common security policies
• Company X - Security Standards
• Company X - Security Procedures
• Document Storage and Management
• Conclusion
• Questions

Kicking Off the Security Program

• Risk management and risk assessments
• Conclusion
• Questions

Passive Security Monitoring

• Security Incidents
• Event Logs
• Network Traffic Packet Captures
• Firewalls and IDS/IPS
• The Microsoft Azure Sentinel SIEM
• Conclusion
• Questions

Active Security Monitoring

• What is vulnerability management?
• Actively looking for vulnerabilities
• Going over the scan results
• Conclusion
• Questions

Threat Hunting

• What is threat hunting?
• Information needed for the job
• Splunk
• ELK Stack
• Areas of interest - Hunting exercises
• Network activity
• Conclusion
• Questions

The Continuous Battle

• Recap of our efforts so far
• Manage risk by defining a reoccurring security program cycle
• What if things do go wrong? - Incident handling
• What Else Can Be Done to Improve One's Security Program and Posture?
• Conclusion
• Questions