Seric Security landscape dinner
Preview:
DESCRIPTION
Thanks to all who attended our Security Dinner last night at the Radisson Blu, Edinburgh. We thoroughly enjoyed ourselves and hope you found it informative. Every company should assume they’ll be breached, and focus efforts on minimizing damage once cybercriminals get in” W.Hord Tipton Executive Director, (ISC) Security threats have evolved dramatically over the past few years and cyber criminals are becoming more and more organised. Many organisations believe they have enough to protect themselves from any cyber threats, however this is not the case. If you feel like you need some more information then please don't hesitate to contact Lauren on 0141 561 1161 or lauren.mctrusty@seric.co.uk.
Citation preview
- 1. Presentation Title Presentation Sub-Title or Date Stuart
Macdonald @stuart_seric stuart.macdonald@seric.co.uk
- 2. Seric? 7 is for money 7 is for time 7 is for commitment
.
- 3. What do we do? Infrastructure Data Management Social
Business Security Analytics
- 4. TWO MEN WITH THE SAME SICKNESS HAVE MUCH TO TALK ABOUT -
CHINESE PROVERB
- 5. A SUCCESSFUL EVENING?
- 6. (A BIT ABOUT) YOU
- 7. Thank-you Presentation Title Presentation Sub-Title or Date
#SericCanHelp
- 8. Presentation Title Presentation Sub-Title or Date Security
Landscape William MacLeod Technical Director
William.macleod@seric.co.uk
- 9. Agenda Shock and Terrify the Audience Filling them with Fear
Attack, Who, How, Why Light at the End of the Terrifying PowerPoint
of Terror and Fear Dinner
- 10. The Global View
- 11. The Global View? Every year criminals are getting more
sophisticated It doesnt cost much to attack A lot of it is target
of opportunity
- 12. 61% wont do anything to improve their security until either
they or their rivals fall victim to an attack. Source: BAE Systems
Detica, 2012. 66% of laptop users save confidential business data
on their machines. Source: Vaio Digital Business, 2013. 1 in 4 UK
businesses has had a laptop lost or stolen in the past 12 months.
90% of UK employees have accessed company data from a personal
device, regardless of corporate policy. Source: Vaio Digital
Business, 2013.
- 13. I already have security!
- 14. Who is the Cyber Criminal
- 15. The Complexity of Security
- 16. Criminal Security Criminals are protecting their assets
Researchers analysis Botnet takeover Simple device ID Malware
behavior profiling Cyber criminals are heavily investing in ..
SECURITY
- 17. Protect Your Investment
- 18. Marketing Via
- 19. Cyber criminals were early adopters of cloud Rescator
- 20. But not as you know it!
- 21. Q: ARE YOU AS ORGANISED AS THE CRIMINALS? Baseline where
you are today Understand your industry and likely threats
Understand your own weak points Gain real-time insight of your
security profile Overlay existing logs with analytics Invest in
people, process, & technology #SericCanHelp
- 22. Where to Start SANS 20 1: Inventory of Authorized and
Unauthorized Devices 2: Inventory of Authorized and Unauthorized
Software 3: Secure Configurations for Hardware and Software on
Mobile Devices, Laptops, Workstations, and Servers 4: Continuous
Vulnerability Assessment and Remediation 5: Malware Defenses 6:
Application Software Security 7: Wireless Access Control 8: Data
Recovery Capability 9: Security Skills Assessment and Appropriate
Training to Fill Gaps 10: Secure Configurations for Network Devices
such as Firewalls, Routers, and Switches 11: Limitation and Control
of Network Ports, Protocols, and Services 12: Controlled Use of
Administrative Privileges 13: Boundary Defense 14: Maintenance,
Monitoring, and Analysis of Audit Logs 15: Controlled Access Based
on the Need to Know 16: Account Monitoring and Control 17: Data
Protection 18: Incident Response and Management 19: Secure Network
Engineering 20: Penetration Tests and Red Team Exercises
- 23. 80% of attacks can be prevented by basic network hygiene
however..
- 24. Every company should assume theyll be breached, and focus
efforts on minimizing damage once cybercriminals get in W.Hord
Tipton Executive Director, (ISC)2
- 25. Sample Solution
- 26. #SERICCANHELP
- 27. Thank you! twitter.com/SericSystems twitter.com/Billy_Seric
Linkedin.com/company/seric-systems
uk.linkedin.com/in/williammacleod youtube.com/user/sericvideo
#sericcanhelp
- 28. QRadar PCI
- 29. Stuxnet available to all