Embed Size (px)
Citation preview
PKI WISHES AND SURPLUS BUDGET DREAMS-FORTUNE 100 SECURITY ON A STATE AGENCY
BUDGET
C I S O A A R O N B L A C K S T O N E
1 1 A P R I L 2 0 1 7
U N C L A S S I F I E D / / FO U O
AGENDA
• Introduction• Postulates and
Warnings• Bluf• Examples• Return on ROI• Recommendations• Question
U N C L A S S I F I E D / / FO U O
INTRODUCTION• Enlisted in the Army- Electronics and Armament on the Apache Helicopter• BS in Computer Science• Military Intelligence Officer in the Army• Tech lead for Army Research Laboratory in White Sands Missile Range• ISSO for FBI in Houston• Cyber Operation officer in Air National Guard specializing in Network Warfare.• CISSO for Department of Public Safety
3U N C L A S S I F I E D / / FO U O
POSTULATES
U N C L A S S I F I E D / / FO U O
• All rants and raves are opinions and in no way reflect DPS or Air force views.
• There are exceptions to every rule. This slide deck discusses generalities. *Always* is not in my vocabulary.
• If a product is mentioned then it is freeware and in no way do we recommend any products. Most of the time you get what you pay for.
• Recommendations given should be taken with a grain of salt and if you implement anything you take on the risk and responsibility for your actions.
• If common sense were so common,
• everyone would have it.
• All pricing is for 10k person agency.
• There isn’t a silver bullet.
• Every number in slide deck is fictional.
BLUF- BOTTOM LINE UP FRONT
• If you only have enough funds to gain additional personnel vs tools; always choose personnel.
• Rethink your existing solutions – ensure you are getting everything that you are paying for.
• Like riding a bike always keep moving forward and it is easier to navigate.
U N C L A S S I F I E D / / FO U O
EMAIL SECURITY APPLIANCE
• Big Brand – 234k per year, well known product, “leader in field”.
• Lesser known competitor – Easier to customize, includes attachment sandboxing free, “research” indicates it outperforms Big Brand, 34k annually.
• 200K annual savings
U N C L A S S I F I E D / / FO U O
NEXT GEN FIREWALL
• Big Brand – Known leader in field, 750k buy in with 274k+.04% a year.
• Lesser known competitor – equally reputable but small market budget, according to NSS lab report it outperforms Big Brand, 40k buy in and 32k a year.
• 710k initial savings; 242k annual savings
U N C L A S S I F I E D / / FO U O
INCIDENT RESPONSE AND THREAT INTEL
• Big Brand – Industry leader in incident response and automation; 100k annual fee.
• Big Brand – Leader in threat intelligence gathering and dissemination. 140k annual fee.
• Two Open source products – freehundred thousand dollars; Real time collaboration, automates actions, enhances threat intelligence, tracks metrics and produces reports. Sam feeds as commercial products and integrates with each other.
• 240k annual savings.
U N C L A S S I F I E D / / FO U O
U N C L A S S I F I E D / / FO U OU N C L A S S I F I E D / / FO U O
RETURN ON INVESTMENT
• 710k initial savings; 682k annual savings
U N C L A S S I F I E D / / FO U O
RECOMMENDATIONS• Implement a freehundred thousand dollar communication and
collaboration platform for your staff. Integrates into other solution and allows us to work remotely 24/7 – even at the movie theater.
• TOR blocking –https://gist.github.com/ecapuano/fe90f8d57521e7133526
• Implement Intern program and train your staff.• We are writing custom signatures for our firewalls.
U N C L A S S I F I E D / / FO U O
RECOMMENDATIONS• Block macro’s and malicious file extensions.
• Encrypted Java Script .jse• Windows Scripts .ws• JavaScript .js• Windows scripting file .wsf• PowerShell script .ps1
• 95% of our attack vector is blocked; 50-100 ransomware a month if blocked.
U N C L A S S I F I E D / / FO U O
ENCRYPTION WIZARD
U N C L A S S I F I E D / / FO U O
http://www.spi.dod.mil/ewizard.htm
QUESTIONS
U N C L A S S I F I E D / / FO U O
Rick Astley is never going to:A) give you upB) let you downC) make you cryD) say goodbyeE) All of the above
