this month in cyber security - peters & associates … · 11-11-2019  · classified as...

Classified as Confidential

Helping you grow your business with

scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.

© 2019 Peters & Associates, Inc. All rights reserved.

This Month in Cyber Security

November 2019

Bruce Ward, Vice President

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsNIST’s CyberSecurity Framework (CSF)

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

In the news…

1.Phishing2.Patching3.Ransomware4.Solution Reviews

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

Topic Stories

Phishing • Cybercriminals use Analytics and AI to improve phishing campaigns• Speed up Time to Detect / Respond to a Compromised User

Patching • BlueKeep is an old vulnerability but becoming increasingly dangerousand exploits Windows OS moving past End of Support dates soon

• Windows 7 to 10 migration projects not finished before Jan? Options?• Windows 2003 – No support, no security?• November Patch Tuesday – Overview from Krebs

Ransomware • Ginsu Knives and paralleling that with Ransomware as a Service (RaaS)!• Purelocker is going after servers – Windows, Linux, and more• Web hosting provider ASP.NET hit with ransomware

Solution Reviews (to protect AD)

Protect Active Directory:• Azure ATP• Azure Password Protection• Azure MFA

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsIssue: Phishing

“…the best defense against analytics is more analytics."

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsSolution: Phishing

“…the best defense against analytics is more analytics."

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsPatching - Overview

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsPatching - BlueKeep

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsPatching – Windows 7

October 2018:1 Year Ago

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsPatching - Solution

Extended Service Updates (ESU) = Windows 7 patches

Buy Subscribe Move

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsPatching - Solution

Today Windows 10 Pro

Windows 10 Ent (E3)

No ownership $203 $326* (incl 2 years SA)

Own Win7 or 8 $181 $326* (incl 2 years SA)

Subscription N/A $7/mo$11/mo (E5, includes ESU)

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsWindows 10 - Design Questions

UEFI

Disk Encryption

AAD Join / Co-Manage

Windows Defender

Bitlocker / MBAM

ManagementNew

Hardware

Telemetry

Secure / Lockdown

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsWindows 10 – Deployment Options

© 2018 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsPatching W2K3 – Security by Obscurity?

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsRansomware – SmarterASP.NET

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsRansomware – Customer Story

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsRansomware – PureLocker

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsRansomware – R as a Service (RaaS)

Creators

Deployers

Customers

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsRansomware – Solution Review

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsSolution Review

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsSolution Review

APT = Advanced Persistent Threat

ATP = Advanced Threat Protection

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsAzure ATP

✓ Lateral Movement✓ Account Compromise✓ DNS Enumeration✓ Analogous Behavior✓ Domain Join/Removal✓ Admin anomalies✓ RDP port usage✓ Pass-the-Hash✓ Certificate misuse

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsAzure Password Protection

P@ssw0rd1

Global banned password list

Custom banned password list

Good Passwords!

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions+ One Day MFA

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutions

http://www.peters.com/blog/

Events, Webinars & Blogs

Classified as Confidential© 2019 Peters & Associates, Inc. All rights reserved.

IT SecuritySolutionsReady to engage?

Free 14-Day

Trial

Free One-Time Phishing

Test

Free One-Time External V-Scan

Free Coffee

Classified as Confidential

1801 S. Meyers Road, Suite 120Oakbrook Terrace, IL 60181

(630) 832-0075

Thank you!

© 2016 Peters & Associates, Inc. All rights reserved.

Bruce Ward

Bruce.Ward@peters.com