tx cio academy 16 presentation - best practices in security prevention - by ron northcutt
TRANSCRIPT
©2016 Acquia Inc. — Confidential and Proprietary
I’ve been hacked… now what?
Ron NorthcuttSr. Solutions Architect
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc.
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Agenda
● Approach
● Core concept
● Prevention plan
● Incident response plan
● Strategies
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Approach
● Solutions based methodology
● Focus on common attack vectors
● Know your risk levels
● Minimize footprint
● Keep it simple
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Core concept
● Revolves around 2 plans
○ How to Prevent an attack
○ How to Respond to an attack
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Cyber defense plan (Prevent)
● Monitoring tools
● Defensive tools
● Managed services
● Pen testing
● Hunting
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Incident response plan (Respond)
“Incident response is an organized approach to addressing and
managing the aftermath of a security breach or attack (also known as
an incident).
The goal is to handle the situation in a way that limits damage and
reduces recovery time and costs.”
http://searchsecurity.techtarget.com/definition/incident-response
©2016 Acquia Inc. — Confidential and Proprietary
1 - Discovery & Investigation
2 - Escalation of the breach
3 - Containment of the breach
4 - Data integrity & forensic evidence
5 - Restore services
6 - Notify affected parties
7 - Post incident report
Return to monitoring
7 Stages of Incidence Response
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Strategy - Plan management
● Living document
● Update regularly
● Track revisions & approvals
● Align with partners
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Strategy - Architecture
● Separation of concerns
● Layers of security
● Harden devices and connections
● Whitelisting over blacklisting
● Fungible systems with scripting
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Strategy - Centralized services & tools
● Examples: in-house, managed services,
cross-department, etc.
● Economy of scale = less expensive
● Outsource maintenance & compliance
● Augment your team with expert partners
©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary
Strategy - Look at the ROI for all scenarios
● Be honest about the risk
● Be honest about the cost
● Invest in human time
● Maximize the resources you have
(budget, hires, internal teams, existing tools, etc.)
©2016 Acquia Inc. — Confidential and Proprietary
● Solutions based approach
● Core concept
● Prevention plan
● Incident response plan
● Strategies
Review
©2016 Acquia Inc. — Confidential and Proprietary
Take action!
Schedule a review of your plan today.
©2016 Acquia Inc. — Confidential and Proprietary
Questions?
Ron NorthcuttSr. Solutions Architect