ES Episode22

From Paul's Security Weekly
Jump to: navigation, search

Episode Audio

Enterprise Security Announcements

ITPro.TV Annoucenment: "Quick announcement, ITProTV has updated their course library to include:

  • CompTIA Project+
  • DNS Tech Skills
  • CyberPatriot Training
  • CyberSecurity Analyst+
  • Installation, Storage, and Compute with Windows Server 2016
  • Networking with Server 2016

Mention the Online Survey*

Enterprise Security Weekly News

  1. OneLogin acquires Sphere Secure Workspace to gain mobile management foothold | TechCrunch - This is an awesome addition to the OneLogin product: With Sphere, the company simply blows away the container when an employee leaves a company or loses a device, and the person’s other content remains intact. It gives the employee access to work content in a more secure way with a single log-in, while protecting the personal content. Today, OneLogin customers have to log into a web portal to gain access to applications under the OneLogin single-sign-on umbrella. The acquisition will enable employees to download a virtual container with all of the applications from the web portal while remaining signed onto all of those apps with OneLogin.
  2. Synopsys Acquires Cigital, Codiscope to Bolster Security Portfolio - Cyber Parse - Cyber Security and Information Security - Cigital provides application security testing and software security services; Codiscope is a spinoff from Cigital, providing security tools. Among Codiscope’s products is Jack, a cloud-based tool for helping developers build secure applications. They also bought Coverity, static and dynamic code analysis. Seems they are separate companies and they leave them alone, however some integration amongst all their dev and security tools would make them a major player.
  3. Gartners Latest Report on the CASB Market | Skyhigh Networks - So to play in this space, according to the big G, you need this: Visibility – discover shadow IT cloud services and gain visibility into user activity within sanctioned apps Compliance – identify sensitive data in the cloud and enforce DLP policies to meet data residency and compliance requirements Data security – enforce data-centric security such as encryption, tokenization, and information rights management Threat protection – detect and respond to insider threats, privileged user threats, compromised accounts
  4. Distil Networks to fingerprint bots - Enterprise Times - Making the Internet a better place... perhaps?
  5. Ixia Enhances Application and Threat Intelligence Processor to Accelerate Detection and Response Time to Cyberattacks | Telecom Reseller - Ixia (Nasdaq: XXIA), a leading provider of network testing, visibility, and security solutions, today announced enhancements to the company’s Application and Threat Intelligence Processor (ATIP™), which enables customers to rapidly extract security metadata, including Indicators of Compromise (IOC), and fast-track that information to reporting tools to speed Mean Time to Identify (MTTI) and Mean Time to Respond (MTTR) to security threats and malicious behavior.
  6. 3 Major Benefits of Log Management

Enterprise Topic Discussion: Incident Response

Enterprise Security Weekly Quick Guide To Building A Successful Incident Response Program

Step 1 - Know where your sensitive data lives, where it travels, and define different levels of sensitivity (low, medium, high even works!). If you don't know if sensitive or private or proporetary information was involved, you cannot define the appropriate level of response.

Step 2 - Know where all your your systems and applications live, and have a complete asset inventory. If you don't know about all of your assets, you cannot direct the incident response process. The worst case is "Wow, look there is an incident, what system is that?".

Step 3 - Know who is responsible for every system and application. If you don't know who to call to respond to an incident, you cannot perform incident response. Two levels of ownership are typically defined: 1) The network/system/application administrator or developer and 2) The stakeholders (e.g. the people who use the system or application).

Step 4 - Define who will be involved in the incident response process and get buy-in from management. If you need an entire dev team or sys admin team to stop what they are doing and help respond to an incident, you MUST have buyin from management.

Step 5 - Define what constitutes and incident and how people will respond to the different levels. Example, Spyware is found on a desktop, so when the help desk has time, remove it. Super stealthy malware is found on a critical system to the business containing super sensitive and private information: All IT and security teams stop what they are doing and respond to the incident.

Step 6 - Define how you will communicate, who you will communicate with, what you will communicate, and how you will collect and track data.

Resources: https://github.com/meirwah/awesome-incident-response