Security Jenga – Black Hat 2017

Security Jenga – Black Hat 2017


– Hey, everybody. We’re here at Black Hat in Las Vegas. We’re talking a lot about
security effectiveness. Hundreds of companies in the Fortune 1000 are seeing that their security is not working as they intended. Verodin sets out to prove your security, prove what you have in
place is actually working. Right now we’re going to do a little game. All of these various
statistics are really key in indicating how fragile
our cyber security infrastructures are. Without proving it out,
we are all in jeopardy of falling over and
toppling over like this. – This security stack is
starting to get shaky. – Only 45% of correlation
rules actually fire when attacks happen in your organization. It’s key for you to tune to
your SIEM across all your rule sets. Tom, wow. Tom pulled out detection. Where are the logs? The attack patterns that are not blocked, only 25 to 45% have
relatable detection alerts that make it to the SIEM. So you are flying blind if
you don’t know what these attacks are doing in your organization. So you say you’re a SIEM veteran then? – It makes me have less
faith in all of the correlation rules that
I’m hoping are going to be firing and doing the work for me. – All these years later
and span ports are still changing and disrupting our visibility. – Cover a span port
right now and knock over this whole stack, I bet. Watch this. And then sometimes all it takes is one misconfigured router
in your entire security infrastructure fails. So why we hose security
jenga is security layers are constantly changing so that we can actually
try to adapt to the diverse threats that are
hitting our organization. All of those layers, as they change, create instability and there’s, right now, no way to actually verify
that those tools are working effectively as you intended. Verodin provides you that capability by allowing you to see
how your defensive stack will actually work when
faced with real attacks. – Next generation solutions. They have a lot of promise — – The new, new of this
— so the next gen miss. They’re using great buzz words like artificial intelligence
and machine learning. They have tons of promise, but they often require tons of tuning. Out of the box, some of
these best tools can’t block basic attacks. – Only 15 to 25% of
executed attack patterns are actually blocked. That one was pretty easy
to get out of there. – So after all the millions of dollars we’ve spent on SIEM and all
the millions of dollars we’ve spent on firewalls and end points, we’re still only blocking 15 to 25% of the attacks that are
hitting our organization. You need a different approach
to solving this problem. You can’t set it and
forget it with these tools. You need something to
validate they’re working on a regular basis. Verodin’s going to help you with that. As Tom goes up and increases
the complexity in the stack, it’s even more and more
challenging to potentially pull a piece out. Fortune 1000s have over 50
plus different solutions on average. How many of those are misconfigured? How costly is it to maintain? All of our CISOs and all
of our CIO customers, they’ve got too many things to maintain, too many maintenance dreams, too many renewals. Strip out those products
that aren’t providing value for you and work on what is
going to make you effective in cyber security. Going low here. I’d probably say this is
probably a legacy tool. This is a firewall that he’s had in place since about 2008, and he’s
been paying maintenance on this thing for years. Basic networking. Span port changes still wreak havoc. Things that you don’t expect
are still causing nightmares. Oh. It looks like today’s
culprit was basic networking. So all the prevention,
all the capabilities that we have in place
today still could get taken down by misconfigured
routing and forwarding, a span port getting kicked off. How do you know that
your security posture is working as you intended? You don’t. Verodin helps you prove that out, continuously helping
you manage and monitor your security posture across all layers. People, process and technology.

Leave a Reply

Your email address will not be published. Required fields are marked *