I had the amazing honor of getting front row for Brian Krebs’ KeyNote speech at the SailPoint Navigate Conference Last week in Austin, TX! Brian is an exceptional a Public Speaker, just as he is an exceptional writer. Krebs has been my teacher for a few years now (extensive reading and studying of his blog: https://krebsonsecurity.com ) During the Keynote, he captivated the audience by highlighting what he has learned in his experiences. I wrote as fast as I could by hand in my notebook, tried to capture as much of it as I could; and put it all together here:
- Authentication and Identity Compromises are why there are so many Security breaches; the attacker essentially becomes the user with stolen, compromised credentials
- Weakest part of the organization is the farthest point out – the users
- “Everyone gets pen-tested whether or not they pay for it” < that is so true!
- Most breaches in the last decade, the org has had no clue the attacker was on their Network.
- Security Awareness Training is still an effective method to help mitigate breaches.
- We have no business using “static identifiers” in 2017! How do we get better?
- Two Factor can blunt many attacks! Industry relies on tools too much, need to rely more on human to interpret the tools. Target had tools, but people could not make sense of what they were getting.
- Trained, Sec Ops to do basic ‘block and tackle’ , curious human beings to look at tool output needed to find the bad guys.
- Build a solid SecOps team ( If orgs cut back on Security people, their visibility decreases.)
- Mitigate Account Take-over [ e.g., using your same creds across multiple web services ]; credential replay can be done by bots at a slow rate to avoid SecTool detection; need a human eye on the screen.
Krebs then changed up topics to predictions:
- Ransomware attacks may become more targeted and attackers will better understand the data ( and the value of that data ) which they are encrypt so they can ask a proper ransom for it.
- IoT – will be a major challenge. Shodan lists all kinds of targets. Krebs’ site was DDoS’d [ 620 Gbps ] by a massive Botnet consisting of IoT devices; expect this trend to continue.
- Potentially more disruptive attacks [ WannaCry ]
More Solutions outlined:
- Get beyond Compliance; don’t just meet the audit; go further
- Invest in 2FA everywhere!
- Do your back-ups correctly, don’t leave them open, or exposed!
- Drills exercises; red team vs. blue team so your team will be ready and can run the playbook!
- Secure what you have
- Watch out for vendor ‘kool-aid’ that their tools can replace people, simply not true!
- Strengthen and invest in current employees
- Assume you are compromised
- Watch out for your business partners
After the speech was over; he wanted to stay up and answer questions for the audience; unfortunately, the vendor rushed him off stage so some c-level person could speak, ( but not before I got to shake his hand and thank him for all his work and how much he has helped me professionally )! thank you, Brian ! It was great to finally meet you!