Protecting against phishing and social engineering techniques – Neil Thacker – Websense
90% of all attacks begin with email – phishing / spear phishing. Spear phishing is the most common vector into companies.
Success = Talent + Luck.
In spear phishing – Talent = making the email seem as real as possible. Luck = someone clicking on it and the malware or similar running / user clicks link.
Take away points;
People and Process;
– Limit the information you share about yourself online
– Verify all messages with links and attachments
– “Catch of the day” gameification program
– Link email and web events in real-time
– Real-time user education at point-of-click
– Measure and phish at risk employees… with permission
Useful link for people to see if a link they have been sent may be malicious; http://csi.websense.com
Securing Mobile – The new enterprise desktop
Presentation by Entrust
Mobile and traditional ‘desktop’ worlds are colliding.
People have multiple identities across devices and systems, both personal and work.
Huge numbers of people using personal, BYOD, devices to access corporate systems.
Growing mobile and ‘always on’ workforce.
– Sensitive information now travels outside of the office to the home, car, gym, anywhere
One breach leads to..
– A successful attack on one identity has the potential to open the door to all other identities; social engineering, same or similar passwords used etc.
Mobile – A unique blend of security and usability;
– Mobile devices have powerful features built in that organisations can leverage
o Application sandbox
o Secure elements
– Users want to carry them – always in hand, always connected, convenient, support work / personal balance
– The good – Applications signed and vetted, applications sandboxed, GPS, Bluetooth, biometrics and cryptography
– The bad – Malware in apps, apps can view other data such as SMS etc, jailbroken devices, insecure logons (e.g. simple pins, finger print smudges, weak biometrics etc.)
Mobile Smart Credential Concept (Entrust product) – phone used for physical and logical access – Physical access to building, logical access to systems, digital signatures, encryption, cloud, vpn, out of band alerts to confirm transactions.
.Mobile – a catalyst for change.
Talk was pretty much a product sales pitch, but a few interesting points.
Redefining Network Security: Detecting and preventing Advanced Persistent Threats
Presentation by Paloalto
Another one starting with the attack kill chain;
– Breach perimeter
o Initial compromise
– Deliver Malware
o Deliver malware and communicate with attacker
– Endpoint operations
o Move laterally and infect additional hosts
– Exfiltrate data
o Steal intellectual property
Prevent attacks by stopping one step in the kill-chain.
Attackers disguise attacks in other traffic – specially crafted UPD packets, DNS, https, skype traffic (e.g. customised encryption, port hoping etc.). Many ways to hide and exfiltrate data, it’s not always obvious, or obviously malicious traffic. We focus heavily on web / email / known bad traffic, but are we looking in the right places? Are we missing data leaving via less obvious or assumed OK channels?
Requirements – Detect and Prevent
Detect unknown threats, prevent all known
– Automatically detect unknown threats and makes them known. Prevent all known threats – they are known after all so there should be little excuse for missing these!
Prevent across all networks – provide consistent security across the environment
– Prevents threats at; internet edge, data centre edge, between VMs in the DC, between mobile devices and core systems etc.
– Closed feedback loop creates shared protections for all systems in your environment, and ideally all customers via sharing in the cloud.
Talk became a product overview of the Palo Alto solution, but the above points are I think relevant generally.