Under the Hoodie: enseignements tirés d’une année de pen-tests (FR)
[Enregistrement de l’atelier Rapid7 aux Assises de la Sécurité 2019]
En 2017, Rapid7 a lancé le projet «Under the Hoodie» afin de mettre en lumière sur «l'art obscur » du pen-testing en révélant le processus, les techniques et les outils utilisés, ainsi que les types d’informations pouvant être compromises. Le rapport Under the Hoodie 2019 continue de fournir une visibilité sur cette niche d’informations souvent occulte de la sécurité de l'information. Sur la base des résultats de près de 180 engagements réalisés au cours de la dernière saison de tests de pénétration, ainsi que des anecdotes réelles de nos ingénieurs et chercheurs, notre recherche explore les tendances récentes et les modèles dérivés des tests de pénétration.
Découvrez dans cette intervention les leçons d’une année de tests d’intrusion chez nos clients :
• Les principales conclusions de notre rapport, notamment les vulnérabilités et les erreurs de configuration les plus exploitées
• Les méthodes mises en oeuvre pour compromettre les cibles et accéder à de la donnée sensible
• Des suggestions sur comment utiliser les données du rapport pour détecter et prévenir efficacement les failles sur votre réseau
• Une ouverture sur comment cette vision de l’attaquant est au coeur de nos solutions de gestion de vulnérabilités, test applicatif web, SIEM/UBA/EDR.
RecordedApr 23 202044 mins
Your place is confirmed, we'll send you email reminders
Marcus Eaton - Lead Solutions Engineer, UK & Ireland & Roy Tobin - Detection & Response Services Manager, EMEA
To get ahead of the attackers, security teams are increasingly moving from prevention only ideologies to focusing on early detection. Successful and comprehensive threat detection requires understanding common adversary techniques, which ones may especially pose a threat to your organisation, and how to detect and mitigate these attacks. With that said, the volume and breadth of attack tactics make it nearly impossible for any single organisation to monitor every single attack type—never mind catalog and translate those findings in a constructive way to anyone outside of their organisation.
Join this webinar to learn more about Gartner’s Security Operations Center (SOC) Visibility Triad, a network-centric approach to threat detection and response and how you can apply it to improve the detection and response capabilities in your organisation.
Jeremy Synder, Senior Director of Business Development and Solutions Engineering, Cloud Security Practice
Introduced by our friends at ISMG as part of their virtual Cybersecurity & Fraud Chicago Summit, this presentation will outline why cloud security is fundamentally different from traditional data center environments. We’ll explore the top services and errors that have led to large-scale data breaches in the past several years, discuss ways to prevent future breaches, and review a few case studies of prominent breaches.
Fixing a breach is far more costly than prevention. Organisations are under pressure to act fast. More often than not though, it can be weeks or months before you’ve even realised that you’ve suffered one.
Neil Campbell, Vice President of APJ, outlines six fundamental actions you need to take as part of your security incident handling:
- High-level incident management and coordination
- Technical analysis of the incident
- Incident scoping to determine who or what was affected
- Crisis communications to make sure information is released in a coordinated and beneficial manner
- Legal response to determine any implications and prepare any needed response or action
- Remediation and mitigation recommendations and actions to ensure a smooth recovery
Darragh Delaney, Sr. Product Manager, D&R and Morgan Doyle, Consulting Software Engineer, D&R
In this real-training-for-free session we will discuss the options for cloud based network traffic analysis and how it differs from on-prem approaches. The use cases for this technology which include:
Security analysts lack visibility within cloud networks. They do not have the visibility they need to troubleshoot operational and security issues within their AWS networks and want to eliminate this blind spot so that they have 'end to end' traffic visibility across all their network.
Security analysts want DPI/full packet analysis in their AWS estates. They want more detail than VPC flow logs to detect security threats and to perform forensics on past events.
Compliance and security personnel want cloud based IDS solutions. IDS is a key requirement for some compliance standards such as PCI
Amazon launched a network traffic mirroring service in 2019 called VPC traffic mirroring. This allows you to span, or copy, network traffic going to and from one or more EC2 Elastic Network Interfaces and send it to a traffic analysis system.
From a security perspective, we can now deploy cloud based out-of-band intrusion detection and analysis tools to look for malicious activity in the network traffic.
During this call we will check out the VPC traffic mirroring feature in AWS and show how to set up a traffic mirroring session to capture activity associated with a number of ENIs. Topics include:
-Mirror Sessions
-Mirror Targets
-Mirror Filters
Using the data captured from this we will then look at how this can be used for incident detection and response.
Harsharn Puar - Lead Security Solutions Engineer, Cloud & Graeme McMillan - Senior Security Solutions Engineer, UK & Ireland
Join us for this short session as we discuss how to assess your organisation’s risk across multi-cloud and traditional infrastructure environments using visibility and automation.
Marcus Eaton - Lead Solutions Engineer, UK & Ireland & Roy Tobin - Detection & Response Services Manager, EMEA
To get ahead of the attackers, security teams are increasingly moving from prevention only ideologies to focusing on early detection. Successful and comprehensive threat detection requires understanding common adversary techniques, which ones may especially pose a threat to your organization, and how to detect and mitigate these attacks. With that said, the volume and breadth of attack tactics make it nearly impossible for any single organization to monitor every single attack type—never mind catalog and translate those findings in a constructive way to anyone outside of their organization.
Join this webinar to learn more about Gartner’s Security Operations Center (SOC) Visibility Triad, a network-centric approach to threat detection and response and how you can apply it to improve the detection and response capabilities in your organisation.
Sydney Coffaro, Senior Technical Advisor, SOAR at Rapid7 and Jeffrey Gardner, Practice Advisor at Rapid7
Today’s security operations–whether part of a formal SOC or not–require IT and Security teams to identify and address threats as quickly and decisively as possible. The growing list of threats, along with their methods of entry, techniques used, and means of detection and resolution have grown to a point where it’s nearly impossible to address manually. Part 4 of 4 of series: Focus on What Matters Most with Detection and Response
Sandy Carielli: Principal Analyst, Forrester & James Thompson: Information Security Manager, Hypertherm
As IT ecosystems evolve, so do attackers. Exploitation can happen anywhere across the modern attack surface, from on-premises and cloud infrastructure to web applications. So the scope of your vulnerability risk management (VRM) program can no longer be limited to critical infrastructure.
Web apps have grown in complexity and volume over the past several years, while also becoming the attack vector of choice for threat actors capitalizing on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your testing strategy to practices and languages utilized by your development team. In short: Managing your overall risk must extend to weaknesses in your applications and APIs, not just the structures on which they’re built.
In this webcast, you’ll learn:
- Sandy and James’ thoughts on extending a holistic VRM approach to the application layer
- Best practices and common challenges for a sound VRM strategy
- How James uses both InsightVM and InsightAppSec to secure every layer of the modern environment
- Why it’s so important to have mitigating controls in place for possible exploitation
Chris Hartley - Regional Director for UK & Ireland, Rapid7, and Warwick Webb - Security Practitioner, Rapid7
Security has played a positive role in enabling business over the recent weeks. This has been demonstrated by allowing remote workforces to remain productive and the hard work of security teams to keep operations running. However all this is putting a strain on the internal resources trying to protect their critical business assets from both external attackers and insider threats.
At Rapid7 we are taking a practical role in helping ensure security advice and guidance is available for all, and we will be running a series of talk tracks to help provide a measured perspective on how to remain secure and operational with the resources you have.
Join us for this live talk where Chris Hartley, Director at Rapid7 UK & Ireland, and Warwick Webb, Security Practitioner, will discuss the top 5 reasons why some organisations are looking to augment or outsource their threat detection and response operations including:
· Talent shortage in cybersecurity and why specialisation is key
· Business continuity and the impact of ‘always on’
· Threat intelligence and global visibility of the threat landscape
· Role of threat hunters in incident response
We’ll also be joined by customer, Simon Parry from the Development Bank of Wales to reveal how they are using managed services in their own environment and which elements of managed detection and response are most important the success of their security program.
Diana Kelley, SecurityCurve | Joseph Carson, Thycotic | Dave Farrow, Barracuda | Jeremy Snyder, Rapid7
Instead of the traditional "castle and moat" model of the past, today the security perimeter is being defined around the identity of the person or the device requesting access. What are organizations doing to protect digital identities in the age of breaches? How are the current trends in identity and access management helping address this issue?
Join this interactive roundtable discussion with notable security experts to learn more about:
- The shift to identity-centric security
- The zero trust mindset
- What constitutes strong and effective authentication and authorization
- The role of policy orchestration and enforcement
- Best practices for protecting identities and managing access across the enterprise
Panelists:
- Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic
- Dave Farrow, VP, Information Security at Barracuda
- Jeremy Snyder, Sr. Director, Corporate Development, Rapid7
This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
Jeremiah Dewey, VP Managed Services MDR at Rapid7 and Wade Woolwine, Principal Security Researcher at Rapid7
The threat landscape continues to evolve and adapt, requiring organisations to have a high level of security visibility. However, when security teams, managers, and leaders have limited time and budget, prioritising investments to achieve the greatest impact and reduction in risk becomes even more critical. Part 3 of 4 of series: Focus on What Matters Most with Detection and Response
Jeremy Snyder, Senior Director of Business Development and Solutions Engineering, Cloud Security Practice
Introduced by our friends at ISMG as part of their virtual Cybersecurity & Fraud Chicago Summit, this presentation will outline why cloud security is fundamentally different from traditional data center environments. We’ll explore the top services and errors that have led to large-scale data breaches in the past several years, discuss ways to prevent future breaches, and review a few case studies of prominent breaches.
Jeffrey Gardner, Detection and Response Practice Advisor at Rapid7
The Cybersecurity industry’s resource gap has been well documented over the years, but in 2020 we've seen that gap widen. The attack surface has grown with remote workforces and a slew of new applications, but in many cases budgets are tightening and teams are wearing many hats.
Part 2 of 4 of series: Focus on What Matters Most with Detection and Response
Harsharn Puar - Lead Security Solutions Engineer, Cloud & Graeme McMillan - Senior Security Solutions Engineer, UK & Ireland
Join us for this short session as we discuss how to assess your organisation’s risk across multi-cloud and traditional infrastructure environments using visibility and automation.
Margaret Wei, Product Marketing Manager at Rapid7 and Jake Williams, SANS analyst
Despite a year of “new normals,” one thing that most teams can still count on this fall is annual security planning. However, this year, in addition to supporting growing remote workforces, many SOCs are facing increased budget scrutiny and pressure to demonstrate ROI as they go into 2021. Part 1 of 4 of series: Focus on What Matters Most with Detection and Response'
How do companies improve their security, compliance, and governance while becoming more productive in their multi-cloud environments? More than 70 percent of enterprises today are multicloud, either through organic growth, through mergers and acquisitions, or as a corporate strategy. While cloud offers a powerful opportunity to unleash innovation within the enterprise, IT and security teams struggle to devise governance strategies to support that innovation. Join DivvyCloud by Rapid7’s Brian Johnson (co-founder and SVP, Cloud Security Practice) as he discusses how companies can accelerate innovation through better governance and optimization of their multi-cloud environment.
This session will cover:
- The signal and noise problem that many organizations are facing today
- Why a self-service approach to cloud is the best way to innovate and remain competitive
- How companies can remain secure and complaint while still going through a self-service culture shift
How do companies improve their security, compliance, and governance while becoming more productive in their multi-cloud environments? More than 70 percent of enterprises today are multicloud, either through organic growth, through mergers and acquisitions, or as a corporate strategy. While cloud offers a powerful opportunity to unleash innovation within the enterprise, IT and security teams struggle to devise governance strategies to support that innovation. Join DivvyCloud by Rapid7’s Brian Johnson (co-founder and SVP, Cloud Security Practice) as he discusses how companies can accelerate innovation through better governance and optimization of their multi-cloud environment.
This session will cover:
- The signal and noise problem that many organizations are facing today
- Why a self-service approach to cloud is the best way to innovate and remain competitive
- How companies can remain secure and complaint while still going through a self-service culture shift
Marcus Eaton, Lead Security Solutions Engineer, Jason Prescott, Manager Threat Detection, Douglas Wainer, Threat Analyst
You might think of a security operations center like a stereotypical movie war room: a dark room filled with complex maps, fancy monitors, and analysts on headsets. However, most SOCs aren't really a physical presence or room; more accurately, they're a formally organised team that's dedicated to a specific set of security roles and responsibilities for detecting and validating threats within your environment.
No matter a company's size or purpose, it’s valuable to have a dedicated organisational-level team whose job is to constantly monitor security operations and incidents and respond to any issues that may arise. The various responsibilities within a cybersecurity team can be extremely complex, and a SOC can not only serve as the tactical console to empower team members in performing their day-to-day tasks, but also as a strategic center to keep the team aware of bigger, longer-term security trends.
In this webcast, our threat detection specialists will reveal;
· How known and unknown threats are identified in our customer environments
· The intelligence behind threat hunting
· How our SOC uses threat intelligence to detect, investigate and respond to incidents
· What a typical day in the life of a SOC Analyst looks like
Christopher Hertz, VP of Sales for Cloud Solutions, Rapid7 & Thomas Martin: Founder, NephoSec and former CIO at GE
Financial services organizations are experiencing a culture shift as they respond to consumer demand for improved experiences delivered when and how they want them. Building applications and migrating regulated workloads to the cloud offers an attractive way to speed innovation, reduce time to market, and increase resilience.
The financial services industry experiences security incidents at 300 percent more frequently than other sectors. The data breaches caused by cloud misconfiguration continue to be rampant, costing enterprises an estimated $5 trillion in 2018 and 2019 alone. Organizations must modify the "command and control" mentality of traditional IT and marry it with a "trust but verify" approach when looking to take advantage of the advantages in public cloud.
In this session, learn how to identify and implement the systems that are cloud-native, and can help you address the unique challenges of public cloud offerings through automation.
Christopher Hertz, VP of Sales for Cloud Solutions, Rapid7 & Thomas Martin: Founder, NephoSec and former CIO at GE
Financial services organizations are experiencing a culture shift as they respond to consumer demand for improved experiences delivered when and how they want them. Building applications and migrating regulated workloads to the cloud offers an attractive way to speed innovation, reduce time to market, and increase resilience.
The financial services industry experiences security incidents at 300 percent more frequently than other sectors. The data breaches caused by cloud misconfiguration continue to be rampant, costing enterprises an estimated $5 trillion in 2018 and 2019 alone. Organizations must modify the "command and control" mentality of traditional IT and marry it with a "trust but verify" approach when looking to take advantage of the advantages in public cloud.
In this session with Information Security Media Group, learn how to identify and implement the systems that are cloud-native, and can help you address the unique challenges of public cloud offerings through automation.
Rapid7 is advancing security with visibility, analytics, and automation delivered through our Insight platform. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organizations. For more information, visit our website rapid7.com.
Under the Hoodie: enseignements tirés d’une année de pen-tests (FR)Mikael Le Gall, Sales Engineer Manager[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]44 mins