Professional Documents
Culture Documents
Add Structure and Credibility To Your Security Portfolio With CIS Controls v8 Cybersecurity Framework
Add Structure and Credibility To Your Security Portfolio With CIS Controls v8 Cybersecurity Framework
Add Structure and Credibility To Your Security Portfolio With CIS Controls v8 Cybersecurity Framework
“the threat actor leveraged information stolen during the first incident,
information available from a third-party data breach, and a vulnerability in
a third-party media software package to launch a coordinated second
attack.”
“the threat actor was able to leverage valid credentials stolen from a senior
DevOps engineer to access a shared cloud-storage environment, which
initially made it difficult for investigators to differentiate between threat
actor activity and ongoing legitimate activity”
When things go very wrong
“the threat actor targeted one of the four DevOps engineers who had
access to the decryption keys needed to access the cloud storage service”
Data Exfiltrated
Reconnaissance Initial Access & Execution Collection, Credential Access, Recon, Exfiltration
1. Reconnaissance & 2. exploit enables 6. Access keys & 9. Lateral movement
configuration data remote code decryption keys stolen attempts
from attack #1 execution
3. Keylogger installed 7. Recon for high value data, 10. Highly sensitive
production backups, data accessed,
customer password stores decrypted, and
4. Engineer exfiltrated
authenticates with
MFA and accesses 8. C&C communication
sensitive data of recon data, credentials, keys
5. Privileged accounts
compromised
Discussion
How do you think they felt about their security posture pre-breach?
Could more advanced and specialized security tools stop this threat?
Could this happen to MSPs?
The methods used in this attack were discovered after the fact. How could
a zero-trust ‘assume breach’ security posture have helped?
How can I keep up with increasing sophisticated threats?
What can we learn from this, and what can we start doing today to help
protect ourselves and our customers?
Agenda Items
1 2 3 4
Cybersecurity Control Addressing Addressing Q &A
Framework review unauthorized assets vulnerabilities
Cybersecurity
Control
CIS Controls Frameworks
and other common frameworks
Cybersecurity
Frameworks
Control frameworks:
• CIS Top 18 Controls
$$$
• NIST 800-53
Risk
Program frameworks:
Experience
$$
• NIST CSF
• ISO 27001 Program
$
56
IG1 Safeguards
Sample IT Security Policy
Demo: Set up device enrollment
Demo: Require MFA for device
enrollment
Demo: Enroll devices with MFA
Demo: Only allow authorized, low risk
devices
Demo: Block unauthorized or medium to high-risk
devices
CIS Top 18 Critical Security Controls v8
56
IG1 Safeguards
Sample IT Security Policy
Demo: Threat and Vulnerability
Management
Discussion
Can I pick and choose the controls that are most important to me based on
this incident and others I’ve heard of?
Computers
Credit card, banking, and financial information
Servers
Personally Identifiable information (PII)
Mobile Devices
Customer lists, product info, pricing
Switches
Trade secrets, formulas, methods
Internet of Things (IOT)
> 23,000 incidents
Get the 2022 DBIR
> 5,200 confirmed breaches
Top threats facing SMBs:
"...very small 1. Ransomware
organizations are just 2. Use of stolen creds
as enticing to criminals 3. Phishing & pretexting
4. Trojan
as large ones, and, in 5. Exploit vulnerabilities
certain ways, maybe
even more so."
Your CIS-Based Cybersecurity Program
Partner • Customized logos and public relations templates to help promote your award-winning status.
• Recognition collateral to signify your success.
benefits • Winners are celebrated at Microsoft Inspire.
Now through April 5, 2023 at 6:00PM Pacific Time: The POTYA Nomination Tool is open for partners
Timeline •
to self-nominate.
• May 25: Winners are notified
Call to Action • Prepare your nominations & submit before April 5, 2023! Visit https://aka.ms/POTYA for more details.
Thank you!
https://aka.ms/SMBMastersDigitalEventsSurvey
Ďakujem Tack Nandri Kop khun Teşekkür ederim Дякую Xвала Diolch