Monitoring attack paths

Archive for September, 2013

Monitoring attack paths

Posted by

SIEMs are used for establishing security controls and responding to attacks. From my SimWitty days to my new role managing VioPoint’s SOC, we draw a distinction between these two. For controls-based activities, we think in terms of use cases. A SIEM use case defines a particular way the SIEM gathers and reports on data. For threat-based activities, an abuse case that defines an attacker’s activity and how the organization would detect the activity. The use case drives value and the abuse case protects against value loss.

Abuse Cases Map Possible Paths

An abuse case begins by describing the attacker and their objectives. Who are they? What are they after? What tactics and techniques are these attackers likely to use? From there, the abuse case defines the path the attacker would take to achieve their objectives. For example, a typical abuse may include:

(1) External reconnaissance
(2) Initial breach
(3) Escalate privileges
(4) Persistence
(5) Internal reconnaissance
(6) Lateral breach
(7) Maintain presence
(8) Achieve objective

The modus operandi will thus be modeled for a particular threat.

The Final Step In Monitoring

The final step in using SIEM to respond to attacks is to overlay the abuse case with the technical controls. How would we detect and prevent a particular tactic used in persistence, for example? What about the lateral breach phase in an attack path? Thinking through these controls allows us to give ourselves credit for where we are doing well, and allows us to identify opportunities for enhancing the controls.

To get the most out of a SIEM, from a threat perspective, we create a set of high-level threat models and setup monitoring along the identified attack paths. A well-defined abuse case does just that.

Friday Books and Talks 09-27

Posted by

Outside Innovation: How Your Customers Will Co-Design Your Company’s Future
by Patricia B. Seybold

How dynamic businesses of every size can unleash innovation by inviting customers to co–design what they do and make.

The refrain is familiar for Patricia Seybold in her journeys as a top technology and management strategist: “I want our company to be acknowledged as the most admired and most customer–valued in our industry and to be recognized as the company that has forever changed the way things are done.” “How can we become the Google of banking?” “How can we be the eBay of software?” “I want to be the JetBlue of manufacturing.”

“How can we become the undisputed trend–setter in our industry–with a competitive bar no one can topple?”

In Outside Innovation, bestselling author Seybold taps her close relationship with dozens of high–innovation companies to reveal the untold strategy behind the trendsetters and the next HUGE leap forward in customer strategy. Seybold shows that companies that are dominating their category and staying ahead of the pack are collaborating at every level of their business with their customers.

 

TED: The fiction of memory
By Elizabeth Loftus

“Psychologist Elizabeth Loftus studies memories. More precisely, she studies false memories, when people either remember things that didn’t happen or remember them differently from the way they really were. It’s more common than you might think, and Loftus shares some startling stories and statistics, and raises some important ethical questions we should all remember to consider. Memory-manipulation expert Elizabeth Loftus explains how our memories might not be what they seem — and how implanted memories can have real-life repercussions.”

Friday Books and Talks 09-20

Posted by

Relationship Economics: Transform Your Most Valuable Business Contacts Into Personal and Professional Success
by David Nour, Alan Weiss

“Relationship Economics isn’t about taking advantage of friends or coworkers to get ahead. It’s about prioritizing and maximizing a unique return on strategic relationships to fuel unprecedented growth. Based on the author’s global speaking and consulting engagements, Relationship Economics reveals that success comes from investing in people for extraordinary returns. This revised and updated version explains the three major types of relationships—personal, functional, and strategic—and how to focus each to fuel enterprise growth. It introduces new concepts in relationship management, including the exchange of Relationship Currency, the accumulation of Reputation Capital, and the building of Professional Net Worth. These are the fundamental measures of business relationship, and once you understand them, you’ll be able to turn your contacts into better executions, performance, and results.”

 

TED: The pursuit of ignorance
By Stuart Firestein

“What does real scientific work look like? As neuroscientist Stuart Firestein jokes: It looks a lot less like the scientific method and a lot more like “farting around … in the dark.” In this witty talk, Firestein gets to the heart of science as it is really practiced and suggests that we should value what we don’t know — or “high-quality ignorance” — just as much as what we know. Stuart Firestein teaches students and “citizen scientists” that ignorance is far more important to discovery than knowledge.”

Keys to a high-performing IT department

Posted by

mrc’s Cup of Joe Blog included my minimum viable mantra in their recent blog post:

6 keys to a high-performing IT department
http://www.mrc-productivity.com/blog/2013/09/6-keys-to-a-high-performing-it-department/

“Approach everything with a startup mentality,” says J Wolfgang Goerlich, VP of Consulting Services for VioPoint. “By that, I mean, seek to answer the following two questions: what drives value and what keeps the light on. I suggest adopting a minimum viable strategy for keeping the lights on. By satisfying the requirements without spending too much time, you make space to deliver value. Spend most of your time and effort on what really matters, what really drives value, what really makes a difference. In doing so, you can deliver outstanding results to your manager, your stakeholders, and your organization.”

Click thru and read the article, including the comment from Michael Stephenson. Lots of good advice for optimizing your team and department.

Friday Books and Talks 09-06-2013

Posted by

Here are some of the books and talks that I enjoyed this week, in no particular order.

 

The One Thing: The Surprisingly Simple Truth Behind Extraordinary Results
by Gary Keller, Jay Papasan

You want less. You want fewer distractions and less on your plate. The daily barrage of e-mails, texts, tweets, messages, and meetings distract you and stress you out. The simultaneous demands of work and family are taking a toll. And what’s the cost? Second-rate work, missed deadlines, smaller paychecks, fewer promotions — and lots of stress.

And you want more. You want more productivity from your work. More income for a better lifestyle. You want more satisfaction from life, and more time for yourself, your family, and your friends.

Authors Gary Keller and Jay Papasan demonstrate that the results you get are directly influenced by the way you work and the choices you make. You’ll learn how to identify the lies that block your success and the thieves that steal time from your day. By focusing on your ONE Thing, you can accomplish more by doing less. What’s your ONE Thing?

 

Unusually Excellent: The Necessary Nine Skills Required for the Practice of Great Leadership
by John Hamm

Master the fundamentals of leadership-at every stage in your career. Often, when leaders experience trouble, they look to blame an outside source or expect a small tweak to right their ship. But many times they’ve actually lost their grip on the very basic foundation of leadership. The business environment may change, but no management trend can displace the core laws, proven over centuries, of excellent leadership. Unusually Excellent is an essential resource for leaders that brings these fundamentals together in a new and comprehensive way. This book will help leaders at any level keep their focus on the bedrock principles that will make them extraordinary.

 

TED: Listen, learn … then lead
By General Stanley McChrystal

“Four-star general Stanley McChrystal shares what he learned about leadership over his decades in the military. How can you build a sense of shared purpose among people of many ages and skill sets? By listening and learning — and addressing the possibility of failure.”

 

TED: Learning from leadership’s missing manual
By Fields Wicker-Miurin

“Leadership doesn’t have a user’s manual, but Fields Wicker-Miurin says stories of remarkable, local leaders are the next best thing. At a TED salon in London, she shares three. Fields Wicker-Miurin wants to improve the quality and impact of leadership worldwide by discovering leaders in unique, local settings and connecting them with one another.”