SlideShare a Scribd company logo

How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication

Duo Security
Duo Security

Presenters: Rick Holland, Principal Analyst
, Forrester Research Brian Kelly, Principal PMM, Duo Security Bob Hillhouse, Associate CIO and CISO
, University of Tennessee, Knoxville

1 of 51
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication Presented by Duo Security with guests Forrester Research and University of Tennessee, Knoxville September 25, 2014 #duowebinar
Agenda Rick Holland, Forrester Research How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication Brian Kelly, Duo Security How Duo Helps You Avoid “Expense In Depth” Bob Hillhouse, University of Tennessee, Knoxville A Case for Multi-factor Authentication #duowebinar
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication Rick Holland, Principal Analyst Forrester Research #duowebinar
Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
APT! © 2014 Forrester Research, Inc. Reproduction Prohibited
Heartbleed OpenSSL vulnerability exploited to compromise SSL VPN © 2014 Forrester Research, Inc. Reproduction Prohibited
Adversaries are on shopping sprees © 2014 Forrester Research, Inc. Reproduction Prohibited
Except the adversary isn’t being timed © 2014 Forrester Research, Inc. Reproduction Prohibited
We are hyper focused on the © 2014 Forrester Research, Inc. Reproduction Prohibited WRONG things
Anything but the data © 2014 Forrester Research, Inc. Reproduction Prohibited Malware sandboxes Alert driven security Perimeter security controls
Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs Need No. 1: An Actual Security Strategy © 2014 Forrester Research, Inc. Reproduction Prohibited
Silver bullets, for investment not defense © 2014 Forrester Research, Inc. Reproduction Prohibited
Expense in Depth © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs Need No. 2: A Dedication To Recruiting And Retaining Staff © 2014 Forrester Research, Inc. Reproduction Prohibited
Lack of staff is a problem © 2014 Forrester Research, Inc. Reproduction Prohibited
Targeted-Attack Hierarchy Of Needs Need No. 3: A Focus On The Fundamentals © 2014 Forrester Research, Inc. Reproduction Prohibited
A Focus On The Fundamentals © 2014 Forrester Research, Inc. Reproduction Prohibited
Forrester’s Zero Trust model © 2014 Forrester Research, Inc. Reproduction Prohibited
Forrester’s Zero Trust model © 2014 Forrester Research, Inc. Reproduction Prohibited
Zero Trust is fundamental © 2014 Forrester Research, Inc. Reproduction Prohibited
Strong Authentication › Strong authentication is critical for disrupting attackers © 2014 Forrester Research, Inc. Reproduction Prohibited
Strong Authentication › Strong auth is critical for disrupting attackers › Protect your VPNs and Citrix but don’t forget about SaaS applications › Consider step up authentication for admins © 2014 Forrester Research, Inc. Reproduction Prohibited
Least privilege › Privileged accounts need to be monitored and audited › Don’t share local admin passwords across all hosts › Work towards a data classification program © 2014 Forrester Research, Inc. Reproduction Prohibited
Detecting lateral movement › Segment your network › Deploy visibility to key ingress/egress chokepoints › NETFLOW can be used for lateral movement detection © 2014 Forrester Research, Inc. Reproduction Prohibited
Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
Return on Expense in Depth? © 2014 Forrester Research, Inc. Reproduction Prohibited
Recommendations › Evaluate your potential investments › What provides greatest marginal return on your investment? › What technology reduces the greatest attack surface? © 2014 Forrester Research, Inc. Reproduction Prohibited
Thank you Rick Holland rholland@forrester.com Twitter: @rickhholland
How Duo Helps You Avoid “Expense In Depth” Brian Kelly, Principal Product Marketing Manager Duo Security #duowebinar
Adoption of cloud, mobile, and BYOD is accelerating dramatically    # #  &  ☁#☁# IT 1.0: Mainframe IT 2.0: Client/Server IT 3.0: Cloud/Mobile
   # #  &   &   &  ☁#☁# 1995 2000 2005 2010  &  Data Breaches Along this same timeline we’ve also seen dramatic growth in user-targeted attacks
   # #  &   &   &  ☁#☁# 1995 2000 2005 2010  &  Data Breaches Why?
What’s new in IT 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service  &  ☁#☁#
What’s new in Security 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service Better OS and app security …but, limited endpoint control Better service security …but, limited network visibility
What’s new in Security 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service User-targeted attacks Credentials are easily stolen • Phished • Guessed • Keylogged • Sniffed • Cracked • Reused • Bypassed
100% OF BREACHES involve stolen credentials — Mandiant Source: mandiant.com/threat-landscape and M-Trends annual reports
advanced adversary will compromise your environment and accomplish their goal. The Targeted Attack Figure 2 The Hierarchy Targeted-Attack Hierarchy Of Of Needs Needs Detection and response Prevention An integrated portfolio that enables orchestration A focus on the fundamentals A dedication to recruiting and retaining staff An actual security strategy 107121 Source: Forrester Research,
advanced adversary will compromise your environment and accomplish their goal. The Targeted Attack Figure 2 The Hierarchy Targeted-Attack Hierarchy Of Of Needs Needs Detection and response Prevention An integrated portfolio that enables orchestration A focus on the fundamentals A dedication to recruiting and retaining staff An actual security strategy 107121 Source: Forrester Research, Back to Basics ‣ Patch, harden, update (everything) ‣ Segment data, services, networks ‣ Review access controls (often) ‣ Inspect endpoints, enforce policy ‣ Require strong authentication
Legacy two-factor authentication solutions overlook TCO On boarding Deployment $  #  ✉ $ $ $ Management Login  ⚠  ⏲
Duo Security minimizes cost throughout 2FA lifecycle On boarding Deployment ☁ . Management Login / 
Thousands Getting Better Security, Not Just More duosecurity.com/success-stories
A Case For Multi-Factor Authentication Bob Hillhouse, Associate CIO and CISO University of Tennessee, Knoxville #duowebinar
Cast ▪ The University of Tennessee, Knoxville ▪ 57 merchants across campus ▪ 130 Users; 150 Devices ▪ The UT Office of the Treasurer ▪ The Office of Information Technology (OIT)
Act I - Prelude ▪ PCI-DSS Requirement 8.3 – Incorporate two-factor authentication for remote access to the network by employees, administrators, and third parties… ▪ 150 devices in the PCI-Subnet require Remote Desktop Services (RDP)
Act II – The Timeline ▪ 8:00 AM ▪ 8:15 AM ▪ 8:30 AM ▪ 9:00 AM
Act III – Prologue ▪ 2013 – The end of strong password-only security. – http://duo.sc/utk-vid
Epilogue ▪ Compliance Goal was met ▪ Next: Two-Factor Authentication for all central IT staff using the VPN – 200 additional users ▪ Next: Two-Factor Authentication for all VPN Users – Usage Patterns – Establish scope (Campus-wide? Privileged Users Only?)
Questions + Answers #duowebinar Rick Holland, Forrester Research rholland@forrester.com @rickhholland Brian Kelly, Duo Security bkelly@duosecurity.com @resetbrian Bob Hillhouse, University of Tennessee, Knoxville bob@utk.edu @ut_oit

Recommended

Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerSecuring Access to PeopleSoft ERP with Duo Security and GreyHeller
Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
Duo Security
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the Headlines
Duo Security
 
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication WrongForrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Forrester and Duo Security Webinar - 5 Signs You're Doing Authentication Wrong
Duo Security
 
Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...Security For The People: End-User Authentication Security on the Internet by ...
Security For The People: End-User Authentication Security on the Internet by ...
Duo Security
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
Brian Kelly
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
centralohioissa
 
Understanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loopUnderstanding Cyber Kill Chain and OODA loop
Understanding Cyber Kill Chain and OODA loop
David Sweigert
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
centralohioissa
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021
Adrian Sanabria
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
OpenDNS
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
Splunk
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
Ben Rothke
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
yohansurya2
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
Sounil Yu
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Splunk
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
Sounil Yu
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
FireEye, Inc.
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of Security
Priyanka Aash
 
Wines of France
Wines of FranceWines of France
Wines of France
Ashish Gupta
 
Social media bishop haley
Social media bishop haleySocial media bishop haley
Social media bishop haley
Haley Bishop
 

More Related Content

What's hot (20)

Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
centralohioissa
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021
Adrian Sanabria
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
OpenDNS
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
Splunk
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
Ben Rothke
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
yohansurya2
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
Sounil Yu
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Splunk
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
Sounil Yu
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
FireEye, Inc.
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of Security
Priyanka Aash
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
 
Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!Jim Wojno: Incident Response - No Pain, No Gain!
Jim Wojno: Incident Response - No Pain, No Gain!
centralohioissa
 
The state of endpoint defense in 2021
The state of endpoint defense in 2021The state of endpoint defense in 2021
The state of endpoint defense in 2021
Adrian Sanabria
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
OpenDNS
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
Symantec Brasil
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
Splunk
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
Ben Rothke
 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
yohansurya2
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
Sounil Yu
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Splunk
 
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of SecurityNew Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
Sounil Yu
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Two-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _ZamanTwo-factor authentication- A sample writing _Zaman
Two-factor authentication- A sample writing _Zaman
Asad Zaman
 
The Internal Signs of Compromise
The Internal Signs of CompromiseThe Internal Signs of Compromise
The Internal Signs of Compromise
FireEye, Inc.
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?) Automation: The Wonderful Wizard of CTI (or is it?)
Automation: The Wonderful Wizard of CTI (or is it?)
MITRE ATT&CK
 
Keynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of SecurityKeynote Session : The Non - Evolution of Security
Keynote Session : The Non - Evolution of Security
Priyanka Aash
 

Viewers also liked (9)

Wines of France
Wines of FranceWines of France
Wines of France
Ashish Gupta
 
Social media bishop haley
Social media bishop haleySocial media bishop haley
Social media bishop haley
Haley Bishop
 
Скидки и акции в универсамах Магнит с 13 по 26 января 2016
Скидки и акции в универсамах Магнит с 13 по 26 января 2016Скидки и акции в универсамах Магнит с 13 по 26 января 2016
Скидки и акции в универсамах Магнит с 13 по 26 января 2016
mbych
 
BETT: Educational Change
BETT: Educational ChangeBETT: Educational Change
BETT: Educational Change
Dannno
 
Online assignment
Online assignmentOnline assignment
Online assignment
parvathyvspettah
 
overdorp_v2
overdorp_v2overdorp_v2
overdorp_v2
Mark de Bruin
 
tello resume
tello resumetello resume
tello resume
matthew tello
 
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Михаил Бычков
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
Jerod Brennen
 
Wines of France
Wines of FranceWines of France
Wines of France
Ashish Gupta
 
Social media bishop haley
Social media bishop haleySocial media bishop haley
Social media bishop haley
Haley Bishop
 
Скидки и акции в универсамах Магнит с 13 по 26 января 2016
Скидки и акции в универсамах Магнит с 13 по 26 января 2016Скидки и акции в универсамах Магнит с 13 по 26 января 2016
Скидки и акции в универсамах Магнит с 13 по 26 января 2016
mbych
 
BETT: Educational Change
BETT: Educational ChangeBETT: Educational Change
BETT: Educational Change
Dannno
 
Online assignment
Online assignmentOnline assignment
Online assignment
parvathyvspettah
 
overdorp_v2
overdorp_v2overdorp_v2
overdorp_v2
Mark de Bruin
 
tello resume
tello resumetello resume
tello resume
matthew tello
 
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Скидки и акции в магазинах Магнит с 04 по 17 ноября 2015г.
Михаил Бычков
 
Information Security Management 101
Information Security Management 101Information Security Management 101
Information Security Management 101
Jerod Brennen
 

Similar to How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication (20)

"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
 
Presentation for information security & hacking
Presentation for information security & hackingPresentation for information security & hacking
Presentation for information security & hacking
faizanmalik255119
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
Paula Januszkiewicz
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
Thuan Ng
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
SecureAuth
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
RuchikaSachdeva4
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
Richard Diver
 
Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22
WesComer2
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
EMC
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Andrew Gerber
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guide
Nis
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
Adela Cocic
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
SecureAuth
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
EMC
 
Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"
Jorge Sebastiao
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack Models
SeniorStoryteller
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security
Core Security
 
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary"Evolving Cybersecurity Strategies" - Identity is the new security boundary
"Evolving Cybersecurity Strategies" - Identity is the new security boundary
Dean Iacovelli
 
Presentation for information security & hacking
Presentation for information security & hackingPresentation for information security & hacking
Presentation for information security & hacking
faizanmalik255119
 
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...The hacker playbook: How to think and act like a cybercriminal to reduce risk...
The hacker playbook: How to think and act like a cybercriminal to reduce risk...
Paula Januszkiewicz
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
Thuan Ng
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
SecureAuth
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
RuchikaSachdeva4
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
Richard Diver
 
Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22Indianapolis Splunk User Group Dec 22
Indianapolis Splunk User Group Dec 22
WesComer2
 
Industry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven SecurityIndustry Overview: Big Data Fuels Intelligence-Driven Security
Industry Overview: Big Data Fuels Intelligence-Driven Security
EMC
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Andrew Gerber
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
Strong authentication implementation guide
Strong authentication implementation guideStrong authentication implementation guide
Strong authentication implementation guide
Nis
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
EC-Council
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
Adela Cocic
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
SecureAuth
 
Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?Big Data & Security Have Collided - What Are You Going to do About It?
Big Data & Security Have Collided - What Are You Going to do About It?
EMC
 
Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"
Jorge Sebastiao
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack Models
SeniorStoryteller
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security
Core Security
 

More from Duo Security (7)

A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
A Place to Hang Our Hats: Security Community and Culture by Domenic RizzoloA Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
Duo Security
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Duo Security
 
Making Web Development "Secure By Default"
Making Web Development "Secure By Default" Making Web Development "Secure By Default"
Making Web Development "Secure By Default"
Duo Security
 
Probing Mobile Operator Networks - Collin Mulliner
Probing Mobile Operator Networks - Collin MullinerProbing Mobile Operator Networks - Collin Mulliner
Probing Mobile Operator Networks - Collin Mulliner
Duo Security
 
The Real Deal of Android Device Security: The Third Party
The Real Deal of Android Device Security: The Third PartyThe Real Deal of Android Device Security: The Third Party
The Real Deal of Android Device Security: The Third Party
Duo Security
 
No Apology Required: Deconstructing BB10
No Apology Required: Deconstructing BB10No Apology Required: Deconstructing BB10
No Apology Required: Deconstructing BB10
Duo Security
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
 
A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
A Place to Hang Our Hats: Security Community and Culture by Domenic RizzoloA Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
A Place to Hang Our Hats: Security Community and Culture by Domenic Rizzolo
Duo Security
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Duo Security
 
Making Web Development "Secure By Default"
Making Web Development "Secure By Default" Making Web Development "Secure By Default"
Making Web Development "Secure By Default"
Duo Security
 
Probing Mobile Operator Networks - Collin Mulliner
Probing Mobile Operator Networks - Collin MullinerProbing Mobile Operator Networks - Collin Mulliner
Probing Mobile Operator Networks - Collin Mulliner
Duo Security
 
The Real Deal of Android Device Security: The Third Party
The Real Deal of Android Device Security: The Third PartyThe Real Deal of Android Device Security: The Third Party
The Real Deal of Android Device Security: The Third Party
Duo Security
 
No Apology Required: Deconstructing BB10
No Apology Required: Deconstructing BB10No Apology Required: Deconstructing BB10
No Apology Required: Deconstructing BB10
Duo Security
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
Duo Security
 

Recently uploaded (20)

AI in Java - MCP in Action, Langchain4J-CDI, SmallRye-LLM, Spring AI
AI in Java - MCP in Action, Langchain4J-CDI, SmallRye-LLM, Spring AIAI in Java - MCP in Action, Langchain4J-CDI, SmallRye-LLM, Spring AI
AI in Java - MCP in Action, Langchain4J-CDI, SmallRye-LLM, Spring AI
Buhake Sindi
 
The 2025 Digital Adoption Blueprint.pptx
The 2025 Digital Adoption Blueprint.pptxThe 2025 Digital Adoption Blueprint.pptx
The 2025 Digital Adoption Blueprint.pptx
aptyai
 
Supercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMsSupercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMs
Francesco Corti
 
UiPath Community Zurich: Release Management and Build Pipelines
UiPath Community Zurich: Release Management and Build PipelinesUiPath Community Zurich: Release Management and Build Pipelines
UiPath Community Zurich: Release Management and Build Pipelines
UiPathCommunity
 
AI Emotional Actors: “When Machines Learn to Feel and Perform"
AI Emotional Actors: “When Machines Learn to Feel and Perform"AI Emotional Actors: “When Machines Learn to Feel and Perform"
AI Emotional Actors: “When Machines Learn to Feel and Perform"
AkashKumar809858
 
Droidal: AI Agents Revolutionizing Healthcare
Droidal: AI Agents Revolutionizing HealthcareDroidal: AI Agents Revolutionizing Healthcare
Droidal: AI Agents Revolutionizing Healthcare
Droidal LLC
 
Master tester AI toolbox - Kari Kakkonen at Testaus ja AI 2025 Professio
Master tester AI toolbox - Kari Kakkonen at Testaus ja AI 2025 ProfessioMaster tester AI toolbox - Kari Kakkonen at Testaus ja AI 2025 Professio
Master tester AI toolbox - Kari Kakkonen at Testaus ja AI 2025 Professio
Kari Kakkonen
 
Agentic AI - The New Era of Intelligence
Agentic AI - The New Era of IntelligenceAgentic AI - The New Era of Intelligence
Agentic AI - The New Era of Intelligence
Muzammil Shah
 
New Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDBNew Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDB
ScyllaDB
 
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
James Anderson
 
UiPath Community Berlin: Studio Tips & Tricks and UiPath Insights
UiPath Community Berlin: Studio Tips & Tricks and UiPath InsightsUiPath Community Berlin: Studio Tips & Tricks and UiPath Insights
UiPath Community Berlin: Studio Tips & Tricks and UiPath Insights
UiPathCommunity
 
From Legacy to Cloud-Native: A Guide to AWS Modernization.pptx
From Legacy to Cloud-Native: A Guide to AWS Modernization.pptxFrom Legacy to Cloud-Native: A Guide to AWS Modernization.pptx
From Legacy to Cloud-Native: A Guide to AWS Modernization.pptx
Mohammad Jomaa
 
Cyber security cyber security cyber security cyber security cyber security cy...
Cyber security cyber security cyber security cyber security cyber security cy...Cyber security cyber security cyber security cyber security cyber security cy...
Cyber security cyber security cyber security cyber security cyber security cy...
pranavbodhak
 
What is DePIN? The Hottest Trend in Web3 Right Now!
What is DePIN? The Hottest Trend in Web3 Right Now!What is DePIN? The Hottest Trend in Web3 Right Now!
What is DePIN? The Hottest Trend in Web3 Right Now!
cryptouniversityoffi
 
SAP Sapphire 2025 ERP1612 Enhancing User Experience with SAP Fiori and AI
SAP Sapphire 2025 ERP1612 Enhancing User Experience with SAP Fiori and AISAP Sapphire 2025 ERP1612 Enhancing User Experience with SAP Fiori and AI
SAP Sapphire 2025 ERP1612 Enhancing User Experience with SAP Fiori and AI
Peter Spielvogel
 
cloudgenesis cloud workshop , gdg on campus mita
cloudgenesis cloud workshop , gdg on campus mitacloudgenesis cloud workshop , gdg on campus mita
cloudgenesis cloud workshop , gdg on campus mita
siyaldhande02
 
Talk: On an adventure into the depths of Maven - Kaya Weers
Talk: On an adventure into the depths of Maven - Kaya WeersTalk: On an adventure into the depths of Maven - Kaya Weers
Talk: On an adventure into the depths of Maven - Kaya Weers
Kaya Weers
 
ECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptx
ECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptxECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptx
ECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptx
Jasper Oosterveld
 
Gihbli AI and Geo sitution |use/misuse of Ai Technology
Gihbli AI and Geo sitution |use/misuse of Ai TechnologyGihbli AI and Geo sitution |use/misuse of Ai Technology
Gihbli AI and Geo sitution |use/misuse of Ai Technology
zainkhurram1111
 
Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)
Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)
Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)
Eugene Fidelin
 
AI in Java - MCP in Action, Langchain4J-CDI, SmallRye-LLM, Spring AI
AI in Java - MCP in Action, Langchain4J-CDI, SmallRye-LLM, Spring AIAI in Java - MCP in Action, Langchain4J-CDI, SmallRye-LLM, Spring AI
AI in Java - MCP in Action, Langchain4J-CDI, SmallRye-LLM, Spring AI
Buhake Sindi
 
The 2025 Digital Adoption Blueprint.pptx
The 2025 Digital Adoption Blueprint.pptxThe 2025 Digital Adoption Blueprint.pptx
The 2025 Digital Adoption Blueprint.pptx
aptyai
 
Supercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMsSupercharge Your AI Development with Local LLMs
Supercharge Your AI Development with Local LLMs
Francesco Corti
 
UiPath Community Zurich: Release Management and Build Pipelines
UiPath Community Zurich: Release Management and Build PipelinesUiPath Community Zurich: Release Management and Build Pipelines
UiPath Community Zurich: Release Management and Build Pipelines
UiPathCommunity
 
AI Emotional Actors: “When Machines Learn to Feel and Perform"
AI Emotional Actors: “When Machines Learn to Feel and Perform"AI Emotional Actors: “When Machines Learn to Feel and Perform"
AI Emotional Actors: “When Machines Learn to Feel and Perform"
AkashKumar809858
 
Droidal: AI Agents Revolutionizing Healthcare
Droidal: AI Agents Revolutionizing HealthcareDroidal: AI Agents Revolutionizing Healthcare
Droidal: AI Agents Revolutionizing Healthcare
Droidal LLC
 
Master tester AI toolbox - Kari Kakkonen at Testaus ja AI 2025 Professio
Master tester AI toolbox - Kari Kakkonen at Testaus ja AI 2025 ProfessioMaster tester AI toolbox - Kari Kakkonen at Testaus ja AI 2025 Professio
Master tester AI toolbox - Kari Kakkonen at Testaus ja AI 2025 Professio
Kari Kakkonen
 
Agentic AI - The New Era of Intelligence
Agentic AI - The New Era of IntelligenceAgentic AI - The New Era of Intelligence
Agentic AI - The New Era of Intelligence
Muzammil Shah
 
New Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDBNew Ways to Reduce Database Costs with ScyllaDB
New Ways to Reduce Database Costs with ScyllaDB
ScyllaDB
 
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
James Anderson
 
UiPath Community Berlin: Studio Tips & Tricks and UiPath Insights
UiPath Community Berlin: Studio Tips & Tricks and UiPath InsightsUiPath Community Berlin: Studio Tips & Tricks and UiPath Insights
UiPath Community Berlin: Studio Tips & Tricks and UiPath Insights
UiPathCommunity
 
From Legacy to Cloud-Native: A Guide to AWS Modernization.pptx
From Legacy to Cloud-Native: A Guide to AWS Modernization.pptxFrom Legacy to Cloud-Native: A Guide to AWS Modernization.pptx
From Legacy to Cloud-Native: A Guide to AWS Modernization.pptx
Mohammad Jomaa
 
Cyber security cyber security cyber security cyber security cyber security cy...
Cyber security cyber security cyber security cyber security cyber security cy...Cyber security cyber security cyber security cyber security cyber security cy...
Cyber security cyber security cyber security cyber security cyber security cy...
pranavbodhak
 
What is DePIN? The Hottest Trend in Web3 Right Now!
What is DePIN? The Hottest Trend in Web3 Right Now!What is DePIN? The Hottest Trend in Web3 Right Now!
What is DePIN? The Hottest Trend in Web3 Right Now!
cryptouniversityoffi
 
SAP Sapphire 2025 ERP1612 Enhancing User Experience with SAP Fiori and AI
SAP Sapphire 2025 ERP1612 Enhancing User Experience with SAP Fiori and AISAP Sapphire 2025 ERP1612 Enhancing User Experience with SAP Fiori and AI
SAP Sapphire 2025 ERP1612 Enhancing User Experience with SAP Fiori and AI
Peter Spielvogel
 
cloudgenesis cloud workshop , gdg on campus mita
cloudgenesis cloud workshop , gdg on campus mitacloudgenesis cloud workshop , gdg on campus mita
cloudgenesis cloud workshop , gdg on campus mita
siyaldhande02
 
Talk: On an adventure into the depths of Maven - Kaya Weers
Talk: On an adventure into the depths of Maven - Kaya WeersTalk: On an adventure into the depths of Maven - Kaya Weers
Talk: On an adventure into the depths of Maven - Kaya Weers
Kaya Weers
 
ECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptx
ECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptxECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptx
ECS25 - The adventures of a Microsoft 365 Platform Owner - Website.pptx
Jasper Oosterveld
 
Gihbli AI and Geo sitution |use/misuse of Ai Technology
Gihbli AI and Geo sitution |use/misuse of Ai TechnologyGihbli AI and Geo sitution |use/misuse of Ai Technology
Gihbli AI and Geo sitution |use/misuse of Ai Technology
zainkhurram1111
 
Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)
Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)
Marko.js - Unsung Hero of Scalable Web Frameworks (DevDays 2025)
Eugene Fidelin
 

How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication

  • 1. How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication Presented by Duo Security with guests Forrester Research and University of Tennessee, Knoxville September 25, 2014 #duowebinar
  • 2. Agenda Rick Holland, Forrester Research How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication Brian Kelly, Duo Security How Duo Helps You Avoid “Expense In Depth” Bob Hillhouse, University of Tennessee, Knoxville A Case for Multi-factor Authentication #duowebinar
  • 3. How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authentication Rick Holland, Principal Analyst Forrester Research #duowebinar
  • 4. Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 5. APT! © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 6. Heartbleed OpenSSL vulnerability exploited to compromise SSL VPN © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 7. Adversaries are on shopping sprees © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 8. Except the adversary isn’t being timed © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 9. We are hyper focused on the © 2014 Forrester Research, Inc. Reproduction Prohibited WRONG things
  • 10. Anything but the data © 2014 Forrester Research, Inc. Reproduction Prohibited Malware sandboxes Alert driven security Perimeter security controls
  • 11. Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 12. Targeted-Attack Hierarchy Of Needs © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 13. Targeted-Attack Hierarchy Of Needs © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 14. Targeted-Attack Hierarchy Of Needs Need No. 1: An Actual Security Strategy © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 15. Silver bullets, for investment not defense © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 16. Expense in Depth © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 17. Targeted-Attack Hierarchy Of Needs Need No. 2: A Dedication To Recruiting And Retaining Staff © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 18. Lack of staff is a problem © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 19. Targeted-Attack Hierarchy Of Needs Need No. 3: A Focus On The Fundamentals © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 20. A Focus On The Fundamentals © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 21. Forrester’s Zero Trust model © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 22. Forrester’s Zero Trust model © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 23. Zero Trust is fundamental © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 24. Strong Authentication › Strong authentication is critical for disrupting attackers © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 25. Strong Authentication › Strong auth is critical for disrupting attackers › Protect your VPNs and Citrix but don’t forget about SaaS applications › Consider step up authentication for admins © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 26. Least privilege › Privileged accounts need to be monitored and audited › Don’t share local admin passwords across all hosts › Work towards a data classification program © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 27. Detecting lateral movement › Segment your network › Deploy visibility to key ingress/egress chokepoints › NETFLOW can be used for lateral movement detection © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 28. Agenda › Targeted attacks! › Targeted-Attack Hierarchy Of Needs › Recommendations © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 29. Return on Expense in Depth? © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 30. Recommendations › Evaluate your potential investments › What provides greatest marginal return on your investment? › What technology reduces the greatest attack surface? © 2014 Forrester Research, Inc. Reproduction Prohibited
  • 31. Thank you Rick Holland [email protected] Twitter: @rickhholland
  • 32. How Duo Helps You Avoid “Expense In Depth” Brian Kelly, Principal Product Marketing Manager Duo Security #duowebinar
  • 33. Adoption of cloud, mobile, and BYOD is accelerating dramatically    # #  &  ☁#☁# IT 1.0: Mainframe IT 2.0: Client/Server IT 3.0: Cloud/Mobile
  • 34.    # #  &   &   &  ☁#☁# 1995 2000 2005 2010  &  Data Breaches Along this same timeline we’ve also seen dramatic growth in user-targeted attacks
  • 35.    # #  &   &   &  ☁#☁# 1995 2000 2005 2010  &  Data Breaches Why?
  • 36. What’s new in IT 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service  &  ☁#☁#
  • 37. What’s new in Security 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service Better OS and app security …but, limited endpoint control Better service security …but, limited network visibility
  • 38. What’s new in Security 3.0? ‣ Users ‣ Access from anywhere ‣ “Zero Trust” environment ‣ Devices ‣ Mobile proliferation ‣ BYOD acceptance ‣ Services ‣ Diminishing perimeter ‣ Platform and Software -as-a-Service User-targeted attacks Credentials are easily stolen • Phished • Guessed • Keylogged • Sniffed • Cracked • Reused • Bypassed
  • 39. 100% OF BREACHES involve stolen credentials — Mandiant Source: mandiant.com/threat-landscape and M-Trends annual reports
  • 40. advanced adversary will compromise your environment and accomplish their goal. The Targeted Attack Figure 2 The Hierarchy Targeted-Attack Hierarchy Of Of Needs Needs Detection and response Prevention An integrated portfolio that enables orchestration A focus on the fundamentals A dedication to recruiting and retaining staff An actual security strategy 107121 Source: Forrester Research,
  • 41. advanced adversary will compromise your environment and accomplish their goal. The Targeted Attack Figure 2 The Hierarchy Targeted-Attack Hierarchy Of Of Needs Needs Detection and response Prevention An integrated portfolio that enables orchestration A focus on the fundamentals A dedication to recruiting and retaining staff An actual security strategy 107121 Source: Forrester Research, Back to Basics ‣ Patch, harden, update (everything) ‣ Segment data, services, networks ‣ Review access controls (often) ‣ Inspect endpoints, enforce policy ‣ Require strong authentication
  • 42. Legacy two-factor authentication solutions overlook TCO On boarding Deployment $  #  ✉ $ $ $ Management Login  ⚠  ⏲
  • 43. Duo Security minimizes cost throughout 2FA lifecycle On boarding Deployment ☁ . Management Login / 
  • 44. Thousands Getting Better Security, Not Just More duosecurity.com/success-stories
  • 45. A Case For Multi-Factor Authentication Bob Hillhouse, Associate CIO and CISO University of Tennessee, Knoxville #duowebinar
  • 46. Cast ▪ The University of Tennessee, Knoxville ▪ 57 merchants across campus ▪ 130 Users; 150 Devices ▪ The UT Office of the Treasurer ▪ The Office of Information Technology (OIT)
  • 47. Act I - Prelude ▪ PCI-DSS Requirement 8.3 – Incorporate two-factor authentication for remote access to the network by employees, administrators, and third parties… ▪ 150 devices in the PCI-Subnet require Remote Desktop Services (RDP)
  • 48. Act II – The Timeline ▪ 8:00 AM ▪ 8:15 AM ▪ 8:30 AM ▪ 9:00 AM
  • 49. Act III – Prologue ▪ 2013 – The end of strong password-only security. – http://duo.sc/utk-vid
  • 50. Epilogue ▪ Compliance Goal was met ▪ Next: Two-Factor Authentication for all central IT staff using the VPN – 200 additional users ▪ Next: Two-Factor Authentication for all VPN Users – Usage Patterns – Establish scope (Campus-wide? Privileged Users Only?)
  • 51. Questions + Answers #duowebinar Rick Holland, Forrester Research [email protected] @rickhholland Brian Kelly, Duo Security [email protected] @resetbrian Bob Hillhouse, University of Tennessee, Knoxville [email protected] @ut_oit