The Most EFFECTIVE WAYS to Prevent a Security Data Breach
On this episode of The Life of a CISO, Dr. Eric Cole discusses the most EFFECTIVE WAYS to prevent a security data breach.
The theme of today’s show is “Prevention is ideal, detection is a must!” Most CISOs don’t realize that they are stumbling around in the dark because they don’t have an up-to-date network diagram. They are using outdated methods of detecting threats and relying on firewalls to do the work for them. If you haven’t detected a breach in the last 24 months, it doesn’t mean you haven’t been compromised, it means you’ve been compromised and haven’t detected and fixed your breach.
Dr. Eric Cole compares finding breaches to his experience to his whale-watching boat trip with his friend and mentor, Steven Northcutt. He was looking for whales on one side of the boat, and Steven grabbed his head and made him look on the other side. Had he kept looking on that one side, he would have thought there were no whales, yet they were right there for him to see, but he was looking in the wrong place. To find your breaches, you have to look in the right place.
It’s surprisingly easy to find where the breaches are by taking the Dr. Cole Challenge. The challenge is this: Find the outbound IP addresses with the longest connection, the highest number of connections, and the largest amount of data. If any IP addresses are on all three lists, they are the adversary, and you have been breached.
In this episode:
- 0:02 Intro: The CISO life
- 0:57 Why do breaches happen?
- 1:33 What are the 4 or 5 things you would do to prevent breaches?
- 2:45 What are the important things that companies need to have?
- 3:11 Prevention is ideal, protection is a must!
- 3:43 Everything starts with having an up-to-date network diagram
- 4:50 “Oh, but Eric, I have a firewall!”
- 5:50 How are you going to assess risk without a diagram?
- 6:25 The 4-color pen exercise
- 8:05 Preventive devices only block things that are 100% bad 100% of the time
- 9:49 A quick refresher on false negatives and false positives
- 10:01 Preventive is good. However, we need detection.
- 10:40 It’s okay if you get compromised, if you detect it early enough
- 12:22 The analogy
- 14:12 If you have not detected a breach in the last 24 months, change your detection methods
- 14:38 Whale watching with Steven Northcutt
- 17:48 The 5th color in your 4 color pen
- 20:50 Adversaries use encryption
- 21:50 Encryption stops anybody from reading any traffic
- 23:15 The old school way of doing it is to decrypt it
- 24:29 The better solution is to analyze traffic without decrypting it
- 24:48 Introducing The Dr. Cole Challenge
- 25:36 The Dr. Cole Challenge: Create 3 top 20 lists of outbound traffic IP addresses…
- 25:36 That have the longest connection
- 26:20 That have the highest number of connections
- 26:30 That have the largest amount of data
- 26:59 What are on all 3 lists? I challenge you to prove me wrong.
- 28:17 Catching compromised systems is not hard if you know where to look
- 28:35 Catching compromised systems is not hard if you know what to look for
- 30:41 Please leave comments, questions, and suggestions below. Thank you for watching.