SlideShare a Scribd company logo

Chaos monitoring

Mona Arkhipova
Mona Arkhipova

PentestIT corporate labs guest speech about security monitoring in dynamically changing environment.

Technology
1 of 19
CHAOS MONITORING Svetlana “Mona“ Arkhipova Lead Information Security expert , QIWI
#:WHOAMI ▸  a.k.a. Mona ▸  Lead infrastructure security expert at QIWI group ▸  Past: security consultant at fintech start-ups, security analyst at General Electric (GE Capital).
TWO TOWERS ▸  Bank way: great amount of approvals, restrictions and controls ▸  IT way: fast and flexible, basically no technologies limitations ▸  "There's no spoon"
TYPICAL BANK WAY ▸  Limited number of systems and products ▸  Industry regulations ▸  Strict business processes ▸  Security as an initial part of all activities ▸  "Bloody Enterprise"
TYPICAL SMALL/MID IT COMPANY: SECURITY...WHAT IS IT? ▸  Most part of companies start thinking about security only after validated incidents ▸  Security activities performed(or not) by system administrator ▸  Wide stack of technologies
BRAVE NEW WORLD. BETWEEN IT AND BANKING ▸  Strong regulatory requirements from one side ▸  Strong business needs from the other side ▸  Spicy mix of enterprise technologies and in-house development AND TYPICAL BANK WAY IS NOT WORKING IN FINTECH
OTHER SIDE OF THE MOON
ONLY THE STUPID NEED ORGANIZATION, THE GENIUS CONTROLS THE CHAOS! Albert Einstein
COMMON CHALLENGES ▸  In-house development ▸  No strict business processes ▸  Security vs. usability/speed ▸  A bit of necromancy (Very Important Server)
BRAND NEW TECHNOLOGY(C) ▸  Dynamically changing environment ▸  Who needs technological stack, this brand new technology(tm) is our salvation! ▸  App security guide? Devops do not need them.
ASSETS AND PROCESSESS ▸  Hardened perimeters ▸  Test labs: this is a test server, there's no need in OS hardening ▸  Abandoned servers/VDIs/whatever ▸  Network controls?
SECURITY VS USABILITY ▸  Application and technology restrtictions ▸  Performance issues ▸  Tonns of logs ▸  A lot of additional work (especially on investigations)
WHAT'S NEXT? ▸  Identify ▸  Exmine ▸  Monitor ▸  Respond
IDENTIFY ▸  Track all env changes ▸  IT systems is a great source of raw data ▸  Periodical manual checks
EXAMINE ▸  Common traffic profiling (OS specific, network specific) ▸  App-specific profiling ▸  Systems interconnection
MONITOR ▸  Monitoring is a continuous process ▸  Track logins and network flows ▸  Periodical log sources check ▸  Set up emergency alerts on critical events
RESPOND ▸  Action plans on typical incidents ▸  Core analysis ▸  Rules/profiling tuning ▸  False positives and false negatives
FALSE (+|-) ▸  “Normal paranormal” ▸  Multiple events in short time range ▸  Traffic controls ▸  Chained events ▸  Events with low rates (APT) ▸  Continious (pen)tests
QUESTIONS? Svetlana Arkhipova Lead Information Security expert , QIWI mona@qiwi.ru monaarkhipova @m0na_sax

Recommended

Qradar as a SOC core
Qradar as a SOC coreQradar as a SOC core
Qradar as a SOC coreMona Arkhipova
 
QIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyQIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyMona Arkhipova
 
Large enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversizeLarge enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversizeMona Arkhipova
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsMona Arkhipova
 
Enterprise Forensics 101
Enterprise Forensics 101Enterprise Forensics 101
Enterprise Forensics 101Mona Arkhipova
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real lifeMona Arkhipova
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 

Recommended

Qradar as a SOC core
Qradar as a SOC coreQradar as a SOC core
Qradar as a SOC coreMona Arkhipova
 
QIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyQIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyMona Arkhipova
 
Large enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversizeLarge enterprise SIEM: get ready for oversize
Large enterprise SIEM: get ready for oversizeMona Arkhipova
 
Positive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsPositive Hack Days 7 - Ransomware forensiсs
Positive Hack Days 7 - Ransomware forensiсsMona Arkhipova
 
Enterprise Forensics 101
Enterprise Forensics 101Enterprise Forensics 101
Enterprise Forensics 101Mona Arkhipova
 
Risks vs real life
Risks vs real lifeRisks vs real life
Risks vs real lifeMona Arkhipova
 
Security Ops for large and small companies
Security Ops for large and small companiesSecurity Ops for large and small companies
Security Ops for large and small companiesMona Arkhipova
 
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...
Time Traveling: Adapting Techniques from the Future to Improve Reliability, J...Digital Bond
 
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
SDN Analytics & Security
SDN Analytics & Security SDN Analytics & Security
SDN Analytics & Security Scott Raynovich
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack SecuredJohn Kinsella
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius VigilSavvius, Inc
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage them5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage themPraveen Vackayil
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
 
Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC) Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC) Abbeloos Jo
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 Lancope, Inc.
 
Michael Jones-Resume-OCT2015
Michael Jones-Resume-OCT2015Michael Jones-Resume-OCT2015
Michael Jones-Resume-OCT2015Michael Jones, CCIE, CISSP, PMP
 
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingWeb Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingRobert Grupe, CSSLP CISSP PE PMP
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 
4 Effortless Tactics To Generate PR
4 Effortless Tactics To Generate PR4 Effortless Tactics To Generate PR
4 Effortless Tactics To Generate PRSurvata
 
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...IT Arena
 

More Related Content

What's hot

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Digital Bond
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS CommunicationsDigital Bond
 
SDN Analytics & Security
SDN Analytics & Security SDN Analytics & Security
SDN Analytics & Security Scott Raynovich
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Digital Bond
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalPriyanka Aash
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Digital Bond
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMJim Gilsinn
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Digital Bond
 
Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius VigilSavvius, Inc
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage them5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage themPraveen Vackayil
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
 
Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC) Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC) Abbeloos Jo
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 Lancope, Inc.
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014Digital Bond
 

What's hot (20)

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Monitoring ICS Communications
Monitoring ICS CommunicationsMonitoring ICS Communications
Monitoring ICS Communications
 
SDN Analytics & Security
SDN Analytics & Security SDN Analytics & Security
SDN Analytics & Security
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
CloudStack Secured
CloudStack SecuredCloudStack Secured
CloudStack Secured
 
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
Detecting Problems in Industrial Networks Through Continuous Monitoring, Leve...
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
 
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEMNetwork Reliability Monitoring for ICS: Going Beyond NSM and SIEM
Network Reliability Monitoring for ICS: Going Beyond NSM and SIEM
 
Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)Using Assessment Tools on ICS (English)
Using Assessment Tools on ICS (English)
 
Introducing Savvius Vigil
Introducing Savvius VigilIntroducing Savvius Vigil
Introducing Savvius Vigil
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security Products
 
5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage them5 Under-utilized PCI Requirements and how you can leverage them
5 Under-utilized PCI Requirements and how you can leverage them
 
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
 
Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC) Avit’s Network Asset Compliance Center (NACC)
Avit’s Network Asset Compliance Center (NACC)
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5
 
Michael Jones-Resume-OCT2015
Michael Jones-Resume-OCT2015Michael Jones-Resume-OCT2015
Michael Jones-Resume-OCT2015
 
Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingWeb Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN Testing
 
API Training 10 Nov 2014
API Training 10 Nov 2014API Training 10 Nov 2014
API Training 10 Nov 2014
 

Viewers also liked

4 Effortless Tactics To Generate PR
4 Effortless Tactics To Generate PR4 Effortless Tactics To Generate PR
4 Effortless Tactics To Generate PRSurvata
 
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...IT Arena
 
Instrumenting the real-time web: Node.js in production
Instrumenting the real-time web: Node.js in productionInstrumenting the real-time web: Node.js in production
Instrumenting the real-time web: Node.js in productionbcantrill
 
Agile Transition in Trouble? Using the Kotter Change Model as a Diagnostic Tool
Agile Transition in Trouble? Using the Kotter Change Model as a Diagnostic ToolAgile Transition in Trouble? Using the Kotter Change Model as a Diagnostic Tool
Agile Transition in Trouble? Using the Kotter Change Model as a Diagnostic ToolAlistair McKinnell
 
How to Hire an Agile Coach
How to Hire an Agile CoachHow to Hire an Agile Coach
How to Hire an Agile CoachJason Little
 
Product Design using Lean UX
Product Design using Lean UXProduct Design using Lean UX
Product Design using Lean UXGeorge Elkhabbaz
 
Kanban boards step by step
Kanban boards step by stepKanban boards step by step
Kanban boards step by stepGiulio Roggero
 
Kafka and Storm - event processing in realtime
Kafka and Storm - event processing in realtimeKafka and Storm - event processing in realtime
Kafka and Storm - event processing in realtimeGuido Schmutz
 

Viewers also liked (8)

4 Effortless Tactics To Generate PR
4 Effortless Tactics To Generate PR4 Effortless Tactics To Generate PR
4 Effortless Tactics To Generate PR
 
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...
Lean Business Analysis and UX Runway: Managing Value by Reducing Waste (Natal...
 
Instrumenting the real-time web: Node.js in production
Instrumenting the real-time web: Node.js in productionInstrumenting the real-time web: Node.js in production
Instrumenting the real-time web: Node.js in production
 
Agile Transition in Trouble? Using the Kotter Change Model as a Diagnostic Tool
Agile Transition in Trouble? Using the Kotter Change Model as a Diagnostic ToolAgile Transition in Trouble? Using the Kotter Change Model as a Diagnostic Tool
Agile Transition in Trouble? Using the Kotter Change Model as a Diagnostic Tool
 
How to Hire an Agile Coach
How to Hire an Agile CoachHow to Hire an Agile Coach
How to Hire an Agile Coach
 
Product Design using Lean UX
Product Design using Lean UXProduct Design using Lean UX
Product Design using Lean UX
 
Kanban boards step by step
Kanban boards step by stepKanban boards step by step
Kanban boards step by step
 
Kafka and Storm - event processing in realtime
Kafka and Storm - event processing in realtimeKafka and Storm - event processing in realtime
Kafka and Storm - event processing in realtime
 

Similar to Chaos monitoring

DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOpsDays Tel Aviv
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analyticsChristian Have
 
Legacy-SecDevOps (AppSec Management Debrief)
Legacy-SecDevOps (AppSec Management Debrief)Legacy-SecDevOps (AppSec Management Debrief)
Legacy-SecDevOps (AppSec Management Debrief)Dinis Cruz
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevMarina Krotofil
 
MineMeld and the Importance of Centralized Threat Intelligence
MineMeld and the Importance of Centralized Threat IntelligenceMineMeld and the Importance of Centralized Threat Intelligence
MineMeld and the Importance of Centralized Threat IntelligenceJamilaKaya
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXDevOps.com
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)TI Safe
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environmentsamiable_indian
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlAlgoSec
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...Savvius, Inc
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingBlack Duck by Synopsys
 
Application Performance Monitoring with OpenTelemetry
Application Performance Monitoring with OpenTelemetryApplication Performance Monitoring with OpenTelemetry
Application Performance Monitoring with OpenTelemetryJan Mikeš
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンスchomchana trevai
 
Devops (start walking in the same direction) by ops
Devops (start walking in the same direction) by opsDevops (start walking in the same direction) by ops
Devops (start walking in the same direction) by opsDemis Rizzotto
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 

Similar to Chaos monitoring (20)

DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
DevOps Security - Is It Really So Difficult? - Reuven Harrison - DevOpsDays T...
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Next generation security analytics
Next generation security analyticsNext generation security analytics
Next generation security analytics
 
Legacy-SecDevOps (AppSec Management Debrief)
Legacy-SecDevOps (AppSec Management Debrief)Legacy-SecDevOps (AppSec Management Debrief)
Legacy-SecDevOps (AppSec Management Debrief)
 
CS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsevCS3STHLM_2019_krotofil_kopeytsev
CS3STHLM_2019_krotofil_kopeytsev
 
MineMeld and the Importance of Centralized Threat Intelligence
MineMeld and the Importance of Centralized Threat IntelligenceMineMeld and the Importance of Centralized Threat Intelligence
MineMeld and the Importance of Centralized Threat Intelligence
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
 
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
CLASS 2018 - Palestra de Edgard Capdevielle (Presidente e CEO – Nozomi)
 
Security Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA EnvironmentsSecurity Considerations in Process Control and SCADA Environments
Security Considerations in Process Control and SCADA Environments
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Security Change Management: Agility vs. Control
Security Change Management: Agility vs. ControlSecurity Change Management: Agility vs. Control
Security Change Management: Agility vs. Control
 
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
All Hope is Not Lost Network Forensics Exposes Today's Advanced Security Thr...
 
PCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s MissingPCI and Vulnerability Assessments - What’s Missing
PCI and Vulnerability Assessments - What’s Missing
 
Application Performance Monitoring with OpenTelemetry
Application Performance Monitoring with OpenTelemetryApplication Performance Monitoring with OpenTelemetry
Application Performance Monitoring with OpenTelemetry
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス第7回VEC制御システムサイバーセキュリティカンファレンス
第7回VEC制御システムサイバーセキュリティカンファレンス
 
ProActive Security
ProActive SecurityProActive Security
ProActive Security
 
ProActive Security
ProActive SecurityProActive Security
ProActive Security
 
Devops (start walking in the same direction) by ops
Devops (start walking in the same direction) by opsDevops (start walking in the same direction) by ops
Devops (start walking in the same direction) by ops
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Recently uploaded (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Chaos monitoring

  • 1. CHAOS MONITORING Svetlana “Mona“ Arkhipova Lead Information Security expert , QIWI
  • 2. #:WHOAMI ▸  a.k.a. Mona ▸  Lead infrastructure security expert at QIWI group ▸  Past: security consultant at fintech start-ups, security analyst at General Electric (GE Capital).
  • 3. TWO TOWERS ▸  Bank way: great amount of approvals, restrictions and controls ▸  IT way: fast and flexible, basically no technologies limitations ▸  "There's no spoon"
  • 4. TYPICAL BANK WAY ▸  Limited number of systems and products ▸  Industry regulations ▸  Strict business processes ▸  Security as an initial part of all activities ▸  "Bloody Enterprise"
  • 5. TYPICAL SMALL/MID IT COMPANY: SECURITY...WHAT IS IT? ▸  Most part of companies start thinking about security only after validated incidents ▸  Security activities performed(or not) by system administrator ▸  Wide stack of technologies
  • 6. BRAVE NEW WORLD. BETWEEN IT AND BANKING ▸  Strong regulatory requirements from one side ▸  Strong business needs from the other side ▸  Spicy mix of enterprise technologies and in-house development AND TYPICAL BANK WAY IS NOT WORKING IN FINTECH
  • 8. ONLY THE STUPID NEED ORGANIZATION, THE GENIUS CONTROLS THE CHAOS! Albert Einstein
  • 9. COMMON CHALLENGES ▸  In-house development ▸  No strict business processes ▸  Security vs. usability/speed ▸  A bit of necromancy (Very Important Server)
  • 10. BRAND NEW TECHNOLOGY(C) ▸  Dynamically changing environment ▸  Who needs technological stack, this brand new technology(tm) is our salvation! ▸  App security guide? Devops do not need them.
  • 11. ASSETS AND PROCESSESS ▸  Hardened perimeters ▸  Test labs: this is a test server, there's no need in OS hardening ▸  Abandoned servers/VDIs/whatever ▸  Network controls?
  • 12. SECURITY VS USABILITY ▸  Application and technology restrtictions ▸  Performance issues ▸  Tonns of logs ▸  A lot of additional work (especially on investigations)
  • 13. WHAT'S NEXT? ▸  Identify ▸  Exmine ▸  Monitor ▸  Respond
  • 14. IDENTIFY ▸  Track all env changes ▸  IT systems is a great source of raw data ▸  Periodical manual checks
  • 15. EXAMINE ▸  Common traffic profiling (OS specific, network specific) ▸  App-specific profiling ▸  Systems interconnection
  • 16. MONITOR ▸  Monitoring is a continuous process ▸  Track logins and network flows ▸  Periodical log sources check ▸  Set up emergency alerts on critical events
  • 17. RESPOND ▸  Action plans on typical incidents ▸  Core analysis ▸  Rules/profiling tuning ▸  False positives and false negatives
  • 18. FALSE (+|-) ▸  “Normal paranormal” ▸  Multiple events in short time range ▸  Traffic controls ▸  Chained events ▸  Events with low rates (APT) ▸  Continious (pen)tests
  • 19. QUESTIONS? Svetlana Arkhipova Lead Information Security expert , QIWI mona@qiwi.ru monaarkhipova @m0na_sax