17
WE HAVE MET THE ENEMY AND HE IS US BSIDES SEATTLE 2013 DAVID F. SEVERSKI, @DSEVERSKI

We Have Met the Enemy

Tags:

Embed Size (px)

DESCRIPTION

Presented at BSides Seattle 12/14/2013

Citation preview

Page 1: We Have Met the Enemy

WE HAVE MET THE ENEMY AND HE IS USBSIDES SEATTLE 2013

DAVID F. SEVERSKI, @DSEVERSKI

Page 2: We Have Met the Enemy

2

AGENDA

The Dark Side Discovery All The

Things

Shiny Rocket Ships and Puppies

Page 3: We Have Met the Enemy

3

AKA…WHO THE FSCK ARE YOU?

Come to the Dark Side…

Page 4: We Have Met the Enemy

4

DATA-DRIVEN DISCOVERY

Page 5: We Have Met the Enemy

5

INITIAL REPORTING AND TRACKING

Discover

Open Finding

Define Remediation Actions

Assign DateTrack

Verify

Close

Page 6: We Have Met the Enemy

6

STUCK FINDINGS

Page 7: We Have Met the Enemy

7

“SUCCESS” OF DATE-DRIVEN FINDINGS

OpenFindings

Open Findings Over Time

Plateau of Despair

Page 8: We Have Met the Enemy

8

AND HOW ABOUT THAT PATCHING PROGRAM?

Number ofVulnerabilities

Vulnerability Count over Time

It’s Over 9000!!

Page 9: We Have Met the Enemy

9

THE DEFINITION OF INSANITY

Page 10: We Have Met the Enemy

10

ANALYZE THIS!

What went wrong?

Competing priorities Too much else to do.

Unscheduled work.

Why should we care? High/Medium/Low a go-go

Page 11: We Have Met the Enemy

11

PRINCIPLES

Use the data that’s already present

Transparent measurement process

Joint goal setting

Continuous measurement

Specify problems…not solutions (No, Really!)

Self-service reporting

Page 12: We Have Met the Enemy

12

SETTING PERFORMANCE GOALS

High Risk Apps

# of Severe Vulnerabilitie

sTotal

Vulnerabilities

High Risk Hosts

Measuring the Riskiest

HostsTotal Number

of Vulnerabilitie

s

Maintain the Program

Median Time to Patch Servers

Scan Frequency

Page 13: We Have Met the Enemy

13

DATA SOURCES AND TOOLS

Data Sources• CMDB• Vulnerability Scan Data• Network Configurations

Tools• PowerShell (Extraction)• SQL Server (Storage)• Tableau (Presentation)

Page 14: We Have Met the Enemy

14

CURRENT STATE – NEW SHINY

24 mo. pilot underway for Vulnerability Management

Established reasonable goals in consultation with ops

Regular reporting – Reporting on Demand

Incorporated security into CIO messaging

Generating lots of discussion Driving towards process and automation

Data pulled from existing systems

Page 15: We Have Met the Enemy

15

TO INFINITY…AND BEYOND!

Page 16: We Have Met the Enemy

16

IF YOU’VE GOT 99 PROBLEMS…

Don’t have your finding process be the source of problems

Takeaways Provide flexibility to the doers

Determine the goals and methods for measuring success up front

You probably have more (usable) data available than you think

Report, report, report!

Page 17: We Have Met the Enemy

17

THANKS!

Questions? Comments? Complaints?

@dseverski


Have You Met Me Miss Jones

Have You Met Me Miss Jones

Documents
“They Have An Enemy,” Adkins Said. “We Don’t.” Special 3C89 They Have An Enem… · “They Have An Enemy,” Adkins Said. “We Don’t.” ... “They have an enemy,”

“They Have An Enemy,” Adkins Said. “We Don’t.” Special 3C89 They Have An Enem… · “They Have An Enemy,” Adkins Said. “We Don’t.” ... “They have an enemy,”

Documents
Brethren We Have Met to Worship

Brethren We Have Met to Worship

Documents
OIL AND GAS RESERVES ESTIMATING WE HAVE MET THE ENEMY, AND HE IS US Peter R. Rose Senior Associate, Rose & Associates, LLP., and President AAPG Austin,

OIL AND GAS RESERVES ESTIMATING WE HAVE MET THE ENEMY, AND HE IS US Peter R. Rose Senior Associate, Rose & Associates, LLP., and President AAPG Austin,

Documents
Have You Met Mary?

Have You Met Mary?

Marketing
Brother enemy

Brother enemy

Documents
Have you met CHARLY?

Have you met CHARLY?

Social Media
" We have met the enemy and they are ours.” Commodore Perry

" We have met the enemy and they are ours.” Commodore Perry

Documents
Constitution Sailors in the Battle of Lake Erie · PDF file4/4/2012 · Constitution Sailors in the Battle of Lake ... “we have met the enemy and they are ... with one Worcester

Constitution Sailors in the Battle of Lake Erie · PDF file4/4/2012 · Constitution Sailors in the Battle of Lake ... “we have met the enemy and they are ... with one Worcester

Documents
ENEMY PROPERTY

ENEMY PROPERTY

Documents
Refereeing Youth Rugby Some Challenges Have Been Met; Some Remain Some Challenges Have Been Met; Some Remain

Refereeing Youth Rugby Some Challenges Have Been Met; Some Remain Some Challenges Have Been Met; Some Remain

Documents
The PDF Is the Enemy (but It Doesn't Have to Be)

The PDF Is the Enemy (but It Doesn't Have to Be)

Data & Analytics
The Enemy of my Enemy - d20 Radio Enemy of My Enemy/The Enemy o… · A Three Part Adventure for the Star Wars: Edge of the Empire Roleplaying Game by Fantasy Flight Games WRITTEN

The Enemy of my Enemy - d20 Radio Enemy of My Enemy/The Enemy o… · A Three Part Adventure for the Star Wars: Edge of the Empire Roleplaying Game by Fantasy Flight Games WRITTEN

Documents
Man's Friend or Golfs Enemy? - Michigan State Universityarchive.lib.msu.edu/tic/holen/article/2000oct15.pdf · 10/15/2000  · Man's Friend or Golfs Enemy? Trees have long been known

Man's Friend or Golfs Enemy? - Michigan State Universityarchive.lib.msu.edu/tic/holen/article/2000oct15.pdf · 10/15/2000  · Man's Friend or Golfs Enemy? Trees have long been known

Documents
We have met the enemy, - University of Iowa · Develop a philosophy of mutual ... Focus on interest, not position Provide data transparency, but do not overstate discrete measure

We have met the enemy, - University of Iowa · Develop a philosophy of mutual ... Focus on interest, not position Provide data transparency, but do not overstate discrete measure

Documents
ENEMY REVEALED

ENEMY REVEALED

Documents
07 Oil and Gas Reserves Estimating - We Have Met the Enemy A

07 Oil and Gas Reserves Estimating - We Have Met the Enemy A

Documents
Hey Mason – Have you met Dixon?

Hey Mason – Have you met Dixon?

Documents
Have you met with success?

Have you met with success?

Leadership & Management
the Enemy of My Enemy Part1

the Enemy of My Enemy Part1

Documents
IDEAS YOU HAVE MET BEFORE

IDEAS YOU HAVE MET BEFORE

Documents
-9- MANAGEMENT GOALS AND EXPECTATIONS - Homestead · MANAGEMENT GOALS AND EXPECTATIONS “We have met the enemy, and he is us.” -- Pogo (a cartoon character created by Walt Kelly)

-9- MANAGEMENT GOALS AND EXPECTATIONS - Homestead · MANAGEMENT GOALS AND EXPECTATIONS “We have met the enemy, and he is us.” -- Pogo (a cartoon character created by Walt Kelly)

Documents
Have you met ted

Have you met ted

Entertainment & Humor
Ignite Solo Rulebook - Ginger Snap Gaminggingersnapgaming.com/.../2019/04/Ignite-Solo-Rulebook-New-Enemy.… · previous Enemy Phase, and draw 1 new Power card. These have various

Ignite Solo Rulebook - Ginger Snap Gaminggingersnapgaming.com/.../2019/04/Ignite-Solo-Rulebook-New-Enemy.… · previous Enemy Phase, and draw 1 new Power card. These have various

Documents
hsbjournalclub.files.wordpress.com · Abstract I Humans and our ancestors have evolved since the ... "We have met the enemy, and he is us ... we focus on our intimate interface. -with

hsbjournalclub.files.wordpress.com · Abstract I Humans and our ancestors have evolved since the ... "We have met the enemy, and he is us ... we focus on our intimate interface. -with

Documents
Have you met pam margo

Have you met pam margo

Sports
Overview Winning conditions Destroy the enemy fortress before the enemy destroys yours. That’s it! You don’t need to have more gold, destroy all of their

Overview Winning conditions Destroy the enemy fortress before the enemy destroys yours. That’s it! You don’t need to have more gold, destroy all of their

Documents
INFORMATION OVERLOAD: WE HAVE MET THE ENEMY AND HE … · 2015-04-11 · INFORMATION OVERLOAD: WE HAVE MET THE ENEMY AND HE IS US INTRODUCTION We try to do our work, but information

INFORMATION OVERLOAD: WE HAVE MET THE ENEMY AND HE … · 2015-04-11 · INFORMATION OVERLOAD: WE HAVE MET THE ENEMY AND HE IS US INTRODUCTION We try to do our work, but information

Documents
Enemy Past

Enemy Past

Documents
TITLE OPEN SANS...Belief: An opinion you consider to be a fact 5 Consciousness 6 The biggest enemy you have to deal with is yourself. If there's no enemy within, then the enemy outside

TITLE OPEN SANS...Belief: An opinion you consider to be a fact 5 Consciousness 6 The biggest enemy you have to deal with is yourself. If there's no enemy within, then the enemy outside

Documents