Transcription
Regular to Enterprise-Ready Appswith Cybersecurity APIsFor Cloud, Apps, Services and InfrastructureOvidiu CICAL – ovidiu.cical@ gmail.com
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comWhat’s going to happen in the upcoming minutes?ü Present some API Categoriesü Available Open Source, Free and Paid solutionsü Dive into Vulnerability Scanning & Web Apps Security Threat Intrusion Detection & Prevention Data Loss Prevention APIs – DLPü Short demo of popular Open Source Slack & Dropbox alternativesü Q&A
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comWhy APIs? Self-protecting apps; they know the dataSecurity of data at its sourceNo more proprietary formatsAdvanced data security, data lossprevention, data classification, userbehavior, vulnerability awareness etc.No better perspective than the onecollected from the software generatingand using it.Can be added to:Desktop applicationWeb applicationsMobile appsServers or InfrastructureCloudIoT devicesIt knows:ooooThe formatThe contentThe importanceIts origin and the destination
Cybersecurity API CategoriesQuite a few
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comAPI Categories Identity and Access Management - IAM Web Applications / Web Services Security Vulnerability Scanning APIs Threat Intrusion/Detection, Behavior Anomaly Detection Data Loss Prevention – DLP Endpoint Security Containerized Environments Security Public, Private and Hybrid Cloud Infrastructure Security many more
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comVulnerability Scanning OWASP Vulnerability Scanning Tools ListOWASP Zed Attack Proxy (ZAP) - Freehttps://pentest-tools.com - FreemiumBurp SuiteAccunetix FreeQualys FreeScanSUCURI FreeUpGuard Web Scan, Tennable, Rapid7 .IAM APIs AlienVault Open Source SIEM (OSSIM)Suricata Intrusion Detection/PreventionOSSECOPSWATSnort IPSSecurity OnionFail2ban Web Apps/Code SecurityThreat detection/prevention OpenIAM – Community EditionKeycloak – Open SourceSoffid – Open SourceOneLogin, OKTAAmazon AWSGooge IAMMicrosoft AD .Infrastructure/Cloud/Server Security OWASP – Follow Top 10 listsOWASP SonarQube – 20 languagesOWASP Orizon – Mostly JavaBandit – Python code analysis - Freew3af.org, Kali Linux NiktoContrast Security, Kiuwan, Puma SecFortify - HP.Let’s Encrypt free SSL Certificates - FreeQualys SSL Labs (server, browser tests) - FreeCloudStack - FreeKali LinuxMetasploitHPE ConvergedSystem.Container Security Peekr from Aqua SecurityPlatform9TwistlockRed Hat Atomic ScanClair from CoreOS.
Vulnerability Scanning & Web Apps SecurityKnow your weaknesses
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comVulnerability Scanning & Web Apps/Code SecurityOWASP ZAPBurp SuiteThe OWASP Zed AttackProxy (ZAP) is one of theworld’s most popularfree security tools.Leading web vulnerabilityGraphical tool for testing scanner used by Fortune 500The leading product forWeb application security, companies as the mostContinuous Code Quality.written in Java andadvanced SQL injection and XSSdeveloped by PortSwigger black box scanning technology.Webserver scanner forpotentially dangerousfiles, outdated versionsof servers, etc.Features:Features:Features:Features:o 20 languages - Java,Javascript, C#, C/C ,Python, PHP, COBOL,Swift/Obj-C.o Continuous inspectiono Detect tricky issueso DevOps Integrationo 6700 dangerousfiles/programso 1250 outdatedservers versionso SSL Supporto Template engine forcustom reportingoooooooIdentify the very latestvulnerabilitiesCutting-edge scanningtechnologyIntercept ProxyBrute ForceFuzzerAutomated ScannerREST APIooooAutomated Crawl & ScanDetails aboutvulnerabilitiesIntercept browser trafficBurp Extender APIFeatures:ooooooVulnerability ScannerHigh detection rateLowest false-positivesNetwork securityWordpress checksManual testing tools
Threat Intrusion Detection & PreventionKnow your traffic
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comThreat Intrusion Detection & PreventionSuricata is a free and opensource, mature, fast androbust network threatdetection engine.Open source intrusion &prevention system offered byCisco. Capable of real-timetraffic analysis and packetlogging on IP networks.Features:Features:Features:ü IDS / IPS APIü High Performanceü Automatic protocoldetectionü Industry standard outputsü YAML & JSON Web APIü Most widely deployed IDS inthe worldü 600,000 Registered usersü Real-time traffic analysisü Protocol analysisü Content searching/matchingüüüüüüAlienVault OSSIM:The World’s Most Widely UsedOpen Source SIEMAsset discoveryVulnerability assessmentIntrusion detectionBehavioural monitoringSIEM event correlationJSON Web API
Data Loss Prevention (DLP) APIsKnow your data
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comData Loss Prevention DLP APIs – Free SolutionsMyDLPPro:üüüüüüOpen SourceDLP APIData DiscoveryRemote Storage (CIFS, SMB, NFS, FTP etc.)AD IntegrationSelf-hostedCons:o Rarely updatedo Small communityDhoundPro:üüüüüüFree for 1 ServerMore than DLPDLP APIThreat DiscoveryIntrusion DetectionAlertingCons:o Not a pure DLP API Solutiono Move to Enterprise edition for more features
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comData Loss Prevention DLP APIs - VendorsGoogle Cloud DLP APIAmazon Macie – DLPMicrosoft Office 365 DLPPro:Pro:Pro:Pro:ü Classify, Discover andReportü Redact itü Replace/Mask itü Data visibilityü Automation withadvanced MLü Alertingü Office 365 data visibilityü Covers all of Office 365appsüüüüüCons:Cons:o AWS S3 only, no APIo High cost whenclassifying largedatasetsCons:o Work with Office 365online and offlineo Cannot be used byexternal apps or servicesCons:ooWorks only Online, usingGoogle Cloudinfrastructure andprocessing powerCostly with high usageSensitivity.ioWorks fully offlineWindows, Mac, LinuxCloud API (SaaS)Redact/Mask/ClassifyAlways Up2Date Policieso No free editionNucleuzCloudLockSymantec etc.Pro:üüüüSpecific for appsOffice suite pluginsOutlook pluginsWindows supportCons:o Small set of appssupportedo Cannot be used byexternal services
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comDLP APIs – What do I get?üMinimal development effort - a few daysüBuild POCs or Production ready solutions in daysüLeverage many pre-built policies to detect and control sensitive dataHundreds of out-of-the-box policies for Email (ovidiu.cical@gmail.com)Credit Card (Mastercard, VISA, Amex, JCB, etc.)IBAN (GB29NWBK60161331926819)SSN Social Security Number (UK, US, JP 20 more)Passport (10 Countries)Driver’s LicenseHealth Insurance Number ID Card (40 Countries)Phone NumberTax IDForeign Registration NumberAddressDatesCustom DictionariesCustom RegexpsüCompliance for HIPAA, PCI DSS, GDPR, FISMA, SOX, FERPA, GLBA, etc.üAlways up-to-date Compliance and Predefined Protection Profiles Office FilesGraphic FilesMedia FilesArchive FilesProgramming FilesOther File types
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comExamples Text Processing using an APIRedaction - removalMaskingTokenization (Encryption)Identification removalRedaction removes text whereit matches sensitive dataApply full or partial maskingon found threatsApply tokens on found threatand make the dataunreadable without the keyRemove identifying informationHi Carlos, can you please have yourcredit card sent atcarlos.doe@ greatest.com? I triedregistering with my SSN 849-12-1958and this card 5500-0001-6268-3365 credit card sent atcarlos.doe@ greatest.com. Itried registering with my SSN849-12-1958 and this card5500-0001-6268-3365 credit card sent atcarlos.doe@ greatest.com. Iregistered with my SSN 849-121958 and this card 3”)Hi Carlos, can you please have yourcredit card sent at**********@ ************? I triedregistering with my SSN ***-**-****and this card ****-****-****-**** credit card sent atca****.***@ gr******.com. Itried registering with my SSN***-**-1958 and this card****-****-****-3365 credit card sent at6Z2B!2 3*6bT 938Bx. I registeredwith my SSN kh[?eK 7S:8x6!]A andthis card p958 *6 465A-e 8 XDetailsContactCall at 541-754-3010543-754-3010Email: ovidiu@sensitivity.ioCNP: 1871123070077 (invalid)121-614-9554IB A N : G B 8 2 W EST1 2 3 4 5 6 9 8 7 6 5 4 3 2129-443-4986M A STER C A R D : 5 5 0 0 -0 0 0 1 -6 2 6 8 -3 3 6 5628-788-2474Details346-184-5748ContactCall at **1-**4-3010Email: ov****@se*********.io**3-**4-3010CNP: 1871123070077**6-**4-5748IB A N : * * 8 2 * * ST* * 3 4 * * 9 8 7 6 * * * ***9-**3-4986M A STER C A R D : * * * * -* * * * -* * * * -3 3 6 5**8-**8-2474**1-**4-9554
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comExamples automatic remediation actionsüüüüüüüüReport to a logging or SIEM solutionBlock the dataQuarantine it to a safe locationEncrypt it using company keys or PKIInform the user about the sensitive contentAllow with justification - by a managerReroute content to be later inspected and approvedDelete it from the source or in transit
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comKey features of DLP Cybersecurity APIsCompliance with InfoSec regulationsBaked-in DLPProtection profiles for compliance with UKDPA, PCIDSS, HIPAA, GDPR, FISMA, GLBA,and many more!Add DLP capabilities into any app –mobile, desktop or cloud-based andeven infrastructure and servers.UK DPAHIPAAGDPRThe Data Protection Act2018 controls how your personalinformation is used by organizations,businesses or the government.The Data Protection Act 2018 is theUK’s implementation of the GeneralData Protection Regulation (GDPR).The Health Insurance Portabilityand Accountability Act (HIPAA) isa set of standards created tosafeguard protected healthinformation (PHI) by regulatinghealthcare providers.The EU General Data ProtectionRegulation (GDPR) is designed to protectthe privacy of EU residents. W ithCybersecurity APIs policies, you cancover an important part of the audit,tracking and reporting of transferreddata outside the company.PCI-DSSThe Payment Card Industry DataSecurity Standard is a set ofsecurity standards designed toensure that ALL companies thatstore, process or transmitcardholder data and/or sensitiveauthentication data maintain asecure environment.
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comUse Cases for DLP Cybersecurity APIsMobile AppsOnline backup,sync & file sharingProtect your mobile appsagainst data leakage andtheft and stay compliantusing mobile DLP SDKs (iOSor Android) or by leveragingcloud-based DLP API.M ake sure all data stored inyour backup and file sharingsolution is compliant withsecurity policies and industryregulations. Scan and detectpolicy violations.Content inspection- ComplianceData in e-mail, cloud filesharing, web browser, cloudservices and other apps orservices can be scanned todetect confidential informationand further actions can betaken to prevent data breaches.Discovery and dataclassification (for DPO)Deploy powerful sensitive datascanners to your cloud apps,discover and monitor content forthreats and get instant alerts whenyour valuable data oversteps yourprotection policies.
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comExample app with DLP Cybersecurity APIs - SlacküSlack will get more acceptance in the enterprise spaceüNeeds security features such as Vulnerability Scanning, Encryption, Discovery of sensitive dataand DLP capabilitiesPossible solutions to get there:o Cumbersome and complicated OEM (costly, huge integration effort)o In-house development (thousands of hours)o Outsource to specialized company – costly, had to manageü or Cybersecurity APIs Cybersecurity APIs DLP Enterprise-ready in 3-7days development time
Cybersecurity APIsMostly are Engineered for DevelopersOvidiu CICAL – ovidiu.cical@ gmail.com
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comWorks everywherePlug into any applicationOn any operating systemOn your favorite cloud platform
Cybersecurity APIsOvidiu CICAL – ovidiu.cical@ gmail.comExamples
Thank you!Ovidiu CICAL – ovidiu.cical@gmail.com
AlienVault Open Source SIEM (OSSIM) Suricata Intrusion Detection/Prevention OSSEC OPSWAT Snort IPS Security Onion Fail2ban Web Apps/Code Security OWASP –Follow Top 10 lists OWASP SonarQube –20 languages OWASP Orizon –Mostly Java Band
