《機器人封鎖:確保所有人的公平票價.pdf》由會員分享,可在線閱讀,更多相關《機器人封鎖:確保所有人的公平票價.pdf(17頁珍藏版)》請在三個皮匠報告上搜索。
1、Bot Blockade:Securing Fair Fares for AllRandy NaraineGreg SperanzaAndrew MaloneWho Are We?Randy Naraine Manager of SecEngineering/Sec Architect jetBlueFormer Network Security Engineer(7 yrs)J.Crew Former Pianist/Teacher and Piano Salesman Kawai/YamahaTraveler(73 countries/50 states)Performer,Techie,
2、Foodie Greg SperanzaSecurity Engineer jetBlueWith jetBlue for 7 yrs(desktop support,sec analyst)In a past life,a former aspiring career in audio engineeringMusic and film enthusiast,multi-instrumentalist,dog and cat dadAndrew MaloneDetection Engineer JetBlueWith JetBlue 3 years(Detection,Response,Hu
3、nting)Avid fly fisherman and fly tierWay too obsessed with the definition of time metricsOur TalkTeam OverviewProtecting jetB from Angry Bots!Q/AWAF Architecture 4Cyber Team StructureLeadershipCISO,Directors,Managers,IT,Legal,Finance Strategy,Direction,Decisions,Budget JetBlue Cyber Team Org Busines
4、s Partners Service Providers,Specialty Consultants,VendorsSupport,IR,Intel,Break/Fix,Forensics Security Risk Threat Intel Security ComplianceFinancial Audit DHS/TSA Audit Internal Governance Vulnerability Management Industry Intel/Fraud Threat Detection/ResponseSecurity Architecture Security Enginee
5、ring/Ops Third Party Risk Risk Inventory,Prioritization,CriticalityRisk Mitigation,Resolution,AcceptanceSecure Design,Integrations,Re-Evaluation,Consultation Tooling,Break/Fix,Upgrades,IR,Operations,Analysis,Approvals,Logging3rd Party Risk Evaluations,DR,Business Risk Dark Web Scans,TI Feeds,IRRecon
6、,Risk Monitoring,Gov Affairs Vul Scanning,Attack Surface Map,Asset Inventory,Bug BountyIndustry Collaboration,Anti-Fraud,Anti-Phishing,Social Media,Impersonation Gap Analysis,Incident Response,Detection Creation,SOCEvidence Collection,Forensics,Legal PCI Audit,SOX Auditing,Loyalty Testing(TrueBlue C
7、C)ANSP Compliance,Aviation TestingAviation Logs,Aircraft/OEM CVEsSec Policies,Account LifecyclePolicy Enforcement,ITIL Integration6WAF Architecture8Bot Mitigation on jetBSome Stats:Fare Sale:7/9-7/10 2024 24.8M flight searches 202.4M hits on 3x the amount of normal traffic on a given dayA Closer Loo
8、k Below data represents flight searches during fare sale Purple=Allowed requests Pink=Blocked requests Overall:5.7 blocked requests from a total of 16.8 allowed requestsA Very Smooth Experience According to our digital products team,our smoothest sale in years!In the past,we have seen downtime/outag
9、es and site latency,bandwidth issues First time where it didnt feel like we were waiting to react,but monitor instead Site stability means more potential profit=everyone is happyHow Did We Get to this Point?Lessons learned from past incidents and experienceso Meticulous investigation into how and wh
10、ere bad actors have exploited us(DDoS,GFS)o Establishing creative solutions using our controls to combat these tacticso Implementing at the right place(know your environment and endpoints)React and InvestigateBrainstorm a SolutionImplement CorrectlySnowball EffectBuilding An Even Better Defense for
11、the Future In this industry,things shift and evolve every day Important to stay on top of trends and the latest relevant vulnerabilities It will always be a game of trial and error Collaboration is key(DevOps,products team,etc)Baseline Baseline Baseline Understand whats normal during non-attack time
12、so Paths,Country codes,TLS fingerprints,user agents,etc.Build out a historical context Circulate with IT Restrict avenues of attacko Very difficult for an adversary to mimic user behavior perfectly Understand risk of implementing controlsSimple Splunk BaselinesNo ML/AI required!Top ja4 fingerprints from last 14 daysFails over success ratio over last 14 days SPL Alert on Previous graph17Thank You!Q&A