机器人封锁：确保所有人的公平票价.pdf

1、Bot Blockade:Securing Fair Fares for AllRandy NaraineGreg SperanzaAndrew MaloneWho Are We?Randy Naraine Manager of SecEngineering/Sec Architect jetBlueFormer Network Security Engineer(7 yrs)J.Crew Former Pianist/Teacher and Piano Salesman Kawai/YamahaTraveler(73 countries/50 states)Performer,Techie,

2、Foodie Greg SperanzaSecurity Engineer jetBlueWith jetBlue for 7 yrs(desktop support,sec analyst)In a past life,a former aspiring career in audio engineeringMusic and film enthusiast,multi-instrumentalist,dog and cat dadAndrew MaloneDetection Engineer JetBlueWith JetBlue 3 years(Detection,Response,Hu

3、nting)Avid fly fisherman and fly tierWay too obsessed with the definition of time metricsOur TalkTeam OverviewProtecting jetB from Angry Bots!Q/AWAF Architecture 4Cyber Team StructureLeadershipCISO,Directors,Managers,IT,Legal,Finance Strategy,Direction,Decisions,Budget JetBlue Cyber Team Org Busines

4、s Partners Service Providers,Specialty Consultants,VendorsSupport,IR,Intel,Break/Fix,Forensics Security Risk Threat Intel Security ComplianceFinancial Audit DHS/TSA Audit Internal Governance Vulnerability Management Industry Intel/Fraud Threat Detection/ResponseSecurity Architecture Security Enginee

5、ring/Ops Third Party Risk Risk Inventory,Prioritization,CriticalityRisk Mitigation,Resolution,AcceptanceSecure Design,Integrations,Re-Evaluation,Consultation Tooling,Break/Fix,Upgrades,IR,Operations,Analysis,Approvals,Logging3rd Party Risk Evaluations,DR,Business Risk Dark Web Scans,TI Feeds,IRRecon

6、,Risk Monitoring,Gov Affairs Vul Scanning,Attack Surface Map,Asset Inventory,Bug BountyIndustry Collaboration,Anti-Fraud,Anti-Phishing,Social Media,Impersonation Gap Analysis,Incident Response,Detection Creation,SOCEvidence Collection,Forensics,Legal PCI Audit,SOX Auditing,Loyalty Testing(TrueBlue C