Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS
913 views
33 slides
Feb 19, 2014
Slide 1 of 33
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
About This Presentation
Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risk...
Slide Content
1
Key Strategies for the
Challenges that Lie Ahead
Key Strategies for the
Challenges that Lie Ahead
Agenda
2 1 how the shift in motivations has impacted today’s threat landscape 2 why preventative techniques alone can no longer ensure a secure environment 3 which strategies need to be considered for a holistic approach to security 4 next steps can you take towards identifying your best strategies against cyber-attacks
2 1 how the shift in motivations has impacted today’s threat landscape 2 why preventative techniques alone can no longer ensure a secure environment 3 which strategies need to be considered for a holistic approach to security 4 next steps can you take towards identifying your best strategies against cyber-attacks
They Just Need to Be
Effective Once. Any Time.
3
Effective Once. Any Time.
3
You Must Be Right and
Fast All The Time.
4
Fast All The Time.
4
Motivations Have Shifted & Converged
5
5
Motivations Have Shifted & Converged
6
CYBER-
ESPIONAGE
CYBER-
MANIPULATION
CYBER-
CRIME
CYBER-
WARFARE
HACK-
TIVISM
CYBER-
TERRORISM
CYBER-
MERCERNARY
6
CYBER-
ESPIONAGE
CYBER-
MANIPULATION
CYBER-
CRIME
CYBER-
WARFARE
HACK-
TIVISM
CYBER-
TERRORISM
CYBER-
MERCERNARY
Sources: National Institute of Standards and Technology | Trend Micro, June 2013 | Peter Singer and Allan Friedman of the Brookings Institution
Targeted Attacks are More Pervasive,
But Not Always Persistent
9 1 Exponential Threats Every second… new pieces of malware discovered new threats targeting SMBs Emboldened Attackers NIST’s Denition of APT: “It pursues its objectives repeatedly over an extended period of time” “It adapts to defenders’ efforts to resist it” “It is determined to maintain the level of interaction needed to execute its objectives” 7
Targeted Attacks are More Pervasive,
But Not Always Persistent
9 1 Exponential Threats Every second… new pieces of malware discovered new threats targeting SMBs Emboldened Attackers NIST’s Denition of APT: “It pursues its objectives repeatedly over an extended period of time” “It adapts to defenders’ efforts to resist it” “It is determined to maintain the level of interaction needed to execute its objectives” 7
49% are effective in detecting APTs 44% are effective in containing APTs 39% are effective in preventing APTs Customers Are Not Staying Ahead of The Attacks APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013 8
Security Pros, Execs & The Board Know
There’s a Problem, Just Not How To Solve It
9
APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
are the most used solutions to
address APTs according to recent
surveys by ICASA and Ponemon
AV & FW / IDS
96% security practitioners are at least somewhat familiar with APTs 53% security practitioners do not believe APTs differ from traditional threats 13% non-IT execs are fully aware of APTs and their impact
There’s a Problem, Just Not How To Solve It
9
APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
are the most used solutions to
address APTs according to recent
surveys by ICASA and Ponemon
AV & FW / IDS
96% security practitioners are at least somewhat familiar with APTs 53% security practitioners do not believe APTs differ from traditional threats 13% non-IT execs are fully aware of APTs and their impact
72% evade detection by IDS 76% evade prevention by AV 56% evade detection or containment by endpoint -based sandboxes Exploits and Malware Evolve and Evade Current Solutions State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013 “While these controls are profcient for defending against traditional
attacks, they are probably not as suited for preventing APTs” -- ICASA
10
attacks, they are probably not as suited for preventing APTs” -- ICASA
10
Let’s Stop The Insanity
11 Stop Reacting So-called “best-of-breed” solutions are failing to stop sophisticated cyber- attackers, and the latest "magic box” is not going to outsmart them Start Thinking Deeply & Acting Broadly Analyze our risks: who will attack us, why & where? Assess our investments: are we measuring their success? Craft a multi-tiered strategy
11 Stop Reacting So-called “best-of-breed” solutions are failing to stop sophisticated cyber- attackers, and the latest "magic box” is not going to outsmart them Start Thinking Deeply & Acting Broadly Analyze our risks: who will attack us, why & where? Assess our investments: are we measuring their success? Craft a multi-tiered strategy
Predictive Defense & Prevention Reduce the risk of security breaches by: Reducing the attack surface Layering threat protection 12
Implement The “Least Privilege” Principle
13
Systems may be exploited via phishing user
credentials or software vulnerabilities
But ultimately, what enables the breach is by
exploiting trust
13
Systems may be exploited via phishing user
credentials or software vulnerabilities
But ultimately, what enables the breach is by
exploiting trust
SMBs Become The New Trojan Horse
In A Supply Chain Attack
14
Why storm the castle walls,
when you can be invited in. 36% of targeted attacks impact SMBs as of 1H2012; 2x more than in 2011 Source: Symantec
In A Supply Chain Attack
14
Why storm the castle walls,
when you can be invited in. 36% of targeted attacks impact SMBs as of 1H2012; 2x more than in 2011 Source: Symantec
15 75% used apps with a known vulnerability but without a viable patch 64% used apps with a known vulnerability and hadn’t deployed a viable patch 65% hadn’t deployed viable patches due to the cost of downtime Best Practices Aren’t Always Practical and They’re Never Enough 52% believed patching effectively stopped most opportunistic attacks 31% believed patching effectively stopped most targeted attacks APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013 15
16
Implement Security Enforcement
On and Off Network
52% say you can’t solely protect networks against adv. malware, must also protect endpoints Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Implement Security Enforcement
On and Off Network
52% say you can’t solely protect networks against adv. malware, must also protect endpoints Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
17
Implement Security Enforcement
On and Off Network
51% use endpoint- based sandboxing technologies 52% report that its difcult to manage 43% report that it negatively affects UX Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Implement Security Enforcement
On and Off Network
51% use endpoint- based sandboxing technologies 52% report that its difcult to manage 43% report that it negatively affects UX Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
18
Implement Security Enforcement
On and Off Network
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Implement Security Enforcement
On and Off Network
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Quick Detection & Containment Reduce the impact of security breaches by: Obtaining coverage and visibility Monitoring network activity Sharing security intelligence Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013 65% believe you can’t prevent adv. malware from infecting networks & devices; focus more on detection vs. prevention 19
Obtain Coverage & Visibility
20
Get an eye in the sky
to see everything that
accesses your data
and infrastructure
20
Get an eye in the sky
to see everything that
accesses your data
and infrastructure
Monitor Network Activity
21
Establish a baseline
to detect anomalous
patterns
21
Establish a baseline
to detect anomalous
patterns
Share Security Intelligence
22
Forewarned
is Forearmed
22
Forewarned
is Forearmed
Proactive Education & Complication Increase the effort required to breach security by: Raising security awareness Employing mitigation methods
Raise Security Awareness
24
24
Employ Mitigation Methods
Confusing attackers, may
keep less determined
attackers at bay
25
Confusing attackers, may
keep less determined
attackers at bay
25
Realign Your Security Investments
26
7. Have you taken measures to
reduce your overall attack surface?
8. Have you applied consistently high security
standards throughout your organization?
9. Do you have visibility into cloud and DNS activity that
could affect your network, your system, your data?
10. Have you made suffcient investments in education and
training among your employees and partners?
11. Based on your assessments of the above,
which tactics/techniques would be most likely to
minimize and/or mitigate the impact of an attack?
“Before we know about any new virus, somebody has to be a sacrifcial
lamb and die and tell us about it. It's an awful way of doing things.”
-- CTO of McAfee’s Endpoint Solution Division
1. Given the nature of your organization,
why would you be attacked?
2. Which of your assets align to attacker motives?
3. Where are the vulnerabilities among your
assets, supply chain vendors, partners,
services providers and customers?
4. How secure are your assets in the cloud
or on the devices your employees use?
5. How might these vulnerabilities be exploited?
6. What preventive tactics are currently
in place and how effective are they?
26
7. Have you taken measures to
reduce your overall attack surface?
8. Have you applied consistently high security
standards throughout your organization?
9. Do you have visibility into cloud and DNS activity that
could affect your network, your system, your data?
10. Have you made suffcient investments in education and
training among your employees and partners?
11. Based on your assessments of the above,
which tactics/techniques would be most likely to
minimize and/or mitigate the impact of an attack?
“Before we know about any new virus, somebody has to be a sacrifcial
lamb and die and tell us about it. It's an awful way of doing things.”
-- CTO of McAfee’s Endpoint Solution Division
1. Given the nature of your organization,
why would you be attacked?
2. Which of your assets align to attacker motives?
3. Where are the vulnerabilities among your
assets, supply chain vendors, partners,
services providers and customers?
4. How secure are your assets in the cloud
or on the devices your employees use?
5. How might these vulnerabilities be exploited?
6. What preventive tactics are currently
in place and how effective are they?
Enterprise Threat Protection.
Unlike Any Other.
27
Unlike Any Other.
27
The World’s Leader for Cloud-Delivered Network Security
FFuullllyy--SSttaaffffeedd SSeeccuurriittyy RReesseeaarrcchh TTeeaamm
DDeecceemmbbeerr 22001122
NNeettwwoorrkk SSeeccuurriittyy BBeeyyoonndd tthhee PPeerriimmeetteerr
NNoovveemmbbeerr 22001122
SSeeccuurreess OOvveerr 5500MM DDaaiillyy--AAccttiivvee UUsseerrss
MMaayy 22001122
PPaarrttnneerrss wwiitthh TThhrreeaatt FFeeeedd PPrroovviiddeerrss
SSeepptteemmbbeerr 22000099
WWoorrlldd’’ss LLaarrggeesstt IInntteerrnneett SSeeccuurriittyy NNeettwwoorrkk
JJuullyy 22000066
we're
FFiirrsstt AAnnttii--PPhhiisshhiinngg CClleeaarriinngghhoouussee
OOccttoobbeerr 22000066
DDaattaa AAnnaallyyttiiccss PPrreeddiicctt TThhrreeaattss
FFeebbrruuaarryy 22001133
TThhrreeaatt PPrrootteeccttiioonn BBeeyyoonndd DDNNSS
JJuullyy 22001133
EEmmppllooyyeeeess
160+ Across
San Francisco
& Vancouver
IInnvveessttoorrss
Greylock
Sequoia
Sutter Hill
10,000+ Businesses
CCuussttoommeerrss
28
FFuullllyy--SSttaaffffeedd SSeeccuurriittyy RReesseeaarrcchh TTeeaamm
DDeecceemmbbeerr 22001122
NNeettwwoorrkk SSeeccuurriittyy BBeeyyoonndd tthhee PPeerriimmeetteerr
NNoovveemmbbeerr 22001122
SSeeccuurreess OOvveerr 5500MM DDaaiillyy--AAccttiivvee UUsseerrss
MMaayy 22001122
PPaarrttnneerrss wwiitthh TThhrreeaatt FFeeeedd PPrroovviiddeerrss
SSeepptteemmbbeerr 22000099
WWoorrlldd’’ss LLaarrggeesstt IInntteerrnneett SSeeccuurriittyy NNeettwwoorrkk
JJuullyy 22000066
we're
FFiirrsstt AAnnttii--PPhhiisshhiinngg CClleeaarriinngghhoouussee
OOccttoobbeerr 22000066
DDaattaa AAnnaallyyttiiccss PPrreeddiicctt TThhrreeaattss
FFeebbrruuaarryy 22001133
TThhrreeaatt PPrrootteeccttiioonn BBeeyyoonndd DDNNSS
JJuullyy 22001133
EEmmppllooyyeeeess
160+ Across
San Francisco
& Vancouver
IInnvveessttoorrss
Greylock
Sequoia
Sutter Hill
10,000+ Businesses
CCuussttoommeerrss
28
29 ASIA-PACIFIC
EUROPE, MIDDLE
EAST & AFRICA AMERICAS
Acquires data from
2%
of the Internet
1M+ events per second
50M+ daily-active users
160+ countries
22 data centers (and more coming)
EUROPE, MIDDLE
EAST & AFRICA AMERICAS
Acquires data from
2%
of the Internet
1M+ events per second
50M+ daily-active users
160+ countries
22 data centers (and more coming)
30
• any port
Connect with confdence.
Anywhere. Anytime. On any device.
Every day, we block
80M+
security events over
• any protocol
• any app
• any port
Connect with confdence.
Anywhere. Anytime. On any device.
Every day, we block
80M+
security events over
• any protocol
• any app
Predictive security. Panoramic visibility.
Enforcement everywhere.
Service Security Graph Umbrella
Platform intelligence enforcement
Purpose
predict threats
before they happen
using big data analytics
prevents infections
or contains breaches
on or beyond the network
Manageability
0: net new latency
100%: global network uptime
<30min: to complete provisioning
<1min: to update actionable intelligence
0: maintenance required to keep up to date
Service Security Graph Umbrella
Platform intelligence enforcement
Purpose
predict threats
before they happen
using big data analytics
prevents infections
or contains breaches
on or beyond the network
Service Security Graph
Platform intelligence
Purpose
predict threats
before they happen
using big data analytics
31
Enforcement everywhere.
Service Security Graph Umbrella
Platform intelligence enforcement
Purpose
predict threats
before they happen
using big data analytics
prevents infections
or contains breaches
on or beyond the network
Manageability
0: net new latency
100%: global network uptime
<30min: to complete provisioning
<1min: to update actionable intelligence
0: maintenance required to keep up to date
Service Security Graph Umbrella
Platform intelligence enforcement
Purpose
predict threats
before they happen
using big data analytics
prevents infections
or contains breaches
on or beyond the network
Service Security Graph
Platform intelligence
Purpose
predict threats
before they happen
using big data analytics
31
32
Them: Catch up.
Them Us
network-centric cloud-centric
ponderous nimble
reactive proactive
need evidence see patterns
fragmented holistic
Us: Evolve.
Them: Catch up.
Them Us
network-centric cloud-centric
ponderous nimble
reactive proactive
need evidence see patterns
fragmented holistic
Us: Evolve.
OpenDNS
• Leverage the World’s largest Internet security
network to block threats no other vendor covers.
• Set up our free, instant trial in under 30 minutes.
Connect with confdence.
33
• Leverage the World’s largest Internet security
network to block threats no other vendor covers.
• Set up our free, instant trial in under 30 minutes.
Connect with confdence.
33
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 913
- Slides 33
- Favorites 2
- Age 4303 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
30 views