pr proactive ctive se secur curity ity data a
play

PR PROACTIVE CTIVE SE SECUR CURITY ITY: : DATA A BREA BREACH - PowerPoint PPT Presentation

PR PROACTIVE CTIVE SE SECUR CURITY ITY: : DATA A BREA BREACH CH ASSE ASSESSM SSMENT ENT CyberSecurity Chicago September 2018 Security In The News Frequency and severity of cyber security news on the rise 2 PROPRIETARY AND


  1. PR PROACTIVE CTIVE SE SECUR CURITY ITY: : DATA A BREA BREACH CH ASSE ASSESSM SSMENT ENT CyberSecurity Chicago September 2018

  2. Security In The News Frequency and severity of cyber security news on the rise 2 PROPRIETARY AND CONFIDENTIAL

  3. Understanding The Problem Enterprise Strategy Group (ESG) – Project Overview • Cybersecurity Realities and Priorities for 2018 and Beyond – 413 completed online surveys with cybersecurity and IT respondents with influence over cybersecurity decision-making/strategy at their organization – Enterprise (2,500 or more employees and $100 million or more in annual revenue in US and 1,000 or more employees and $50 million or more in annual revenue outside of US) organizations in United States, United Kingdom and Australia • 61% United States, 20% United Kingdom, 20% Australia – Multiple industry verticals including manufacturing, financial, retail/wholesale and health care, among others (source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond) 3 PROPRIETARY AND CONFIDENTIAL

  4. Understanding The Problem Most Significant Impact on Security Strategy Which of the following factors have the most significant impact on shaping your organization’s security strategy? (Percent of respondents, N=413, three responses accepted) Preventing/detecting malware threats 37% Proactively minimizing and mitigating risks 37% The need to support new IT initiatives 37% Need to balance application/network performance and security 36% requirements The need to support new business initiatives 31% (source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond) 4 PROPRIETARY AND CONFIDENTIAL

  5. Understanding The Problem Why Cybersecurity Has Become More Difficult Over the Past Two Years You indicated that cybersecurity has become more difficult over the last two years. In your opinion, which of the following factors have had the greatest impact on increasing cybersecurity difficulty? (Percent of respondents, N=326, three responses accep An increase in malware volume and sophistication 42% An increase in the number of new IT initiatives has made it difficult to 38% keep up with cybersecurity An increase in the number of targeted attacks that may circumvent 34% traditional network security controls An increase in the number of devices connecting to the network 32% An increase in network traffic 29% (source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond) 5 PROPRIETARY AND CONFIDENTIAL

  6. Understanding The Problem Areas of Cybersecurity Budget Change for 2018 You stated that your organization’s cybersecurity budget will go up in 2018. Please indicate how the cybersecurity budget will change in each of the following areas: (Percent of respondents, N=413) Increase significantly from 2017 Increase somewhat from 2017 Remain about the same as 2017 Decrease somewhat from 2017 Decrease significantly from 2017 Network security 46% 45% 7% 1% Cloud security 46% 41% 12% 1% Application/database security 36% 50% 12% 1% Security testing/validation 34% 50% 16% 1% Host-based security 31% 44% 23% 1% Training 28% 43% 27% 2% 1% Personnel 22% 39% 37% 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% (source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond) 6 PROPRIETARY AND CONFIDENTIAL

  7. Understanding The Problem Why Organizations Conduct More Security Testing You indicated that your organization does more security testing today than it did two years ago. Which of the following factors most contributed to this increase? (Percent of respondents, N=372, three responses accepted) We have come to believe that frequent security testing is a best practice 34% Many of our application workloads now reside in the cloud so we felt it was important to 33% increase security testing in support of using cloud infrastructure services Our CISO (or similar senior position) has pushed the organization to do more proactive 33% security testing We must perform security testing more often as part of regulatory compliance 33% We’ve implemented new types of production applications over the past two years 29% Business managers are more involved with cybersecurity and they require us to do more 29% security testing for risk assessment purposes Our security budget has increased recently, freeing up funds for more security testing 28% My organization suffered a security breach which led us to do more frequent security 22% proactive testing My organization has purchased cyber insurance and we are obligated to do more security 20% testing in support of this Third-party customers have mandated that we do security testing more often 12% (source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond) 7 PROPRIETARY AND CONFIDENTIAL

  8. Understanding The Problem The Bigger Truth • Traditional cybersecurity strategies are not working – Cybersecurity grows incrementally more difficult – Organizations are understaffed and lack the right skills • “An ounce of prevention is worth a pound of cure” – Security is “moving to the left” – More comprehensive testing – Proactivity • Changes are happening – CISO responsibilities – Transition to cloud computing – Budget increases – SaaS (source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond) 8 PROPRIETARY AND CONFIDENTIAL

  9. Data Breach Assessment Data Breach Statistics • There has been the consistent rise over the past few years in the total number of data breaches – Massive data breaches like Equifax, Yahoo, or Target expose or compromise sensitive information on the order of millions, or even billions of accounts – 2017 was a record-breaking year with a total of 5,207 data breaches, exposing nearly 8 billion information records (source: Dark Reading) 9 PROPRIETARY AND CONFIDENTIAL

  10. “The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him” – Sun Tzu, The Art of War 10 PROPRIETARY AND CONFIDENTIAL

  11. Automated Purple Team Assessments Continual validation of your network’s threat landscape • Define your topology including zone details and begin to perform automated red vs. blue assessments • Data Breach Assessment can leverage knowledge of zone to tailor its executed exploits and malware to your environment • Meet / prepare for regulatory compliance requirements with continual assessments Assess your threat landscape and find the holes before the bad guys do 11 PROPRIETARY AND CONFIDENTIAL

  12. Emulation over Simulation When you look closely you can tell it isn’t real… • Emulation – reproduction of the exact scenario such that it is a recreation or replicate and indistinguishable from the original • Simulation – fabrication of a scenario with the goal to mimic or resemble said scenario that it could be passable if not evaluated closely • Solutions in the market today leverage pcap replay (i.e., simulation) which can lead to incorrect results and false sense of security Only use emulated attacks and malware 12 PROPRIETARY AND CONFIDENTIAL

  13. Evasion Techniques Evade detection by leveraging attacker techniques • Hide your attacks in plain sight by using tried and true techniques used by attackers to evasion detection • Validate all techniques across all attack vectors (including exploits and malware) to confirm your security solutions cannot be easily bypassed Confirm security solutions cannot be easily fooled by evasion techniques 13 PROPRIETARY AND CONFIDENTIAL

  14. Active Monitoring Know the impacts of security content inspection in real-time • Assess the impacts of security inspection by generating legitimate, hyper-realistic emulated traffic for the same services you are protecting • Limit the impact to users by finding security policies that degrade performance and do not provide additional security coverage Fine tune your security policies with active monitoring 14 PROPRIETARY AND CONFIDENTIAL

  15. False Positive And Data Loss Prevention Verification Secure communications without compromising them • Verify that security solutions don’t just block all files of that filetype but actually inspect them to stop the malicious ones without impact to your user’s daily work Security Device • Validate that intellectual property and other sensitive file content (e.g., SSNs, credit card numbers) does not leave your network Verify data loss policies across filetypes IP/DLP and network vectors 15 PROPRIETARY AND CONFIDENTIAL

  16. Evaluating Multi-Tier Security Protection Emulating Scenarios That Look and Feel Like An Attacker Multi-path Attack – Secure Datacenter Firewall Policies Data Loss Allowed Prevention (DLP) Denied 1. User browses to the Internet and accesses a website controlled by the attacker 2. User laptop is compromised and is under the control of the attacker 3. The attacker pivots and attacks a server within the secure datacenter 4. Once compromised, Corporate LAN the attacker can control the internal server and send data outbound to servers controlled by the Internet attacker 16 PROPRIETARY AND CONFIDENTIAL

Recommend


More recommend