Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Herding Cats: Issues with Distributed Retail Network
Security
Thursday, February 25, 2016
Agenda
• Housekeeping • Presenters • About Conexxus • Presentation • Q & A
Housekeeping This webinar is being recorded. The webinar presentation will be made available to all attendees after completing a short 6 question survey. The recording will be available on the Conexxus website under resourses in about 2 weeks Once the survey is completed, a link will be provided to the presentation handout. Conexxus uses the survey results to develop the content for our webinar series.
3
Presenters • Kara Gunderson ([email protected])
POS Manager Citgo Petroleum Corporation
• Ann Zecca ([email protected]) • Hubert Williams ([email protected])
Vice President of Technology and Development Maverik, Inc.
4
Outcomes Recognize that multi-store networks are more difficult to secure than single stores.
See how the threat evolution has forced retailers to change how we secure our distributed retail networks.
Look at some tools and methods for defending your multi-store retail company.
Understand the big picture strategy necessary to prevent, detect and limit the scope of threats
Agenda Understand the Distributed Retail Network Security landscape
Why is it different from single site retailers?
Distributed Retail Network Security Strategy
Overview of Layered Security
Layered Security Tools
What, exactly, is Threat Intelligence?
Some bits of Common Sense
Q & A
Distributed Retail Network Security Landscape
Single Site Security….Ahhh! The Good Life
Perimeter is centralized at the store and endpoints were easily managed Data and assets are static on network with little or no segmentation PCI-DSS Audits are comprised of a self-assessment Hub up the computers and go!!
Distributed Retail Network Security Landscape
Single Site Security….Ahhh! The Good Life
Distributed Retail Network Security Landscape
The Multi-Site Threat Landscape
Probably a level 1 – 2 Merchant for PCI
Segments? Every store has it’s own segments and it’s own perimeter
Hackers are developing malware specifically for your POS Systems
Data and Assets are mobile, dynamic, and IOT is everywhere BTW….80% of IOT efforts are NOT driven by IT (Gartner)
Let’s face it, we are herding cats
Distributed Retail Network Security Landscape
It Is a Bit Complex
Distributed Retail Network Security Strategy When developing a security strategy to secure your company, think about it in terms of:
• Prevention: None shall pass!
• Scope Limitation: Limit what they can get if they do get in
• Detection: If they get in, spot them quick (oh…and kick them out)
Distributed Retail Network Security Landscape
Security Strategy Basics Layered Security Know your network and attack vectors
Ensure you are up to date with patching and virus
Firewalls, IPS between network segments
Threat Intelligence: Collect and Interrogate logs from systems Employ a Security Information and Event Monitoring system (SIEM)
Create or Contract a Monitoring Entity for the SIEM
Investigate
ACT!
Layered Security: The Holy Grail
REALITY CHECK: There is nothing holy about it. Layered security is a commitment and requires investment both in terms of dollars and labor.
Layered Security: A Quick Inventory
BIG IDEA: Secure from perimeters to endpoint, paralleling what Lockheed Martin calls the “Cyber Kill Chain”
External IPS, Next-Gen Firewalls, Application Firewalls, Vulnerability Scanning, and Penetration Testing
Deploy IPS/IDS, Web Proxies, SPAM Filters, Sandbox/Sandnet techniques
Anti-virus, Personal Firewalls, Host-based IPS, patching, software updates
Use a SIEM to develop Threat Intelligence
Layered Security: “Defense in Depth” Recommended by the NSA
”There are two types of business: those who have been attacked and those who have yet to fine out” Neil Seeman, CEO
Let’s Look at Some Tools and Methods That Might Help
Layered Security: Next Generation Firewalls
A key to Prevention and Scope Limitation (segmentation), Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with other network device filtering functionalities such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS) and/or other techniques.
• Legacy firewalls focus on source, destination and ports
• Legacy firewalls do not identify and stop malicious payloads
• Evasive nature of today’s attacks require a greater level of protection
What kind of firewalls are you using??
You REALLY Need to Take a Look!!
Layered Security: Intrusion Detection and Intrusion Prevention Systems
What are IDS and IPS?
Intrusion Detection Systems (IDS) sit off to the side of the network, monitoring traffic at many different points, and provide visibility into the security posture of the network
Intrusion Prevention systems (IPS), also known as intrusion detection and
prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity.
Layered Security: File Integrity Monitoring
What is File Integrity Monitoring? File integrity monitoring (FIM) is an internal control or process that performs the act of validating the integrity of operating system and application software files using a verification method between the current file state and the known, good baseline. Used for Detection.
Layered Security: Data Loss Prevention Software
What is DLP Software? •Data loss Prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. •DLP Software are products that help a network administrator control what data end users can transfer.
Layered Security: SIEM Tools
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization's information technology (IT) security to detect problems.
This is important folks. It is a shame to spend time and resources putting in systems that create logs to meet compliance requirements and not use those logs to your full benefit. If you don’t pay attention to what they are telling you, why have them? SIEM tools are a great way to clear the data fog and get vision into what you need to know. The more stores you have, the greater your need for a tool or service like this. (BTW, there are options to outsource)
Threat Intelligence
What is Threat Intelligence? Malware Exchanges & Sources
Malware Exchange (major NetSec vendors) VirusTotal.com VirusShare.com
IDS/IPS Event Feedback Loop Universities
ISPs and Carriers IDS/IPS Customer base
IDS/IPS Rulesets
Other Misc Sources
DNS/Domain Lists and Analytics
IP Reputation Lists and Analytics
.
Here is what is happening. Lot’s of companies and organizations collect intel on security threats worldwide.
They share the information and companies that make security products like IPS, IDS, Firewalls use this information to interrogate your data for problems. These problems will show up in their logs.
An SIEM product can be used to collect the logs and alert you to possible attacks.
Threat Intelligence and Layered Security
~85% BLOCKED MALWARE
“Actionable” Threat Intelligence SIEM consolidates data from multiple devices Might include Intelligence from external sources Used for analysis and incident response
“Active” Threat Intelligence IP and/or Domain reputation lists Pushed out to security devices regularly Collaboration of InfoSec community
Other Stuff To Consider: WEAK PASSWORDS ARE BAD
A 2013 Verizon Data Breach Investigation Report states that this is the cause of 76% of all attacks on corporate networks. Consider providing your employees education on this problem and enforcing a 10 digit complex password. LENGTH = STRENGTH Random 8-character passwords take 8 to 72 hours to crack using brute force methods on a standard PC while a 10 character complex password will take 19 to 58 years.
BTW: It is generally the first attack vector hackers will try.
Other Stuff To Consider: SOCIAL ENGINEERING
Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. Follow the ATE – AWARENESS, TRAINING and EDUCATION security concept for all employees, no matter what level and what position they hold in the organization. While C-level employees are great targets, their admins can be even more powerful vectors for attack!
•Store employees may not know all the IT techs that call them!!! USE 2-factor authentication in order to make it more difficult for hackers to gain remote access at your sites.
A Few Last Bits of Common Sense: •Don’t let one stores network pass traffic to another. Keep them separated with firewalls and routing rules.
•Don’t get behind on patching! Rather than trying to patch all equipment of the same type at the same time, develop patching groups that can be handled in a timely fashion.
•Use simple tools like the screensavers on your store and office PCs to display messages and reminders about security.
•Look beyond compliance. Passing an audit is a point in time check while security is vigilance and a commitment to protecting your company and your customers.
•If you are secure, you are likely compliant….seek to be secure.
Sources
• LightCyber.com • Wiki • Mastercard • Visa • Trustwave • RIWI
February 25, 2016 Page 27
Q&A
May 1 – 5 Loews Ventana Canyon
Tucson, AZ Registration is OPEN
Conexxus.org/AnnualConference
2016 Conexxus Annual Conference
29
Page 23
About Conexxus
• We are an independent, non-profit, member driven technology organization
• We set standards… – Data exchange – Security – Mobile commerce
• We provide vision – Identify emerging tech/trends
• We advocate for our industry – Technology is policy
30
Page 24
• Website: www.conexxus.org • Email: [email protected] • LinkedIn Group: Conexxus Online • Follow us on Twitter: @Conexxusonline • 2016 Conexxus Annual Conference • Dec. 17, 2015: Defending the island-A
guide to reducing the risk of skimming Page 26