Upload
swift
View
80
Download
3
Tags:
Embed Size (px)
Citation preview
Cyber threats: Any silver
bullet?
SWIFT Benelux Forum
22 April 2015
Jacques Hagelstein, Deputy CSO, SWIFT
Cyber threats: the world is moving
• Amateur
→ Industrialised
• Targeting the public
→ Targeted at a particular
entity
• Limited resources
→ Advanced skills
and large resources
• Loners
→ Organised groups
→ State-sponsored
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 2
SCADA Attacks
DDoS >100Gbps
Citadel
State-Sponsored
Botnets
Snowden Allegations
Duqu
Malware Black
Market
APT
Flame
Gauss
Stuxnet
Water Holing
Spear Phishing
Blackhole
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 3
Technology?
NG-FW
IDP WAF
HSM
SIEM
PKI IPSec
IAM
A/V
People?
Rehearsing
Vetting
Awareness
Certifying
Training
SDLC
PenTesting
Monitoring Red
Teaming
Cyber
Governance
Recovery Intelligence
Management
Cyber
Consultants
Auditing
SOC
MSS
Any silver bullet?
BCP
3rd parties
Processes?
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 4
You need all of it
… and more
An FNAO view of Cyber
•DON’T UNDERESTIMATE IT Or detect attacks that would defeat your prevention
• PREPARE FOR THE WORSE Or be ready to contain the detected attacks
• COMPLICATE ITS LIFE Or prevent cyber attacks
• KNOW YOUR ENEMY Or understand your exposure
Learn
Prevent
Plan
Manage
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 5
FNAO
FNAO = Failure is Not An Option
Know your enemy
Key take-away:
You better know
what you protect
and against what
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 6
• Risk management process
• Data classification and security requirements
• Risk assessments
• Intrusion tests
• Threat lanscape
• Liaison
• PIMR, etc Learn
Prevent
Plan
Manage
FNAO
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015
Who is my enemy … and what is he after?
Networks
Systems
Data
People
Buildings
Application
Internal
Threats
Ex
tern
al T
hre
ats
Ex
tern
al T
hre
ats
Hackers
Organised
crime
Service
providers
States
Terrorism
Customers
7
Know your enemy … and yourself
• Set up a repeatable risk assessment process
– Based on assets criticality rating
– Record and track risks in a Risk Registry
– Pay special attention to "worst-case risks"
• Document your cyber exposure
– Regularly review changes in threats, business, technology • Threat intelligence sources = open sources, public sector, industry groups,
private companies
– Analyse hackers’ Modus Operandi – would it have worked against you?
• Exploit internal knowledge – Trends in Risk Registry
– Post-incident analysis – Abuse scenarios – Red team, etc
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 8
Complicate the life of your enemy
Key take-away:
Many attacks can still
be countered with
appropriate
technology
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 9
• Firewalls
• Anti-virus
• Vulnerability mgt
• IDP
• Reverse proxies
• Integrity checks
• WAF
• VPN
• DMZ
• Etc
Learn
Prevent
Plan
Manage
FNAO
Complicate the life of your enemy
• It’s about more than your infrastructure - Do not overlook
– Your software development activities: security requirements, security training, code review, pentest, static code analysis, etc • Do not secure applications after the fact but from the start
• Design for security
– Your hardware, software and service providers • Their security practices
• The delivery cycle
– Your staff: vetting, training, awareness, 4-eyes procedures, social engineering tests, etc • One of the best returns on investment
• Invest to close the main gaps revealed by “Know your enemy”
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 10
Design for security - SWIFTNet
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 11
Customer
SNL
Back
office
Customer
network
HSM
SWIFT
Op. Center
Customer
SNL
Back
office
Customer
network
HSM Two independent encryptions
Optional third encryption
Three independent authentications
Private network providers available
SWIFT-provided
equipment for customers
to secure their connection
SWIFT in the middle of
customer-to-customer
Messaging – Proxying
and validating
SWIFT
Offices
Strong isolation of our
Operating Centers
Do not under-estimate your enemy
Key take-away:
You cannot assume any
longer that all attacks will
be prevented
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 12
• nIDS
• NBA
• Network logs
• System logs
• Application logs
• SIEM
• Correlation rules
• Business rules
• Etc
Learn
Prevent
Plan
Manage
FNAO
Do not under-estimate your enemy
• Big change from the past - More detection is needed
– Without sacrificing prevention
• Invest to close the main gaps revealed by “Know your enemy”
– Especially where prevention reaches its limits
– Use the Modus Operandi that you analysed
– Build upon internal knowledge
– Example: we run brainstorms with application and security experts to imagine all forms of attacks and how to prevent and detect them
• Go beyond the tools
– You need people to understand the events
– Test and practice
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 13
Plan for the worst
Key take-away:
To remedy a severe
attack needs serious
preparation
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 14
• Incident
response
framework
o Skills
o Processes
o Tools
• Simulations
Learn
Prevent
Plan
Manage
FNAO
Plan for the worst
• Have people, policies, processes, tools ready
• Think of all dimensions
– Investigations • Do you capture the right data: secure logs, network recorders
• Do you have the right organisation, tools and skills
• Do you need forensic evidence
– Technical recovery vs Business recovery (customers)
– Decision chain • To stop the malware or to first observe it
– Internal and external communication
– Law enforcement engagement
– Etc
• Don’t forget
– To test and practice
– That you may need external help – prepare for it
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 15
Is there a silver bullet?
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 16
Know your enemy
Complicate its life
Do not under- estimate it
Prepare for the worse
FNAO
O
V
E
R
A
N
D
O
V
E
R
Many
attacks can
still be
countered
Do not
assume that
all attacks
will be
countered
To remedy a
severe
attack needs
serious
preparation
You better
know what
you protect
and against
what
Cyber threats: Any silver bullet? – SWIFT Benelux Forum – April 2015 17
Thank you