Upload
priyanka-aash
View
485
Download
0
Embed Size (px)
Citation preview
4 Pillars of Architecture
Three Pillars of Security Architecture
• Protection
• Detection
• Response
• Prediction
Detection and Prevention
Cloud Access Security Brokers
Challenges with SaaS/Cloud
• Sanctioned IT:
– Lack of user behavior visibility or audit trail,
– Ability to encrypt/secure
– Ability to directly prevent threats
• Shadow IT:
– No visibility
– No control
CASB
• Cloud Access Security Brokers (CASBs) are security enforcement points between consumers and service providers that apply security controls to access cloud services
– Data Security/Encryption
– Visibility
– Threat Protection
– Compliance
Image Source: Cloud Access Security Broker (CASB): A pattern for secure access to cloud services EDUARDO B. FERNANDEZ et al
CASB
• Ciphercloud
• Skyhigh
• Palerra
• Bitglass
• Adallom
Application Control
• Bit9
• Avecto
• Viewfinity
RASP and IAST
RASP and IAST
• IAST – Combine SAST and DAST
• RASP – Self Defending Applications
– Vendors • Arxan
• Prevoty
• Waratek
Specialized Security Analytics
Beyond SIEM
• SIEM failed to deliver as per expectation
• Domain specific Analytics
– User Behavior Analytics
– Network Behavior Analytics
– Network Sandboxing
– RASP
– CASB
Attack Deception
Turning the table
• New type of technologies which deceives the attacker
– Isolate attacker
– Deceive and Observe
• Vendors
– Illusive
– Topspin
– TrapX
Security Awareness Doesn’t Deliver Beyond a Point. Invest in Habits.
Insider Threats
Response
Micro Segmentation and End Point Isolation
You will get hacked…but that’s ok
• Isolate Browser and Applications
• Trusted Container in un-trusted system
• Un-trusted Container in trusted system
• Microsegmentation Vendors • Illumio
• Cloudpassage
• Vidder
• Catbird
• Certes
• Endpoint Isolation
– Bromium
– Invincea
– Avecto
– Armor5
– Menlo Security
– Spikes security
EDR – Endpoint Detection and Response
EDR
• Cybereason
• Triumphant
• Countertack
• Mandiant
Incident Response Platforms
• CSG
• DFLabs
• Resilient
• Hexadite
Prediction
Threat Intelligence
Threat Intelligence
Intel 101
• Data vs Intelligence – Context, Intent, Capability
• Tactical vs Strategic – How and what?
– Who and why?
• Atomic vs Composite – IP, packet string, hash
– Combine multiple things
• TTP- Tactics, Techniques and Procedures
Taxonomy for Threat Intelligence
Threat intelligence
Threat Intelligence
Platform
Threat Intelligence Enrichment
Threat Intelligence Integration
Open Source Intel Human Intel
Technical Intel
Adversary Intel
Vulnerability Intel
Strategic Intel
Vendor Landscape
• Total Vendors studied: 23
• Prominent Vendors
– Open Source Intel: Recorded Future, Digital Shadows, Cyveillance
– Human Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Cyveillance
– Technical Intel: Norse Corporation , Anubis Networks, Emerging Threats
– Adversary Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Symantec Deepsight
– Vulnerability Intel: iSIGHT Partners, Verisign iDefence
– Strategic Intel: , Surfwatch labs, Cytegic
Tying Things Together
Threat Vector
Protective Controls
Detective Controls
Responsive Controls
Predictive Controls
Thank You