Upload
centro-de-investigacion-para-la-gestion-tecnologica-del-riesgo-cigtr
View
164
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Ponencia de Simon Leech, Director de Preventa EMEA para Hewlett-Packkard - Seguridad en la Empresa. Presentation by Simon Leech. Pre-Sales Director EMEA for Hewlett-Packard Enterprise Security. Curso de Verano / Summer Course CIGTR/URJC 2012
Citation preview
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
The Value of Security Intelligence What you can’t see, can hurt you
Simon Leech CISSP CISM CRISC PreSales Director EMEA, HP Enterprise Security
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 2
HP Enterprise Security HP Enterprise Security
Market leading products and services • Security Information and Event
Management
• Log Management
• Application Security
• Network Security
• Data Protection
• Threat Research
• Security Services
One Team, One Vision
ATALLA
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 3
Global security research
• i.e. SANS, CERT, NIST, OSVDB, software & reputation vendors
• 1600+ Researchers
• 2000+ Customers
Ecosystem
Partner
• Leading security research
• Continuously finds more vulnerabilities than the rest of the market combined
• Collaborative effort of market leading teams: DV Labs, ArcSight,
Fortify, HP Labs, Application Security Center
• Collect network and security data from around the globe
FSRG Fortify Security Research Group
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 4
Disruptive technology trends
FUTURE OF
SECURITY:
PROACTIVE
RISK
MANAGEMENT
COLLABORATIVE OPEN & EXTENDED
DEVICES,DATA & INFRASTRUCTURE
CLOUD Public, Private, Adoption
BIG DATA Content, Context, Unstructured
FORTRESS Reactive Perimeter Security
CONSUMERIZATION Mobility, Device & Social Media
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 5
The enterprise security problem
Breaches continue…
even though they have
hundreds of security solutions
available
Siloed security products…
don’t learn or share information
Limited context…
a gap between IT operations
and security constrains
potential actions
No effective way…
to understand and prioritize
risk
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 6
Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the
history of information.
Rise Of The Cyber Threat
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 7
…and becoming more costly Ponemon 2nd Annual Cost of Cybercrime Study 2011
Ponemon Institute: Private and Confidential
$1,530,568
$2,872,913
$5,167,657
$5,895,065
$7,576,693
$8,389,828
$17,455,124
$36,470,889
$1,037,277
$1,650,976
$3,180,182
$3,788,468
$4,611,172
$6,459,362
$15,567,136
$51,925,510
$- $15,000,000 $30,000,000 $45,000,000 $60,000,000
Minimum value
Quartile 1
Quartile 2
Median
Quartile 3
Grand mean
Quartile 4
Maximum value
FY 2010 FY 2011
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 8
Enterprises and Governments are experiencing the most AGGRESSIVE THREAT ENVIRONMENT in the
history of information.
Rise Of The Cyber Threat
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 9
Advanced Persistent Threats
Solar Sunrise
Moonlight Maze
Titan Rain
Byzantine Foothold
Aurora
Exxon
US Power Grid
Operation Shockwave
The Classics The Subversives
Night Dragon
1998 1999 2004 2007 2009 2010 2011
RSA
Lockheed Martin
Stuxxnet
1997
Eligible Receiver
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 10
Advanced Persistent Threats
Solar Sunrise
Moonlight Maze
Titan Rain
Byzantine Foothold
Aurora
Exxon
US Power Grid
Operation Shockwave
The Classics The Subversives
Night Dragon
1998 1999 2004 2007 2009 2010 2011
RSA
Lockheed Martin
Stuxxnet
1997
Eligible Receiver
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 11
Advanced Persistent Threats
Solar Sunrise
Moonlight Maze
Titan Rain
Byzantine Foothold
Aurora
Exxon
US Power Grid
Operation Shockwave
The Classics The Subversives
Night Dragon
1998 1999 2004 2007 2009 2010 2011
RSA
Lockheed Martin
Stuxxnet
1997
Eligible Receiver
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 12
What do these three organisations have in common?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 13
Modern Breaches Share a Pattern
Acquire target, sneak in, hop around (Zero Day? Perimeter won’t always help)
Get privileged access to critical assets (Impact takes time)
Conduct the crime for an extended time (Early detection matters)
“The success or failure of an attack will depend on the attacker’s ability to go undetected”
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 14
The unlucky CISO? 1. At 5pm on Friday evening, a security administrator receives an email from US-CERT
notifying him of a critical vulnerability in the database system he manages. It’s home time, he does nothing.
2. Sometime over the weekend, a high ranking user receives an email from an MTA in China. It’s from a known bad IP address, and it triggers an alert, but the IP isn’t rated highly enough to get the email blocked
3. Monday morning at 9am the user opens the email, and double clicks on the attachment that he had been sent. It seems to be a harmless PDF from a colleague, but unknown to him it installs a RAT and sends a hello back to the same IP address that had sent the email
4. A couple of hours later, at 1230pm, the CPU on a server in the application server farm spikes, triggering an alert on the app monitoring dashboard. But after a couple of minutes it goes away, and the server admin ignores it
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 15
The unlucky CISO? 5. At the same time, the database admin notices an increase in activity deviating 10x from
the norm at this time of the day. The number of data sets being accessed is also higher than normal, but the database remains up so the admin doesn’t worry
6. Also at 1230pm, the network admin notices a significant increase in the traffic between the app server and the database server, and then out to the Internet (coincidentally to the same IP address that had sent the email and installed the RAT, but no one notices this)
7. Later that day, as part of a weekly vulnerability scan, the security team identify the database server has the newly discovered vulnerability, and create a trouble ticket to get it patched
8. The following morning the security team patch the vulnerability, and a couple of days later a dump of the entire database, including gigs of PII, appears on pastebin…..
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 16
Main areas to focus on
• Understand the weaknesses that you have inherited
• Understand the weaknesses that you have created
• (Understand the weaknesses that you can use)
• Make your security intelligence work
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 17
Understand the weaknesses that you have inherited
• You will have vulnerabilities in your third party applications! • But do you have the time to find them? • Is it even your job to find them?
Vulnerabilities entered in OSVDB annually
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 18
Understand the weaknesses that you have inherited
• You will have vulnerabilities in your third party applications! • But do you have the time to find them? • Is it even your job to find them?
• A recent study by Forrester concluded: • Independent and original vulnerability research is important to security
organisations
• Companies want to leverage relationships with vulnerability researchers in order to make decisions
• Quality vulnerability information helps improve security
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 19
Vulnerability Bounty Programs – Good or Bad?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 20
Vulnerability Bounty Programs – Good or Bad?
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 21
Understand the weaknesses that you have created
• You will have vulnerabilities in your self developed applications! • You need to make the time to find them • You owe it to your customers, and to your own cyber reputation
Source: HP DVLabs Threatlinq
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 22
Understand the weaknesses that you have created
• You will have vulnerabilities in your self developed applications! • You need to make the time to find them • You owe it to your customers, and to your own cyber reputation
• A recent study by Ponemon Institute showed: • 73% of respondents hacked at least once in the past 2 years
• 72% actually test less than 10% of their web applications for security
• Investments in awareness around secure software development best
practices will help here
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 23
Understand the weaknesses that you can use
• Probably outside the realm of most information security policies • But definitely becoming a usable tactic in the art of cyber warfare
Articles from Andy Greenberg, Forbes.com
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 24
Making Your Security Intelligence Work
TECHNOLOGY
PROCESS
Network & System Owners
Incident Handler
Case closed
Escalation
PEOPLE
Level 1 Level 2
Engineer
1
3 4
2 5
6
• Advanced Persistent Threat (APT) Detection • Compliance Reporting • High-risk User Monitoring • Privacy Breach Detection
• Data Leakage Monitoring • Critical Business Transaction Monitoring • Perimeter Security Monitoring • Universal Log Management
Risk Management Solution Focus Areas
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 25
Conclusions
• There are no good neighborhoods on the Internet – they’re all some kind of bad
• Legacy controls will not be able to keep up – but keep security technologies up to date to stay ahead of the changing threat
• Vulnerability research is critical to provide insight into potential future cyber attacks – align with security operations and change management
• Actionable security intelligence is as important as any security product – and make your risk position a board room topic
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 26
HP Enterprise Security vision
• Must be driven by business priorities
• Must “see everything” in the context of business processes and enable fast, efficient resource prioritization
• Must deliver standalone and intelligently integrated solutions
• Must achieve compliance goals and manage security costs
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 27
Security Intelligence and Risk Management Platform HP EnterpriseView
COMPLIANCE AND POLICY
VULNERABILITY MANAGEMENT
ASSET PROFILING
RISK MANAGEMENT
Security Intelligence
Network Security
Application Security
& FSRG Threat Research
A Security Intelligence and Risk Management platform
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 28
HP EnterpriseView: see everything and prioritize response
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Thank you [email protected]
http://www.hpenterprisesecurity.com/solutions/2011-cyber-security-risk-report