Embed Size (px)
Citation preview
Welcome To
Mark StephenBBC Scotland #scotsecure
Steve MulhearnFortinet
#scotsecure
© Copyright Fortinet Inc. All rights reserved.
Security Challenges and Emerging Threats
Steve Mulhearn- Business Solutions DevelopmentApril 2015
5
Challenges Today
COST
» Operational
» Capital
CONSOLIDATION
» Virtual
» Manpower
SECURITY
» Emerging Threat
» Advanced Threats
6
What We Used To Think
7
How We Think Today
8
The Anatomy Of An Attack
“Generic Threat”
Bot
Zero Day Threat
Trojan
Virus
Worm
Devices
Web sites
Physical media
9
Advanced Targeted Attack Lifecycle
Day 1 2 Years +
“Social
Engineering”
“Bot net”
Activation
Zero Day
Exploit
10
The Threat is Worse Than Ever
*Akylus July 2014
11
With A Consistent Motivation
*Hackmageddon July 2014
12
Q2 2014 (IDC):
301.3M Smart Phones Shipped
Android 84.7% Market
February:
Drive-By Mobile
(DriveGenie)
June:
Pletor Mobile Ransom
(Doc Encryption)
July:
Dorkbot/Ngrbot
Kamikaze
2014 Threat Landscape Developments
Feb 13
IoT:
The Moon Worm
Linksys Routers
Heartbleed
Vulnerable OpenSSL
Apr 07
Apple iCloud
Ransomware
$100 EUR
Oleg Pliss
May 26 Jun 23
Havex RAT
OPC Server Spy
Aug 05
Cybervor
1.2B User & Pass
500M emails
Aug 15
Supervalu Data Breach,
200 Stores Affected
Evernote Hack
164,644 Forum
Members
Jun 10Evernote Hack
50M Users
Mar
2013
13
No One Is Immune
Have you changed your password yet?
14
ebay – The Impact by the Numbers
262,800Number of Passwords changed in a year
(Average 2 minutes/password)
551 Man/years wasted changing passwords
145 M User accounts compromised
525,600 Minutes in a year
15
Follow The Acronym Trail
16
Is There A Silver Bullet For Defeating an ATA?
17
Collaborative Approach to Addressing Advanced Threats
http://www.networkworld.com/news/2013/103013-gartner-defense-attacks-275438.html?page=2
18
Focus on Three Key Actions
Step 1 - Mitigation
• Mitigate threats before they enter
your network
• Proactive is key
Step 2 - Detection
• Discover threats that have
or tried to enter the network
Step 3 - Remediation
• Respond to any threats that
have breached the network
19
Mitigation
DetectionRemediation
A Structured Approach for Maximum Protection
Access Control• Reduce Attack
Surface
Threat Prevention• Inspect and block
threats
Threat Detection• Identify new
incidents
Continuous
Monitoring• Assess, audit,
improveIncident Response• Validate and contain
20
Step 1 - Mitigation
Access Control
» Stateful Firewall
» 2 Factor Authentication
Threat Prevention
» Intrusion Prevention
» Application Control
» Web Filtering
» Email Filtering
» Anti-Virus
21
A Cornerstone of Mitigation
The reports of my death
have been greatly
exaggerated.
22
The Human Factor - Laziness
“Old Habits Die Hard”
23
Operating Systems and Software Require Constant Updates
12%
52%
24%
3%9%
Installed PC Operating Systems*
Windows 8/8.1
Windows 7
Windows XP
Windows Vista
Other
*Net Applications September 2014
24
Not All Anti-Virus Solutions are Equal
Detection
Technology
Network
Placement
Operational
Efficacy
25
Step 2 - Detection
Access Control
» Stateful Firewall
» 2 Factor Authentication
Threat Prevention
» Intrusion Prevention
» Application Control
» Web Filtering
» Email Filtering
» Deep Flow Anti-malware
Threat Detection
» Botnet detection
» Client reputation
» Network behavior analysis
» Sandboxing
26
Payload Analysis (aka “sandboxing”)
What is it?» Virtual container, reflecting an end user desktop, in which
untrusted programs can be safely examined
What happens in it?» Code is executed in an contained, virtual environment
» Activity is logged and is analyzed for suspect characteristics
» Rating is determined based on system, file, web and traffic activity
Why is it important?» Traditional security looks at static attributes (signature, heuristic,
pattern, reputation, etc.) rather than dynamic activity
» In many cases, a site or code is just the first, small stage
Unsafe action, escape attempt
Controlled communication
inspection
X
27
A Deeper Level of Analysis
Network Behavior Analysis» Establish baselines of normal traffic patterns, look for anomalies
Network Forensics» Capture and replay network traffic for incident response
Payload Analysis» Execute code in a contained, “sandbox” environment
Endpoint Behavior Analysis» Monitor the production system configuration for anomalies
Endpoint Forensics» Collect data from endpoints to aid in incident response and forensics
28
Technology Hype and Hysteria
VISIBILITY
TIME
Technology
Trigger
Peak of Inflated
Expectations
Trough of
Disillusionment
Slope of
Enlightenment
Plateau of Productivity
29
A Word of Caution
http://www.darkreading.com/attacks-breaches/the-increasing-failure-of-malware-sandbo/240159977
30
Step 3 - Remediation
Access Control
» Stateful Firewall
» 2 Factor Authentication
Threat Prevention
» Intrusion Prevention
» Application Control
» Web Filtering
» Email Filtering
» Deep Flow Anti-malware
Threat Detection
» Sandboxing
» Botnet detection
» Client reputation
» Network behavior analysis
• Incident Response
» Consolidated logs and reports
» Professional Services
» User or Device Quarantine
» Threat Prevention Updates
• Continuous Monitoring
» Real-time Activity Views
» Security Reporting
» Threat Intelligence
31
Coordinated Defense Strategy
In-Network
Defenses
Continuous
Updates
Threat Research
and Discovery
32
The Fortinet ATP Solution
FortiGuard Services
FortiGuard Lab
33
Protecting Today’s Network
Evolution, evolution, evolution
Wherever there is value, the cyber criminal will follow
34
Protecting Today’s Network
Evolution, evolution, evolution
Wherever there is value, the cyber criminal will follow
Anticipate, React, Respond
35
Complexity
Tony NeateGet Safe Online
#scotsecure
Det Supt Stevie WilsonPolice Scotland
#scotsecure
Brian GibsonScottish Business Resilience Centre
#scotsecure
Brian GibsonChief Inspector
Deputy Director Scottish Business Resilience Centre
• We are a unique organisation comprising of contributionsand secondments from the Police, Scottish Government,Fire Services, Scottish Clearing Banks, investors and ourmembership.
• Vision• Creating a secure & resilient Scotland for business to flourish in
• Stakeholders• Scottish Government, Police Scotland, Members
Digital Security Support
Online Footprint Assessment
Digital Security Support
Cyber Supply Chain Test
Digital Security Support
Cyber Security Assessment
Insider Threat
• Case Study 1 - Pet Shop
• Case Study 2 – Call Centre
Developing a Cyber Security Strategy
• Mind-set
• E – Trader Accreditation
• Cyber Essentials (CE) Cyber Essentials Plus (CE+)
• Innovation Voucher Scheme
• Get Safe Online (getsafeonline.org)
• Cyber Streetwise – (cyberstreetwise.com)
Thank YouQUESTIONS ?
Questions & Discussion#scotsecure
Exhibition & RefreshmentsCheck badge for Breakouts
#scotsecure
18th June Dynamic Earth
Limited spaces remain
www.scot-cloud.com
30th Sept Dynamic Earth
Registration open
www.iotscotland.com
Welcome Back
Prof. Bill BuchananEdinburgh Napier
University#scotsecure
Glenn AttridgeRoyal Bank of Scotland
#scotsecure
Jiveen LalRisksmith
#scotsecure
Risk, responsibility and contractual obligation
Jiveen Lal, Director
+44(0)77 1402 3912
@risksmithUK
AGENDA
Risk, responsibility and contractual obligation
Agenda
Contract obligations and cyber attacks• Data loss• Cyber attack
Responsibilities beyond contract obligation
Cyber insurance• Identifying needs and testing your insurance• Market update
DATA LOSS / CYBER ATTACK
Contract obligations
1. Data loss
YouYour client
A client's customer
2. Business interruptions
Supplier
You
Customer
YOUR BUSINESS
Responsibility beyond contracts
Responsibility beyond contracts
Intellectual property
Revenue
Bodily injury
Property damage
Shareholder/Due diligence
Regulations
Brand
BUSINESS NEEDS
Cyber insurance
Identifying business needs
People SystemsInternal
processesExternal events
Business model
Quick test
1. Where is data?
2. Who has access?
3. What happens when a vendor suffers?
4. What are the ramifications of internally-sourced breach?
5. What do you plan to do when you have a data breach?
Cyber insurance update
• Experienced an event
• Know someone
• Increased awareness
• Fines/penalties
• Contract obligations
• Technology companies
Jamie GravesZoneFox
#scotsecure
Questions & Discussion#scotsecure
18th June Dynamic Earth
Limited spaces remain
www.scot-cloud.com
30th Sept Dynamic Earth
Registration open
www.iotscotland.com
Post Conference SurveyPlease complete
to get slides#scotsecure
Drinks & NetworkingExhibition Area
#scotsecure
Conference Close#scotsecure
