FireEye – Qualifying Cyber-Security Risks · FireEye - 10 steps to Cyber Resilience 1. Stop every...

Post on 10-Oct-2020

9 views 0 download

Transcript of FireEye – Qualifying Cyber-Security Risks · FireEye - 10 steps to Cyber Resilience 1. Stop every...

1

FireEye – Qualifying Cyber-Security Risks Stefano Lamonato - Systems Engineer, Italy

stefano.lamonato@fireeye.com

ReimaginedSecurity

2

Innovation Creates Perfect Platform of

Evil

Current Security Models Ineffective

New ModelsRequired

Cyber Threats More Advanced & Complex

than Ever

NEW THREAT LANDSCAPE

Current State of Cyber Security

Copyright © 2014, FireEye, Inc. All rights reserved.

3

Why, Who & How?

Source: M-Trends Report 2014

4

Cyber Defense or Resilience?

• 71.5% thought their security was between good to excellent

• 51% either “unsure” or said “NO” when asked if the technology

they use would block a modern day attack Ponemon Research: UK data 2103Cyber Security in the Trenches

0

8

16

20 20

28

0

5

10

15

20

25

30

Daily Weekly Monthly Yearly Never Don't know

How frequently does a cyber breach occur in your organization?

%

5

Real-world Assessment of Top Industry Vertical

0%

50%

100%

%Had APT %Compromised

Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model

http://www2.fireeye.com/real-world-assessment.html

6

Malware: The Favorite Attacker’s Tool

of all the unique malware detected was seen ONCE

75%208,184Malware Download

124,289Unique Malware

93,755Malware Seen ONCE

Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model

http://www2.fireeye.com/real-world-assessment.html

7

“Recognizing that 100% risk mitigation is not possible in any complex system, the overarching

goal of a risk-based approach to cyber security is system resilience to survive and quickly recover from attacks and accidents”

from report: Partnering for Cyber Resiliance (World Economic Forum)

www3.weforum.org/docs/WEF_IT_PartneringCyberResilience_Guidelines_2012.pdf

So what is an acceptable incident?

8

How are you measuring the success of security?

9

Business Impact Level

Threat levelLikelihood of

attackLongevity of

attackX X X Response

capabilityX

Qualifying risk (BSI27001, NIST, IA, etc…)

10

Virtual Machine-Based Model of Detection

Purpose-Built for Security

Hardened Hypervisor

Scalable

Portable

SECURITYNeeds To Be

To Address The New Threat

Landscape

FINDS KNOWN/ UNKNOWN CYBER-ATTACKS IN REAL TIME ACROSS ALL VECTORS

11

FireEye’s Technology: State of the Art Detection

CORRELATEANALYZE( 5 0 0 , 0 0 0 O B J E C T S / H O U R )

Within VMs

Across VMs

Cross-enterprise

Network

Email

Mobile

Files

Exploit

Callback

MalwareDownload

Lateral Transfer

Exfiltration

DETONATE

12

FireEye Product Portfolio

SEG IPS SWG

IPS

MDM

Host

Anti-virus

HostAnti-virus

MVX

Threat Analytics Platform

Mobile Threat PreventionEmail Threat

Prevention

Dynamic Threat Intelligence

Network Threat

Prevention

Content Threat

Prevention

Mobile ThreatPrevention

Endpoint Threat

Prevention

Email ThreatPrevention

13

REALTIME

The Objective: “Continuous Threat Protection”

THEFT OF ASSETS & IP

COST OF RESPONSE

DISRUPTION TO BUSINESS

REPUTATION RISK

Prevent

Time to Detect Time to Fix

14

FireEye - 10 steps to Cyber Resilience

1. Stop every attack is impossible, focus on key for your business.

2. Must have business risk based approach.

3. Recognise that the most critical assets are information, not systems

4. Refocus on marginalizing the impact of an attack rather than preventing it.

5. Less is More - The single, targeted attack is typically the one with the greatest business impact

6. Become your own first and last line of defence – most security tools work on the premise of being able

to block attacks that have been seen previously in other organizations.

7. Forensics & attribution - If we accept that some attacks will be successful, the business requires us to

understand what the impact of these incidents will have on the business profitability. Both regulation

and business will drive this need.

8. Response plans should also be well thought out and regularly tested.

9. Security is more than just your own IT - The more connected we become the more likely we are to

ensure our partners and supply chain are also secure.

10. We should not block business innovation. However, if we take a business risk approach we can help

make business relevant decisions on the value of leveraging new technology versus the risks.

15

ReimaginedSecurityReimaginedSecurity

Thank You