Advanced threat protection and big data
-
Upload
peter-wood -
Category
Technology
-
view
553 -
download
0
description
Transcript of Advanced threat protection and big data
Peter WoodChief Executive Officer
First•Base Technologies
Advanced Threat Protectionand Big Data
An Ethical Hacker’s View
Slide 2 © First Base Technologies 2013
Who is Peter Wood?
Worked in computers & electronics since 1969
Founded First Base in 1989 (one of the first ethical hacking firms)
CEO First Base Technologies LLPSocial engineer & penetration testerConference speaker and security ‘expert’
Member of ISACA Security Advisory GroupVice Chair of BCS Information Risk Management and Audit GroupUK Chair, Corporate Executive Programme
FBCS, CITP, CISSP, MIEEE, M.Inst.ISPRegistered BCS Security ConsultantMember of ACM, ISACA, ISSA, Mensa
Slide 3 © First Base Technologies 2013
Agenda
• Big Data elevator pitch
• Advanced Threats – really?
• Why Big Data for security?
• How can Big Data help?
• Can we do it now?
• Summing up
Slide 4 © First Base Technologies 2013
Big Data elevator pitch
Slide 5 © First Base Technologies 2013
Big Data is quite large
Every day, we create 2.5 quintillion bytes of data — so much that 90% of the data in the world today has been created in the last two years alone. This data comes from everywhere: sensors used to gather climate information, posts to social media sites, digital pictures and videos, purchase transaction records, and cell phone GPS signals to name a few.
http://www-01.ibm.com/software/data/bigdata/
2.5 quintillion = 2.5 exabytes = 2.5x1018 bytes
IDC projects that the digital universe will reach 40 zettabytes by 2020, resulting in a 50-fold growth from the beginning of 2010
http://uk.emc.com/about/news/press/2012/20121211-01.htm
40 zettabytes = 40x1021 bytes = 57 times all the grains of sand on all the beaches on earth
Slide 6 © First Base Technologies 2013
Big Data can be useful
• Creating transparency by making relevant data more accessible
• Enabling experimentation to discover needs, expose variability and improve performance - use data to analyse variability in performance and understand the root causes
• Segmenting populations to customise actions and tailor products and services to meet specific needs
• Replacing/supporting human decision-making with automated algorithms in order to minimise risk
• Innovating new business models, products and services
McKinsey Global Institute: “Big data: The next frontier for innovation, competition, and productivity”, May 2011
Slide 7 © First Base Technologies 2013
Where are we with Big Data in general?
• Mainstream adoption? Early days
• Skills and risks underestimated
• IT professionals say:
- Over-hyped
- Has a lot of potential
- Vendors may not deliver on promises
Slide 8 © First Base Technologies 2013
Advanced Threats – really?
Slide 9 © First Base Technologies 2013
Advanced Threats
• Massive increase in advanced malware bypassing
traditional security defenses
• Volumes vary substantially among different industries
• Email-based attacks are growing, with link- and
attachment-based malware presenting significant risks
• Cybercriminals are increasingly employing limited-use
domains in their spear phishing emails
• Malicious email attachments growing more diverse,
evading traditional security defenses
FireEye Advanced Threat Report – 1H 2012
Weekly count from FireEye Web MPS appliances across global customer base
These levels reflect the number of Web-based malware attacks that originated outside the target organization, successfully evaded traditional filters, and were blocked or infected target systems
The Post Breach Boom, Ponemon Institute, February 2013
Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia, Brazil, Japan, Singapore and UAE
The Post Breach Boom, Ponemon Institute, February 2013
Survey of 3,529 IT and IT security practitioners in US, Canada, UK, Australia, Brazil, Japan, Singapore and UAE
The Post Breach BoomPonemon Institute, February 2013
The Post Breach BoomPonemon Institute, February 2013
Slide 15 © First Base Technologies 2013
Why Big Data for security?
Slide 16 © First Base Technologies 2013
The tipping point
• Complex threat landscape
• Avalanche of new technology and challenges
• Skills shortages?
• Financial pressures, especially for headcount
• Large organisations can’t rely on “traditional” defences:- Preventative controls
- Siloed security solutions
- Hardening
- Processes and procedures
Slide 17 © First Base Technologies 2013
The tipping point inputs
Complex threat landscape:
• Stealth malware
• Targeted attacks
• Social engineering
New technologies and challenges:
• Social networking
• Cloud
• BYOD / consumerisation
• Virtualisation
Slide 18 © First Base Technologies 2013
What do we do today?
Traditional defences:
• Signature-based anti-virus
• Signature-based IDS/IDP
• Firewalls and perimeter devices
Traditional approach:
• Data collection for compliance
• Check-list mindset
• Tactical thinking
Slide 19 © First Base Technologies 2013
SANS says …
SANS Annual Log and Event Management Survey, May 2012
Slide 20 © First Base Technologies 2013
How can Big Data help?
Slide 21 © First Base Technologies 2013
How can Big Data help?
• SIEM on steroids?
• Fraud detection
• APT detection?
• Integration of IT and physical security?
• SIEM + IDS/IPS?
• Predictive analysis
Slide 22 © First Base Technologies 2013
Big Data to Collect
• Logs
• Network traffic
• IT assets
• Senstitive / valuable information
• Vulnerabilities
• Threat intelligence
• Application behaviour
• User behaviour
Slide 23 © First Base Technologies 2013
Big Data Analytics
• Real-time updates
• Behaviour models
• Correlation
• Heuristic capability
• Interoperability
• … advising the analysts?
• … active defence?
Slide 24 © First Base Technologies 2013
Can we do it now?
Slide 25 © First Base Technologies 2013
Big Data = Big Investment, but …
• Today: Big Data for Big Organisations with Big Budgets
News from RSA Conference 2013:
• HP say about 3% of companies are doing this today
• Analysts expect 40% adoption by 2016
• Cloud-based Big Data may enhance existing SIEM
• … and overcome the skills gap
• Enhancing SIEM with threat intelligence
• Augmenting SIEM with IT asset information
More Improvements To SIEM Than Big Data – DarkReading.com, 22/02/2013
Slide 26 © First Base Technologies 2013
Big Data Last Year
Gartner said:
Sourcefire's FireAMP technology and the technology from Prevx (acquired
by Webroot in 2010) are examples of security providers that determine
malicious intent by analysing vast amounts of observed executable
behaviors and metadata
Vendors such as NetWitness (acquired by RSA), Global DataGuard, Narus
(acquired by Boeing), Solera and Fidelus Technologies, and network
behavior analysis solutions, such as Lancope, collect large amounts of
network packets and/or flows to support the analysis for anomalous
activities
In addition, some SIEM vendors, such as Q1 Labs (acquired by IBM) and
HP ArcSight, can directly consume and analyze NetFlow data
Information Security Is Becoming a Big Data Analytics Problem – Gartner, 23/03/2012
Slide 27 © First Base Technologies 2013
Big Data Tomorrow
RSA says:
Within the next two years, we predict big data analytics will disrupt the status quo in most information security product segments, including SIEM; network monitoring; user authentication and authorization; identity management; fraud detection; and governance, risk & compliance.
Big Data Holds Big Promise For Security – RSA Security Brief, January 2013
Slide 28 © First Base Technologies 2013
Big Data Skills
• Big Data is more about the processing techniques and
outputs than the size of the data set itself, so specific
skills are required to use Big Data effectively
• There is a general shortage of specialist skills for Big
Data analysis, in particular when it comes to using some
of the less mature technologies
Slide 29 © First Base Technologies 2013
Summary
• All organisations need to invest in research and study of
the emerging Big Data Security Analytics landscape
• Big Data has the potential to defend against advanced
threats, but requires a Big Re-think of approach
• Relevant skills are key to successful deployment, only
the largest organisations can invest in this now
• Offerings exist for the other 97% that can enhance
existing technologies using cloud-based solutions
Slide 30 © First Base Technologies 2013
Peter WoodChief Executive Officer
First Base Technologies LLP
http://firstbase.co.ukhttp://white-hats.co.ukhttp://peterwood.com
Twitter: peterwoodx
Need more information?