"DO Sweat the Small Stuff - Little HR Mistakes that can Cause Big Legal Problems"
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
-
Upload
unisys-corporation -
Category
Technology
-
view
309 -
download
2
Transcript of Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Dave FrymierVice President and CISO, Unisys
Don’t sweat the small stuff – protect what matters the most.
© 2014 Unisys Corporation. All rights reserved. 2
Two Big DriversIT EnvironmentConsumerization of IT
• New devices are everywhere;
employees will use them
– Consumer devices are not generally
MS domain aware
• Not just about devices—new services
on the Internet tunnel port 80
– gotomyPC, logmein
– Dropbox
• Organizational perimeter crumbling
© 2014 Unisys Corporation. All rights reserved. 3
• Enters through spam e-mail, bad websites
• “Beacons” back to command and
control servers
– Reports in
– Obtains instructions/more malware
• Evades anti-malware software
• Low and slow
• Looks laterally and vertically in network
for high value targets
• Can be found through beaconing activityRandom spamSpear phishingBad web site
Departmentalinfrastructure
EnterpriseAdministration
(Active Directory)
Corporate Jewels
ThreatAdvanced Persistent
Botnet
C&C
© 2014 Unisys Corporation. All rights reserved. 5
Normalization of Element-specific log file data
Assets and Vulnerabilities
Threat Pattern
Database
Event Database
Asset Inventory and Vulnerability
Scanning
Scanner
Response and Remediation
Event
Correlation
Engine
Portal
Po
rta
lPortal
Portal
Portal
Reporting
IncidentsUnisys or Customer
Ticketing System
Dashboard & Reports
Portal Portal
Customer Managed Security Elements
Element-specific Agents
Element-specific Agents
Element-specific Agents
Security Infrastructure; Network Devices; OS, Application and Data Logs
Thre
at and
Vuln
era
bili
ty
Ale
rtin
g
UnisysMonitored or Managed Security Elements
Security Monitoring Model – SIEMCurrent countermeasures
Intrusion
Detection &
Prevention
Network
Firewall &
VPN
Secure
Remote
Access
Endpoint
Security
Security
Event
Monitoring
Vulnerability
Mgmt.
Threat &
Vulnerablity
Alerting
Scanning
Web Content
Security
Web
Application
Security
Security Incident
Management
Application Security Services
Network Security Services
© 2014 Unisys Corporation. All rights reserved. 6
• It’s mostly after-the-fact
• Protects everything the same way
• Getting more and more expensive—like big data
– Software costs
– Storage of all the log and traffic data/meta data
– Processing
– Network resources to move data from endpoint to SIEM
For advanced adversaries, the traditional approach
just isn’t working.
SIEM
The New York Times article retrieved from www.nytimes.com
© 2014 Unisys Corporation. All rights reserved. 7
How is this possible?
• The real world follows the laws of physics—the cyber world follows manmade rules that govern the transfer of data
• We forget how young the Internet is; it grew like a weed—without much change in the underlying protocols
• There are fundamental design flaws
– Anonymity and spoofing
• Standardization cuts both ways
• Software has bugs
This is not going
to be fixed quickly.
© 2014 Unisys Corporation. All rights reserved. 8
Edward Snowden
Interview with Guardian readers, June 2013
Encryption works. Properly implemented
strong crypto systems are one of the few
things that you can rely on.“
”
SNOWDEN
© 2014 Unisys Corporation. All rights reserved. 9
Perimeter – to compartment
We’re going from this… … to this
© 2014 Unisys Corporation. All rights reserved. 10
Risk Analysis
• Perhaps mankind’s oldest security
technique
• FIPS-199 – find it on the internet
• Output – list of most important assets and who should have
access
• Build a compartmentalized security model based on need-
to-know
• Protect and enforce that security model by “hiding” your
most important assets so the APT can’t find them
© 2014 Unisys Corporation. All rights reserved. 11
Jewels
Compartmentalized
Corporate
Jewels KMCOther BU
AppsBusiness
Unit Apps
BUIP
IAM
Any PC, Mac,
Linux
Authentication
Any device that can send a
username, password
and certificate
Messaging
Additional
Authentication/Authorization
as needed
11
Illustrative example only.
Corporate
Standard
Hardened
PC
Voice
Over IP
Low Business Impact High Business Impact Medium Business Impact
Web
User
Mobile
Gateway
Enterprise
Architecture
© 2014 Unisys Corporation. All rights reserved. 12
Traditional “buffer area” model
• Used to separate corporate network from foreign networks
• Defense-in-depth
• Extending the concept internally is overkill
© 2014 Unisys Corporation. All rights reserved. 13
Security zones
No defense-in-depth, but much more manageable and less expensive
© 2014 Unisys Corporation. All rights reserved. 14
Software defined communities
• Systems and users running common software that implements communities of interest (COI)
– Strong encryption
– Endpoint protection
– Trusted encryption key
management
• Manage users and
identities, not IP
addresses
• Emerging class of
products
• Vormetric, Unisys,
Koolspan
© 2014 Unisys Corporation. All rights reserved. 15
Stealth Shim
7. Application
6. Presentation
5. Session
4. Transport
3. Network
1. Physical
2. Link
NIC
• Software, running on Windows and Linux computers
• FIPS 140-2 AES-256 certified cryptography module
• Provides compartmentalized security by implementing virtual communities of interest (COI) for predetermined endpoint users
• Authenticates and authorizes users based on identity, not network topology
• Because it executes between the network and link protocol layers, it has no effect on applications or existing networks
• Makes systems undiscoverable by attackers
• Supports “clear COI” to allow for incremental integration into existing environments
What is Unisys Stealth™?
© 2014 Unisys Corporation. All rights reserved. 16
Comparison
Tiers Zones Software
Defined
Hides endpoints Yes Yes Yes
Network/LAN
changes
Yes Yes No
Application
changes
No No No
Installation
disruption
High High Low
Ongoing
maintenance
High High Low
Staff skill High High Low
Cost $$$ $$ $
© 2014 Unisys Corporation. All rights reserved. 17
Unisys Stealth Solution
Proactive. Scalable.
Consistent.
A Virtual Web Server
B Virtual Web Server
A Virtual App Server
B Virtual App Server
A Virtual DB Server
B Virtual DB Server
Stealth for Cloud
“Safe” Site
Corporate Site
“Risky” Site
Internet
Stealth Regional Isolation
Stealth Secure Remote Access
Enterprise
Amazon EC2
VM
VM
VM
VM
External Network
Windows
Client
SSVT
ProtectedApp
Server
Protected Database
Server
Stealth Data Center Segmentation
ProtectedApp
Server
Server
(unprotected)
Internet
Stealth for Mobile
© 2014 Unisys Corporation. All rights reserved. 18
Summing it up
• CoIT and APTs are a fact of life
• Adversaries are extremely sophisticated and capable
• Current tools aren’t working
• The base problems won’t be fixed soon
• Modern encryption, properly implemented, WORKS
• Identify the most important information and who needs access
• Hide this information using compartmentalized need-to-know communities of interest
• Keep BYO and consumer devices away from the COIs