FireEye – Qualifying Cyber-Security Risks · FireEye - 10 steps to Cyber Resilience 1. Stop every...
Transcript of FireEye – Qualifying Cyber-Security Risks · FireEye - 10 steps to Cyber Resilience 1. Stop every...
1
FireEye – Qualifying Cyber-Security Risks Stefano Lamonato - Systems Engineer, Italy
ReimaginedSecurity
2
Innovation Creates Perfect Platform of
Evil
Current Security Models Ineffective
New ModelsRequired
Cyber Threats More Advanced & Complex
than Ever
NEW THREAT LANDSCAPE
Current State of Cyber Security
Copyright © 2014, FireEye, Inc. All rights reserved.
3
Why, Who & How?
Source: M-Trends Report 2014
4
Cyber Defense or Resilience?
• 71.5% thought their security was between good to excellent
• 51% either “unsure” or said “NO” when asked if the technology
they use would block a modern day attack Ponemon Research: UK data 2103Cyber Security in the Trenches
0
8
16
20 20
28
0
5
10
15
20
25
30
Daily Weekly Monthly Yearly Never Don't know
How frequently does a cyber breach occur in your organization?
%
5
Real-world Assessment of Top Industry Vertical
0%
50%
100%
%Had APT %Compromised
Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model
http://www2.fireeye.com/real-world-assessment.html
6
Malware: The Favorite Attacker’s Tool
of all the unique malware detected was seen ONCE
75%208,184Malware Download
124,289Unique Malware
93,755Malware Seen ONCE
Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth Model
http://www2.fireeye.com/real-world-assessment.html
7
“Recognizing that 100% risk mitigation is not possible in any complex system, the overarching
goal of a risk-based approach to cyber security is system resilience to survive and quickly recover from attacks and accidents”
from report: Partnering for Cyber Resiliance (World Economic Forum)
www3.weforum.org/docs/WEF_IT_PartneringCyberResilience_Guidelines_2012.pdf
So what is an acceptable incident?
8
How are you measuring the success of security?
9
Business Impact Level
Threat levelLikelihood of
attackLongevity of
attackX X X Response
capabilityX
Qualifying risk (BSI27001, NIST, IA, etc…)
10
Virtual Machine-Based Model of Detection
Purpose-Built for Security
Hardened Hypervisor
Scalable
Portable
SECURITYNeeds To Be
To Address The New Threat
Landscape
FINDS KNOWN/ UNKNOWN CYBER-ATTACKS IN REAL TIME ACROSS ALL VECTORS
11
FireEye’s Technology: State of the Art Detection
CORRELATEANALYZE( 5 0 0 , 0 0 0 O B J E C T S / H O U R )
Within VMs
Across VMs
Cross-enterprise
Network
Mobile
Files
Exploit
Callback
MalwareDownload
Lateral Transfer
Exfiltration
DETONATE
12
FireEye Product Portfolio
SEG IPS SWG
IPS
MDM
Host
Anti-virus
HostAnti-virus
MVX
Threat Analytics Platform
Mobile Threat PreventionEmail Threat
Prevention
Dynamic Threat Intelligence
Network Threat
Prevention
Content Threat
Prevention
Mobile ThreatPrevention
Endpoint Threat
Prevention
Email ThreatPrevention
13
REALTIME
The Objective: “Continuous Threat Protection”
THEFT OF ASSETS & IP
COST OF RESPONSE
DISRUPTION TO BUSINESS
REPUTATION RISK
Prevent
Time to Detect Time to Fix
14
FireEye - 10 steps to Cyber Resilience
1. Stop every attack is impossible, focus on key for your business.
2. Must have business risk based approach.
3. Recognise that the most critical assets are information, not systems
4. Refocus on marginalizing the impact of an attack rather than preventing it.
5. Less is More - The single, targeted attack is typically the one with the greatest business impact
6. Become your own first and last line of defence – most security tools work on the premise of being able
to block attacks that have been seen previously in other organizations.
7. Forensics & attribution - If we accept that some attacks will be successful, the business requires us to
understand what the impact of these incidents will have on the business profitability. Both regulation
and business will drive this need.
8. Response plans should also be well thought out and regularly tested.
9. Security is more than just your own IT - The more connected we become the more likely we are to
ensure our partners and supply chain are also secure.
10. We should not block business innovation. However, if we take a business risk approach we can help
make business relevant decisions on the value of leveraging new technology versus the risks.
15
ReimaginedSecurityReimaginedSecurity
Thank You