NETWORK

“THEY WILL BEAT YOU”, “THEY ARE COMING VERY FAST”

EARTH… 2016

APT ATTACKS

2005

2010

20152020

Titan Rain

(2003)

Sykipot

Attacks

(2006)

GhostNet

(2009)

PinchDuke

(2009)

Stuxnet

(2010)

Duqu1

(2011)

MiniDuke,

CosmicDuke,

OnionDuke,

CozyDuke

(2014)

Duqu2

(2015)

Remexi

(2015)

Deep Panda

(2015)

Poseidon

(2015)

IoT

AaaS

2020 AND THE FUTURE OF APT

Internet of Things Ransomware for IoT

Profiling (car, health, insurance, govt. etc.)

DoS

Attack-as-a-Service Consulting services such as botnet setup, $350-$400 per man-day.

Infection/spreading services, under $100 per a thousand installs.

Botnets and rental, Distributed Denial of Service (DDoS), $535 for five hours a day for one week, email spam, $40 per 20,000 emails, and Web spam, $2 per thirty posts.

Blackhat Search Engine Optimization (SEO), $80 for 20,000 spammed backlinks.

Inter-Carrier money exchange and mule services, 25% commission.

CAPTCHA breaking, $1 per a thousand CAPTCHAs, done by recruited humans.

Crimeware upgrade modules: Using Zeus modules as an example, they range anywhere from $500 to $10,000.

NEED MORE (SCARY) STATS?http://www.isaca.org/Knowledge-Center/Research/Documents/2015-advanced-persistent-threat-awareness_whp_eng_1015.pdf

https://www.fas.org/sgp/crs/misc/R43310.pdf

Constantly updated

Table 1. Data and Statistics: Cyber Incidents, Data Breaches, Cybercrime (60+)

Table 2. Glossaries, Lexicons, and Guidance Pertaining to Cybersecurity

ZONING MODEL - CONCEPTUAL

ZONING MODEL – SAMPLE ARCHITECTURE

MAPPING SECURITY MEASURES

MATURITYCurrent Evolve Target

Tactical Projects for significant Improvements

Consolidation, Integration, Logging, Monitoring, Visibility

Holistic Security with integrated Vulnerability, SIEM

and Incident Management

Limited Asset Inventory Effective Discovery & Inventory (CMDB)

No Asset or Risk Classification

Classification based on Risk Factors

No consistent App Sec Standards

Defined App Sec StandardsApplication Classification,

Hardening, Scanning

Open Network, No Access Controls

Evolve Zones, Security Controls

Established Zone Lifecycle based on Placement / Risk

No Vulnerability Management

Evolve proactive ProgramIntegrated Vulnerability Management with SIEM

Trust Network is open globally and insecure

Focus on Service Zones in Data Centers and User

Resource Zones

Services organized in Zones based on Placement, Criteria

and Controls

Various confusing methods for remote and local access

Single Integrated Security Model with Zero Trust

Security Architecture

Asset Inventory (Roles)

Asset Classification

Network Segmentation

Vulnerability Management

Security Model

Secured Service Data Centers

Application Classification

Asset Classification, Configuration, Service Dependency Mapping for Zones, Placement,

Controls

STANDARDSCIS Critical Security Controls (formerly SANS Top 20)

https://www.cisecurity.org/critical-controls.cfmNIST

PCIDSS Version 3.2 April 2016

https://www.pcisecuritystandards.org/

NIST

SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations

SP 800-41 Guidelines on Firewalls and Firewall Policy

ISO27000Series

ISO/IEC 27033-1:2015: network security overview and concepts

ISO/IEC 27033-2:2012 Guidelines for the design and implementation of network security

ISO/IEC 27033-3:2010 Reference networking scenarios -- threats, design techniques and control issues

ISO/IEC 27033-4:2014: Securing communications between networks using security gateways

ISO/IEC 27033-5:2013: Securing communications across networks using Virtual Private Networks (VPNs)

ISO/IEC 27033-6: Securing wireless IP network access (DRAFT)

SANS TOP 20

QUESTIONS