Network Security Trends for 2016: Taking Security to the Next Level

24 November 2015

SC Magazine UK Webcast

Security Management 2016

Take Security to the Next Level

© 2015 Skybox Security Inc.

Speakers

Michelle CobbSkybox Security

VP of Worldwide Marketing

Alastair WilliamsSkybox Security

Technical Director, EMEA


Agenda

2016 Security Trends and What You Can Do About

Them

-- Michelle Cobb, Skybox Security

Demo: Skybox Overview

-- Alastair Williams, Skybox Security


Gravitational IT Trends Affecting Security

Internet of Things

By 2020, 25B embedded and

intelligent systems

IAM

Every user is a consumer

Infrastructure

Cloud, Mobile, BYOD

Monitoring, Attack Detection

The Era of “Continuous

Compromise”


Making the CISO’s Job More Difficult

Less control over

devices (BYOD)

Less control over

infrastructure (Cloud)

Less control over users

….Still need to protect information and services!


Attackers Have the Advantage

$400B cost of cyber crime

Hardest hit: Public Sector, Information, Financial Services

Incident patterns vary – FinSvcs, Information Crimeware, Webapp attacks

– Public sector – Crimeware, Errors

– Manufacturing Cyberespionage

– Retail, Accomodation, Entertainment POS

– Education, Healthcare Errors

Sources: Costs – Center for Strategic and International Studies;

Incidents - 2015 Verizon Data Breach Investigations Report


Plenty of Security Solutions

$75B spent on

security solutions in

2015 (Gartner, others)

Average enterprise

has dozens of

security solutions

Sources: Gartner

VPN

Firewall

IPS

Endpoint Protection

Secure Web Gateways

Attack Detection

Vulnerability Assessment

Secure Web Gateway

Secure Email Gateway

Identity and Access Mgmt

Data Loss Prevention

SIEM

IT-GRC

Forensics


Some Security Technologies Need to Adapt

Sources: Gartner

VPN

Firewall

IPS

Endpoint Protection

Secure Web Gateways

Attack Detection

Vulnerability Assessment

Secure Web Gateway

Secure Email Gateway

Identity and Access Mgmt

Data Loss Prevention

SIEM

IT-GRC

Forensics

Check for

Weak SpotsGartner points out technologies

that need to adapt


No Change in “Defender Gap” in 10 years

80% of Attackers

Compromise Network in Days

25% of Defenders

Discover Attacks in Days

Sources: Spending-IDC & Gartner; Costs – Center for Strategic and

Interational Studies; Chart - 2015 Verizon Data Breach Investigations Report


Entering the Era of “Continuous Compromise”

Continuous Compromise – Custom malware, 1-2% infection rate, long time to detect & respond

2016 Wish List: Understand and Take Action

Security Analytics at the core

Visibility and Intelligence

Continuous monitoring

Fast response

Security automation


In Security, Visibility is Everything

It might not

be as easy

as you think.


In Security, Visibility is Everything

Problem 1:

Sheer Size of

Network

Problem 2:

Dozens of network

& security vendors

Problem 3:

Complex rule-

sets to analyse Problem 4:

Changes,

changes, changes

http://www.fortinet.com/

http://www.fortinet.com/


Building Attack Surface Visibility

ASSETS

• Servers

• Workstations

• Networks



SECURITY CONTROLS

• Firewalls

• IPS

• VPNs

ASSETS

• Servers

• Workstations

• Networks



SECURITY CONTROLS

• Firewalls

• IPS

• VPNs

NETWORK TOPOLOGY

• Routers

• Load Balancers

• Switches

ASSETS

• Servers

• Workstations

• Networks



SECURITY CONTROLS

• Firewalls

• IPS

• VPNs

NETWORK TOPOLOGY

• Routers

• Load Balancers

• Switches

ASSETS

• Servers

• Workstations

• Networks

VULNERABILITIES

• Location

• Criticality



SECURITY CONTROLS

• Firewalls

• IPS

• VPNs

NETWORK TOPOLOGY

• Routers

• Load Balancers

• Switches

ASSETS

• Servers

• Workstations

• Networks

VULNERABILITIES

• Location

• Criticality

THREATS

• Hackers

• Insiders

• Worms

Source: Skybox Security


Continuous Monitoring is Required

Network device rules and configurations

Users access policies

Vulnerabilities

New threats

Constant changes


Continuous Monitoring of Vulnerabilities

HALF of CVE’s have a

published exploit in

less than ONE month

after CVE publish date

Vulnerabilities continue

to be exploited

YEARS after the CVE

release date

Sources: 2015 Verizon Data Breach Investigations Report

Act fast

Continuous

process


Difficult to Keep up with Vulnerabilities

222 new critical or high severity CVE’s October 2015

2 years ago… 127 new critical or high severity CVE’s in Oct 2013

90-day vulnerability cycle?

686 critical/high in the 90 day period from Aug–Oct 2015

Source:Skybox Vulnerability Center


Infrequent Active Scans Are Insufficient

TimeMonth 1 Month 2 Month 3

50%

Monthly or

quarterly

scanning100%

Active

scanner

Update vulnerabilities

continuously using analytics-

based “scanless” detection


Putting it Together –

Fast Response to New Threats

VisualizeCorrelate, Prioritize

Exploitable Vulnerabilities

CVE-1234

CVE-0123

MS12074

CVE-4567

CVE-5678


Take Context into Account


Understand Controls

Security Controls

Access paths

Policy violations

Unauthorized changes


Attack Simulation to Verify Exploitable Risks


Understand Controls

Identify Attack Vectors

High-risk vector


From the CISO point of view -

First protection, then management

CISO

Endpoints Networks Apps Content Users

SIEM SOAR

EPP IAMDLPApp

SecVPN, FW,

IPSSecurity Protections

• Security

Traditional

Sec Mgmt

Events, Alerts,

Reporting

t

Policy Compliance

SIEM VA NSM


Update Security Architecture 2016

Incorporate Security Analytics

CISO

Endpoints Networks Apps Content Users

SIEM

EPP IAMDLPApp

SecVPN, FW,

IPS

Traditional Security

Management

Security Protections

Intelligence, Analytics

Visibility, ActionsEvents, Alerts,

Reporting

Next-Gen Security

ManagementSecurity

Analytics


References

1. Best Practices for Reducing Your Attack Surface

2. 2015 Skybox Enterprise Vulnerability Management

Trends Report

3. Best Practices for Vulnerability Management

4. 2015 Research Sources:

– Skybox Security Vulnerability Research

– 2015 Verizon Data Breach Investigations Report

– Ponemon Cost of Cyber Crime

– Center for Strategic and International Studies

– Gartner: 2015 The Impact of Data Center Transformation on Security

Network Security Trends for 2016: Taking Security to the Next Level

Technology

Transcript of Network Security Trends for 2016: Taking Security to the Next Level