Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
-
Upload
opendns -
Category
Technology
-
view
251 -
download
1
description
Transcript of Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
1
Key Strategies for the Challenges that Lie Ahead
Agenda
2
1 how the shift in motivations has impacted today’s threat landscape
2 why preventative
techniques alone can no longer ensure a secure
environment
3 which strategies need to be considered for a
holistic approach to security
4 next steps can you take towards identifying your best strategies against
cyber-attacks
They Just Need to Be Effective Once. Any Time.
3
You Must Be Right and Fast All The Time.
4
Motivations Have Shifted & Converged
5
Motivations Have Shifted & Converged
6
CYBER- ESPIONAGE
CYBER- MANIPULATION
CYBER- CRIME
CYBER- WARFARE
HACK- TIVISM CYBER-
TERRORISM
CYBER- MERCERNARY
Sources: National Institute of Standards and Technology | Trend Micro, June 2013 | Peter Singer and Allan Friedman of the Brookings Institution
Targeted Attacks are More Pervasive, But Not Always Persistent
9
1
Exponential Threats Every second… new pieces
of malware discovered
new threats targeting SMBs
Emboldened Attackers NIST’s De�nition of APT:
ü “It pursues its objectives repeatedly over an extended period of time”
ü “It adapts to defenders’ efforts to resist it”
ü “It is determined to maintain the level of interaction needed to execute its objectives”
7
49% are effective in
detecting APTs
44% are effective in
containing APTs
39% are effective in
preventing APTs
Customers Are Not Staying Ahead of The Attacks
APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
8
Security Pros, Execs & The Board Know There’s a Problem, Just Not How To Solve It
9 APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
are the most used solutions to address APTs according to recent surveys by ICASA and Ponemon AV & FW / IDS
96% security practitioners are
at least somewhat familiar with APTs
53% security practitioners do not believe APTs differ from traditional threats
13% non-IT execs are
fully aware of APTs and their impact
72% evade
detection by IDS
76% evade
prevention by AV
56% evade detection or
containment by endpoint -based sandboxes
Exploits and Malware Evolve and Evade Current Solutions
State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
“While these controls are pro�cient for defending against traditional attacks, they are probably not as suited for preventing APTs” -- ICASA
10
Let’s Stop The Insanity
11
Stop Reacting So-called “best-of-breed” solutions are failing to stop sophisticated cyber-attackers, and the latest "magic box” is not going to outsmart them
Start Thinking Deeply & Acting Broadly ü Analyze our risks:
who will attack us, why & where?
ü Assess our investments: are we measuring their success?
ü Craft a multi-tiered strategy
Predictive Defense & Prevention
Reduce the risk of security breaches by:
ü Reducing the attack surface
ü Layering threat protection 12
Implement The “Least Privilege” Principle
13
Systems may be exploited via phishing user credentials or software vulnerabilities
But ultimately, what enables the breach is by
exploiting trust
SMBs Become The New Trojan Horse In A Supply Chain Attack
14
Why storm the castle walls, when you can be invited in.
36% of targeted attacks impact
SMBs as of 1H2012; 2x more than in 2011
Source: Symantec
15
75% used apps with a
known vulnerability but without a viable patch
64% used apps with a known
vulnerability and hadn’t deployed a
viable patch 65% hadn’t deployed
viable patches due to the cost of
downtime
Best Practices Aren’t Always Practical and They’re Never Enough
52% believed patching effectively stopped most opportunistic
attacks
31% believed patching effectively stopped
most targeted attacks
APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
15
16
Implement Security Enforcement On and Off Network
52% say you can’t solely
protect networks against adv. malware, must also
protect endpoints
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
17
Implement Security Enforcement On and Off Network
51% use endpoint-
based sandboxing technologies
52% report that its dif�cult to
manage 43% report that it negatively affects UX
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
18
Implement Security Enforcement On and Off Network
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Quick Detection & Containment
Reduce the impact of security breaches by:
ü Obtaining coverage and visibility ü Monitoring network activity ü Sharing security intelligence
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
65% believe you can’t prevent
adv. malware from infecting networks & devices; focus
more on detection vs. prevention
19
Obtain Coverage & Visibility
20
Get an eye in the sky to see everything that accesses your data and infrastructure
Monitor Network Activity
21
Establish a baseline to detect anomalous patterns
Share Security Intelligence
22
Forewarned is Forearmed
Proactive Education & Complication
Increase the effort required to breach security by:
ü Raising security awareness
ü Employing mitigation methods
Raise Security Awareness
24
Employ Mitigation Methods
Confusing attackers, may keep less determined
attackers at bay
25
Realign Your Security Investments
26
7. Have you taken measures to reduce your overall attack surface?
8. Have you applied consistently high security standards throughout your organization?
9. Do you have visibility into cloud and DNS activity that could affect your network, your system, your data?
10. Have you made suf�cient investments in education and training among your employees and partners?
11. Based on your assessments of the above, which tactics/techniques would be most likely to minimize and/or mitigate the impact of an attack?
“Before we know about any new virus, somebody has to be a sacri�cial lamb and die and tell us about it. It's an awful way of doing things.” -- CTO of McAfee’s Endpoint Solution Division
1. Given the nature of your organization, why would you be attacked?
2. Which of your assets align to attacker motives?
3. Where are the vulnerabilities among your assets, supply chain vendors, partners, services providers and customers?
4. How secure are your assets in the cloud or on the devices your employees use?
5. How might these vulnerabilities be exploited?
6. What preventive tactics are currently in place and how effective are they?
Enterprise Threat Protection.
Unlike Any Other.
27
The World’s Leader for Cloud-Delivered Network Security
FFuullllyy--SSttaaffffeedd SSeeccuurriittyy RReesseeaarrcchh TTeeaamm DDeecceemmbbeerr 22001122
NNeettwwoorrkk SSeeccuurriittyy BBeeyyoonndd tthhee PPeerriimmeetteerr NNoovveemmbbeerr 22001122
SSeeccuurreess OOvveerr 5500MM DDaaiillyy--AAccttiivvee UUsseerrss MMaayy 22001122
PPaarrttnneerrss wwiitthh TThhrreeaatt FFeeeedd PPrroovviiddeerrss SSeepptteemmbbeerr 22000099
WWoorrlldd’’ss LLaarrggeesstt IInntteerrnneett SSeeccuurriittyy NNeettwwoorrkk JJuullyy 22000066
we're
FFiirrsstt AAnnttii--PPhhiisshhiinngg CClleeaarriinngghhoouussee OOccttoobbeerr 22000066
DDaattaa AAnnaallyyttiiccss PPrreeddiicctt TThhrreeaattss FFeebbrruuaarryy 22001133
TThhrreeaatt PPrrootteeccttiioonn BBeeyyoonndd DDNNSS JJuullyy 22001133
EEmmppllooyyeeeess
160+ Across San Francisco & Vancouver
IInnvveessttoorrss
Greylock Sequoia
Sutter Hill
10,000+ Businesses
CCuussttoommeerrss
28
29 ASIA-PACIFIC EUROPE, MIDDLE EAST & AFRICA AMERICAS
Acquires data from
2% of the Internet
1M+ events per second
50M+ daily-active users
160+ countries
22 data centers (and more coming)
30
• any port
Connect with con�dence. Anywhere. Anytime. On any device.
Every day, we block
80M+ security events over
• any protocol • any app
Predictive security. Panoramic visibility. Enforcement everywhere.
Service Security Graph Umbrella
Platform intelligence enforcement
Purpose predict threats
before they happen using big data analytics
prevents infections or contains breaches
on or beyond the network
Manageability
0: net new latency 100%: global network uptime
<30min: to complete provisioning <1min: to update actionable intelligence
0: maintenance required to keep up to date
Service Security Graph Umbrella
Platform intelligence enforcement
Purpose predict threats
before they happen using big data analytics
prevents infections or contains breaches
on or beyond the network
Service Security Graph
Platform intelligence
Purpose predict threats
before they happen using big data analytics
31
32
Them: Catch up.
Them Us
network-centric cloud-centric
ponderous nimble
reactive proactive
need evidence see patterns
fragmented holistic
Us: Evolve.
OpenDNS
• Leverage the World’s largest Internet security network to block threats no other vendor covers.
• Set up our free, instant trial in under 30 minutes.
Connect with con�dence.
33