Published on February 19, 2014
Key Strategies for the Challenges that Lie Ahead 1
Agenda 1 how the shift in motivations has impacted today’s threat landscape 3 2 why preventative techniques alone can no longer ensure a secure environment which strategies need to be considered for a holistic approach to security 4 next steps can you take towards identifying your best strategies against cyber-attacks 2
They Just Need to Be Effective Once. Any Time. 3
You Must Be Right and Fast All The Time. 4
Motivations Have Shifted & Converged 5
Motivations Have Shifted & Converged CYBERCRIME CYBERESPIONAGE CYBER- MANIPULATION CYBERMERCERNARY CYBERWARFARE CYBERTERRORISM HACKTIVISM 6
Targeted Attacks are More Pervasive, But Not Always Persistent Exponential Threats Every second… 9 1 new pieces of malware discovered new threats targeting SMBs Emboldened Attackers NIST’s Definition of APT: ü “It pursues its objectives repeatedly over an extended period of time” ü “It adapts to defenders’ efforts to resist it” ü “It is determined to maintain the level of interaction needed to execute its objectives” 7 Sources: National Institute of Standards and Technology | Trend Micro, June 2013 | Peter Singer and Allan Friedman of the Brookings Institution
Customers Are Not Staying Ahead of The Attacks 39% are effective in preventing APTs 44% are effective in containing APTs 49% are effective in detecting APTs 8 APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Security Pros, Execs & The Board Know There’s a Problem, Just Not How To Solve It 96% security practitioners are at least somewhat familiar with APTs 53% security practitioners do not believe APTs differ from traditional threats AV & FW / IDS 13% non-IT execs are fully aware of APTs and their impact are the most used solutions to address APTs according to recent surveys by ICASA and Ponemon 9 APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Exploits and Malware Evolve and Evade Current Solutions 76% evade prevention by AV 72% evade detection by IDS 56% evade detection or containment by endpoint -based sandboxes “While these controls are proficient for defending against traditional attacks, they are probably not as suited for preventing APTs” -- ICASA 10 State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Let’s Stop The Insanity Stop Reacting So-called “best-of-breed” solutions are failing to stop sophisticated cyberattackers, and the latest "magic box” is not going to outsmart them Start Thinking Deeply & Acting Broadly ü Analyze our risks: who will attack us, why & where? ü Assess our investments: are we measuring their success? ü Craft a multi-tiered strategy 11
Predictive Defense & Prevention Reduce the risk of security breaches by: ü Reducing the attack surface ü Layering threat protection 12
Implement The “Least Privilege” Principle But ultimately, what enables the breach is by exploiting trust Systems may be exploited via phishing user credentials or software vulnerabilities 13
SMBs Become The New Trojan Horse In A Supply Chain Attack Why storm the castle walls, when you can be invited in. 36% of targeted attacks impact SMBs as of 1H2012; 2x more than in 2011 14 Source: Symantec
Best Practices Aren’t Always Practical and They’re Never Enough 75% 65% hadn’t deployed viable patches due to the cost of downtime used apps with a known vulnerability but without a viable patch 64% 31% 52% used apps with a known vulnerability and hadn’t deployed a viable patch believed patching effectively stopped most opportunistic attacks believed patching effectively stopped most targeted attacks 15 APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Implement Security Enforcement On and Off Network 52% say you can’t solely protect networks against adv. malware, must also protect endpoints 16 Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Implement Security Enforcement On and Off Network 52% 51% use endpointbased sandboxing technologies report that its difficult to manage 43% report that it negatively affects UX 17 Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Implement Security Enforcement On and Off Network 18 Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
Quick Detection & Containment 65% believe you can’t prevent adv. malware from infecting networks & devices; focus more on detection vs. prevention Reduce the impact of security breaches by: ü Obtaining coverage and visibility ü Monitoring network activity ü Sharing security intelligence Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013 19
Obtain Coverage & Visibility Get an eye in the sky to see everything that accesses your data and infrastructure 20
Monitor Network Activity Establish a baseline to detect anomalous patterns 21
Share Security Intelligence Forewarned is Forearmed 22
Proactive Education & Complication Increase the effort required to breach security by: ü Raising security awareness ü Employing mitigation methods
Raise Security Awareness 24
Employ Mitigation Methods Confusing attackers, may keep less determined attackers at bay 25
Realign Your Security Investments 1. Given the nature of your organization, why would you be attacked? 7. Have you taken measures to reduce your overall attack surface? 2. Which of your assets align to attacker motives? 8. Have you applied consistently high security standards throughout your organization? 3. Where are the vulnerabilities among your assets, supply chain vendors, partners, services providers and customers? 9. Do you have visibility into cloud and DNS activity that could affect your network, your system, your data? 4. How secure are your assets in the cloud or on the devices your employees use? 10. Have you made sufficient investments in education and training among your employees and partners? 5. How might these vulnerabilities be exploited? 11. Based on your assessments of the above, which tactics/techniques would be most likely to minimize and/or mitigate the impact of an attack? 6. What preventive tactics are currently in place and how effective are they? “Before we know about any new virus, somebody has to be a sacrificial lamb and die and tell us about it. It's an awful way of doing things.” -- CTO of McAfee’s Endpoint Solution Division 26
Enterprise Threat Protection. Unlike Any Other. 27
The World’s Leader for Cloud-Delivered Network Security Threat Protection Beyond DNS July 2013 Data Analytics Predict Threats February 2013 Customers 10,000+ Businesses Fully-Staffed Security Research Team December 2012 Network Security Beyond the Perimeter November 2012 Secures Over 50M Daily-Active Users May 2012 Partners with Threat Feed Providers September 2009 First Anti-Phishing Clearinghouse October 2006 we're World’s Largest Internet Security Network July 2006 Employees Investors 160+ Across San Francisco & Vancouver Greylock Sequoia Sutter Hill 28
Acquires data from 2% of the Internet AMERICAS 1M+ events per second 50M+ daily-active users 160+ countries 22 data centers EUROPE, MIDDLE EAST & AFRICA ASIA-PACIFIC (and more coming) 29
Connect with confidence. Anywhere. Anytime. On any device. Every day, we block 80M+ security events over • any port • any protocol • any app 30
Predictive security. Panoramic visibility. Enforcement everywhere. Service Security Graph Umbrella Platform intelligence enforcement Purpose predict threats before they happen using big data analytics prevents infections or contains breaches on or beyond the network Manageability 0: net new latency 100%: global network uptime <30min: to complete provisioning <1min: to update actionable intelligence 0: maintenance required to keep up to date 31
Them: Catch up. Us: Evolve. Them Us network-centric cloud-centric ponderous nimble reactive proactive need evidence see patterns fragmented holistic 32
• Leverage the World’s largest Internet security network to block threats no other vendor covers. • Set up our free, instant trial in under 30 minutes. OpenDNS Connect with confidence. 33
7 key cyber-Security Strategies: what They Are, why They help, what challenges lie Ahead ... Rethinking cyber-Security in the Age
RETHINKING CYBER SECURITY Introduction Advanced ... 7 months ago ... The perimeter form of defense has its roots in the military strategy of the 4th ...
Bob Gordon, Head, National Cyber Security Strategy ... 11:00 a.m. Plenary Session 7 Cyber Security Law ... and policy challenges that lie ahead, ...
Rethinking health systems strengthening: key systems ... have highlighted the challenges that lie ahead: ... Key systems thinking strategies and ...
Rethinking Cybersecurity: A New Driver ... cities, and businesses large and small are racing against the challenges not only to ... they have a key ...
... Rethinking Your Cyber Security Strategy ... Live Webinar Add to ... CIOs and CISOs are tasked with 24/7 protection of digital assets while ...
Executive Summary 7 ... key GI components that lie within our city environments ... because of the scale of the challenges ahead there is a
We hope Sustaining digital leadership! will enhance your own strategic ... the challenges of digital transformation. Sustaining digital ... Key strategy ...