security at the breaking point: rethink security in 2013

Security at the Breaking Point:

Rethink Security in 2013 presented by

Gidi Cohen

CEO and Founder

Skybox Security

November 2, 2012

www.skyboxsecurity.com © 2012 Skybox Security 1

Why can’t we curb

security threats?

© 2012 Skybox Security 2

The Threat Landscape is

Changing Fast

“…The threat landscape is not evolving but rapidly mutating as attackers find ever-more devious ways of bypassing security controls.

This will challenge security managers to devise new and creative ways to rethink security…”

Source: Forrester Research report “Updated Q4 2011: The New Threat Landscape — Proceed With Caution”

© 2012 Skybox Security 3

Old Gen Tech Is Not Effective

• Network Security–Firewalls, IPS only effective if maintained constantly

• Vulnerability scanners – Often disruptive, not suitable for daily use

• SIEM – Reactive, too much irrelevant data

• Pen Test – Not cost effective at large scale

© 2012 Skybox Security 4

Maintaining Security Controls is a

Difficult Challenge

• 500 network devices

• 25,000 FW rules

• 1,000 IPS signatures

• 55,000 nodes

• 65 daily network

changes

• Infrastructure spanning

three continents

© 2012 Skybox Security 5

Vulnerability Scans –

Too Little, Too Late

0

50

100

150

200

250

300

350

10% 20% 30% 40% 50% 60% 70% 80% 90%

Fre

quency x

/year

% of Network Scanned

To keep pace with threats?

Daily updates

90%+ hosts

Partner/External networks

Avg. scan: 60-90 days

<50% of hosts

Critical systems, DMZ

Avg. scan: 30 days

50-75% of hosts

© 2012 Skybox Security 6

SIEM – Monitoring, not Prevention

• (Regarding SIEM) "If the question is, 'Does it stop

hackers?' then the answer is no. It's not supposed to

stop anything.“ • Dr. Anton Chuvakin, Gartner

© 2012 Skybox Security 7

SIEM

Monitor events

Respond to incidents

Proactive Security

Anticipate risks

Prevent damage

Pre-attack Post-attack

Cyber

Attack!

Time to Rethink Security

© 2012 Skybox Security 8

Security is a Strategic Game

© 2012 Skybox Security 9

Where are we

at risk?

What does the playing

field look like?

What’s our objective?

What is the

next move?

Your Opponents are Formidable

© 2012 Skybox Security 10

There are Many Attack Vectors

© 2012 Skybox Security 11

Mobile devices

Misconfigured firewall

Network vulnerabilities default password

USBs

missing IPS signature Unused rules

Mobile apps

access violation

buffer attack

social networks

social networks

social networks

social networks

access violation

access violation

Cross-site scripting

default password

blocked rules access violation

social networks

social networks

access policy violations

default password

blocked rules

access policy violation

social engineering social networks

Misconfigured firewall

policy violation

blocked rules

Misconfigured firewall

missing IPS signature

blocked rules

Misconfigured firewall

missing IPS signature

blocked rules Misconfigured firewall

missing IPS signature

blocked rules

buffer overflows

Risky access rules

buffer attack Zero day vulnerability

buffer overflow attack policy violation

USBs

USBs

USBs

threat origins

threat origins

More Security Controls ≠

Better Security

They all

speak different

languages.

© 2012 Skybox Security 12

And You Don’t Have Full Visibility

© 2012 Skybox Security 13

It’s going to get a lot worse

(Mobile, Virtualization, Clouds)

© 2012 Skybox Security 14

New Challenges Change

the Attack Surface

2011 growth

Mobile data +133%

Mobile threats

+400%

It’s still early ….

More virtualized

servers deployed in

2011 than in 2001 to

2009 combined BYOC (Cloud)

Where is your data?

© 2012 Skybox Security 15

Can you achieve

an 8X

improvement in

2 years?

How?

The Security Management Gap is

Widening Fast

© 2012 Skybox Security 16

Your Mission – Win the Game

Where are we

at risk?

What do we do now?

What are our

best options?

© 2012 Skybox Security 17

© 2012 Skybox Security 18

Proactive

Security Risk Management

Solution?

The Solution Ingredients

© 2012 Skybox Security - Confidential 19

Risk-driven approach for proactive protection

Continuous, non-disruptive process

Serves both Security and IT Ops teams

Scalable to any size heterogeneous network

Advanced predictive analytics

Predictive Analytics -

Modeling & Attack Simulation

Compromised

Partner

Attack

Simulations

Rogue Admin

Vulnerabilities • CVE 2009-203

• CVE 2006-722

• CVE 2006-490

Internet

Hacker

© 2012 Skybox Security - Confidential 20

Proactive Intelligence to

Prevent Attack

Probable attack vector to Finance servers asset group This attack is a “multi-step”

attack, crossing several network zones

Connectivity Path

Business Impact Attack Vector

How to Block

Potential

Attack?

© 2012 Skybox Security 21

Visibility to State of Security

© 2012 Skybox Security 22

Most Critical

Actions

Vulnerabilities

Threats

The Future of

Security Operations Center (SOC)

IT GRC/Security Dashboard – consolidated reporting

Security Risk

Management (SRM)

Proactive, pre-attack

exposure management

Security Information &

Event Management

(SIEM)

Post-attack incident

management

© 2012 Skybox Security - Confidential 23

Recommendations

Aim high

• Unbelievable scale

• Adapt to new architectures

Reinvent security management

• Integrated, holistic approach

• Proactive, not reactive

Use the Force, Luke

• It’s your infrastructure! Take Advantage

• Smart analytics

© 2012 Skybox Security 24

Automate daily security tasks

Maintain compliance, prevent attacks

Visit www.skyboxsecurity.com

Thank you!

© 2012 Skybox Security 25