cisco 2018 annual cybersecurity report
TRANSCRIPT
Technology Consultant II
Ingram Micro
Cisco 2018
Annual Cybersecurity Report
Kevin Switzer
Agenda
• Appe-teasers – A few of the more interesting findings• Encryption use, Malicious file types, Sandbox evasion
• Statistical Trends• Cloud Usage, Malicious domains, software patches, alerts investigated,
tactical vs operational, Time to detection
• Predictions of what is to come in near future
• Cisco 2018 Security Capabilities Benchmark Study—which offers insights
on security practices from more than 3600 respondents across 26 countries
Malicious Binaries and Encryption
Increase
November 2016
Attackers embrace encryption to conceal their command-and-control activity
19%
12% Increase
268%70%
50%
38%
Global Encrypted Web Traffic Malicious Sandbox Binaries with Encryption
October 2017
Decrypt interesting traffic
SSL decryption engine
Uncover Hidden Threats at the Edge
Log
SSL
decryption engine
Enforcement
decisions
Encrypted Traffic
AVC
https://www.%$&^*#$@#$.com
https://www.%$&^*#$@#$.com
Inspect deciphered packets Track and log all SSL sessions
NGIPS and AMP
gambling
elicit
https://www.%$*#$@#$.com
https://www.%$*#$@#$.com
https://www.%$*#$@#$.com
https://www.%$*#$@#$.com
https://www.%$*#$@#$.com
https://www.%$*#$@#$.com
https//www.%$*#$@#$.com
https://www.%$*#$@#$.com
https://www.%$*#$@#$.com
https://www.%$*#$@#$.com
Sandbox Evasion PatternsAttackers are constantly testing sandbox evasion techniques
Document CloseDoc Embedded
in PDF
Malicious Samples Total Samples
Oct 2016
Volu
me
Volu
me
Oct 2017 Oct 2016 Oct 2017
How Malicious Actors Leverage Domains
60%Spam
20%Malvertising
20%Other
Organizations need to minimize access to malicious domains
Type of Attack
RLD Registered
Times
New or Reused
Domains
80%More than
1 week
20%Less than
1 week
42%New
58%Reused
Vulnerabilities – ‘Do we need those stinking patches?’
“Apparently, hackers do still party like it is 1999”
CVE = Common Vulnerabilities and Exposures
1405002 rev 6.27.14
Proprietary information of Ingram Micro Inc. — Do not distribute or duplicate without Ingram Micro's express written permission.8
Software patches are fun, if you like to…
We need a better way to improve patch management processes
High Severity Vulnerabilities and Patch Management
High severity is driven by headlines
MS17-010 Detections
Patches double as organizations
realize potential threat
Exploited vulnerability
makes headlines
Microsoft warns
of vulnerability
Nu
mb
er
of
Dete
cti
on
s
Month Source: Qualys
Insert A4E screen shot
Alerts
44%of Alerts are
NOT Investigated
7%Experienced NO
Security Alert
56%of Alerts are
Investigated
34%of Investigated
Alerts are
Legitimate
51%of Legitimate Alerts
are Remediated
93%Experienced
Security Alert
Uninvestigated alerts still create huge business risk
49%of Legitimate Alerts are
NOT Remediated
Strategic, Operational, and Tactical Issues
26%can be addressed
by products alone
74% might also require
people and/or
processes to address
People
Products Policies
An overemphasis on
product solutions can leave
openings for attackers
Observed Threats and TTDCloud-based security technology has been a key factor in helping Cisco
maintain a low median despite an increase in threat samples
Cisco Annual Median TTD
(Hours)
37.1
14
4.6
2015 2016 2017
Number of Observed Threat Samples
10xIncrease
2016 2017
Market Expectations and Emerging Capabilities
OutcomesInvestment
Technology
Market Expectations: Threat Landscape
The threat landscape to remain complex and
challenging
• Few predict radically new threats on the horizon, but they
see more capable and more diabolical bad actors
• Believe they’ll need ever more sophisticated security
arsenals to keep they at bay
Market Expectations: Modern Workplace
The modern workplace will continue to create
conditions that favor the attackers
• The footprint security executives must secure continues to
expand
• Employees increasingly carry their work (and the
company’s data) with them wherever they go—a well-
documented source of exposure
• Clients, partners and suppliers all need secure access to
corporate resources
• With the increasing deployment of IoT sensors, etc.,
companies’ interfaces to the internet will multiply
dramatically
Market Expectations: Scrutiny
Additional scrutiny of their ability to secure
the organization
• Many expect they’ll be under additional scrutiny—from
regulators, executives, stakeholders, partners and clients
• Top scrutiny from Executive Leadership, Clients, and
Business Partners (76%, each)
• Several CISOs mention that the need to meet others’
expectations for accessibility puts increasing strains on staff
• Current and potential clients can be particularly demanding
of information regarding security processes and protocols
Market Expectations: Breaches Drive Budget
Budgets will remain stable, unless a security
breach drives unexpected investment
• 51%: Budgets based on previous year’s budget
• 51%: 3rd party risk assessment
• 7%: Breach drove improvements to a great extent
!
Market Expectations: Outsourcing
More reliance on outsourcing services
• 53%: More cost efficient
• 52%: Desire for more unbiased insight
• 51%: More timely response to incidents
Download the Cisco 2018 Annual Cybersecurity Report, Verizon
Data Breach Report, NSS Labs Breach Detection Test
cisco.com/go/acr2018
www.verizonenterprise.com/verizon-insights-
lab/dbir/2017/
http://b2me.cisco.com/NSSLabsBDS