erepublic hawaii dgs 14 presentation information security threatscape_mario balakgie
TRANSCRIPT
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
1/26
Copyright 2014 World Wide Technology, Inc. All rights reserved.
Cyber Analytics: The New Security Dimension
Mario Balakgie Director Cybersecurity
World Wide Technology, Inc
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
2/26
Primary Security Challenges for 2014:
As trust erodesand it becomes harder to define which systems and relationsh
are trustworthy and which are notorganizations face several key issues that
undermine their ability to address security with:
1) Greater attack surface area
2) Proliferation and sophistication of the attack model3) Complexity of threats and solutions
Industry Assessment of Challenge
*Source: Cisco Annual Security
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
3/26
*Source: Verizon Data Breach
Todays Threats
THE VICTIM
It could be you. All
sizes of businesses
and all industries are
at risk of some kind of
security event.
THE TARGET
Mainly payment and
bank data, which can
be quickly converted
into cash. User
credentials are also a
popular target as
gateways to other
kinds of data or
systems.
THE ATTACK
Hacking and malware
are the most popular
attack methods.
Server and user
devices are the main
targets.
Most attacks are
perpetrated by
external actors.
Financially-motivated
criminal gangs are the
dominant type.
THE CULPRIT
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
4/26
2000The Silver Bullet
Does Not Exist ANTI-VIRUS
CERTIFICATE MGMT
INTRUSION DETEC
NETWOR
FIREWALL
2014
100%Valid credentials used
243Median # of days before
detection
40Average # of systems
accessed
63Victims n
extern
ADVANCED THREATS ARE HARD TO DETECT
TIMELINE OF SECURITY CAPABILITIES
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
5/26
To achieve a reasonable level of protection, organizations must deploy
defenses against both known and unknown threatsincluding:
ZERO DAY
EXPLOITS
SPEAR
PHISHING
TARGETED
ATTACKS
TIMED
ATTACKS
LURES AND
REDIRECTS
Stopping known threats with current state of blocking and preven
IS NO LONGER ADEQUATE!
Next Generation Techniques and Ana
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
6/26
Signature Detection Methods are NOT EnThe average timeline for identifying a security breach is
measured in weeks or months.
FULL IDENTITYMANAGEMENT
Who, what device,
connected how a
Full context of
network traffic
PACKET AND LOGCOLLECTION
We must change
the way we view
detection of
threats
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
7/26
A New Security Approach Is Requi
IT CONTROLLED
PERIMETER-BOUND
PREVENTION
SIGNATURE-BASED
PAST
PLATFORMLAN/Internet Client/Server
PC
TODAY
PLATFORMobile Cloud Big
Mobile Dev
USER-CENT
BORDERLE
DETECTI
INTELLIGENCE
*So
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
8/26
Shift in Priorities and Capabilities
Todays
Priorities
Prevention
80%
Monitoring
15%
Response
5%
Prevention
80%
Monitoring
15%
Response
5%
Preventio
33%
Intelligence-
Securit
Monitoring
33%
*So
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
9/26
Why Cyber Analytics Architec Establishes a Flexible Security Model for the Enterprise
Demonstrate Security Best Practices, including:
Security Architecture Design
Governance, Risk, and Compliance Processes and Tools
Packet Capture, Log, and Metadata Generation
Security Analysis, Big Data, and Visualizations
Security Incident Response
Forensics
Multi-vendor Integrated Security Solutions
Competency around Security, Big Data, Data Center, Ne
Wireless, and other technologies
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
10/26
First Step: Assess your Readiness and Maturity Level
LEVEL 2LEVEL 1 LEVEL 3 LEVEL 4 LEVEL 5
SECURITYCAPABILITIES
RESILIENCE TO THREATS AND VULNERABILITIES
Ad hoc
No formal capabilities
Represents risks
Limited or non-existing
policies
Informal roles
Security practices
present but not
formalized
Established policies
Roles defined
Some accountability
present
Compliance focused
Risks measured
Governance and
process defined
Information centric
approach
Metrics defined
Risk-aware culture
Continuous risk imp
Business owners
Proactive approach
in business, techno
compliance
REPEATABLE
INITIAL
DEFINED
MANAGED
OPTIMIZED
Application of CMMI maturity models to Information Security
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
11/26
CYBER ANALYTICS
Advanced Cyber Analytics
Correlate
Tune
Eliminate false positives
REPORT
SIEM
MONITOR
BIG DATA PACKETCAPTURE
Tune
Correlate
Eliminate false positives
HIDS/IPS/IDS
Anti-virus
Firewalls
Access Control
Data Loss
Application Control
TRADITIONAL INPUTS ADVANCED
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
12/26
Cyber Analytics Reference Architecture
INFRASTRUCTUREIT Infrastructure
enterprise netwoNETWORK | COMPUTE | STORAGE
SENSORSSensors capture
forward packets,
netflows, logs, etSECURITY SENSORS | DATA SOURCES
ANALYTICSAnalytics process
data looking for
activities and ano
NEAR REAL TIME | BATCH
AWARENESSDashboards and
provide summarSITUATIONAL AWARENESS
RESPONSE
Rules engines process alerts
and enable automated or
procedural responses
MANAGEMENT
Management tools allow
continuous monitoring,
updates and maintenance
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
13/26
Improving the
Analytics Cycle
BEFORE
Prepare Enterprise;
Advance Analytics
AFTER
Analyze Anomalies;
Forensic Analysis
ADAPT
Adapt;
Remediate;
Tune
DURINGREPEATABLE
INITIAL
DEFINED
MANAGED
OPTIMIZED
USE CASE
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
14/26
Security EventStratificationWhat are the most important eve
Which events can I ignore?
Which events are actionable?
What actions should be taken?
USE CASEBIG DATA & ADVANCED
ANALYTICS
USE CASE
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
15/26
Malware Forecasti
Analysis and ImpacWhat malware currently exists?
Which of my systems are vulnerable?
Which immediate patches or upgrade
Prioritized risk scoring of malware
USE CASEBIG DATA & ADVANCED
ANALYTICS
USE CASE
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
16/26
Exploit and Attack
PredictionWhat are the signs of imminent attac
Where and how would such an attack
Which IT systems are vulnerable?
What would be the impact of such an
USE CASEBIG DATA & ADVANCED
ANALYTICS
USE CASE
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
17/26
Insider ThreatWhat employees are at a security
Who has access to sensitive data
Are they exhibiting anomalous be
Where and when are they accesssystem?
USE CASEBIG DATA & ADVANCED
ANALYTICS
USE CASE
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
18/26
Enterprise Risk
ManagementWhat assets are non-compliant?
What threats exist against those
What has changed in the environ
Where is the sensitive data and waccess?
USE CASEBIG DATA & ADVANCED
ANALYTICS
USE CASE
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
19/26
Incident Managem
and ForensicsWhere did the attacker go?
What was the timeline of the breach?
What was taken?
What was left behind, if anything?
USE CASEBIG DATA & ADVANCED
ANALYTICS
USE CASE
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
20/26
Fraud Detection:
ECommerce CustomWho is a normal user?
What is abnormal behavior?
How do they interact with the system
Where and when are they accessing tsystem?
USE CASEBIG DATA & ADVANCED
ANALYTICS
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
21/26
Key Take Away
Organizations are at risk - likely to b
breached Detect ion is Critical
Multi-Technology / Multi-Vendor Ap
Enterprise Processes and ContinuoImprovement are necessary
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
22/26
Summary
Cyber Analytics provides:
Multi-vendor integrated architecture for defendetection, response, and continuous improve
Individuals products can be changed
Core functions remain constant
Aligns Enterprise IT, Security and Big Data
Flexibility in Use Case Design and Implemen
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
23/26
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
24/26
IT PRODUCTS, SERVICES & SUPPLY CHAIN SOLUTIONS
PROFESSIONAL & ADVANCED SERVICES
PUBLIC SECTOR SERVICE PROVIDER COM
End-to-End Expertise
ADVANCED TECHNOLOGY CENTERARCHITECTURAL SOLUTIONS
NETWORK
Enterprise Campus/Branch
Data Center Networking High-End Routing & Optical
Wireless & Mobility
Software-Defined
Networking
SECURITY
Access Control
Network & Data Protection Security Management &
Analysis
Risk & Compliance
COLLABORATION
Unified Communications
Video Conferencing & Client
Experience
Contact Center
DATA CENTER
Facilities
Information Storage & Backup Compute & Virtualization
Data Center Transformation
Big Data
SUPPLY
Integrati
Global In Staging a
Product
Serial #
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
25/26
Advanced Technology Center (ATC)
ATC V
To create a
design, bui
and deploy
products an
solutions fo
and employ
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie
26/26