real-time threat detection & reduction of risk · 2020. 3. 18. · cyber risk reduction -...
TRANSCRIPT
![Page 1: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/1.jpg)
Real-Time Threat Detection & Reduction of Risk
Andrew Kays – Chief Technology Officer
![Page 2: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/2.jpg)
Who are Redscan?
• 15 years’ managed security experience
• Deliver ‘Red’ and ‘Blue’ Team operations
• One of the UK’s most qualified ethical hacking companies
• UK-based 24/7 Security Operations Centre
![Page 3: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/3.jpg)
Our services include:
• Managed detection and response (MDR)
• Cyber-attack simulation
• Penetration testing
• Vulnerability assessments
• Cyber Essentials certification
![Page 4: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/4.jpg)
Some of our customers…
![Page 5: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/5.jpg)
100% cyber-crime prevention is impossible
Verizon Data Breach Report 2017
• £4.1m - Average cost of a breach
• £158 - Cost per record Ponemon Institute
• 150 days - Average time to detect a breach Carbon Black
![Page 6: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/6.jpg)
Regulators are demanding improvements
Others include: • GPG-13• PCI-DSS• SWIFT CSP
GDPR – May 2018- Breaches must be reported within 72 hours- Affected individuals in ‘high-risk’ cases must also be notified- Fines up to 4% of global annual turnover
![Page 7: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/7.jpg)
TalkTalk - £400,000 fine
ICO: TalkTalk’s failure to implement basic cyber security measures allowed a hacker to penetrate their systems
• 16 year-old boy from his bedroom
• Share price down 11%
• Direct costs of £42m
• Under GDPR this fine could have been £70m
Financial and reputational damage
![Page 8: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/8.jpg)
Thinking like the adversary
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Sun Tzu, The Art of War
![Page 9: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/9.jpg)
Red Team OperationsSimulated real-world cyber-attacks
Understanding your security posture
Penetration & Vulnerability TestingEvaluate and mitigate exposures
Security AssessmentsCyber-security consultancy
![Page 10: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/10.jpg)
Cyber Security Lifecycle
Market still maturing:
• Low policy/price differentiation between firms – struggling to understand level of risk between firms with a varying degree of systems/processes for cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber- Incidents go unreported (until next year)- Very complex environments
Cyber insurance
• Apportion of blame Cyber insurance policies often include exclusions for incidents that are acts of war. This makes the attribution of cyber attacks extremely critical. Who decides who is behind these attacks?
![Page 11: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/11.jpg)
SIEM Behavioural Monitoring
Intrusion DetectionVulnerability Assessment
FIM, Asset Discovery
MILLIONSLogs ingested per day
HUNDREDSAlerts generated per day
TENSIncidents investigated per day
SINGLEIncident reported per day
TECHNOLOGYMulti-Layered Threat Detection Platform
PROCESSAdvanced Analytics
Global Threat Correlation
PEOPLECertified Security
Experts
Red Team ResearchOSINT, OTX, CISP
Global Honeypot Network
24/7/365 C-SOCRedscan Labs
Red Team and Incident Responders
Actionable IntelligenceRemedial Recommendations
Detailed Reporting
Managed Detection and Response (MDR)
![Page 12: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/12.jpg)
Cyber Security Lifecycle
MDR greatly increases the likelihood of stopping an attack before a breach, and will therefore reduce the risk to the client and the Insurer
How MDR reduces risk in real-time
MDR can detect & intercept this process, and potentially stop the attacker reaching their target
This happens in real-time with SOC Analysts managing the process
![Page 13: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/13.jpg)
• CBEST- CBEST is a framework to deliver controlled, bespoke, intelligence-led
cyber security tests for the banking industry
• Red Teaming- Understand your security posture with a simulated real-world attack,
even wider scope, less constrained
Stress test your systems
![Page 14: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/14.jpg)
• GDPR will drive a lot of positive change
• Insurance is an important part of a client’s cyber security posture
• MDR greatly reduces the client’s risk and the insurer’s
• Systems need to be cyber stress tested
• The financial Industry is an attractive targetHacking a bank is less risky and more lucrative than robbing one physically!
Final thoughts
![Page 15: Real-Time Threat Detection & Reduction of Risk · 2020. 3. 18. · cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber - Incidents go unreported](https://reader036.vdocuments.net/reader036/viewer/2022071113/5feaa9ad86b56a72b00ca8c3/html5/thumbnails/15.jpg)