Stay Ahead of Threats with Advanced Security Protection

John Gleason – CISSP

Risk - The common driverStay ahead…. Have a goal and a plan!

• Threat Landscape• Cyber Security finally reaches #1 in C-Level concerns• Security Program vs. Compliance checkboxes• Definitions are important• Security basics – blocking and tackling before technology• The end goal – Lower residual risk = Acceptable level of risk

Virus Lifecycle to Scale

Virus.A (#1) Virus.B (#2) Virus.AA (#27) Virus.BL (#120)

Vend

or U

pdat

e (V

irus.

A )

+0 +30 Sec +13 Min +1 Hour

Cyber Security finally reaches #1 in C-level concerns:Top 5 Business Risks - according to World Economic Forum (US, Japan, Germany, Netherlands & others)

• #1 Cyber attacks• #2 Data fraud and theft• #3 Terrorist attack• #4 Fiscal crisis• #5 Asset bubbleThis underscores the significance of understanding the cyber threat

landscape and associated insights related to intruder detection.

Security Program vs. Compliance checkboxes

• Security/Governance Frameworks• NIST (Multiple)• COBIT• ISO 27000• ITIL• SIGMA6

• Compliance• HIPPA / HITECH• PCI / DSS• CIPA / FERPA• GLBA• Sarbanes Oxley (SOX)

Security Programs address the 360 degree view

• Controls – Require People, Process, and Technology• Administrative• Technical• Physical

• • ISO 27002 defines information security policy in section 5• • COBIT defines it in the section "Plan and Organize"• • Sarbanes Oxley defines it as "Internal Environment"• • HIPAA defines it as "Assigned Security Responsibility"• • PCI DSS defines it as "Maintain an Information Security

Policy"

Definitions are importantUnderstanding can only come through common terminology and definitions

• Security Triad• Roles & Responsibilities• Data Classification• Asset Value• Threat, Threat Agent, Vulnerability, Risk, Counter measure• Controls• Residual Risk

Security triadLike a three legged stool - Possible Fourth = Authenticity

• Confidentiality - Access Control• Identification, Authentication, Authorization (Authenticity)• Least Privilege / Need to know

• Integrity• Assurance, Accuracy, Reliability

• Availability• Perform in a predictable manor, acceptable level of performance• Recover securely from disruption so productivity will not be negatively

impacted• Single points of failure ???? (BC/DR)

Roles & Responsibilities

Roles and ResponsibilitiesWhere do you identify? Owner, GM, Coach, Lineman, Linebacker, Safety?

• Data Owner• Concerned about terms like legal, regulatory, compliance, due care & due

diligence, negligence, reasonable and expected. Generally not IT.

• Data Custodian• Typically IT. Responsible for implementing the policies and guidelines

established by the Data Owner. include physical data storage, back-up and recovery, and the operation of security and data management systems.

Data ClassificationHow do you view and categories your assets?

Public / Private Business & OrganizationsMilitary/GovernmentRestricted/Confidential/Proprietary Top SecretPrivate SecretSensitive ConfidentialPublic Sensitive but Unclassified

Unclassified

Asset ValueQuantitative or Qualitative?

• Cost – to Acquire or develop? Maintain & protect? Replace?• Value – to Adversaries, Intellectual Property• Operational and productivity loss when unavailable• Liability if asset is compromised – Compliance, Legal

• Value of knowing your values – cost/benefit analysis, wise selection of countermeasures, risk awareness, due diligence

Risk Management – What (NIST Cyber Security Framework)

• Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.

• Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.

Risk Management – Why (NIST Cyber Security Framework)

• With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures.

• Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs.

• Organizations may choose to handle risk in different ways, including

mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services

• Threat, Threat Agent, Vulnerability, Risk, Counter measure

Controls – Compensating Controls• Administrative • Technical• Physical

• Preventative / Protective• Detective• Corrective / Reactive

Residual risk

• According to ISO 27001,

residual risk is “the risk

remaining after risk

treatment”.

Turning traditional risk analysis upside down

• Threats of today have increased in frequency and impact

• 75-90% enter via E-mail.• 10-20% compromised website

• Avoiding the activity is not an option

Did You Know…79,790Number of incidents investigated by Verizon in 2015

229Average number of days attackers were on a network before detection

70-90%Percent of time unique malware was found

Gartner: All organizations should assume they are in a state of continuous compromise

New world strategies

Breaking the Kill Chain of Advanced Threats

Spam

MaliciousLink

Malware

Bot Commands& Stolen Data

SpamMaliciousEmail

MaliciousLink

Exploit MaliciousWeb Site

MalwareCommand &Control Center

Bot Commands& Stolen Data

Anti-spam

Web Filtering

Intrusion Prevention

Antivirus

App Control/IP Reputation

Sand

box

Layered Defense + Shared Intelligence

Web Filter

Web Filter – Known malicious siteIP ReputationBotnet site

Intrusion Prevention

Anti-Virus/MalwareIntrusion Prevention

Sandbox candidate

Sandbox = Isolation

FortiGuard Labs – Augment your security staffNearly 300 threat researchers

FortiGuard Labs Statistics

Shared threat intelligence

Only ATP Solution NSS Recommended Edge to Endpoint

Fortinet Security Fabric – Shared threat intelligence

Questions ??Thank you

3:00 – 3:45 PM BREAKOUT SESSIONS

KONICA MINOLTABreakout Room: Guest Locker Room “What is your Print Transformation Strategy?”Emil Enstrom, Vice President of Enterprise Accounts

BARRACUDABreakout Room: Delta 360 Club“Protecting Data Everywhere”Rod Mathews, Senior Vice President and General Manager

MARCOBreakout Room: Main Field“Uncovering the Cloud: Is it Right for You?”Steve Knutson, Chief Technology Officer and Vice President of Service

MITEL Breakout Room: Interview Room“Deliver a Flexible, Engaging Customer Contact Center Experience”Brian Spencer, General Manager – Contact Center