stay ahead of threats with advanced security protection - fortinet
TRANSCRIPT
Stay Ahead of Threats with Advanced Security Protection
John Gleason – CISSP
Risk - The common driverStay ahead…. Have a goal and a plan!
• Threat Landscape• Cyber Security finally reaches #1 in C-Level concerns• Security Program vs. Compliance checkboxes• Definitions are important• Security basics – blocking and tackling before technology• The end goal – Lower residual risk = Acceptable level of risk
Virus Lifecycle to Scale
Virus.A (#1) Virus.B (#2) Virus.AA (#27) Virus.BL (#120)
Vend
or U
pdat
e (V
irus.
A )
+0 +30 Sec +13 Min +1 Hour
Cyber Security finally reaches #1 in C-level concerns:Top 5 Business Risks - according to World Economic Forum (US, Japan, Germany, Netherlands & others)
• #1 Cyber attacks• #2 Data fraud and theft• #3 Terrorist attack• #4 Fiscal crisis• #5 Asset bubbleThis underscores the significance of understanding the cyber threat
landscape and associated insights related to intruder detection.
Security Program vs. Compliance checkboxes
• Security/Governance Frameworks• NIST (Multiple)• COBIT• ISO 27000• ITIL• SIGMA6
• Compliance• HIPPA / HITECH• PCI / DSS• CIPA / FERPA• GLBA• Sarbanes Oxley (SOX)
Security Programs address the 360 degree view
• Controls – Require People, Process, and Technology• Administrative• Technical• Physical
• • ISO 27002 defines information security policy in section 5• • COBIT defines it in the section "Plan and Organize"• • Sarbanes Oxley defines it as "Internal Environment"• • HIPAA defines it as "Assigned Security Responsibility"• • PCI DSS defines it as "Maintain an Information Security
Policy"
Definitions are importantUnderstanding can only come through common terminology and definitions
• Security Triad• Roles & Responsibilities• Data Classification• Asset Value• Threat, Threat Agent, Vulnerability, Risk, Counter measure• Controls• Residual Risk
Security triadLike a three legged stool - Possible Fourth = Authenticity
• Confidentiality - Access Control• Identification, Authentication, Authorization (Authenticity)• Least Privilege / Need to know
• Integrity• Assurance, Accuracy, Reliability
• Availability• Perform in a predictable manor, acceptable level of performance• Recover securely from disruption so productivity will not be negatively
impacted• Single points of failure ???? (BC/DR)
Roles & Responsibilities
Roles and ResponsibilitiesWhere do you identify? Owner, GM, Coach, Lineman, Linebacker, Safety?
• Data Owner• Concerned about terms like legal, regulatory, compliance, due care & due
diligence, negligence, reasonable and expected. Generally not IT.
• Data Custodian• Typically IT. Responsible for implementing the policies and guidelines
established by the Data Owner. include physical data storage, back-up and recovery, and the operation of security and data management systems.
Data ClassificationHow do you view and categories your assets?
Public / Private Business & OrganizationsMilitary/GovernmentRestricted/Confidential/Proprietary Top SecretPrivate SecretSensitive ConfidentialPublic Sensitive but Unclassified
Unclassified
Asset ValueQuantitative or Qualitative?
• Cost – to Acquire or develop? Maintain & protect? Replace?• Value – to Adversaries, Intellectual Property• Operational and productivity loss when unavailable• Liability if asset is compromised – Compliance, Legal
• Value of knowing your values – cost/benefit analysis, wise selection of countermeasures, risk awareness, due diligence
Risk Management – What (NIST Cyber Security Framework)
• Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.
• Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.
Risk Management – Why (NIST Cyber Security Framework)
• With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures.
• Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs.
• Organizations may choose to handle risk in different ways, including
mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services
• Threat, Threat Agent, Vulnerability, Risk, Counter measure
Controls – Compensating Controls• Administrative • Technical• Physical
• Preventative / Protective• Detective• Corrective / Reactive
Residual risk
• According to ISO 27001,
residual risk is “the risk
remaining after risk
treatment”.
Turning traditional risk analysis upside down
• Threats of today have increased in frequency and impact
• 75-90% enter via E-mail.• 10-20% compromised website
• Avoiding the activity is not an option
Did You Know…79,790Number of incidents investigated by Verizon in 2015
229Average number of days attackers were on a network before detection
70-90%Percent of time unique malware was found
Gartner: All organizations should assume they are in a state of continuous compromise
New world strategies
Breaking the Kill Chain of Advanced Threats
Spam
MaliciousLink
Malware
Bot Commands& Stolen Data
SpamMaliciousEmail
MaliciousLink
Exploit MaliciousWeb Site
MalwareCommand &Control Center
Bot Commands& Stolen Data
Anti-spam
Web Filtering
Intrusion Prevention
Antivirus
App Control/IP Reputation
Sand
box
Layered Defense + Shared Intelligence
Web Filter
Web Filter – Known malicious siteIP ReputationBotnet site
Intrusion Prevention
Anti-Virus/MalwareIntrusion Prevention
Sandbox candidate
Sandbox = Isolation
FortiGuard Labs – Augment your security staffNearly 300 threat researchers
FortiGuard Labs Statistics
Shared threat intelligence
Only ATP Solution NSS Recommended Edge to Endpoint
Fortinet Security Fabric – Shared threat intelligence
Questions ??Thank you
3:00 – 3:45 PM BREAKOUT SESSIONS
KONICA MINOLTABreakout Room: Guest Locker Room “What is your Print Transformation Strategy?”Emil Enstrom, Vice President of Enterprise Accounts
BARRACUDABreakout Room: Delta 360 Club“Protecting Data Everywhere”Rod Mathews, Senior Vice President and General Manager
MARCOBreakout Room: Main Field“Uncovering the Cloud: Is it Right for You?”Steve Knutson, Chief Technology Officer and Vice President of Service
MITEL Breakout Room: Interview Room“Deliver a Flexible, Engaging Customer Contact Center Experience”Brian Spencer, General Manager – Contact Center