Cyber intelligence in an online world
Size: px
Start display at page:

Download "Cyber intelligence in an online world"

Transcription

1

2 Cyber intelligence in an online world James Hanlon CISM, CISSP, CMI Cyber Strategy & GTM, EMEA Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

3 Software and data powers the world Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

4 From a cyber security perspective there s more and more to protect in more and more places Web Transactions Industrial Devices Government Data Corporate Assets Coffee Shop Home Office Airport Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

5 And, there s a critical imbalance between cyber attackers and cyber defenders ATTACKERS Can focus on one target Only need to be right once Hack can be worth millions of dollars Focus only on getting in Attackers can buy and test security products DEFENDERS Must defend everything Need to be right every time Blocks are expected & maintain status quo Must balance defense with business impact Defenders can t pre-test targeted malware Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

6 But, it is impossible to implement an attack without leaving a trace Network Server Endpoint Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

7 How do we counter this threat? BIG DATA with better cyber intelligence Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

8 How can we apply better cyber intelligence? If only we could use our collective insight & technologies to watch for activities, determine patterns, and find anomalies. enabling us to better prepare detect protect respond recover Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

9 What if Indicators of breach Knowledge about URLs, file hashes Attack patterns & actors Correlation across ecosystems We could apply knowledge and learning from across global communities C L O U D We could watch this data at the enterprise level looking for patterns and anomalies Apply context E N T E R P R I S E Correlate & prioritize We could collect info from every endpoint, network device, and server D E V I C E S Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

10 We can do those things Data analysis value comes from ability to apply intelligence from multiple sources Data value comes from volume & variety C L O U D E N T E R P R I S E D E V I C E S Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

11 Unified Intelligence Vision Symantec will provide a unified security threat intelligence platform that leverages the combined visibility and intelligence of all of our offerings (augmented by 3rd-party data) To help you better prepare, detect, protect, and respond, better than anyone else. Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

12 Telemetry Unified Security Future state 3 rd party clouds 6 Social Platform for sharing security artefacts/policies 7 Managed Services incident/forensics /analytics Hosted security ( , web) 8 3 Unified big data platform 2 On-premise submission gateway IoCs, Incidents 5 Analytics apps & 3 rd party app ecosystem Cloud-based incident/forensics /analytics 4 On-premise incident/forensics /analytics console 1 Collect telemetry across all products Hub Endpoint Protection Threat Gateway E mail Gateway Mobile Security Identity Gateway Data Loss Prevention Data Center Security 3 rd -party Firewall 12

13 Unified Security next steps Leveraging our intelligence Deepsight & Managed Adversary Intelligence Managed Security Services: ATP Gateway Security: Threat Defense Global Community Intelligence Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

14 Unified Security: Why Symantec? Symantec has the data footprint 100s of millions of contributing sensors Symantec has the data diversity We will collect data across every control point Desktop, server, cloud, mobile, etc. We will collect data across all of our products Endpoint protection, gateway protection, data loss prevention, identity gateway, mobile management, encryption, compliance, etc. Symantec has the big data experience Spent the last 6 years developing our advanced security big data system Provides real-time protection to 100s of millions of systems Holds 3.7 trillion security events, and collects 200,000 new events every second We will build on this experience to collect much more data across all of our products moving forward Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

15 How to get more information Attend one or more VISION session on our new advanced threat solutions from Symantec Book a 121 with one of our experts onsite Take the Cyber V Risk Calculator Assessment Cyber intelligence in an online world SYMANTEC VISION SYMPOSIUM

16 Thank you! James Hanlon Copyright 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Cyber intelligence in an online world 16

17

18 Cyber Intelligence-Led Security Symantec VISION Symposium Marc Lueck, 21/10/2014

19 Who is Pearson? World s leading Education company Our Perimeter? What Perimeter? What does our landscape look like? Over 2700 Web Applications Over registered domains Over 9000 externally facing hosts 48 major networks, many smaller ones Bring your own App / Cloud / Device Significant consumer of Google services Our attackers don t care. 19 Cyber Intelligence-Led Security

20 In Partnership with Symantec Protecting our estate with Preventative and detective controls SEP protecting our end users and much of our server estate CSP/DCS protecting our most critical assets DLP Detecting movement of data MSS Monitoring everything we can Infrastructure intelligence Deepsight One of the cornerstones of our Threat Intelligence service 20 Cyber Intelligence-Led Security

21 How can enterprise leverage intelligence? Tools can t solve the problem alone T hreat M anagement Hunters and Chasers Understand your roles ensure tasks & teams are appropriate. Highly skilled analysis is still required hire it, buy a service, or both. H unters A nalysis C has ers O perations Res earch T rac king & Reporting Plan your Programme Understand and choose your data sources, internal and external. Ensure operational metrics and quality can be measured. Have a vision for output what will this service deliver? Understand your audience. Research Intelligence Data Tools Output Threat Intel Service 21 Cyber Intelligence-Led Security

22 Threat Intelligence Makes controls work better Adversary Intelligence Trends and Research Intelligence Infrastructure Intelligence Action Real-Time IT Intelligence 22 Cyber Intelligence-Led Security

23 Infrastructure Intelligence Know your estate, not just your controls Visibility is key Access or maintain as much of a view of your estate as possible Vulnerability scanners, compliance management, firewall management, network management and CMDB s can all be great sources of Threat Intelligence Use these tools to create threat models Access or maintain as much information as possible about your estate 23 Cyber Intelligence-Led Security

24 Trends and Research How do we keep up? Pearson GTM has built a research monitoring capability using Twitter Shellshock: Released internal advisory 4 hours before US-Cert Early visibility had us defining scope 24 hours before IT news picked story up In remediation phase before mainstream media reports released During Shellshock, GTM kept management and remediation teams up to date on new developments including new exploits, proposed patches and workarounds, and the change of attack vector into an automated worm. Within minutes of these developments occurring. 24 Cyber Intelligence-Led Security

25 Adversarial Intelligence Who is attacking us? Learning more about our attackers, their methods and what they talk about provides very valuable intelligence Security Sharing communities HoneyNets False accounts Some level of monitoring adversaries will put you in the same league as top agencies, and it can cost very little! 25 Cyber Intelligence-Led Security

26 Real-Time IT Intelligence Gain great situational awareness Ensure you consume the output of your controls SIEMs are great but are you doing anything with its output? Integrated your TI service with Security Incident Response. Advanced threat protection if you invest in the tool make sure it s operationalised. 26 Cyber Intelligence-Led Security

27 Communicate Credibly Don t be a Chicken Little Ensure you communicate appropriately Be sober Don t forget likelihood Assess the risk of doing nothing Capitalise on Success! Never let a crisis go unexploited. Our Heartbleed and Shellshock responses, although not perfect, have been used to build credibility and communication channels but only if done credibly! 27 Cyber Intelligence-Led Security

28 Threat Intelligence Makes Controls Work Better Invest in Your Team Plan Your Programme Get Close to Your Sources Communicate Credibly Infrastructure Intelligence Adversary Intelligence Actions Trends and Research Intelligence Real-Time IT Intelligence 28 Cyber Intelligence-Led Security

29 29 Cyber Intelligence-Led Security

30

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information