Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Transcription

1 Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products

2 IDC Visit us at IDC.com and follow us on 2

3 Agenda Evolving Threat Environment Attack Campaigns Security Challenges Threat Intelligence Proactive Security IDC Visit us at IDC.com and follow us on 3

4 Evolving Threat Landscape Increase in attack volume, vectors, variety Advanced Professional Threats (APT) Specialized Goal Oriented Patient Targeted Attack Campaigns Hacktrepreneur 47e41f3c0a970b01a3fd393b95970b-pi IDC Visit us at IDC.com and follow us on 4

5 Cyber-Attack Campaigns The process used to penetrate a specific target Operations Reconnaissance Penetrate the network Custom-made malware Extract valuable information Stealth Mode Time generally not a consideration IDC Visit us at IDC.com and follow us on 5

6 Attack Campaign Activities Operation Aurora Dark Seoul/Operation Troy El Machete Inception/CloudAtlas Deep Panda Codoso/Sunshop Group IDC Visit us at IDC.com and follow us on 6

7 Security Threat Concerns Regardless of whether you have protection in place, what security threats are concerns to your company? PHISHING /SPEAR PHISHING 87% MALICIOUS FILE ATTACHMENTS / MALWARE 86% MALICIOUS URL LINKS / MALWARE 84% VIRUSES ADVANCED THREATS (APTS) / MALWARE CAMPAIGNS 79% 83% SPAM 68% OTHER 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Innovation Trends in Securing Infrastructure Survey, Dec N=104 IDC Visit us at IDC.com and follow us on 7

8 IDC Visit us at IDC.com and follow us on 8

9 Security Challenges Disjointed techniques rely on a whac-a-mole approach Lack of Security Professionals Technology Overload Inertia Security v. Business Needs v. User Experience Intelligent Security IDC Visit us at IDC.com and follow us on 9

10 Still Fighting the Last War Facing new situations with strategic thinking dominated by old issues, old weapons, and old tactics. IDC Visit us at IDC.com and follow us on 10

11 Security Product Toolbox IDC Visit us at IDC.com and follow us on 11

12 Kill Chain Recon Weaponize Deliver Exploit Control Execute Maintain Know Adversaries Methods Vigilance Recognize Threat Prevention Tools Isolate Disrupt Activities Report Behavior Clean Malware Fix Vulnerabilities Update Forensics Reassess Report IDC Visit us at IDC.com and follow us on 12

13 Enhanced Malware Protection Reduce susceptibility to custom malware Designed to make it more difficult for hackers IDC Visit us at IDC.com and follow us on 13

14 Enhanced Malware Protection Reduce susceptibility to custom malware Designed to make it more difficult for hackers Non-Signature based, use many different technologies (sandboxing, execution control, white-listing, anomalous behavior, and more) Automation Enhance visibility between endpoint, network, and gateway activities IDC Visit us at IDC.com and follow us on 14

15 Enhanced Malware Protection Features: Speed of Detection Accuracy Detect New Threats On-demand Remediation Appropriate Prioritization Malware Forensic Analysis Threat Intelligence Support IDC Visit us at IDC.com and follow us on 15

16 Digital Exhaust Attacks leave a trail of "digital exhaust" Metadata that can't be avoided Challenge is to find the exhaust over time Requires Big Data Analysis and Threat Intelligence IDC Visit us at IDC.com and follow us on 16

17 Big Data & Threat Analytics Big Data Capture, Manage and Process large data sets Processing Time Critical 3 Dimensional Volume i.e. increasing volume (amount of data), Variety (range of data types and sources) Velocity (speed of data in and out) Threat Analytics Algorithms designed specifically to detect attack digital exhaust Correlates data from wide variety of sources Reveals trends and malicious behavior patterns Provides enhanced insights Can help predictive prevention IDC Visit us at IDC.com and follow us on 17

18 Threat Intelligence Big Data and Threat Analytics combined enables Threat Intelligence Threat Activity Vulnerability Information Security Devices Users & Endpoints Event correlation Activity Baselines & Anomaly Detection Security Incidents Application Activity IDC Visit us at IDC.com and follow us on 18

19 Predictive Security Threat Intelligence enables Predictive Security AWARENESS REACTIVE Defensive Minimalist Event Driven CALCULATIVE Situational STATIC Internal Data Correlation Point Products Metrics Tactical Compliance Driven Basic Planning Offensive Contextual Threat Analytics Strategic Anticipate Risk Focus Prospective Metrics External Data Automated Response Advanced Metrics PROACTIVE PREDICTIVE ACTIONABILITY IDC Visit us at IDC.com and follow us on 19

20 Analyst Final Thoughts Sophisticated, professional attack campaigns increase organizational risk and potential damage Stop fighting the last war, incorporate advanced malware protection into IT Security toolbox Big Data and Threat Analytics allow for the discovery of attack digital exhaust Use Threat Intelligence to move from reactive to proactive to predictive security Act, don t be acted on 20