IT Security Strategy and Priorities. Stefan Lager CTO Services

Transcription

1 IT Security Strategy and Priorities Stefan Lager CTO Services

2 Cyberthreat update

3 Why would anyone want to hack me?

4 I am not a bank!

5 Security Incidents with Confirmed Data Loss Source: Verizon Data Breach Report 2014

6 This is only a subjective American view of the problem!

7 Countries Represented in Data Breach Source: Verizon Data Breach Report 2014

8 8

9 KPMG Study Highlights 14 Organizations Average number of employees Hosts Breached Organizations 17% Exfiltrating Organizations 93% No Detected Breach Breached Organisations 79% 21% No Detected Data Exfiltration Detected Data Exfiltration 9

10 Malware Data Security Events 195 Unique Malware Objects Malware Type 52% 48% Known Malware Unknown Malware Unknown=Tested against 53 different AV vendors using VirusTotal.com with no match 10

11 Average time between breach and detection is 229 days Source: Mandiant Incident Response 2014

12 Amount of companies that learns from a third party that they have been breached: 67% Only 1/3 of the companies discovered that they had been breached by themselves Source: Mandiant Incident Response 2014

13 Conclusion #1 Most of you are probably already infected Most of you already have Firewalls and Antivirus Conclusion: Develop a strategy for limiting the impact of a breach

14 Attack Lifecycle

15 Attack Lifecycle Attack phase Exploit vulnerability on client or server. 2. Control phase Establish remote control and download tools 3. Explore phase Search for more valuable data Extract phase Extract valuable data

16 Different technologies addresses different phases Attack Control Explore Extract Firewall Intrusion Prevention AntiVirus WebFiltering SIEM Threat Intelligence Advanced AntiMalware Network Forensics SIEM/NBAD Intrusion Prevention Network Forensics Intrusion Deception File Integrity Monitoring DLP Threat Intelligence Network Forensics

17 Conclusion #2 We need to have a technology for protecting against attacks AND We need to have a technology for detecting anomalies

18 The three pillars of security Your business! Technology Configuration 24x7 Operations

19

20

21 Difficulty Level Rocket Science Very Hard The Configuration Challenge Hard Medium Security Access Control (ex: FW/WF) Attack Mitigation (ex: IPS/AV) Security Analytics (ex: SIEM/FIM) Security Forensics

22 The Operation Challenge Example: Increase team to be able to support 24x7 operations SOC Employee Cost SEK SEK SEK SEK SEK SEK SEK - SEK SEK TeamCost 24x SEK TeamCost 8x5 TeamCost 24x7 TeamCost 8x5

23 Summary Develop a strategy for detecting infected hosts. Develop a strategy for limit the impact of a breach. If you don t have the expertise or resources in-house, consider buying as a service.

24 AddPro Security and Communication AddPro S&C is one of the leading Network Security VARs in the Nordic. Our best-in-class Professional Services team and our 24x7 managed security services are helping some of the largest customers in the Nordic to address the growing challenge of providing the Security and Availability they need to stay competitive. AddPro S&C Customers Products Professional Services Managed Services

25 Thanks for listening! Stefan Lager CTO Services

26 Let s get this out of the way: some MSSPs REALLY suck! Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26

27 Challenges with MSSPs So let s take a hard look at some challenges with using an MSSP for security: Local knowledge Lack of customization and one-size-fits-all Delineation of responsibilities Inherent third-partiness AddPro S&K Customers Products Professional Services Managed Services 27

28 Example of a Managed Security Services Customer Security Auditing 764 Servers with FIM File Integrity Monitoring 5128 Log Sources with SIEM Log Collection and Correlation: 290 IPS Network Intrusion Prevention System Security scanning Internal vulnerability scanning External perimeter vulnerability scanning Malware analysis Endpoint security (AV, HIPS, FW) investigation Trend analysis Correlation (semi automatic) with external system (mail gateways / proxy services)

29 Grow with AddPro!

30 Grow with AddPro! AddPro Support AddPro NOC AddPro Managed Services AddPro SOC Certifies Engineers Addpro portfolio Vendor support partner Strategic vendors Alert Monitoring Performance Trending Life cycle management Change management Strategic vendors Security monitoring Security analysing PCI compliance Post incident analysis

31 Service Portfolio Professional Services Network Operations Center Security Operations Center Security Incident Response Team Design Installation Configuration Reactive alert monitoring Proactive trending Lifecycle Management Change Management Event Correlation Event Analytics Threat Intelligence Vulnerability Assessment Response Readiness Assessment Incident Response

32 Grow with AddPro!

33 Tackar för tiden Vi bygger digitala motorvägar