MINIMIZING CYBER-SECURITY EXPOSURE BEFORE, DURING & AFTER AN EMERGENCY

Size: px

Start display at page:

Download "MINIMIZING CYBER-SECURITY EXPOSURE BEFORE, DURING & AFTER AN EMERGENCY"

Willa Riley
8 years ago
Views:

1 MINIMIZING CYBER-SECURITY EXPOSURE BEFORE, DURING & AFTER AN EMERGENCY PREVENT CYBER LOOTING - KEVIN FLYNN DIRECTOR, PRODUCT MARKETING BLUE COAT SYSTEMS (KEVIN.FLYNN@BLUECOAT.COM) - PAM GREELEY INFORMATION SECURITY OFFICER CALIFORNIA HIGHWAY PATROL (PGREELEY@CHP.CA.GOV) - DOUG LEONE INFORMATION SECURITY OFFICER & PRIVACY OFFICER CALIFORNIA ENVIRONMENTAL PROTECTION AGENCY (DOUG.LEONE@DTSC.CA.GOV)

COM) - PAM GREELEY INFORMATION SECURITY OFFICER CAL

2 REDUCING EXPOSURE Get a baseline Prepare (of course) Deploy Recover and Check 2

basin of the American River and downstream from the

3 HITTING CLOSE TO HOME In the path of these storms lies the city of Sacramento, deep in the flood-vulnerable basin of the American River and downstream from the massive Folsom Reservoir. 3

4 A HYPOTHETICAL FAILURE OF FOLSOM DAM American River floods Thousands of lives at risk Thousands of homes & businesses under water Electricity fails Landlines fail Spotty cell connection California State data centers flooded Folsom Dam Elevation 466 CA Office of Technology Services Data Center Elevation

Landlines fail Spotty cell connection California State data centers flooded

5 FIRST RESPONDERS CYBER SECURITY? NOW?? Speed is of the essence Security will be an afterthought Just get me on-line Cyber security slows things down 5

6 INSULT TO INJURY. CYBER LOOTING Golden Opportunity For Bad Guys State Sponsored Attacks Terrorist Attacks Criminal Attacks Nuisance Attacks - script kiddies Targets SCADA resources Sensitive data Emergency communications 6

7 PREPARE Develop A Security Baseline Discern normal traffic patterns/behavior Number and nature of alerts What s happening with firewalls, gateways, IPS etc.. What s coming in & out This will come in VERY handy MONITOR 7

What s happening with firewalls, gateways, IPS etc.

8 WHAT HAPPENED WHEN EVERYONE WAS REALLY BUSY? Full Security Visibility of All Network Traffic Forensic Details Before, During and After an Alert Reduce Time-to- Resolution and Breach Impact 8

9 CRITICAL QUESTIONS Did anything happen? Who did it and how did they do it? What systems and data were affected? Can we be sure it is over? Can it happen again? 9

10 WHEN PHYSICAL CONNECTIONS FAIL HQ Emergency Ops Centers Roaming Users & First Responders 10

11 FIRST RESPONDER ACCESS Where s Your Data? SECURE Cloud Access Data Sovereignty (keep data in US) Smartphones/Tablets/Laptops Application Control 11

12 PREVENT A FREE-FOR-ALL Cloud Access Security For the Cloud & In the Cloud Control Access & Acceptable Use Avoid Shadow Cloud access (ex. Box accounts) Encrypt & Tokenize Data In Cloud Apps 12

13 Risk-Based Workflow CLOUD ACCESS SECURITY BROKER (CASB) Know the application Apply Intelligence Recognize and control applications Understand real-time environment threat profile Authenticate the user Authorize access Protect Data-In-Motion Protect In-App Data Identify Malware Authenticate against 17 authentication schemas Control access to sensitive areas of application Apply DLP to content flowing to cloud application Tokenize / encrypt data-at-rest in cloud application Leverage content analysis for malware prevention Continuous Cloud Application Risk Mitigation 13

Malware Authenticate against 17 authentication schemas Control access to sensitive areas of application Apply DLP to content flowing to cloud

14 MANAGE CRITICAL RESOURCES Control Web Access Restrict web sites to critical sites/categories This is NOT the time to randomly surf the web Set up restriction policy beforehand Deploy on premise & in cloud 14

This is NOT the time to randomly surf the web Set

15 EASE THE BURDEN Bandwidth Management Prioritize applications Improve performance of critical communications Caching Critical information Important videos Large downloads (sw updates, Powerpoints ) Official communications 15

communications Caching Critical information Important

16 INFORM YOUR USERS Prevent Help Desk Calls Redirects From Non-essential Access 16

17 PROTECT PUBLIC RESOURCES Web Application Firewalls Stop common attacks Control input/output & access Detect unfamiliar traffic patterns Cybersquatting xyz.com/.info instead of xyz.ca.gov Search Engine Poisoning 2010 Chilean earthquake 17

unfamiliar traffic patterns Cybersquatting xyz.com/.

18 PROTECT PUBLIC RESOURCES - SOCIAL MEDIA Secure Facebook, Twitter, YouTube, Instagram, Pinterest, Flickr, LinkedIn.. Two-factor authentication Require verification code Set up login alerts Syrian hackers claim AP hack that tipped stock market by $136 billion. Is it terrorism? - 4/23/13 18

. Two-factor authentication Require verification code Set up login

19 YOU RE GOING TO HAVE ENOUGH ON YOUR PLATE PRE-FILTER: AVOID THE CAR ALARM SYNDROME in the case of each large breach over the past few years, the alarms and alerts went off but no one paid attention to them. Gartner Analyst Avivah Litan Computerworld, 3/14/14.the malware analysis software sent an alert with the generic name malware.binary. It is possible that Target staff could have viewed this alert as a false positive if the system was frequently alarming. US Senate Commerce Committee Report. 3/26/14 19

Gartner Analyst Avivah Litan Computerworld, 3/14/14.the malware analysis software sent an alert with the generic name malware.

20 YOU CAN T MANAGE WHAT YOU CAN T SEE SSL ENCRYPTED TRAFFIC IS PERVASIVE 35% 50% 73% HTTPS traffic booming (20% Y/Y) - Enterprise apps - Cloud apps i.e., SFDC, Amazon - Internet apps i.e., Google, FB - Mobile apps of all malware will use SSL by 2017* *Source: Gartner More protocols are SSL encrypted HTTP, SPDY, FTP, SMTP, XMPP, IMAP, POP3, etc. 20

e., Google, FB - Mobile apps 2013 2015 2017 of all malware will use SSL by 2017* *Source:

25-70% of Traffic is Encrypted Identify and block hidden malware such as Gameover, Zeus, ShyLock and SpyEye 80% of APTs

21 AND THE BAD GUYS KNOW IT SSL increasingly hiding security threats SSL is growing, BUT creates security blind spots - Protect security infrastructure - Meet compliance regulations - Provide advanced security w/o trading off performance 25-70% of Traffic is Encrypted Identify and block hidden malware such as Gameover, Zeus, ShyLock and SpyEye 80% of APTs Operate Over SSL Alert TA14-353A: Targeted Destructive Malware (Dec 2014) 21

management Support for wide-range of encryption

22 SSL VISIBILITY STRIKE THE BALANCE BETWEEN PRIVACY AND COMPLIANCE ISSUES Policy driven encrypted traffic management Support for wide-range of encryption ciphers Complete traffic stream visibility to security controls 22

23 FIRE DRILL Establish Security Baseline Security For The Cloud & In The Cloud Reduce Number of Alerts Emergency Web Access & Bandwidth Policies Protect Public Resources Manage Encrypted Traffic 23

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY

CONTINUOUS MONITORING THE MISSING PIECE TO SECURITY OPERATION (SOC) TODAY MATTHIAS YEO Chief Technology Officer - APAC CISSP, CISA, CISM, PMP 1 OVER REACTING VS UNDER REACTING Reason for the world today