Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

Transcription

1 James Hanlon CISSP, CISM Security Strategist Office of the CTO EMEA Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

2 Think > What does the future of technology hold for all of us? Know > How will cyber security be impacted today and tomorrow? Protect > How do we need to address cyber security moving forward?

3 Digitization 3

4 We are more connected than ever before! 4

5 Everything will be connected more than ever before. Internet of Everything (IoE) is arising 5

6 We are just at the beginning of connected revolution Where will we be 2100? 6

7 Machine Learning (AI) A key future trend Copyright 2014 Symantec Corporation The singularity = 2045 Google s Eric Schmidt believes that we are at the cusp of a new age of AI 7

8 AI Trading (Machine Learning) Copyright 2014 Symantec Corporation 8

9 AI Analysis (Astroturfing) Copyright 2014 Symantec Corporation 9

10 AI & Automation Short term threats to employment Copyright 2014 Symantec Corporation 10

11 The promises of nanotechnology Copyright 2014 Symantec Corporation 11

12 What do all these have in common? 12

13 Future Technology Risk Landscape IoE Internet Power Consumption Nanotechnology AI & Machine Learning Copyright 2014 Symantec Corporation 13

14 Think > Know > How will cyber security be impacted today and tomorrow? Protect >

15

16 Cyber Security & the Board Copyright 2014 Symantec Corporation 16

17

18 Why do today s cyber attacks keep happening? ATTACKERS Can focus on one target Only need to be right once Attacks can be very complex Focus only on getting in Attackers can buy and test security products DEFENDERS Must defend everything Need to be right every time Blocks are expected & complexity is hard Must balance defense with business impact Defenders can t pre-test targeted malware

19 Cyber Security is key concern for all new technological advances! IoE / Connectivity Era Security must be Built-In to the devices and cloud services, not deferred to be added later Copyright 2014 Symantec Corporation 19

20 But for every new technology invention today.. a cyber hack exists

21 So, what can you do about cyber risks today & tomorrow? Copyright 2014 Symantec Corporation 21

22 Think > Know > Protect > How do we need to address cyber security moving forward?

23 How AI (machine learning) can help in cyber security? Copyright 2014 Symantec Corporation

24 It s getting harder to stay ahead. but it is impossible to conduct a cyber attack without leaving a trace Network Server Endpoint 24

25 What if Indicators of Breach Knowledge about URLs, file hashes Attack patterns & actors Correlation across ecosystems You could apply knowledge and learning from across global Communities C L O U D You could watch this data at the Enterprise level looking for patterns and anomalies Apply Context E N T E R P R I S E Correlate & Prioritize You could collect info from every endpoint, network device, and server D E V I C E S 25

26 This is the promise of big data cyber security analytics Machine Learning & Big Data Cyber Security

27 Symantec have been a leader in cyber security big data analytics & machine learning for many years. 1 billion+ systems 200M+ Norton & SEP users (the biggest source of telemetry) 3.9 trillion rows of security telemetry 100 billion more/month 14 security ops centers globally; 500+ expert analysts Blocked 182 million threats last year 27

28 A Portfolio Built on Big Data Analytics & Machines Learning Users Data Apps Cloud Threat Protection Cyber Security Services Monitoring, Incident Response, Cyber Simulation Platform, Adversary Threat Intelligence ENDPOINTS DATA CENTER GATEWAY S Advanced Threat Protection Across All Control Points Built-In Forensics and Remediation Within Each Control Point Integrated Protection of Server Workloads: On-Premise, Virtual, and Cloud Cloud-based Management for Endpoints, Datacenter, and Gateways Information Protection DATA IDENTITIES Integrated Data and Identity Protection Cloud Security Broker for Cloud and Mobile Apps User and Behavioral Analytics Cloud-based Encryption and Key Management Gateways Endpoints Unified Security Analytics Platform Data Center Log and Telemetry Collection Integrated Threat and Behavioral Analysis Unified Incident Management and Customer Hub Inline Integrations for Closed-loop Actionable Intelligence Regional and Industry Benchmarking

29 Difference Difference Difference Difference Difference But security is not all about technology Acknowledge the shift from 100% Security to Cyber Resilience Cyber 100% Security What s different now? Accept Bad things will happen Higher level of business engagement Resilience is the organization's capability to withstand negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace From known threats to unknown risks Detect & Respond Faster Intelligence & Threat Sharing 29

30 Understand that means there are two processes to implement CYBER INCIDENT RISK MANAGEMENT INCIDENT RESPONSE BEFORE AFTER

31 Next up? Know where you are and where you want to be? 1 Reactive & Manual People based Lack of policy Ad-hoc responses Fire fighting 2 Disparate Policy & Tools Disparate policy Disparate tools Limited processes Little security visibility 3 Integrated Policy & Tools Partially integrated security framework exists Policies encapsulate some security requirements Security Framework is internally focused Deficiencies still exist, limited security visibility is common 4 Responsive Cyber-Resilience An optimized & integrated security framework exists Processes and policies include most security requirements Improved security visibility Basic cyber governance is in operation Capability to respond to cyber incidents exists 5 Proactive Cyber-Resilience A fully optimised & integrated security framework exists Policy and processes are optimised and updated frequently Established cyber governance structure External & internal threat intelligence is gathered, correlated and acted upon Partnering in cyber ecosystems is common Organisation demonstrate proactive cyber agility

32 , And Lastly, Adopt a framework to make the Journey to better resilience PREDICT PREVENT CYBER- RESILIENCE RESPOND DETECT 32

33 What is a good cyber framework to follow? NIST Core & Profiles Profiles Implementation Tiers 33

34 But let me leave you with a interesting story. 34

35 Think > What does the future of technology hold for all of us? Know > How will cyber security be impacted today and tomorrow? Protect > How do we need to address cyber security moving forward?

36 James Hanlon CISSP, CISM Security Strategist Office of the CTO EMEA Thank You

37 Cyber Resilience with Symantec CYBER INCIDENT Risk Management Incident Management PREPARE PREVENT DETECT RESPOND Control Compliance Threat Intelligence Simulation Platform Endpoint Protection Data Center Security Encryption Advanced Threat Protection Cyber Security Services Security Response Incident Response Malware Analysis Systems Management BEFORE Cloud Security Data Loss Prevention AFTER Consulting Services