Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Transcription

1 Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014

2 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped, pranks 1960 s Hack MIT train enthusiasts 1970 s John Draper (Cap n Crunch) 1980 s Personal Computers, Modems, War Games

3 The Evolution of Cyber Crime Modern Cyber Crime 1990 s Organized Crime Ex-KGB Well-Funded Can easily invest $100,000 on one attack Persistent Decentralized Specialists take specific roles in an attack Tool sets for sale GUI interfaces & options

4 The Evolution of Cyber Crime Modern Cyber Crime Cyber Warfare A nation-state s attempt to penetrate another nation s computers or networks for the purposes of causing damage or disruption. Well-Funded Persistent Well-Trained

5 The Evolution of Cyber Crime Today s Threats Spear-phishing responsible for 91% of enterprise breaches Known and unknown zero-day malware that signature-based antivirus and whitelisting products cannot keep up with Watering hole attacks: 30,000 legitimate websites are compromised and serving malware to unprotected visitors Compromised documents downloaded and in attachments and many other persistent threats from malware and targeted attacks

6 HeartBleed Exploits an Error in OpenSSL Hackers could break into online sessions Steal 64 Kb of data Timed properly, could compromise digital banking

7 Continued Increase in Exploits Traditional defense tools are failing to protect enterprises from advanced targeted attacks (ATA) Yet, ATAs and advanced malware continue to plague enterprises. Five Styles of Advanced Threat Defense Gartner

8 Malware as a Business $110 billion per year, and growing

9 Distributed Denial of Service Attack

10 Distributed Denial of Service Attack DDoS Overview Denial of Service (DoS) Attack Renders the computer or network inaccessible for a period of time Distributed DoS (DDoS) Attack Use of botnet to overwhelm a computer network with inbound traffic in order to make the network inaccessible.

11 Distributed Denial of Service Attack

12 Distributed Denial of Service Attack Blended Attacks We will see more attacks that combine DDoS with some form of attempted data compromise. DDoS as a Distraction SpearPhishing and Ransomware Mobile Malware Insider Threats DOUG JOHNSON AMERICAN BANKERS ASSOCIATION

13 Protecting Your Data Most of the POS breaches could have been prevented if basic steps had been taken to enhance security Resetting passwords from the factory defaults Not using social media accounts on payment systems Keeping the payment system separate from corporate and other functions VERIZON 2013 DATA BREACH INVESTIGATIONS REPORT

14 Protecting Your Data Physical Security Logical Security Data Security Security Reviews Secure the Human

15 Protecting Your Data Physical Security CCTV Card Access Alarm System Biometric Access to Computer Room High-Strength Locks Shredding Service Restrict USB Drives Watch for ATM Skimmers

16 Protecting Your Data Logical Security Strict Access Control Network Segmentation Network Intrusion Prevention/Detection Host Intrusion Detection SV/Anti-Spyware

17 Protecting Your Data Logical Security Firewalls Web Application Firewall Centralized Log Management Event Correlation and Analytics IP Reputation Blocking

18 Protecting Your Data Logical Security SPAM Filter Web Filter Filtering Configuration Management Patch Management

19 Zero Day Strategies Sandbox Technology Behavior Based Code executes in an emulated environment Observe behavior Good for malware variants

20 The New Rules of Data Protection Trust But Verify Even trusted applications have vulnerabilities in real time (not white listing solutions) Assume each running application is a zero-day vulnerability Establish boundaries application

21 SECURITY REPORTING WITH ATP CONTROLLED HOST THREAT INTELLIGENCE & CONTAINMENT WITH APPGUARD AG Management Console AppGuard Event Logs Threat Intelligence DMI Reporting Compliancy egrc Security Operations Incident Response 3 rd Party Advanced Threat Protection Forensics SIEM VDI vguard (AppGuard) Agent AppGuard Agent Granular Host Threat Intelligence, Application, User, Dynamic Malware Forensics, Per Process: File System, Registry, Memory Operations Per Process: Network (TCP,UDP, DNS Lookup, etc.) ATP Request to AppGuard Freeze Process-A (or more) Network Quarantine Host (Disable Any network activity (other than ATP/AGMC Communication) AppGuard Application Servers AppGuard Threat Containment/Triage AppGuard NAP Agent Process Freeze

22 Protecting Your Data Data Security Encrypted Backup Tapes Encrypted File Transmissions Encryption Within Core System Data Masking Data Loss Prevention (DLP) Encrypted

23 9 Incidents Define 95% of Data Breaches Incident Frequency POS Intrusion <1% Web App Attack 27% Insider Misuse 7% Theft/Loss 3% Miscellaneous Error 5% Crime-Ware 4% Payment Card Skimmer 22% Denial of Service 25% Cyber Espionage <1% Everything Else 6%

24 Protecting Your Data Recommended Controls Single-Password: Not Enough! Rethink CMS Validate Inputs Enforce Lockout Policies Monitor Outbound Connections

25 Protecting Your Data Security Reviews Internal Reviews Regular Vulnerability Scans Application Reviews External Reviews Regular Vulnerability Scans Penetration Tests Social Engineering Test Firewall/Router Rule Review Technology Assessments

26 Protecting Your Data Security Reviews Vendor Reviews Financial Business Continuity Security Service Legal

27 What to do after an incident First Steps Open your Plan Remove devices from your network Image devices involved Review Logs

28 Testing - Table Top Divisional Day Table Top Exercise (once per quarter) Unannounced Use conference room Key parties Limit access to reference material Walk through recovery step

29 Securing the Human

30 Securing the Human New Rules for Staff Enlist employees in your security efforts Find effective ways to communicate the importance of cyber security Pay attention to new hires

31 Securing the Human Get Users Involved

32

33 Thank You! Questions?