Defense In Depth. John Frazier Owner, The Gatestone Group, LLC

Transcription

1 Defense In Depth John Frazier Owner, The Gatestone Group, LLC

2 My Background Worked in the field of Technology since Ernst & Young Worked with ERP solutions and developed business cases and benchmarking studies for companies like Johnson & Johnson, Honda, etc. Became the Project Manager and Disaster Recovery Coordinator for an $11 billion Commercial Mortgage Firm that was owned by a top 10 US based bank. Through this experience became very familiar with IT Security through dealing first hand with regulatory compliance. Founded Gatestone in 2004 and have been delivering IT Solutions that depend on secure networks ever since.

3 About Gatestone Columbus Based IT firm providing turnkey Technology Solutions and Support to companies from 5 users up to 10,000 users. A Majority of our business is built around Cisco and EMC but we represent 28 different manufacturers and suppliers Typical Projects include: Cisco VoIP phone systems and call centers EMC Data Storage Solutions Disaster Recovery and Business Continuity Planning Network Design and Implementation Security Network and Physical

4 About Gatestone Gatestone, with the help of our partners, is able to offer a unique array of services Voice, Data, Networking Contact Center Solutions Network Carrier Services Outsourced IT Storage Solutions UPS and Environmental Solutions Staff Augmentation Consulting Design & Engineering Disaster Recovery and Business Continuity Planning Project Management Installation Maintenance Training Network Security Security and Network Assessments Co Location Digital Signage

5 Agenda 1. High Level discussion. 2. Reasons to take Defense In Depth Seriously. 3. Reasons why companies are not implementing a complete security solution 4. Recommendations for architecting solutions, products that GSG includes in Defense In Depth, and the functionality behind those products. Wrap up product section by discussing end toend strategy. 5. Where we believe the market will be going next.

6 The Growing Need for Security Regulatory Compliance Data Loss A Systems Approach to Streamline IT Risk Management for Security and Compliance Threat Management

7 The Evolution of Intent Cyber Crime has passed drug trafficking as the largest most profitable illegal business in the world. FINANCIAL: Theft & Damage THREAT SEVERITY FAME: Viruses and Malware TESTING THE WATERS: Basic Intrusions and Viruses WHAT S NEXT? From Hobbyists to Professionals

8 Tokyo based security vendor Trend Micro, has uncovered the existence of ongoing ebay style black hat hacker auctions where attack programs can be purchased for anywhere between $5,000 $50,000 depending the on exploit purpose. With the propagation of these e Bay style hacker auctions, the skill of hacking has actually gone down over the past 15 years.

9 The Business Impact QoS In order to have good voice quality, we have to keep a healthy network. Mastering VLANS and QoS. Mobility VPN s, Wireless popping up everywhere. This opens more entry points into the network. To keep up with the needs of mobility, it will require resources, which is money. The Business Impact Financials According to AP, The Pentagon has spent $100 million over the last 6 months to fix cyber attacks According to the National Archives, the median cost to remediate the Blaster Worm was $475,000 and for larger companies up to $4.2 million. Risk Reputation, Trust, and Survival. The first 2 are obvious, but what about survival? According to the National Archives, 93% of companies that lost their data center for 10 or more days to a disaster (could be natural, or virus driven) filed for bankruptcy within one year of the disaster. 50% of those filed bankruptcy immediately.

10 What is Defense In Depth? Defense In Depth is an Information Assurance (IA) strategy in which multiple layers of defense are placed throughout an Information Technology (IT) system. It addresses security vulnerabilities in personnel, technology and operations for the duration of the system s lifecycle. Wikipedia There are 3 main categories we can break security into: Protect, Detect, Respond

11 Protect, Detect, Respond Everyone enforces defense in depth at their home, whether they realize it or not. Protect Doors Windows Locks Fence Detect Alarms Motion Lights Dogs Security System Respond Dogs Police Weapons Insurance

12 Always Have a Back up What are banks protecting by installing a vault? Money, Assets, Customer Information, Reputation, Trustworthiness, etc. Safe Ratings Fire Ratings, How long it takes to crack them. So why do they leave the vault open during the day? What s stopping the criminal act from taking place? Because they have other security measures in place. The Detect, and Response mechanisms are deterrents. This may be security cameras, dye packs, silent alarms, or the security guard with a weapon. The point is that, with overlapping security measures, even if a portion of the system goes down, or in this case, intentionally left open, you are still covered.

13 Why Organizations Don t Address It 1.Lack of Knowledge 2.Lack of Funding 3.LAZINESS

14 Breach by Industry As you can see, retail, food and beverage, and financial services have a large number of breaches. This is especially troubling considering the large number of transactions these industries experience. Which explains According to the 2008 Verizon Breach Report

15 ½ of the identities in the United States have been exposed through security breaches.

16 Typical Network Set Up Business Partners Manufacturers Malware Botnets Trusted Network Remote Users Internet While this is a great start, the problem is that many of these defense mechanisms are only as good as their last update. Plus we can t control all of the devices outside our network. Firewall Spam Filter Data is Mobile!!!! Virus

17 Important Questions 1. What are we trying to protect? (Proprietary info, customer data, money, assets, reputation, etc.) 2. What are the relevant threats? (Virus, hackers, downsized employees walking out the door with data, etc.) 3. How comfortable are you with your ability to detect and respond to threats before it gets out of hand?

18 Solutions

19 Protect Firewalls Switching VLAN Wireless Security Spam Filtering Anti Virus

20 Firewalls Market Proven Technologies Firewall Technology Adaptive Threat Defense, Secure Connectivity App Inspection, Use Enforcement, Web Control Application Security + IPS IPS Technology Content Security Trend Micro Malware/Content Defense, Anomaly Detection Content Security Services VPN Technology Unified Communications Cisco Voice/Video Network Intelligence Cisco Network Services Next Generation Firewalls Traffic/Admission Control, Proactive Response Access Control, etc. Secure Connectivity SSL & IPsec VPN

21 Path of Egress into your Network As you can see, increased mobility has opened a door for data breaches. VPN concentrators that ride on the Firewall can help ensure that your data is traveling through an encrypted tunnel. According to the 2008 Verizon Breach Report

22 Switching/VLANS Security Services for the Switch Defend the Edge: Integrated FW/IPS Service Module Denial of Service Protection: CoPP, CPU Rate Limiters, Netflow, QoS Threat Defense Protect the Interior: Catalyst Integrated Security Toolkit Defend Network Exploits: Intrusion Protection System (IPS) Guard Against Infections and Worms: Network Admissions Control (NAC) Cisco Security Agent (CSA) Secure the Data in Transit: IPSec VPN SPA Trust and Identity Identity Based Networking Control Who/What Has Access Enforce endpoint Security Compliance Deep Packet Inspection Supervisor Engine 32 PISA Security and application intelligence

23 Wireless Security Set up passwords If you must have a guest network set up a separate VLAN that is isolated from your trusted network.

24 Open Wireless Networks Source: Open wireless networks are marked with a green square. This website also includes the network s name and location. This information is available to anyone with an internet connection.

25 Spam Filtering Just annoying or actual threats? Actual Threats Virus s can be imbedded in e mails. According to CERT anywhere from 60 80% of s circulating the internet is spam mail. A healthy system is a happy system. Save system resources for productivity Saves users time and patience

26 Spam Proliferation Source: According to this website which is run by IronPort and Cisco, on Friday, April 3 rd 2009, 112 Billion spam s were sent worldwide

27 Antivirus Software Signature based for both servers and desktops. Antivirus software (or anti virus) is computer software used to identify and remove computer viruses, as well as many other types of harmful computer software, collectively referred to as malware. While the first antivirus software was designed exclusively to combat computer viruses, most modern antivirus software can protect against a wide range of malware, including worms, rootkits, and trojans. Wikipedia

28

29 Detect Detect Network Admission Control Intrusion Prevention System Anti Virus You may notice that Anti Virus is listed again, this is intentional, it shows the overlap of the technologies.

30 Network Admission Control Flexible Deployment Layer 2, Layer 3 In band, Out of band Centralized, Distributed SNMP, RADIUS Innovative NAC Services Posture Assessment Remediation Profiling Guest Features Role based network access control and security policy compliance enforcement Full lifecycle: discovery, assessment, enforcement, and remediation Benefits Securing both managed and unmanaged assets Providing guest access and preventing unauthorized access Reducing vulnerabilitybased exploits

31 According to the 2008 Verizon Breach Report, 87% of data breaches were considered avoidable through reasonable controls. NAC can provide that Control

32 Intrusion Prevention Systems Scans all traffic using deep (packet level) inspection Accurate threat intelligence, which reduces false positives Coordinated response with existing network gear P2P/IM Abuse Viruses/Worms Port 80 Misuse Application abuse: Inspects and controls IM, P2P, backdoor DoS/ DDoS Spyware/ Adware Trend Micro partnership: For latest breaking malware updates Trojans/ Backdoors Anti Spam Bots/ Zombies

33 According to MICROSOFT 66% of all devices that occasionally travel outside of the trusted network are infected with some kind of malware. 6% of all devices that never travel outside the trusted network are infected with some kind of malware. What are the odds that your not infected?

34 Respond Cisco Security Agent Intrusion Prevention System MARS

35 Cisco Security Agent Server and Desktop Host IPS Zero update host IPS and integrated antivirus Single client, single management interface Network collaboration with local threat remediation Identified and controls sensitive information CSA Business Benefits: Empower IT to address business risks Enforce policies and protect business critical assets Decrease IT administrative burden and reduce expenses

36 It is estimated that there are still 5 10 million hosts still infected with the Conficker C worm. The latest update came in October, We still have no idea what it is built to do. Source: Conficker Working Group

37 Cisco Security MARS MARS is an acronym = Monitoring, Analysis, and Response System Security threat mitigation appliance Rapid threat detection, isolation and mitigation, topologically aware Command and control for your existing network security Correlates data from across disparate multi vendor security devices and applications Firewall Log IDS Event Server Log Switch Log Firewall Cfg. AV Alert Switch Cfg. NAT Cfg. App Log Router Cfg. Netflow VA Scanner Isolated Events Correlation Sessions Rules Verify Reduction

38 The Future of Security The type of attacks. Low and Slow Mobility The role it will play in the evolution of security. Again DATA IS MOBILE Expanding functionality of appliances to handle a larger loads and increased functionality. Traditional Manufacturers will cooperate developing their products to work together.

39 Integrated Solutions IPS, CSA, MARS, and CSM Protected Branch Office Branch Office Attacker attempts to gain access IPS detects the event with data inputs from CSA Corporate LAN Branch Office Data Center Branch Office MARS receives the information and correlates the incident IPS signature policy is updated in one place Single deployment for consistent network protection CS MARS Policy Distribution (NAC)

40 Thank You! John Frazier Owner, The Gatestone Group, LLC