Addressing the blind spots in your security strategy. BT, Venafi & Blue Coat

Size: px

Start display at page:

Download "Addressing the blind spots in your security strategy. BT, Venafi & Blue Coat"

Horace May
7 years ago
Views:

1 Addressing the blind spots in your security strategy BT, Venafi & Blue Coat

2 Agenda Welcome & Introductions Phil Rodrigues, Director of Security Architecture, Asia Pacific, BT A blueprint for the perfect attack Kevin Bocek, Vice President, Security Strategy & Threat Intelligence, Venafi Post prevention analysis is encryption enough? Karl Vogel, APAC Technical Director, Blue Coat Putting it in context Phil Rodrigues British Telecommunications plc

3 Attacking Trust Blueprint for the Perfect Attack March 2014

4 Berliner Volksbank Berlin, Germany, January ft. underground tunnel Parkhaus Berlin, Germany

5 Compromise One Key or Certificate

6 More than 17,000 in every organization Little awareness or detection capability The Perfect Target No tools for responding to attacks Attackers are granted privileged status

7 Weaponization of Keys and Certificates Stuxnet and Duqu demonstrate powerful weapon 2010 Blueprints Attackers open new front with assault on Certificate Authorities 2011 Upping the ante 2012 Can any key or certificate be trusted? Everyday Attack Method 2013 SSH Key Theft CA compromise to enable Man in the Middle attacks Server Key Theft Weak Crypto Exploits Code Signing Certificate Theft

8 Scott Charney Corporate Vice President

CCSS Forum 600 % growth in compromised certificates in 2013 52% Q/Q growth in malware

9 CCSS Forum 600 % growth in compromised certificates in % Q/Q growth in malware using certificates in Q different trojans found in Feb 2013 infecting millions

12 Trusted Status Elevated Privileges Encrypted Sessions

13 50% of network attacks will use SSL by 2017

14 Marketplace for Stolen Certificates $1500/ea 428x more valuable than stolen credit card

15 Certificates can no longer be blindly trusted.

16 Survey and monitor all certificates Secure keys as a top priority Taking Back Control RECOMMENDATIONS Document and enforce policies, like revocation processes Monitor security feeds for compromised CAs and certificates

17 SSH Keys SSL Keys SSL Certificates User Certificates Mobile Certificates

18 Trust Authority Identify all keys and certificates Fix vulnerabilities, establish baseline, create visibility Detect anomalies, enforce policy, respond and remediate

19 Policy Agents Reporting Visibility Workflow Portals SSL certificates, SSH keys, AND mobile certificates

EVOLVING LANDSCAPE OF MODERN THREATS TODAY S ADVANCED THREAT

Anti Spam & Web Controls Fuzzing Host Reverse Base Engineering Controls Advanced Malware Sandbox Code Auditing

26 THE GREAT BATTLE RED Team Direct External Exploitation Phishing Key Dropping Polymorphic, Multi-packed, One Time Encrypted The Privileged Insider Advanced Hybrid Threats Smarter Faster Stronger BLUE Team Regular Penetration Test Anti Spam & Web Controls Fuzzing Host Reverse Base Engineering Controls Advanced Malware Sandbox Code Auditing Analysis Access Controls and Auditing Security Analytics 26 Copyright 2013 Blue Coat Systems Inc. All Rights Reserved. 26

ENTERPRISE SECURITY IN TRANSITION Cloud Apps Interne t Shifting IT Landscape New cloud / mobile apps New user access profiles New threat vectors

requirements Performance issues Budget overruns 27 Customers & Partners Desktop Users Headquarters Branch Offices Datacenter Users Blue Coat

27 ENTERPRISE SECURITY IN TRANSITION Cloud Apps Interne t Shifting IT Landscape New cloud / mobile apps New user access profiles New threat vectors Advanced threats Increasing encrypted traffic Mobile Access Wide-Area- Network (WAN) WiFi / BYOD Access IT Challenges Security gaps Compliance requirements Performance issues Budget overruns 27 Customers & Partners Desktop Users Headquarters Branch Offices Datacenter Users Blue Coat Solutions Advanced secure web gateway Security analytics Security platform Advanced threat protection Copyright 2013 Blue Coat Systems Inc. All Rights Reserved. 27

31 ADVANCED THREAT LIFECYCLE DEFENSE NEW THREAT INTELLIGENCE SHARED LOCALLY AND GLOBALLY Known threats blocked at gateway Incident Resolution Investigate, Eradicate & Profile GLOBAL INTELLIGENCE NETWORK Ongoing Operations Protect & Block Known Threats Increased system performance through fewer malware scans Greater accuracy and fewer threats to contain and resolve 31 Incident Containment Isolate & Employ Advanced Tools More robust zero-day threat analysis with fewer false positives Copyright 2013 Blue Coat Systems Inc. All Rights Reserved. 31

32 A HOLISTIC APPROACH Full Visibility: SSL or no SSL - Before, During & After the Attack Big Data Security Analytics: Collect, Analyze & Store Threat Intelligence: File, Malware and Reputation Real-time & Forensic Detection & Response Simple, Flexible & Extensible 32 Copyright 2013 Blue Coat Systems Inc. All Rights Reserved. 32

33 ADVANCED THREAT PROTECTION DRIVING REAL- WORLD USE CASES INTEGRATED ECOSYSTEM Situational Awareness Incident Response Policy & ITGRC Data Loss Monitoring & Analysis Continuous Monitoring Advanced Malware Detection Web Control and Security Enforcement 33 ANALYTICS AND INTELLIGENCE Collect & Warehouse Investigate Alert & Report ENRICHMENT Technology Partners File Analysis & IP Reputation Malware Sandboxing FLEXIBLE FORM FACTORS Hardware Software Virtual Machines Copyright 2013 Blue Coat Systems Inc. All Rights Reserved. 33

Can we be sure it is over? Can it happen again?

34 MOST DREADED QUESTIONS FROM THE CISO Who did this to us? How did they do it? What systems and data were affected? Can we be sure it is over? Can it happen again? 34 Copyright 2013 Blue Coat Systems Inc. All Rights Reserved. 34

38 Putting it into context Phil Rodrigues, BT

39 Thank you bt.com/globalservices

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my