Threat Intelligence: The More You Know the Less Damage They Can Do Charles Kolodgy Research VP, Security Products
IDC Visit us at IDC.com and follow us on Twitter: @IDC 2
Agenda Evolving Threat Environment Attack Campaigns Security Challenges Threat Intelligence Proactive Security IDC Visit us at IDC.com and follow us on Twitter: @IDC 3
Evolving Threat Landscape Increase in attack volume, vectors, variety Advanced Professional Threats (APT) Specialized Goal Oriented Patient Targeted Attack Campaigns Hacktrepreneur http://threatgeek.typepad.com/.a/6a01 47e41f3c0a970b01a3fd393b95970b-pi IDC Visit us at IDC.com and follow us on Twitter: @IDC 4
Cyber-Attack Campaigns The process used to penetrate a specific target Operations Reconnaissance Penetrate the network Custom-made malware Extract valuable information Stealth Mode Time generally not a consideration IDC Visit us at IDC.com and follow us on Twitter: @IDC 5
Attack Campaign Activities Operation Aurora Dark Seoul/Operation Troy El Machete Inception/CloudAtlas Deep Panda Codoso/Sunshop Group IDC Visit us at IDC.com and follow us on Twitter: @IDC 6
Security Threat Concerns Regardless of whether you have protection in place, what security threats are concerns to your company? PHISHING /SPEAR PHISHING 87% MALICIOUS FILE ATTACHMENTS / MALWARE 86% MALICIOUS URL LINKS / MALWARE 84% VIRUSES ADVANCED THREATS (APTS) / MALWARE CAMPAIGNS 79% 83% SPAM 68% OTHER 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Innovation Trends in Securing Email Infrastructure Survey, Dec. 2014 N=104 IDC Visit us at IDC.com and follow us on Twitter: @IDC 7
IDC Visit us at IDC.com and follow us on Twitter: @IDC 8
Security Challenges Disjointed techniques rely on a whac-a-mole approach Lack of Security Professionals Technology Overload Inertia Security v. Business Needs v. User Experience Intelligent Security IDC Visit us at IDC.com and follow us on Twitter: @IDC 9
Still Fighting the Last War Facing new situations with strategic thinking dominated by old issues, old weapons, and old tactics. IDC Visit us at IDC.com and follow us on Twitter: @IDC 10
Security Product Toolbox IDC Visit us at IDC.com and follow us on Twitter: @IDC 11
Kill Chain Recon Weaponize Deliver Exploit Control Execute Maintain Know Adversaries Methods Vigilance Recognize Threat Prevention Tools Isolate Disrupt Activities Report Behavior Clean Malware Fix Vulnerabilities Update Forensics Reassess Report IDC Visit us at IDC.com and follow us on Twitter: @IDC 12
Enhanced Malware Protection Reduce susceptibility to custom malware Designed to make it more difficult for hackers IDC Visit us at IDC.com and follow us on Twitter: @IDC 13
Enhanced Malware Protection Reduce susceptibility to custom malware Designed to make it more difficult for hackers Non-Signature based, use many different technologies (sandboxing, execution control, white-listing, anomalous behavior, and more) Automation Enhance visibility between endpoint, network, and gateway activities IDC Visit us at IDC.com and follow us on Twitter: @IDC 14
Enhanced Malware Protection Features: Speed of Detection Accuracy Detect New Threats On-demand Remediation Appropriate Prioritization Malware Forensic Analysis Threat Intelligence Support IDC Visit us at IDC.com and follow us on Twitter: @IDC 15
Digital Exhaust Attacks leave a trail of "digital exhaust" Metadata that can't be avoided Challenge is to find the exhaust over time Requires Big Data Analysis and Threat Intelligence IDC Visit us at IDC.com and follow us on Twitter: @IDC 16
Big Data & Threat Analytics Big Data Capture, Manage and Process large data sets Processing Time Critical 3 Dimensional Volume i.e. increasing volume (amount of data), Variety (range of data types and sources) Velocity (speed of data in and out) Threat Analytics Algorithms designed specifically to detect attack digital exhaust Correlates data from wide variety of sources Reveals trends and malicious behavior patterns Provides enhanced insights Can help predictive prevention IDC Visit us at IDC.com and follow us on Twitter: @IDC 17
Threat Intelligence Big Data and Threat Analytics combined enables Threat Intelligence Threat Activity Vulnerability Information Security Devices Users & Endpoints Event correlation ----------------- Activity Baselines & Anomaly Detection Security Incidents Application Activity IDC Visit us at IDC.com and follow us on Twitter: @IDC 18
Predictive Security Threat Intelligence enables Predictive Security AWARENESS REACTIVE Defensive Minimalist Event Driven CALCULATIVE Situational STATIC Internal Data Correlation Point Products Metrics Tactical Compliance Driven Basic Planning Offensive Contextual Threat Analytics Strategic Anticipate Risk Focus Prospective Metrics External Data Automated Response Advanced Metrics PROACTIVE PREDICTIVE ACTIONABILITY IDC Visit us at IDC.com and follow us on Twitter: @IDC 19
Analyst Final Thoughts Sophisticated, professional attack campaigns increase organizational risk and potential damage Stop fighting the last war, incorporate advanced malware protection into IT Security toolbox Big Data and Threat Analytics allow for the discovery of attack digital exhaust Use Threat Intelligence to move from reactive to proactive to predictive security Act, don t be acted on 20