How To Protect Your Data From Attack

Similar documents
Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

SANS Top 20 Critical Controls for Effective Cyber Defense

Delivering Control with Context Across the Extended Network

Network as a Sensor and Enforcer Leverage the Network to Protect Against and Mitigate Threats

Information Security for the Rest of Us

Defending Against Data Beaches: Internal Controls for Cybersecurity

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Cyb T er h Threat D f e ense S l o uti tion Moritz Wenz, Lancope 1

Cisco & Big Data Security

聚 碩 科 技 主 題 : 如 何 幫 企 業 行 動 商 務 建 立 安 全 機 制 職 稱 : 技 術 顧 問

Content Security: Protect Your Network with Five Must-Haves

Introducing IBM s Advanced Threat Protection Platform

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Cisco Security: Moving to Security Everywhere. #TIGcyberSec. Stefano Volpi

Cisco Security Optimization Service

Speed Up Incident Response with Actionable Forensic Analytics

Safeguarding the cloud with IBM Dynamic Cloud Security

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Course Descriptions November 2014

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Requirements When Considering a Next- Generation Firewall

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

IBM Security Strategy

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Protection Against Advanced Persistent Threats

The SIEM Evaluator s Guide

Braindumps QA

How To Manage Security On A Networked Computer System

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

A COMPLETE APPROACH TO SECURITY

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Advanced Threats: The New World Order

Der Weg, wie die Verantwortung getragen werden kann!

Threat-Centric Security for Service Providers

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Security and Privacy

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

The Role of Security Monitoring & SIEM in Risk Management

How To Protect Your Network From Attack From A Network Security Threat

Readiness Assessments: Vital to Secure Mobility

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Can We Become Resilient to Cyber Attacks?

Payment Card Industry Data Security Standard

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Analyzing HTTP/HTTPS Traffic Logs

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Are you prepared to be next? Invensys Cyber Security

Defensible Strategy To. Cyber Incident Response

Continuous Network Monitoring

Cisco Security Strategy Update Integrated Threat Defense. Oct 28, 2015

Enterprise Cybersecurity: Building an Effective Defense

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cisco Fog Computing Solutions: Unleash the Power of the Internet of Things

GEARS Cyber-Security Services

Cisco Cyber Threat Defense - Visibility and Network Prevention

Cisco Advanced Malware Protection

The Hillstone and Trend Micro Joint Solution

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

SECURITY. Risk & Compliance Services

How To Create Situational Awareness

Enterprise Cybersecurity: Building an Effective Defense

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Unified Security, ATP and more

Cisco Advanced Malware Protection for Endpoints

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Advanced Threat Protection with Dell SecureWorks Security Services

Information Technology Risk Management

Chapter 1 The Principles of Auditing 1

Cisco Cybersecurity Pocket Guide 2015

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

A HELPING HAND TO PROTECT YOUR REPUTATION

Fighting Advanced Threats

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

RSA Security Analytics

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere

Middle Class Economics: Cybersecurity Updated August 7, 2015

Defending Against Cyber Attacks with SessionLevel Network Security

Transcription:

Agile Cyber Security Security for the Real World, Architectural Approach Osama Al-Zoubi Senior Manger, Systems Engineering Fahad Aljutaily Senior Solution Architect, Security

Market Trends Welcome to the New World

We Are Entering a New Era Welcome to the New World 80 billion connected devices by 2020 99% of things are unconnected 5 connected devices for every user by 2020 The Network Is the Platform to Connect the Previously Unconnected Every company becomes a Technology company, every company becomes a security company

Connect the Unconnected..Mobility Changes Everything! Mobile traffic increasing 13X by 2017 50+% will be wireless by 2015 Cisco s total mobile device count grew 109% in 24 months. 159%Mobile data traffic grew Last year s mobile data usage Tablets will generate almost as was eight times the size of the much data in 2016 as the entire Internet in 2000 global mobile network in 2012 Mobility is More than Just the Device Mobility is to get complete control over a dynamic, mobile environment ANY USER I want an iphone with email, calendar, and contacts. Jan 2010 ANYWHERE I want WebEx Meeting Center and Jabber IM on my iphone. Jan 2011 ANY DEVICE ANYTIME I want AnyConnect and enterprise apps. Jan 2012

Cloud Computing Information security Media Collaboration Privet Public Social Media Hybrid Big Data E-mail software 69 %of total data center traffic will be Cloud traffic by 2017 personal cloud traffic from 1.7 EB in 2012 to 20 EB in 2017 Machine to Machine Connections Is expected to grow 5 Times

Enormous, Fast, and Complex Everything is generating data Big Data 1 Trillion sensors - 150 for every person on Earth, By 2030 Big data is doubling the digital universe every 2 years Growth of the Digital Universe Value Variety 10^27 Volume Velocity 1,000x 10^24 2012 Digital Universe 2030 Digital Universe

New Work Environment, New Security Challenges Expanded workforce Always on Open Borderless Enterprise Mobility continuous Digital Environment Dynamic Remotely Today s dynamic computing environment creates new attack vectors. 7

Threat Evolution Sophisticated, Enormous, and Complex

The Security Problem Changing Business Models Dynamic Threat Landscape Complexity and Fragmentation

The Industrialization of Hacking Sophisticated Attacks, Complex Landscape Hacking Becomes an Industry Phishing, Low Sophistication 1990 1995 2000 2005 2010 2015 2020 Viruses 1990 2000 Worms 2000 2005 Spyware and Rootkits 2005 Today APTs Cyberware Today +

New Threat Landscape 70% of 52% of breaches affecting all organizations involved hacking. breaches were discovered by external parties who then notified the victim. 40% Incorporated malware 66% $1T/year took months or more to discover private sector revenue loss from cyber espionage 76% of network intrusions exploited weak or stolen credentials 75% are considered opportunistic attacks 40% of breaches are Malware 52% of breaches are Hacking 75% driven by financial motives

Our Vision Agile Security. Security For The New World New security model primed for toughest customer challenges Supreme talent & innovative portfolio elements Protecting your Safety, Security and Reputation

The New Security Paradigm Technology People Monitoring / Engagement Policies Security Operation Incident Response The New Security Paradigm

The New Security Paradigm Technology People Monitoring / Engagement Policies Security Operation Incident Response The New Security Paradigm

Security is a Process Enterprise Security Program Model You need to have a program and a framework to work within. This is from O-ESA: Four rings = Four domains Each domain is made of a number of activities/processes. Comprehensive and deployable Open Taken from O-ESA Document

Security is a Process Enterprise Security Architecture O-ESA Enterprise Security Program Framework

Security is a Process Information Security Management System (ISMS) Policies Standards Procedures Guidelines Risk Management Controls Audit Awareness Processes People Technology Supporting Organizational Structures (Roles, committees, staffing, knowledge, etc.) Management Approval and Support Strategy

Incident Response Policy Security is a Process The Incident Response Policy Should be part of your incident response preparation phase. Statement of management commitment Purpose Scope Definitions Organizational structure and identification of roles, responsibilities, and levels of authority Prioritization or severity ratings of incidents Effectiveness measures 18

Security is a Process Using technology to deliver on Policy Requirement Desired Policy Who can talk to whom Who can talk to which systems Which systems can talk to other systems Simplifies policy implementation Enhances security and reduces complexity Accelerates Server Provisioning Protect data by defining procedures, guidelines Doctor / Laptop Doctor / ipad Guest / Laptop Patient Records Employee Intranet Guest / ipad Internet Ensure that vulnerabilities are identified

Security is a Process Using technology to deliver on Policy Requirement Confidential Patient Records Who: Doctor What: Laptop Where: Office Internal Employee Intranet Who: Doctor What: ipad Where: Office Internet Who: Doctor What: ipad Where: Coffee Transform plain English rules into network policy Secure Access based on user, device, location, etc. Leverage TrustSec-enabled HW to enforce at ingress Securing access is more than simply deploying point solutions. In a rapidly changing environment, enterprises need an enterprise-class product from a strategic partner.

The New Security Paradigm Technology People Monitoring / Engagement Policies Security Operation Incident Response The New Security Paradigm

Security is a Process Starting with People Enabling Security Managing Risks Information Security Awareness Even the best information security policies, procedures, or controls are useless if employees are tricked not to follow them 65% of companies and employees in the Middle East do not have the knowledge of the security risks Threats designed to take advantage of users trust in systems, applications, and the people and businesses they know are now permanent fixtures in the cyber world

The New Security Paradigm Technology People Monitoring / Engagement Policies Security Operation Incident Response The New Security Paradigm

The New Security Model Survey Evaluate victim s countermeasures Evaluate victim s countermeasures Craft context-aware malware to penetrate victim s environment Execute Deploy malware. Move laterally, establish secondary access Check malware works & evades victim s countermeasures Accomplish The mission: Extract data, destroy, plant evidence, compromise. Deploy malware. Move laterally, establish secondary access The mission: Extract data, destroy, plant evidence, compromise.

The New Security Model Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Network Endpoint Mobile Virtual Cloud Point in Time Continuous

Security Control Framework Model Security Control Framework Model Total Visibility Identify, Monitor, Collect, Detect and Classify Users, Traffic, Applications and Protocols Identify Monitor Correlate Identify, Classify and Assign Trust Levels to Subscribers, Services and Traffic Monitor Performance Behaviors, Events and Compliance with Policies Identify Anomalous Traffic Collect, Correlate and Analyze System-Wide Events Identify, Notify and Report on Significant Related Events Complete Control Harden, Strengthen Resiliency, Limit Access and Isolate Device, Users Traffic, Applications and Protocols Harden Isolate Enforce Harden Devices, Transport, Services and Application Strengthen Infrastructure Resiliency, Redundancy and Fault Tolerance Isolate Subscribers, Systems and Services Contain and Protect Enforce Security Policies Migrate Security Events Dynamically Respond to Anomalous Events Cisco SCF has been accepted as an industry standard

Security Control Framework Industry Standards and Best Practices International Standards Model Industry Regulations Methodology Control Structure SANS 20 Critical Controls Cisco Knowledge and Experience Security Control Framework Security Architecture Principles

Architectural Approach Comprehensive and Integrated CLOUD-BASED THREAT INTEL & DEFENSE ATTACKS APPLICATION REPUTATION SITE REPUTATION MALWARE GLOBAL LOCAL PARTNER API Infrastructur e COMMON POLICY, MANAGEMENT & CONTEXT NETWORK ENFORCED POLICY COMMON MANAGEMENT SHARED POLICY ANALYTICS COMPLIANCE PARTNER API IDENTITY APPLICATION DEVICE LOCATION TIME ACCESS FW IPS VPN WEB EMAIL APPLIANCES ROUTERS SWITCHES WIRELESS VIRTUAL More Integrated Approach A MORE INTEGRATED APPROACH public Apps / Services hybrid tenants Workloads private

The New Security Paradigm Technology People Monitoring / Visibility Policies Security Operation Incident Response The New Security Paradigm

Breaches Happen in Hours But Go Undetected for Months or Even Years Seconds Minutes Hours Days Weeks Months Years Initial Attack to Initial Compromise In 60% of breaches, data is stolen in hours Initial Compromise to Data Exfiltration 10% 75% 12% 2% 0% 1% 1% 8% 38% 14% 25% 8% 8% 0% 54% of breaches are not discovered for months Initial Compromise to Discovery 0% 0% 2% 13% 29% 54% 2% Discovery to Containment/ Restoration 0% 1% 9% 32% 38% 17% 4% Timespan of events by percent of breaches Source: 2013 Data Breach Investigations Report, compiled by 18 organizations that contributed data

Visibility Knowledge Protection NetFlow Files Users Web Applications Application Protocols Services Malware Command and Control Servers Vulnerabilities Operating Systems Processes Network Servers Routers and Switches Mobile Devices Printers VoIP Phones Virtual Machines Client Applications Network Behavior

The New Security Paradigm Technology People Monitoring / Engagement Policies Security Operation Incident Response The New Security Paradigm

Attack Sophistication Security Operation Centers Are Evolving. Device monitoring Log collection and retention Limited device coverage Slow reactions to incidents Events correlation Network and system log collection Case management Feeds from reputation services Vulnerability management Incident handling capabilities Big Data sophisticated security analytics Feeds from intelligence services Cloud processing Sophisticated NetFlow analysis Early alarming Forensics capabilities 1 st Generation 2 nd Generation 3 rd Generation 4 th Generation

Security Operation Centers... For the new world Facilities Secure Facility Open Space Wall Screens Separate areas for SOC Manager and meetings Infrastructure Segregated Secure Highly Available Collaboration Platforms Services Data Analysis Anomaly Detection Vulnerability Management Collaboration platforms People Awareness Reporting Committee Involvement Collaboration Processes Effective Incident Handling Measurements and Metrics Continues Enhancement Time Day 1 SOC Accelerated Maturity Threats will not wait for you to finish building your SOC!

Security Operation Centers Well-Defined Methodology Compliance Device and Applications Vulnerability Management Deployment Service Incident Management Administration Event Management

Standards Security Operation Centers Well-Defined Methodology Good practices exist today to help you develop your capabilities. Incident handling requires people, process and technology. ISO/IEC 27035:2011 Information technology -- Security techniques -- Information security incident management ENISA Good Practice Guide for Incident Management NIST SP 800-61 Rev. 2 Computer Security Incident Handling Guide NIST SP 800-83 Rev.1Guide to Malware Incident Prevention and Handling for Desktops and Laptops. ISO/IEC 27035:2011 Information technology -- Security techniques -- Information security incident management Incident Response and Management: NASA Information Security Incident Management 36

Security Operation Centers Well-Defined Methodology Don t build your incident handling plan during an incident clearly identified Roles and responsibilities During an incident stick to the plan Run incident drills. Practice makes you better Involve members from different departments: IT, PR, Legal. Communication with the rest of the organization. Whom, How and what? Think about having something like a playbook! 37

Incident Response Policy The Incident Response Policy Should be part of your incident response preparation phase. Statement of management commitment Purpose Scope Definitions Organizational structure and identification of roles, responsibilities, and levels of authority Prioritization or severity ratings of incidents Effectiveness measures 38

Post Incident Activities Incident Handling The Fundamental Steps Life of an incident Incident Investigation LONG TERM GOAL Preparation Detection Initial Response Data Collection Data Analysis Reporting SHORT TERM GOAL Containment Recovery 39

Agile Cyber Security Security for the Real World, Architectural Approach Technology People Monitoring / Engagement Policies Security Operation Incident Response

Thank You

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information