Security Camp Conference Fine Art of Balancing Security & Privacy

Similar documents
EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

The Hillstone and Trend Micro Joint Solution

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Cyber Security Seminar KTH

Cyber Watch. Written by Peter Buxbaum

24/7 Visibility into Advanced Malware on Networks and Endpoints

High End Information Security Services

Defending Against Data Beaches: Internal Controls for Cybersecurity

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Enterprise Cybersecurity: Building an Effective Defense

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Endpoint Threat Detection without the Pain

End-user Security Analytics Strengthens Protection with ArcSight

ABB s approach concerning IS Security for Automation Systems

SANS Top 20 Critical Controls for Effective Cyber Defense

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

Fighting Advanced Threats

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

DESIGN YOUR SECURITY. We build tailored, converged security for you. Technology. Strategy. People. The synergetic collaboration.

How To Buy Nitro Security

Big Data Analytics in Network Security: Computational Automation of Security Professionals

Getting Ahead of Malware

Defending Against Cyber Attacks with SessionLevel Network Security

IBM Security Strategy

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Vulnerability Management

NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers

Covert Operations: Kill Chain Actions using Security Analytics

A Case for Managed Security

Network Security Redefined. Vectra s cybersecurity thinking machine detects and anticipates attacks in real time

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Cisco Advanced Malware Protection for Endpoints

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

External Supplier Control Requirements

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Network Security Redefined Vectra s cybersecurity thinking machine detects and anticipates attacks in real time

Continuous Network Monitoring

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

QRadar SIEM and FireEye MPS Integration

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

WHITE PAPER WHAT HAPPENED?

Data Center Security in a World Without Perimeters

Design Your Security

Modular Network Security. Tyler Carter, McAfee Network Security

Reinventing Network Security Vectra s cyber-security thinking machine delivers a new experience in network security

Evolving Threat Landscape

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Cyber Situational Awareness for Enterprise Security

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Security strategies to stay off the Børsen front page

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Cisco IPS Tuning Overview

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

RSA Security Analytics

Bridging the gap between COTS tool alerting and raw data analysis

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

Protecting against cyber threats and security breaches

Description: Objective: Attending students will learn:

THE EVOLUTION OF SIEM

Ecom Infotech. Page 1 of 6

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Seven Strategies to Defend ICSs

Overcoming Five Critical Cybersecurity Gaps

KEY TRENDS AND DRIVERS OF SECURITY

Protection Against Advanced Persistent Threats

Security and Privacy

EnCase Analytics Product Overview

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

On-Premises DDoS Mitigation for the Enterprise

Advanced Threats: The New World Order

Cisco & Big Data Security

Whitepaper BEST PRACTICES FOR INTEGRATION AND AUTOMATION OF INCIDENT RESPONSE USING ENCASE ENDPOINT SECURITY

RETHINK SECURITY FOR UNKNOWN ATTACKS

INTRUSION PREVENTION SYSTEMS: FIVE BENEFITS OF SECUREDATA S MANAGED SERVICE APPROACH

Guidance Software Whitepaper. Best Practices for Integration and Automation of Incident Response using EnCase Cybersecurity

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Cisco Advanced Malware Protection for Endpoints

IT Security Strategy and Priorities. Stefan Lager CTO Services

NetDefend Firewall UTM Services

Guidance Software Whitepaper. Best Practices for Integration and Incident Response Automation Using EnCase Endpoint Security

Endpoint Security: Moving Beyond AV

Critical Security Controls

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Symantec Cyber Security Services: DeepSight Intelligence

Networking for Caribbean Development

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

DDoS ATTACKS: MOTIVES, MECHANISMS AND MITIGATION

Enabling Security Operations with RSA envision. August, 2009

Discover Security That s Highly Intelligent.

Defending against Cyber Attacks

CYBER SECURITY INFORMATION SHARING & COLLABORATION

LASTLINE WHITEPAPER. In-Depth Analysis of Malware

Transcription:

Security Camp Conference Fine Art of Balancing Security & Privacy Kim Bilderback AT&T Director GovEd Cybersecurity Services kb7459@att.com August 21, 2014

Cybersecurity - The Threats Increase AT&T DDoS Mitigations Ten-Fold Increase in DDOS attacks in the last 2 years 614% Mobile malware increase March 12 to March 13 Juniper Networks Mobile Threats Report 2013 2011 2012 2013 BotNets Recent Breaches Infection rate = 18 computers per second = 500 million annually Director of FBI s cyber division, Joseph Demarest, 07/15/14 St. Louis, CHS, Shaw s, CyberVor, ebay, & People s Liberation Army Cost of managing cyber security breach: ranges from $1.4 million to $46 million/year (56 businesses studied) http://www.youtube.com/watch?v=eosrq-c1xw0 2

3 Cybersecurity Defense Spending (In Billions)

Cybersecurity - Verizon 2014 Data Breach Investigations Report 4 http://www.verizonenterprise.com/dbir/2014/

What s Going On? APTs are the cutting edge of cyber attacks, and even the most hardened security pros say they are almost impossible to prevent. "There isn't a corporation in the nation today that can't be penetrated, not one, April 2, 2012 The likelihood approaches certainty that something unknown is in your network There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know. - US DoD Press Conf. 02/02 5

Anti-virus Scanning Effectiveness - Myth of the Known Knowns Virus Bulletin VB100 RAP Test Results Reactive & Predictive Test Effectiveness detecting 100% malware samples listed as 'In the Wild' by the WildList Organization Generate no false positives when scanning an extensive test set of clean samples All this done with default, out-of-the-box settings in the VB lab environment. 6 https://www.virusbtn.com/vb100/rap-index.xml

Malicious Software The Rise of The Unknown Unknowns Unknown Unknowns http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2014.pdf

Anti-virus Scanning Effectiveness The Challenge of the Unknown Unknowns Lastline Labs AV Scan Effectiveness Analysis Tested new malware daily for year against the 47 Virus Total service A/V scanners 51% Detected New Malware Zero Day Avg. 2 days for at least one AV scanner to detect when not found Zero Day Over 365 days no single AV scanner had a perfect day After a year, there are samples that 10% of the scanners still do not detect 8 http://securityaffairs.co/wordpress/25385/malware/zero-day-malware-detection.html

What To Do? Signature Based Detection Not Enough Polymorphic malware characteristics now common avoid signature detection through obfuscation techniques Explosion of zero-day malware variants unknown to signature developers. Time delay to recognize, develop & implement signatures causes vulnerability Exponential growth in malware causing exponential size increase for signature databases. Complex to support, maintain, update & causes process difficulties Intrusive Yet More Private Behavioral Based Detection Needed Too Baseline normal network traffic behavior or characteristics using Big Data analytics Anomalies or deviations to normal trigger timely alerts causing detailed analysis Timely analysis yields faster knowledge of a breach & quicker time to mitigation Behavior based detection systems: 1. SIEM 2. RSA Silvertail 3. DDoS Detection Arbor Networks Non-intrusive Yet Less Private 9

Behavioral Analysis (SIEM) Effectiveness 10 http://www.hpenterprisesecurity.com/collateral/report/2011_cost_of_cyber_crime_study_august.pdf

Behavioral & Signature Based Monitoring System AT&T Example Threat Alert & Response Single Pane of Glass Manage Signal-to-Noise Ratios Behavioral Based Detection (Zero Day and Advanced Persistent Threats) Signature Based Detection (traditional) 11

Behavioral & Signature Based Monitoring System RSA Silvertail Example Manage Signal-to-Noise Ratios 12 Dennis R. Moreau, Ph.D. Presentation

Behavioral & Signature Based Monitoring System Arbor DDoS Example Manage Signal-to-Noise Ratios 13

Adaptive Security Architecture Gartner Model Vulnerability Scans Pen Testing SIEM Baselining Secure Infrastructure Firewalls IAM Incidence Response SIEM Alerting DDoS Mitigation Log Analysis Packet Capturing Intrusion Detection Email Filtering A/V Scanning SIEM Detection 14

Summary Cybersecurity threat landscape consists of known knowns & unknown unknowns the latter is the greater threat Yet most organizations invest majority of time & money defending against the known knowns using ineffective signature based technology An improved defensive posture is achieved augmenting signature based technology with behavioral based technology shown to be more effective detecting unknown unknowns Privacy concerns may increase as more behavioral based technology deployed, but that is offset by increased defensive posture and can be balanced by governance Effective cybersecurity is not about finding the best technology and turning it on, but in deploying a range of defensive measures, monitoring and managing them Vigilance Alert & Persistent Watchfulness 15

More On The Subject att.com/threattraq kb7459@att.com 16

17 Thank you.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information