IT Security Strategy and Priorities Stefan Lager CTO Services stefan.lager@addpro.se
Cyberthreat update
Why would anyone want to hack me?
I am not a bank!
Security Incidents with Confirmed Data Loss Source: Verizon Data Breach Report 2014
This is only a subjective American view of the problem!
Countries Represented in Data Breach Source: Verizon Data Breach Report 2014
8
KPMG Study Highlights 14 Organizations 5.000 Average number of employees 70.000 Hosts Breached Organizations 17% Exfiltrating Organizations 93% No Detected Breach Breached Organisations 79% 21% No Detected Data Exfiltration Detected Data Exfiltration 9
Malware Data 15.586 Security Events 195 Unique Malware Objects Malware Type 52% 48% Known Malware Unknown Malware Unknown=Tested against 53 different AV vendors using VirusTotal.com with no match 10
Average time between breach and detection is 229 days Source: Mandiant Incident Response 2014
Amount of companies that learns from a third party that they have been breached: 67% Only 1/3 of the companies discovered that they had been breached by themselves Source: Mandiant Incident Response 2014
Conclusion #1 Most of you are probably already infected Most of you already have Firewalls and Antivirus Conclusion: Develop a strategy for limiting the impact of a breach
Attack Lifecycle
Attack Lifecycle 1. 2. 4. 1. Attack phase Exploit vulnerability on client or server. 2. Control phase Establish remote control and download tools 3. Explore phase Search for more valuable data 3. 4. Extract phase Extract valuable data
Different technologies addresses different phases Attack Control Explore Extract Firewall Intrusion Prevention AntiVirus WebFiltering SIEM Threat Intelligence Advanced AntiMalware Network Forensics SIEM/NBAD Intrusion Prevention Network Forensics Intrusion Deception File Integrity Monitoring DLP Threat Intelligence Network Forensics
Conclusion #2 We need to have a technology for protecting against attacks AND We need to have a technology for detecting anomalies
The three pillars of security Your business! Technology Configuration 24x7 Operations
Difficulty Level Rocket Science Very Hard The Configuration Challenge Hard Medium Security Access Control (ex: FW/WF) Attack Mitigation (ex: IPS/AV) Security Analytics (ex: SIEM/FIM) Security Forensics
The Operation Challenge Example: Increase team to be able to support 24x7 operations SOC Employee Cost 700 000 SEK 600 000 SEK 500 000 SEK 400 000 SEK 300 000 SEK 200 000 SEK 100 000 SEK - SEK 676 440 SEK TeamCost 24x7 250 532 SEK TeamCost 8x5 TeamCost 24x7 TeamCost 8x5
Summary Develop a strategy for detecting infected hosts. Develop a strategy for limit the impact of a breach. If you don t have the expertise or resources in-house, consider buying as a service.
AddPro Security and Communication AddPro S&C is one of the leading Network Security VARs in the Nordic. Our best-in-class Professional Services team and our 24x7 managed security services are helping some of the largest customers in the Nordic to address the growing challenge of providing the Security and Availability they need to stay competitive. AddPro S&C Customers Products Professional Services Managed Services
Thanks for listening! Stefan Lager CTO Services stefan.lager@addpro.se
Let s get this out of the way: some MSSPs REALLY suck! Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26
Challenges with MSSPs So let s take a hard look at some challenges with using an MSSP for security: Local knowledge Lack of customization and one-size-fits-all Delineation of responsibilities Inherent third-partiness AddPro S&K Customers Products Professional Services Managed Services 27
Example of a Managed Security Services Customer Security Auditing 764 Servers with FIM File Integrity Monitoring 5128 Log Sources with SIEM Log Collection and Correlation: 290 IPS Network Intrusion Prevention System Security scanning 11.000 Internal vulnerability scanning 1.700 External perimeter vulnerability scanning Malware analysis Endpoint security (AV, HIPS, FW) investigation Trend analysis Correlation (semi automatic) with external system (mail gateways / proxy services)
Grow with AddPro!
Grow with AddPro! AddPro Support AddPro NOC AddPro Managed Services AddPro SOC Certifies Engineers Addpro portfolio Vendor support partner Strategic vendors Alert Monitoring Performance Trending Life cycle management Change management Strategic vendors Security monitoring Security analysing PCI compliance Post incident analysis
Service Portfolio Professional Services Network Operations Center Security Operations Center Security Incident Response Team Design Installation Configuration Reactive alert monitoring Proactive trending Lifecycle Management Change Management Event Correlation Event Analytics Threat Intelligence Vulnerability Assessment Response Readiness Assessment Incident Response
Grow with AddPro!
Tackar för tiden Vi bygger digitala motorvägar