Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Cyberthreat update
Why would anyone want to hack me?
“I am not a bank!”
Security Incidents with Confirmed Data Loss
Source: Verizon Data Breach Report 2014
“This is only a subjective
American view of the problem!”
Countries Represented in Data Breach
Source: Verizon Data Breach Report 2014
8
KPMG Study Highlights • 14 Organizations
• 5.000 Average number of employees
• 70.000 Hosts
9
21%
79%
Exfiltrating Organizations
No Detected Data
Exfiltration
Detected Data
Exfiltration
17%
93%
Breached Organizations
No Detected
Breach
Breached
Organisations
Malware Data
• 15.586 Security Events
• 195 Unique Malware Objects
10
48% 52%
Malware Type
Known Malware
Unknown Malware
Unknown=Tested against 53 different AV vendors using VirusTotal.com with no match
Average time between breach and detection
is…
229 days
Source: Mandiant Incident Response 2014
Amount of companies that learns from a third
party that they have been breached:
67% Source: Mandiant Incident Response 2014
Only 1/3 of the companies discovered that they had been breached by themselves…
Conclusion #1
• Most of you are probably already infected
• Most of you already have Firewalls and Antivirus
• Conclusion: Develop a strategy for limiting the
impact of a breach
Attack Lifecycle
Attack Lifecycle
1. Attack phase Exploit vulnerability
on client or server.
1.
2. Control phase Establish remote control
and download tools 2.
3. Explore phase Search for more
valuable data
3. 4. Extract phase Extract valuable data
4.
Different technologies addresses different phases
Attack
Firewall
Intrusion Prevention
AntiVirus
WebFiltering
…
Control
SIEM
Threat Intelligence
Advanced AntiMalware
Network Forensics
…
Explore
SIEM/NBAD
Intrusion Prevention
Network Forensics
Intrusion Deception
File Integrity Monitoring
Extract
DLP
Threat Intelligence
Network Forensics
Attack
Conclusion #2
• We need to have a technology for protecting against
attacks
AND
• We need to have a technology for detecting anomalies
The three pillars of security
Technology Configuration 24x7 Operations
Your business!
Access
Control
(ex: FW/WF)
Attack
Mitigation
(ex: IPS/AV)
Security
Analytics
(ex: SIEM/FIM)
Security
Difficulty Level
The Configuration Challenge
Very Hard
Hard
Medium
Security
Forensics
Rocket Science
The Operation Challenge Example: Increase team to be able to support 24x7 operations
- SEK
100 000 SEK
200 000 SEK
300 000 SEK
400 000 SEK
500 000 SEK
600 000 SEK
700 000 SEK
TeamCost
24x7
TeamCost 8x5
676 440 SEK
250 532 SEK
SOC Employee Cost
TeamCost 24x7
TeamCost 8x5
Summary
• Develop a strategy for detecting infected hosts.
• Develop a strategy for limit the impact of a breach.
• If you don’t have the expertise or resources in-house,
consider buying as a service.
AddPro Security and Communication
AddPro S&C is one of the leading Network Security VARs in the Nordic.
Our best-in-class Professional Services team and our 24x7 managed security services
are helping some of the largest customers in the Nordic to address the growing
challenge of providing the Security and Availability they need to stay competitive.
Products Professional
Services
Managed
Services
AddPro S&C Customers
“Let’s get this out of the way:
some MSSPs REALLY suck!”
Dr Anton Chuvakin
Research VP at Gartner's GTP Security and Risk Management group
26
Challenges with MSSPs • “So let’s take a hard look at some challenges with using an MSSP for
security:”
– Local knowledge
– Lack of customization and “one-size-fits-all”
– Delineation of responsibilities
– Inherent “third-partiness”
27
Products Professional
Services
Managed
Services
AddPro S&K Customers
• Security Auditing – 764 Servers with FIM – File Integrity Monitoring – 5128 Log Sources with SIEM – Log Collection and Correlation: – 290 IPS – Network Intrusion Prevention System
• Security scanning – 11.000 Internal vulnerability scanning – 1.700 External perimeter vulnerability scanning
• Malware analysis – Endpoint security (AV, HIPS, FW) investigation – Trend analysis – Correlation (semi automatic) with external system (mail gateways /
proxy services)
SOC Example of a Managed Security Services Customer
Grow with AddPro!
Grow with AddPro!
AddPro SOC AddPro Support AddPro NOC
Addpro portfolio
Vendor support partner
Certifies Engineers
Strategic vendors
Alert Monitoring
Performance Trending
Life cycle management
Change management
Strategic vendors
Security monitoring
Security analysing
PCI compliance
Post incident analysis
AddPro Managed Services
Service Portfolio
Professional
Services
Network
Operations
Center
Security
Operations
Center
Security
Incident
Response
Team
Design
Installation
Configuration
Reactive alert monitoring
Proactive trending
Lifecycle Management
Change Management
Event Correlation
Event Analytics
Threat Intelligence
Vulnerability Assessment
Response Readiness
Assessment
Incident Response
Grow with AddPro!
Tackar för tiden… Vi bygger digitala motorvägar …