Level3-ATC comSpark.tech Presentation Snapshot

Editor's Notes

1. Security is hard (expertise is limited) Security engineer unemployment rate is extremely low New complexity and dynamics challenge in-house IT Process of obtaining and tracking threat intelligence is $ and resource intensive Applying intelligence to security profile can be even more difficult and time consuming More strategic and economical to outsource - Migrate out of IT departments, far too complex and expensive Security Costs are Rising OPEX – Operational expense of security is high CAPEX – Purchasing and supporting hardware is costly OPEX MSS Demand is building Businesses are used to using resources on an as needed basis and being billed incrementally Want to preserve capital and prefer monthly recurring service fees Service fees and risk of hardware obsolescence and annual renewals of subscriptions and support Customers don’t want to own hardware - Service plans that include hardware & support lead demand Security Is More Visible Than Ever Mainstream coverage of security events has increased pressure on businesses to improve defenses and they’ve garnered significant news coverage, which has driven awareness of security issues at all levels. Consumers, enterprises, and major carriers are taking a fresh look at security in light of these events and are moving security higher up the budget priority chain or keeping it at the top if it’s there already.  Increased boardroom pressure on C-Levels due to high profile breaches and release of high profile executives Must secure the enterprise, gone are the days of just writing a check for security are over…reputation and customers are critical to maintain Increasing compliance requirements and industry regulation is being put in place as a result
2. 1) Targeting & Reconnaissance: Unlike typical malware infiltration, advanced threats either perform initial probes towards potential victims or collect information about them by phishing, social engineering or obtaining intel from other infected hosts. 2) Infiltration : Armed with relevant information, these threats infiltrate their targets in various ways – these are also known as attack vectors. Think of these vectors as things like phishing emails, malicious flash (SWF) or PDF documents, malicious websites that attack flaws in browsers like Internet Explorer or Firefox. Phishing emails can be targeted and very convincing, with the goal of getting the victim to click on a malicious link or open an attachment. These are known as spear phishes. 3) Infection: To evade traditional security systems, malware transmissions are typically encrypted and arrive via unexpected routes like corporate email with a file share invitation or a prompt for software updates from an impersonated site. There are many tricks that modern malware employ, including security software evasion code specifically designed to destroy antivirus processes running on the system. Another trick is polymorphism: code that shifts shape constantly to escape signature-based antivirus detection. Advanced Sophisticated Techniques – They use zero day threats to avoid signature-based detection (if it’s not known, it can’t be stopped). Many of these attacks are highly automated, utilizing command and control servers and large botnets to attack a target from multiple angles. Once in the malware, it practically runs itself with little to no human interaction. 4) Exploration/Malware Action: Malware is getting better and better at exploring, staying hidden and moving horizontally between systems to find what the attackers are looking for or what maybe of value, while evading detection. Once the malware is installed, it often attempts to initiate a call back, using common transmission methods that are allowed by typical security policies. Otherwise, it keeps a low profile, generating no activities that are likely to be noticed. It remains in sleep mode, awaiting further instructions. Increasingly, malware is aware of its environment and won't allow itself to be detected in a virtual machine sandbox. 5) Exfiltration: The exfiltration usually involves the surreptitious delivery of stolen data via often encrypted but common channels, such as HTTPS, back to the command center or to another compromised system controlled by cybercriminals. 6) Further Exploitation: With successful communication links between the command center and the compromised hosts, these attacks often persist for weeks and even months without detection… further exploitation is easy to accomplish. These malicious acts include attempts to access materials the host has connection to, such as documents on servers, cloud-based applications and database credentials. APT usually refers to a group, but can also be a breach process. Advanced signifies sophisticated techniques and malware usage. Persistent implies ongoing efforts to gain and maintain command and control. Threat process indicates human involvement. APT groups create zero-day threats to circumvent signature-based defenses. Highly Targeted Attacks: These are highly targeted attacks across all verticals. Target, Home Depot, Chase and Sony are some of the most known APT attacks. The attackers are getting better and faster at what they do at a higher rate than defenders are improving their trade. This doesn’t look good for the home team…. Stealthy and Continuous: Attackers are making a persistent effort to gain and maintain access. They don’t want to be discovered and will attack a target from multiple angles, doing everything within their power to avoid detection. More often that not, a third party or law enforcement agency is notifying the business that they’ve been exploited. Advanced, sophisticated techniques Zero day threats, social engineering, web and email Automated, targeted Pre-packaged malware -Segment, vertical or specific entity Land, expand & maintain access New APTs better at covering their tracks
3. As I’m sure you are aware, having a robust security plan is extremely complex. This is a busy slide—precisely because there is so much to manage in your complete ecosystem. This includes your premises, the entire vendor supply chain (which you don’t have full visibility to), mobile workers, BYOD, your Cloud environments, branch offices, partners, and much more. It’s a lot to secure: but whatever is not secured is a doorway. So how do you approach this complexity?
4. Technology alone is not the answer. Strong cybersecurity measures, in many ways, have as much to do with process as it does with technology. We often see that organizations have implemented a “patchwork” approach to security architectures by deploying a number of boxes on the network with various threat and alerting functionality. This approach to securing data creates operational complexity, introduces vulnerabilities, and creates additional “alert noise” that security teams must triage to discover events worthy of investigation. It is estimated that enterprises spent over $70 billion on security technology in 2014, and are expected to increase that spend by nearly 10 percent in 2015. Yet, as we have seen in the media, even companies with sophisticated technology have been compromised. Security Costs Have Escalated: Typical cost for a 1,000-person organization is $500k-$800K (Source: 451 Research’s report “The Real Cost of Security”, 2013) To make matters worse, costs typically do NOT include maintenance or vendor equipment, user training or other costs. It is only after an organization has undergone a thorough risk assessment can it apply proper security controls to protect its data. The type of security controls, and the amount spent on those controls, should be based on data value, vulnerability, likelihood of breach, and impact of breach. Not only can such an approach improve an organization’s security posture, but it can lower its costs. Let’s look at some of the steps of a risk assessment.
5. Premises-based Security Challenges Single points of vulnerability, resource contention, performance impacts Operational burden of deploying and managing security technologies at each location Maintaining IT Security staff Escalating capital expenditures for equipment and maintenance Adaptive Network Security Service Secure: Simplifies centralized management of firewalls and advanced security technologies Provides around-the-clock network protection Efficient: Decreases operational complexity of in-house systems, compounded by lack of security staff Helps reduce capex investment Next-generation, network-based security Our next-generation firewall strategy is responding to the customer challenge of managing a complex security box environment on premises while under constant threat. IT Security expertise is difficult to maintain on staff. New security technologies are continuously introduced, so staying up-to-date is also a challenge. To help simplify cyber defense for our customers, we are moving security technologies into the network, closer to threat origins. This model is more secure and more efficient. Our service will allow customers to add next-generation security technologies in secure Internet gateways across our network, in hybrid environments, and on third party networks. This allows customers to layer on defense based on their security posture needs through a secure portal. First phase includes multi-site geographic expansion. This is critical to the support of local Internet breakout, which is driven by public cloud applications and the Hybrid WAN. We will also add network-agnostic capability to support your Hybrid environments.