Scot Secure 2015

Editor's Notes

1. This is an introduction to the Fortinet portfolio of solution products. In this presentation what we are attempting to do is to introduce advanced technology products to position in solutions along with Fortigate family. The Advanced technologies consists of 26 products and obviously to try and introduce all of these is difficult so what we have attempted to do in this presentation is focus on a small number of these to help in the introduction and solution proposal process.
2. Rather than look at products we would like to try and understand the customer issues on a day to day basis. By doing this it help us understand exactly what challenges they are facing. If we can then position our solutions in understanding this the message is far easier to understand. First of all we look at cost now this will come in two forms operational and capital. While the capital cost is often the initial discussion the operational and ongoing costs are becoming more and more important in a maturing market. The market has matured significantly to the point where certain technologies are accepted as working. This started with some of the most simple switching and wireless technologies and is now moving towards some of the more complex firewall/NGFW and UTM solutions. Customers are now accepting that with over 2million devices shipped the technology is stable. While they may want to test performance and stability of new products core technology is often accepted and mature. Next we look at consolodation. We all see the investigation of SDN however most organization's are cautious about putting critical applications onto an unproven and immature technology. They are however keen to put mature proven solutions that have migrated to a VM environment and Fortinet have a number of solutions that provide this. One of the challenges that still exist for enterprises is manpower. Experienced technical people are expensive, if they are available at all and while it is accepted that they are needed anything that can be done to help them and make their job simpler is classed a huge benefit. Therefore if I can supply or purchase a solution from a single vendor that simplifies management and suport then this is seen as a huge advantage. Next is security, obviously no one can foresee exactly what is coming from around the corner however with combining technology and intelligence it gives us the best possibility of detection and reaction to threats or breaches. It is at this point that we must stress the need to not think of if but when the breach will happen as it is only with this approach can damage limitation be achieved.
3. .
4. 12
5. 18
6. 19
7. So what is sandboxing and why has it gotten so much publicity? In fact, sandboxing is not new. It’s been part of application development and testing for many years and is an integral part of a lot of applications. What is new about it is its use in network security; taking a suspicious sample, placing it in a controlled environment and see what happens.
8. Good morning ladies & gentlemen, it’s a pleasure to be here today and I feel humble alongside all of these fantastic speakers . My thanks to the Scot- Secure team for the invite and to the sponsors who make events like today possible. My input today will hopefully give you some insight in respect of what kind of support SBRC can bring to your company either as direct support or to support you helping Scottish businesses improve security and resilience.
9. Our vision presents a wide spectrum of opportunity which is reflected in our core work streams Physical security, Financial sector resilience, Anti illicit Trade, Vulnerable customers / Adults at risk of financial harm, Night time and leisure economy, Retail and tourism, secure transport and haulage, SABRE training in resilience and security for business and Cyber and e-crime Our product in whatever form that takes is designed on the requirements of our stakeholders. We have heard from police Scotland today about the threat so we need to support their proactivity in raising awareness, reduce incidents. Statistic from government suggest that in 2014 60% of small businesses have experienced a cyber breach and we know from our members that they sense vulnerability around doing business online and a lack of knowledge or understanding how to address or even start to address the risk. This has driven our response to provide accessible and practical support arouind digital security. We have developed a project alongside our Scottish Universities to develop some core products …..
10. The first is our FOOTPRINT Exercise Security of individuals who may be at risk (blackmail / kidnap) Risk to the security of the business from Social Engineering Risk to reputational damage The footprint is about understanding and acknowledging what information is available from there you can take action to mitigate against the threat. There are also things you can do to reduce risk items from your profile and although cyber It experts will council that it is difficult if not impossible to clear data from the internet totally it is definitely possible to reduce the visibility of data.
11. We also provide a supply chain review service. Much like the resilience you will have designed into your business process in regard to all its aspects, supply of raw materials or transport. Supply chain in digital terms is very much the same, who provides your servers, who hosts your website, what is your exposure is it customer based, does in support or provide internal processes. Basically if some aspect of your digital supply chain is compromised what does it do to you. Again understanding that threat is key supported by technical detail to ask your digital suppliers to ensure they are meeting your needs.
12. The final service is our Cyber Security Assessment To use that term it is what it says on the tin, I am not by any means an expert in the technical aspects of hacking, digital infiltration, denial of service, theft of data, logic bombs. But our Ethical Hackers are and with this service they will come in and review how you business is digitally networked internally and externally what access does it facilitate and how secure is it. The core part of the service is the penetration testing, looking for ways in which your systems could be compromised by an unauthorised individual and that person can be from a hacker sitting hundreds of miles away or an ex member of staff. The process also looks at existing security from technology to password management. What would your team your staff do if they found a USB in the company car park ….. Beside the directors parking space ???? We have provided companies with reassurance that they have good levels of protection but equally we have shocked a financial based company when our security team showed them how we accessed all their client data through a CCTV system patched into the network …. Being able to view the premises in the event of an alarm activation on an iPad at home lost its appeal !
13. The purpose of the video shows that digital security is not just about the systems. As we saw in the video physical methods where used, identity theft, fake id card, tailgating to bypass access control systems. These type of methods will be used to get around your security as reflected in the cartoon if you have firewalls and encryption it can be circumvented by the human intervention. That can be intentional or unintentional, a blackmailed member of staff a sub contractor. So you need to seriously consider the Insider Threat aspect.
14. The importance of Insider Threat should not be overlooked and although it does have a wider reach than just the just Cyber it is a very much being utilised in the Cyber threat arena. Consider the recent Sony breach there is certainly clear indicators now that whoever it was that broke into the system the door was opened from someone on the inside ? Joining Promoting and Leavers Security and Access Controls Social Networking, Cyber Impersonation and Infiltration Staff Monitoring, Critical Behaviours, Risk Identification and Integrity Testing Procurement, Fraud/Counterfeiting and Organised Crime Investigation and Post Incident Management
15. MINDSET – The position needs to move away from will I be a target to I am a target E-trader accreditation is a simple entry level standard provided by the SBRC achieving this baseline provides reassurance of a core level of data/ It security. Once achieved businesses can e-trader mark on websites and documentation. CE and CE plus are similar, provided by the Government with CE being a self assessment and CE Plus a physical audit. Full accreditation and use of the mark is a paid for service but what is clear is that even prior to that the guidance with these schemes and associated checklists provide a base for a cyber / digital security strategy. The innovation voucher scheme is worth quickly mentioning as it can provide up to £5000 worth of funding to innovate and improve Cyber Security. Cyber streetwise provides an online resource on practical support on how to defend your business
16. In August of 2014 an engineer at a globally recognised engineering company downloaded and installed a perfectly legal piece of backup software on his laptop He configured it to reach out to a number of network locations to create an incremental backup At the end of the week he’d managed to collect and archive 180,000 files into a single location. He proceeded to unplug his laptop from the network and transfer the archive file onto his USB drive which had podcasts and other personal data on it. If the engineering company hadn’t been running ZoneFox they would not have known that the files consisted of CAD files with next-gen product designs, source code, testing information, contracts, sales information, and so on. Normally this might have been OK, depending on his role and the context of the situation. But when you combine this with the fact that he had just handed in his notice and it was known that he was about to work at a competitor it was a sure sign that the engineering firm had a problem on their hands. With these insights, they were able to speak to him and ensure that over £10m worth of intellectual property and business data didn’t walk straight to a competitor Today I’m going to tell you the story of how we took a technically interesting idea from a lab bench, tested it in the market, to a product that’s helping real businesses solve real issues.
17. It all started in 2005 (10 years ago, wow!) Prof Buchanan and I realised that existing investigations were based on audit data that wasn’t fit for purpose We realised that we needed to come up with a form of data that could better describe activities occurring on an end point. For example, we could gather logs about whether a user had logged onto or off a machine, but we didn’t understand fully what had happendd inbetween. We could try and rely on netowkr evidence, but if the user performed all of their activities locally then there would be no trail ofevidence. PoC Build Tech Team Give me a mentor Build an initial board Get us working as a porper company with board meeting etc Initial technical test sites, alpha product, feedback The problem was cyber security; I don’t know if you remember but 2008 was when there number of instances of cyber incidents started to hit the news. It was a drip back then, but it was certainly the start of something. We had a technology looking for a problem We knew it would be useful, but we didn’t know how to What we didn’t know then, was that we were about to tap into some crucial themes that are defining the way in which the market thinks about security today. So what did we learn?
18. The crunchy exterior Defence in depth In a perimterless world, this is a problem. Talk about the fact that antivoris is increasginly ineffective against malware and 0-day attacks We learned that our customers wanted to stay as agile and innovative as us, and that the classic view of security was getting not necessarily compatible with that goal, or with the change in the threat landscape
19. The changing landscape; Malware being a huge problem, the change in sophistication of threat actors Innovative threats require innovative solutions. Volume, and sophistication of threat Hacktivism and fun A recognition that criminal gangs have moved from Credit Card information
20. So why do security incidents occur? Swiss Cheese Security Model Alignment of factors All too often the reason for incidents in the modern enterprise. Some of the reasons are to do with the fact that {NEXT SLIDE}
21. Complexity; lack of visibility into highly complex systems which is being compounded by the perimeterless enterprise. BYOD, and complex layers of abstraction. For
22. The implementation of tightly secured systems did not necessarily fit in with the business needs or desires of the organisation.
23. Visibility is going to be key in the next wave of security deployments. Currently it’s hard to tell if the controls and other systems in place are actually working. Combine that with the fact that Flexibility; it turns out that innovative companies find a hard balance keeping their systems secure and allowing their employees Tie it all together in terms of the Engineering case study; Multiple things went wrong to allow him to take the information The controls set up to stop him from installing software failed, and they didn’t know about it Improper configuration of access controls; why was he allowed to access areas outwith his level? The issue then becomes when he does access, providing enough visibility to know when the removal of files is an issue, ie on departing a firm
24. The future of ZoneFox.