2018 Luxembourg Cyber Security TechnologyAdvanced Malware Protection or Advanced Persistent Threat...

Capturing insight2018 Luxembourg Cyber Security Technology Adoption SurveyNovember 2018

© 2018 Deloitte Tax & Consulting Slide 2 of 42Capturing insight - 2018 Luxembourg Cyber Security Technology Adoption Survey | Public

Contents

Vigilant Technologies Adoption 16

Vulnerability Management 17

Log Management 19

Security Information and Event Management (SIEM) 21

Cyber Threat Intelligence 23

TLS inspection/interception 25

Honeypots 26

02

Open Source Tools Usage 2703

01Secure Technologies Adoption 4

Data Loss Prevention (DLP) 5

Network Access Control (NAC) 7

Privileged Account Management (PAM) 9

Secure Software Development Life Cycle (SDLC) supporting technologies 11

Advanced Malware Protection based on Sandboxing technology 13

Anti-DDoS technology 15

General organization’s internal resources 2904


Scope and Objectives2018 Luxembourg Cyber Security Technology Adoption Survey

Deloitte Luxembourg launched the 2018 Luxembourg Cyber Security Technology Adoption Survey, in order to understand how and whyorganizations use, or plan to use, cyber security technologies, and what difficulties are met when implementing them.

58%

21%21%

Financial Services: Banking(Universal/Private Bank)

Financial Services: Other(Insurance/InvestmentManagement/StockExchange)

Other (Consumer,government, services,commodities tradingindurstry services, Audit &Advisory Services)

Which of the following best describes your industry?

25%

37%

13%

25%

0-100 101-500 501-1000 1000+

Approximately how many employees work in your organization?

(Luxembourg only)

• Respondents are mostly CISOs, CIOs and heads of IT security teams. 79 percent of the interviewees come from the Financial Services Industry, making it the most prevalent industry domain.

• This survey was performed between April and May of 2018, and gathered answers from a representative panel of 24 Luxembourg organizations.


Secure Technologies Adoption• Data Loss Prevention (DLP)

• Network Access Control (NAC)

• Privileged Account Management (PAM)

• Secure Software Development Life Cycle (SDLC) supporting technologies

• Advanced Malware Protection based on Sandboxing technology

• Anti-DDoS technology

Secure

Vigilant

Open Source

General organization’s internal resources

Capturing insight - 2018 Luxembourg Cyber Security Technology Adoption Survey | Public© 2018 Deloitte Tax & Consulting Slide 5 of 42

Data Loss Prevention (DLP)

Do you already use such technology or plan to use it within the coming year?

Yes79%

Key feedback from adopters

“To be fully effective, this technology requires heavy prerequisites such as the classification of the information.”

“Luxembourg and its recent evolutions, added to GDPR, have blurred the messages regarding DLP.”

“The solution is fine, but it's difficult to implement, comes with significant costs and requires specialized knowledge to maintain.”

Easy to deploy

Easy to operate/administrate

Improve your security posture

Strongly Disagree

AgreeDisagreeStrongly

Agree

500+organization

83%

Data Loss PreventionSoftware solutions whose main goal is to detect and prevent the unauthorized use and transmission of sensitive information. Preventive action can be taken through monitoring, detecting, blocking, or alerting activities.

Secure

Vigilant

Open Source


<500organization

75%

Cyber Security Technologies


Data Loss PreventionSoftware solutions whose main goal is to detect and prevent the unauthorized use and transmission of sensitive information. Preventive action can be taken through monitoring, detecting, blocking, or alerting activities.

Data Loss Prevention (DLP)


Key technology adoption characteristics

of adopters preferred an

“On-premises in Luxembourg”

delivery model

of those adopters agreed that

it is an efficient delivery

model

68%

Top 3 barriers to adoption

85%

38%Lack of internal knowledge/skills to operate such technology

38%Lack of resources to operate the technology efficiently

21%Limited or no investment capability

Secure

Vigilant

Open Source



Network Access Control (NAC)Solutions (including MAC address filtering, endpoint fingerprinting, certificate-based authentication) that enforce security controls before granting a device with access to a network.

Examples of Open Source technologies in this fieldPacketFence, OpenNAC

Network Access Control (NAC)



Yes67%


“Such service can easily become a single point of failure. Redundancy or failover is very important and has to be considered from the beginning.”

Easy to deploy



Strongly Disagree


Agree

500+organization

83%

Secure

Vigilant

Open Source


<500organization

50%



of respondents have already

adopted or plan to adopt a

NAC technology within the

year

of the respondents from

organizations with <500 employees

do not use Network Access Control

solutions

67%


50%

63%Technical integration constraints



Network Access Control (NAC)Solutions (including MAC address filtering, endpoint fingerprinting, certificate-based authentication) that enforce security controls before granting a device with access to a network.

Examples of Open Source technologies in this fieldPacketFence, OpenNAC

Network Access Control (NAC)


Secure

Vigilant

Open Source



Privileged Account Management (PAM)Software solutions dedicated to the protection and monitoring of administrative accounts (such as BeyondTrustPowerBroker PAM, CyberArk Privileged Account Security Solution, One Identity Safeguard, Wallix Bastion, etc.)

Example of Open Source technologies in this fieldSudo (Unix)

Privileged Account Management (PAM)



Yes63%


“Redundancy and failover are very important. Especially if this is the only way to manage privileged accounts.”

“Technical aspects are quite secondary. While Governance is always a key topic in security projects, change management and management support are critical in this kind of projects.”

Easy to deploy



Strongly Disagree


Agree

500+organization

58%

Secure

Vigilant

Open Source


<500organization

67%



of adopters assure having a

solution on-premises in

Luxembourg to ensure PAM

of adopters disagree that

this solution might be easy to

deploy

80%


60%




Privileged Account Management (PAM)Software solutions dedicated to the protection and monitoring of administrative accounts (such as BeyondTrustPowerBroker PAM, CyberArk Privileged Account Security Solution, One Identity Safeguard, Wallix Bastion, etc.)

Example of Open Source technologies in this fieldSudo (Unix)

Privileged Account Management (PAM)


Secure

Vigilant

Open Source



Secure Software Development Life Cycle (SSDLC)Technological solutions that assist organizations in ensuring that the applications they develop are secure upon release

(such as HP Fortify, Veracode, Checkmarx, etc.).

Examples of Open Source technologies in this fieldSonarQube, Owasp Orizon



Yes30%


“Resources need to be assigned and processes adapted in order not to jeopardize the release constraints imposed by the business needs.”

Easy to deploy



Strongly Disagree


Agree

500+organization

27%

<500organization

33%

Secure Software Development Life Cycle (SDLC) supporting technologies

Secure

Vigilant

Open Source




On average only 30%

of respondents implement

technologies supporting Secure

Software Development Life Cycle

of adopters did not find this

technology easy to deploy or

to operate/administrate

30%


57%




Secure Software Development Life Cycle (SSDLC)Technological solutions that assist organizations in ensuring that the applications they develop are secure upon release

(such as HP Fortify, Veracode, Checkmarx, etc.).

Examples of Open Source technologies in this fieldSonarQube, Owasp Orizon


Secure Software Development Life Cycle (SDLC) supporting technologies

Secure

Vigilant

Open Source



Advanced Malware Protection or Advanced Persistent ThreatIn this category, we consider all technological solutions that rely on sandboxing technology to defend against malware.

Such solutions are sometimes called "Advanced Persistent Threat Protection".

Example of Open Source technologies in this fieldCuckoo Sandbox

Advanced Malware Protection based on Sandboxing technology



Yes74%


“Not a big improvement compared to traditional security controls (e-mail gateway +AV).”

Easy to deploy



Strongly Disagree


Agree

500+organization

92%

<500organization

55%

Secure

Vigilant

Open Source




of organizations

with more than 500 employees

use this technology

of organization's under 500

employees use this

technology

92%


55%




Advanced Malware Protection or Advanced Persistent ThreatIn this category, we consider all technological solutions that rely on sandboxing technology to defend against malware.

Such solutions are sometimes called "Advanced Persistent Threat Protection".

Example of Open Source technologies in this fieldCuckoo Sandbox

Advanced Malware Protection based on Sandboxing technology


Secure

Vigilant

Open Source



Anti-DDoS are dedicated DDoS protection solutions provided by Cloud providers, and solutions which are

infrastructure based, usually provided by a telecom operator.

Anti-DDoS technology





“Very difficult to sell to business. DDoS are not a concern in Luxembourg.”

Cloud based solution

9.1%

Infrastructure

based solution

36.4%

Hybrid solution

4.5%

Planning to

18.2%

No

31.8%

Yes with a cloud basedsolution (such as a ContentDelivery Network)

Yes with an infrastructurebased solution (such as cleanpipe solution provided by yourISP)

Yes with a hybrid solution (i.e.cloud + on-premises)

No but I am planning to

No


23%

Deemed not necessary (satisfied with the current security posture based on existing technologies and controls)


Secure

Vigilant

Open Source



Vigilant Technologies Adoption• Vulnerability Management

• Log Management

• Security Information and Event Management (SIEM)

• Cyber Threat Intelligence

• TLS inspection/interception

• Honeypots

Vigilant

Open Source


Secure


Vulnerability Management



Yes91%


Easy to deploy



Positive effect on patch management process

Strongly Disagree


Agree

FSI

94%

Non-FSI

80%

Vulnerability ManagementTechnologies which enable organizations to continually assess their environments,

in order to identify weaknesses and vulnerabilities within their systems.

Examples of Open Source technologies in this field OpenVAS, Nmap

“False positive are difficult to tackle, and results are not always easy for counterparties (service providers) to process.”

“Operational constraint to run it on a large scale without a full asset inventory”

Vigilant

Open Source


Secure



of adopters with less

than 500 employees employ

on-premises solutions

of organizations with more

than 500 employees employ

Hybrid solutions (partially on-

premises and in the cloud)

77%


33%



13%Dependency on decisions made by the parent group and/or head office

Vulnerability Management


Vigilant

Open Source


Secure

Vulnerability ManagementTechnologies which enable organizations to continually assess their environments,

in order to identify weaknesses and vulnerabilities within their systems.

Examples of Open Source technologies in this field OpenVAS, Nmap


Log Management



Yes91%


Easy to deploy



Strongly Disagree


Agree

500+organizations

100%

“This topic is hard to explain, because it seems easy to understand, but misunderstanding is common.”

Log ManagementSolutions that centralise and store logs and audit trails. SIEM solutions are also considered here when they are used in

this capacity.

Examples of Open Source technologies in this field Syslog-ng, Rsyslog, Graylog

Vigilant

Open Source


Secure

<500organizations

82%



of adopters from 500+ employees

organizations indicate that this

technology is not easy to

operate/administrate

63%




39%Dependency on decisions taken by the parent group and/or head office

Log Management


Log ManagementSolutions that centralise and store logs and audit trails. SIEM solutions are also considered here when they are used in

this capacity.

Examples of Open Source technologies in this field Syslog-ng, Rsyslog, Graylog

Vigilant

Open Source


Secure


Security Information and Event Management (SIEM)



Yes91%

Security Information and Event Management (SIEM)Technological solutions that correlate security information (such as logs and events) from multiple sources in order to

detect information security incidents.

Examples of Open Source technologies in this fieldELK, OSSIM, Graylog


Easy to deploy



Strongly Disagree


Agree

Correlation module is used or planned to be used by 90% of

respondents

Integration with a threat Intelligence platform feature is

used or planned to be used by 45% of respondents

Behavioral analysis feature is used or

planned to be used by 55% of respondents

Vigilant

Open Source


Secure

500+organizations

100%

<500organizations

82%



This is the technology

implemented the most

as a managed service since

organizations seem to be more

and more motivated to have a

24/7 service in order to detect

and manage incidents.





Security Information and Event Management (SIEM)


Security Information and Event Management (SIEM)Technological solutions that correlate security information (such as logs and events) from multiple sources in order to

detect information security incidents.

Examples of Open Source technologies in this fieldELK, OSSIM, Graylog

Vigilant

Open Source


Secure

of adopters employ this

technology as a managed service 20%


Cyber Threat Intelligence



Yes41%

Cyber Threat Intelligence (CTI)Solutions that facilitate the collection, analysis and

exchange (locally, from peers, etc.) of cyber threat

information (such as Indicators of Compromise) in

order to enable their usage within the organization.


FSI

32%

Non-FSI

60%



39%Dependency on decisions taken by the parent group and/or head office

Only

27%

of organizations with < 500

employees allocate resources

to Cyber Threat Intelligence

Only

33%

of organizations that rely

on CTI technologies share

information with their peers

Vigilant

Open Source


Secure

Examples of Open Source technologies in this field

MISP, CIF, CRITs, GOSINT, MineMeld, YETI


Cyber Threat Intelligence



Easy to deploy



Strongly Disagree


Agree

Feed and trigger automatic reactions

Feed and generate

alerts

5 out of 9 only Import information (such as IOC) from other organizations

2 out of 9 Import AND Exportinformation from/to other organizations

1 out of 9 only Export information

(such as IOC) to other organizations

IDS and/or IPS

29%

14%

57%

Firewall

29%

14%

57%

Web filter (i.e. Proxy)

29%

29%

42% 42% 57%

Email gateway

29%

29%

Endpoint security solutions

29%

14%

Vigilant

Open Source


Secure

Do not feed

Only

33%

of organizations that rely

on CTI technologies share

information with their peers

Cyber Threat Intelligence (CTI)Solutions that facilitate the collection, analysis and

exchange (locally, from peers, etc.) of cyber threat

information (such as Indicators of Compromise) in

order to enable their usage within the organization.

Examples of Open Source technologies in this field

MISP, CIF, CRITs, GOSINT, MineMeld, YETI

Only

27%

of organizations with < 500

employees allocate resources

to Cyber Threat Intelligence


TLS interception/inspection on outgoing trafficTechnologies used to inspect originally encrypted outgoing network traffic (SSL/TLS) by decrypting it in a transparent

manner (presenting an internally issued certificate to the browser instead of the original certificate). This is usually

performed by a web access gateway (i.e. proxy).

5%8%

5%

14%

32%

36%

Not Applicable / Do not know

No


Yes but only for specific

categories of websites

Yes for most websites (some

specific categories are excluded)

Yes for all websites

TLS inspection/interception capability


Do you perform SSL inspection/interception of outgoing web traffic


“Such technology is far too intrusive. And staff should be warned on potential impact on their privacy when they browse the web.”




27%Complexity to meet regulatory requirements

Vigilant

Open Source


Secure

82% of surveyed organizations are performing TLS

inspection


Honeypots A system (e.g., a web server) or system resource (e.g., a file on a server) that is

designed to be attractive to potential threat actors, like honey is attractive to

bears. Generally, a honeypot consists of data (for example, in a network site) that

appears to be a legitimate part of the site, but is actually isolated and monitored.

Example of Open Source technologies in this fieldHoneyd, DCEPT

Honeypots




38%agree that the lack of resources to operate the technology efficiently is a barrier

25%

indicate the lack of internal knowledge/skills to operate such technology

33%

deem the technology unnecessary (satisfied with the current security posture based on existing technologies and controls)

Vigilant

Open Source


Secure

4%

64%

18%

14%Not Applicable / Do not know

No


Yes

100%of the

surveyed organizations

using Honeypots are part of

the FSI sector


Open Source Tools Usage

Vigilant

Open Source


Secure


Open source tools or solutions to support cybersecurity capabilities



Survey analysis

“Usage of KALI, Usage of OpenSSL for internal PKI”

“No Open Source solid solution known. Having access to Support is required”


5%

50%

40%

5%

Yes, this is a key driver for tooling selection

Yes, on an ad hoc basis (i.e. for specific needs)

No

I don't know

Open Source solutions appear

to be used only for specific

needs whereas 40% of

organizations do not seem to

use Open Source solutions.

Vigilant

Open Source


Secure

Yes55%


General organization’s internal resources• Information security capabilities

• Internal resources capabilities

• Prevention and detection capabilities

Secure

Vigilant

Open Source



Organization’s information security capabilities


How do you assess your organization’s capabilities in the following information security domains?

5%

9%

9%

18%

5%

36%

23%

32%

23%

36%

41%

18%

37%

63%

59%

59%

50%

50%

64%

9%

9%

18%

9%

9%

9%

Perform forensics

The cyber security strategy and its execution

The overall information security level of organization

Secure itself (i.e. preventing incidents from happening)

Detect an attack (i.e.before an incident takes place)

Detect an incident (i.e. once it has taken place)

Recover from an incident

Very Poor Poor Very goodDo not know Good

of respondents think

their ability to secure

themselves from

incidents is good or

very good

77% 73% of respondents think

their organization’s

ability to recover

from an incident

is good or very

good

of respondents think

their organization’s

ability to detect an

attack or an incident

is poor or very

poor

41% of organizations

seem to have

poor or

very poor

forensics

capabilities

54%

Secure

Vigilant

Open Source



Organization’s internal resources capabilities


Do you believe your internal resources have appropriate skills and knowledge to manage and use cybersecurity

technology efficiently?of organizations agree that the

internal resources have

appropriate skills64%

50%

27%

18%

5%

Yes, mostly thanks to training on the job

Yes, mostly thanks to specific training courses

No

I don't know

Yes77%

Organizations with less than 500 employees

Organizations with more than 500 employees

36%

36%

of organizations answered that this

is mainly due to specific training

courses

of organizations answered that their

internal resources do not have

appropriate skills

91%of organizations agree that the

internal resources have appropriate

skills

73%of organizations answered that this

is mainly due thanks to training on

the job

Secure

Vigilant

Open Source



Organizations investment - Prevention capabilities


Do you believe your organization spends an appropriate amount of effort/time/budget on prevention capabilities?

of respondents with less than 500

employees agree or strongly agree

with their organization’s investment in

prevention capabilities

54%

18%

36%

36%

10%

Strongly agree Agree

Disagree Strongly disagree

18%

73%

9%

Strongly agree Agree Disagree

of respondents with more than 500

employees agree or strongly agree with

their organization’s investment in

prevention capabilities

91%

<500 employees 500+ employees

Secure

Vigilant

Open Source



Organizations investment - Detection capabilities


Do you believe your organization spends an appropriate amount of effort/time/budget on detection capabilities?

of respondents with less than 500

employees agree or strongly agree

with their organization’s investment in

detection capabilities

55%

9%

46%

36%

9%

Strongly agree Agree

Disagree Strongly disagree

18%

46%

36%

Strongly agree Agree Disagree

of respondents with more than 500

employees agree or strongly agree with

their organization’s investment in detection

capabilities

64%

<500 employees 500+ employees

Secure

Vigilant

Open Source



Global results


Vulnerability management

Log management

SIEMs

Advanced malware protectionthrough sandboxing

technologies

74%

Data Loss Prevention

79%91%

Cyber Security TechnologiesGlobal results – Most adopted technologies


Cyber Security TechnologiesGlobal results – Least adopted technologies

Honeypots Cyber Threat IntelligenceSecure SDLC supporting technologies

41%30%13%


Cyber Security TechnologiesGlobal results – Most common barriers to use the technologies

Limited or no investment capability

Lack of internal knowledge/skills to operate

such technology

43% 32%33%

Lack of resources to operate the technology

efficiently


Cyber Security TechnologiesGlobal results – Technological Baseline for small organizations

Which technologies are used by more than 60% of organizations with less than 500 employees?

Vulnerability managementLog management

SIEM

Data Loss Protection

82% 60%75%

Privileged Account Management


Cyber Security TechnologiesGlobal results – Technological Baseline for large organizations

Which technologies are used by more than 60% of organizations with more than 500 employees?

Vulnerability managementLog management

SIEM

Advanced malware protection

Data Loss protectionNetwork Access Control

100% 67%92% 83%

Privileged Account Management


Cyber Security TechnologiesGlobal results – Technologies perceived as being the most improving the security posture

Network Access

Control technologies1Privileged Account

Management

Secure Software

Development Life

Cycle supporting

technologies

23

Prevention technologies seem to be better perceived than detection technologies when it comes to improving the security posture


Deloitte’s Cyber Risk ServicesKey Contacts

Stéphane Hurtaud

Partner Cyber Risk Services Leader

+352 451 454 434

[email protected]

Maxime Verac

Senior Manager

+352 451 454 258

[email protected]

Deloitte is a multidisciplinary service organization which is subject to certain regulatory and professional restrictions on the types of services we can provide to our clients, particularly where an audit relationship exists, as independence issues and other conflicts of interest may arise. Any services we commit to deliver to you will comply fully with applicable restrictions.

This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte network”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.

Deloitte provides audit & assurance, consulting, financial advisory, risk advisory, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500® companies through a globally connected network of member firms in more than 150 countries bringing world-class capabilities, insights, and high-quality service to address clients’ most complex business challenges. To learn more about how Deloitte’s approximately 264,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter.

http://www.deloitte.com/about

https://www.facebook.com/deloitte?_rdr=p

https://www.linkedin.com/company/deloitte

https://twitter.com/deloitte

2018 Luxembourg Cyber Security TechnologyAdvanced Malware Protection or Advanced Persistent Threat...

Documents

Transcript of 2018 Luxembourg Cyber Security TechnologyAdvanced Malware Protection or Advanced Persistent Threat...