Gartner's Top 10 Technology Trends for 2015_ All About the Cloud - TechRepublic
IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton...
Transcript of IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton...
![Page 2: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/2.jpg)
Cyberthreat update
![Page 3: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/3.jpg)
Why would anyone want to hack me?
![Page 4: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/4.jpg)
“I am not a bank!”
![Page 5: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/5.jpg)
Security Incidents with Confirmed Data Loss
Source: Verizon Data Breach Report 2014
![Page 6: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/6.jpg)
“This is only a subjective
American view of the problem!”
![Page 7: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/7.jpg)
Countries Represented in Data Breach
Source: Verizon Data Breach Report 2014
![Page 8: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/8.jpg)
8
![Page 9: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/9.jpg)
KPMG Study Highlights • 14 Organizations
• 5.000 Average number of employees
• 70.000 Hosts
9
21%
79%
Exfiltrating Organizations
No Detected Data
Exfiltration
Detected Data
Exfiltration
17%
93%
Breached Organizations
No Detected
Breach
Breached
Organisations
![Page 10: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/10.jpg)
Malware Data
• 15.586 Security Events
• 195 Unique Malware Objects
10
48% 52%
Malware Type
Known Malware
Unknown Malware
Unknown=Tested against 53 different AV vendors using VirusTotal.com with no match
![Page 11: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/11.jpg)
Average time between breach and detection
is…
229 days
Source: Mandiant Incident Response 2014
![Page 12: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/12.jpg)
Amount of companies that learns from a third
party that they have been breached:
67% Source: Mandiant Incident Response 2014
Only 1/3 of the companies discovered that they had been breached by themselves…
![Page 13: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/13.jpg)
Conclusion #1
• Most of you are probably already infected
• Most of you already have Firewalls and Antivirus
• Conclusion: Develop a strategy for limiting the
impact of a breach
![Page 14: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/14.jpg)
Attack Lifecycle
![Page 15: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/15.jpg)
Attack Lifecycle
1. Attack phase Exploit vulnerability
on client or server.
1.
2. Control phase Establish remote control
and download tools 2.
3. Explore phase Search for more
valuable data
3. 4. Extract phase Extract valuable data
4.
![Page 16: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/16.jpg)
Different technologies addresses different phases
Attack
Firewall
Intrusion Prevention
AntiVirus
WebFiltering
…
Control
SIEM
Threat Intelligence
Advanced AntiMalware
Network Forensics
…
Explore
SIEM/NBAD
Intrusion Prevention
Network Forensics
Intrusion Deception
File Integrity Monitoring
Extract
DLP
Threat Intelligence
Network Forensics
Attack
![Page 17: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/17.jpg)
Conclusion #2
• We need to have a technology for protecting against
attacks
AND
• We need to have a technology for detecting anomalies
![Page 18: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/18.jpg)
The three pillars of security
Technology Configuration 24x7 Operations
Your business!
![Page 19: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/19.jpg)
![Page 20: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/20.jpg)
![Page 21: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/21.jpg)
Access
Control
(ex: FW/WF)
Attack
Mitigation
(ex: IPS/AV)
Security
Analytics
(ex: SIEM/FIM)
Security
Difficulty Level
The Configuration Challenge
Very Hard
Hard
Medium
Security
Forensics
Rocket Science
![Page 22: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/22.jpg)
The Operation Challenge Example: Increase team to be able to support 24x7 operations
- SEK
100 000 SEK
200 000 SEK
300 000 SEK
400 000 SEK
500 000 SEK
600 000 SEK
700 000 SEK
TeamCost
24x7
TeamCost 8x5
676 440 SEK
250 532 SEK
SOC Employee Cost
TeamCost 24x7
TeamCost 8x5
![Page 23: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/23.jpg)
Summary
• Develop a strategy for detecting infected hosts.
• Develop a strategy for limit the impact of a breach.
• If you don’t have the expertise or resources in-house,
consider buying as a service.
![Page 24: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/24.jpg)
AddPro Security and Communication
AddPro S&C is one of the leading Network Security VARs in the Nordic.
Our best-in-class Professional Services team and our 24x7 managed security services
are helping some of the largest customers in the Nordic to address the growing
challenge of providing the Security and Availability they need to stay competitive.
Products Professional
Services
Managed
Services
AddPro S&C Customers
![Page 26: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/26.jpg)
“Let’s get this out of the way:
some MSSPs REALLY suck!”
Dr Anton Chuvakin
Research VP at Gartner's GTP Security and Risk Management group
26
![Page 27: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/27.jpg)
Challenges with MSSPs • “So let’s take a hard look at some challenges with using an MSSP for
security:”
– Local knowledge
– Lack of customization and “one-size-fits-all”
– Delineation of responsibilities
– Inherent “third-partiness”
27
Products Professional
Services
Managed
Services
AddPro S&K Customers
![Page 28: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/28.jpg)
• Security Auditing – 764 Servers with FIM – File Integrity Monitoring – 5128 Log Sources with SIEM – Log Collection and Correlation: – 290 IPS – Network Intrusion Prevention System
• Security scanning – 11.000 Internal vulnerability scanning – 1.700 External perimeter vulnerability scanning
• Malware analysis – Endpoint security (AV, HIPS, FW) investigation – Trend analysis – Correlation (semi automatic) with external system (mail gateways /
proxy services)
SOC Example of a Managed Security Services Customer
![Page 29: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/29.jpg)
Grow with AddPro!
![Page 30: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/30.jpg)
Grow with AddPro!
AddPro SOC AddPro Support AddPro NOC
Addpro portfolio
Vendor support partner
Certifies Engineers
Strategic vendors
Alert Monitoring
Performance Trending
Life cycle management
Change management
Strategic vendors
Security monitoring
Security analysing
PCI compliance
Post incident analysis
AddPro Managed Services
![Page 31: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/31.jpg)
Service Portfolio
Professional
Services
Network
Operations
Center
Security
Operations
Center
Security
Incident
Response
Team
Design
Installation
Configuration
Reactive alert monitoring
Proactive trending
Lifecycle Management
Change Management
Event Correlation
Event Analytics
Threat Intelligence
Vulnerability Assessment
Response Readiness
Assessment
Incident Response
![Page 32: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/32.jpg)
Grow with AddPro!
![Page 33: IT Security Strategy and Priorities · Threat Intelligence Advanced AntiMalware ... Dr Anton Chuvakin Research VP at Gartner's GTP Security and Risk Management group 26 . Challenges](https://reader034.fdocuments.us/reader034/viewer/2022042811/5fa6a1d199b3d722ff0a9662/html5/thumbnails/33.jpg)
Tackar för tiden… Vi bygger digitala motorvägar …