Network Security Trends for 2016: Taking Security to the Next Level
-
Upload
skybox-security -
Category
Technology
-
view
992 -
download
1
Transcript of Network Security Trends for 2016: Taking Security to the Next Level
© 2015 Skybox Security Inc.
Speakers
Michelle CobbSkybox Security
VP of Worldwide Marketing
Alastair WilliamsSkybox Security
Technical Director, EMEA
© 2015 Skybox Security Inc.
Agenda
2016 Security Trends and What You Can Do About
Them
-- Michelle Cobb, Skybox Security
Demo: Skybox Overview
-- Alastair Williams, Skybox Security
© 2015 Skybox Security Inc.
Gravitational IT Trends Affecting Security
Internet of Things
By 2020, 25B embedded and
intelligent systems
IAM
Every user is a consumer
Infrastructure
Cloud, Mobile, BYOD
Monitoring, Attack Detection
The Era of “Continuous
Compromise”
© 2015 Skybox Security Inc.
Making the CISO’s Job More Difficult
Less control over
devices (BYOD)
Less control over
infrastructure (Cloud)
Less control over users
….Still need to protect information and services!
© 2015 Skybox Security Inc.
Attackers Have the Advantage
$400B cost of cyber crime
Hardest hit: Public Sector, Information, Financial Services
Incident patterns vary – FinSvcs, Information Crimeware, Webapp attacks
– Public sector – Crimeware, Errors
– Manufacturing Cyberespionage
– Retail, Accomodation, Entertainment POS
– Education, Healthcare Errors
Sources: Costs – Center for Strategic and International Studies;
Incidents - 2015 Verizon Data Breach Investigations Report
© 2015 Skybox Security Inc.
Plenty of Security Solutions
$75B spent on
security solutions in
2015 (Gartner, others)
Average enterprise
has dozens of
security solutions
Sources: Gartner
VPN
Firewall
IPS
Endpoint Protection
Secure Web Gateways
Attack Detection
Vulnerability Assessment
Secure Web Gateway
Secure Email Gateway
Identity and Access Mgmt
Data Loss Prevention
SIEM
IT-GRC
Forensics
© 2015 Skybox Security Inc.
Some Security Technologies Need to Adapt
Sources: Gartner
VPN
Firewall
IPS
Endpoint Protection
Secure Web Gateways
Attack Detection
Vulnerability Assessment
Secure Web Gateway
Secure Email Gateway
Identity and Access Mgmt
Data Loss Prevention
SIEM
IT-GRC
Forensics
Check for
Weak SpotsGartner points out technologies
that need to adapt
© 2015 Skybox Security Inc.
No Change in “Defender Gap” in 10 years
80% of Attackers
Compromise Network in Days
25% of Defenders
Discover Attacks in Days
Sources: Spending-IDC & Gartner; Costs – Center for Strategic and
Interational Studies; Chart - 2015 Verizon Data Breach Investigations Report
© 2015 Skybox Security Inc.
Entering the Era of “Continuous Compromise”
Continuous Compromise – Custom malware, 1-2% infection rate, long time to detect & respond
2016 Wish List: Understand and Take Action
Security Analytics at the core
Visibility and Intelligence
Continuous monitoring
Fast response
Security automation
© 2015 Skybox Security Inc.
In Security, Visibility is Everything
It might not
be as easy
as you think.
© 2015 Skybox Security Inc.
In Security, Visibility is Everything
Problem 1:
Sheer Size of
Network
Problem 2:
Dozens of network
& security vendors
Problem 3:
Complex rule-
sets to analyse Problem 4:
Changes,
changes, changes
© 2015 Skybox Security Inc.
Building Attack Surface Visibility
ASSETS
• Servers
• Workstations
• Networks
© 2015 Skybox Security Inc.
Building Attack Surface Visibility
SECURITY CONTROLS
• Firewalls
• IPS
• VPNs
ASSETS
• Servers
• Workstations
• Networks
© 2015 Skybox Security Inc.
Building Attack Surface Visibility
SECURITY CONTROLS
• Firewalls
• IPS
• VPNs
NETWORK TOPOLOGY
• Routers
• Load Balancers
• Switches
ASSETS
• Servers
• Workstations
• Networks
© 2015 Skybox Security Inc.
Building Attack Surface Visibility
SECURITY CONTROLS
• Firewalls
• IPS
• VPNs
NETWORK TOPOLOGY
• Routers
• Load Balancers
• Switches
ASSETS
• Servers
• Workstations
• Networks
VULNERABILITIES
• Location
• Criticality
© 2015 Skybox Security Inc.
Building Attack Surface Visibility
SECURITY CONTROLS
• Firewalls
• IPS
• VPNs
NETWORK TOPOLOGY
• Routers
• Load Balancers
• Switches
ASSETS
• Servers
• Workstations
• Networks
VULNERABILITIES
• Location
• Criticality
THREATS
• Hackers
• Insiders
• Worms
Source: Skybox Security
© 2015 Skybox Security Inc.
Continuous Monitoring is Required
Network device rules and configurations
Users access policies
Vulnerabilities
New threats
Constant changes
© 2015 Skybox Security Inc.
Continuous Monitoring of Vulnerabilities
HALF of CVE’s have a
published exploit in
less than ONE month
after CVE publish date
Vulnerabilities continue
to be exploited
YEARS after the CVE
release date
Sources: 2015 Verizon Data Breach Investigations Report
Act fast
Continuous
process
© 2015 Skybox Security Inc.
Difficult to Keep up with Vulnerabilities
222 new critical or high severity CVE’s October 2015
2 years ago… 127 new critical or high severity CVE’s in Oct 2013
90-day vulnerability cycle?
686 critical/high in the 90 day period from Aug–Oct 2015
Source:Skybox Vulnerability Center
© 2015 Skybox Security Inc.
Infrequent Active Scans Are Insufficient
TimeMonth 1 Month 2 Month 3
50%
Monthly or
quarterly
scanning100%
Active
scanner
Update vulnerabilities
continuously using analytics-
based “scanless” detection
© 2015 Skybox Security Inc.
Putting it Together –
Fast Response to New Threats
VisualizeCorrelate, Prioritize
Exploitable Vulnerabilities
CVE-1234
CVE-0123
MS12074
CVE-4567
CVE-5678
© 2015 Skybox Security Inc.
Take Context into Account
VisualizeCorrelate, Prioritize
Understand Controls
Security Controls
Access paths
Policy violations
Unauthorized changes
© 2015 Skybox Security Inc.
Attack Simulation to Verify Exploitable Risks
VisualizeCorrelate, Prioritize
Understand Controls
Identify Attack Vectors
High-risk vector
© 2015 Skybox Security Inc.
From the CISO point of view -
First protection, then management
CISO
Endpoints Networks Apps Content Users
SIEM SOAR
EPP IAMDLPApp
SecVPN, FW,
IPSSecurity Protections
• Security
Traditional
Sec Mgmt
Events, Alerts,
Reporting
t
Policy Compliance
SIEM VA NSM
© 2015 Skybox Security Inc.
Update Security Architecture 2016
Incorporate Security Analytics
CISO
Endpoints Networks Apps Content Users
SIEM
EPP IAMDLPApp
SecVPN, FW,
IPS
Traditional Security
Management
Security Protections
Intelligence, Analytics
Visibility, ActionsEvents, Alerts,
Reporting
Next-Gen Security
ManagementSecurity
Analytics
© 2015 Skybox Security Inc.
References
1. Best Practices for Reducing Your Attack Surface
2. 2015 Skybox Enterprise Vulnerability Management
Trends Report
3. Best Practices for Vulnerability Management
4. 2015 Research Sources:
– Skybox Security Vulnerability Research
– 2015 Verizon Data Breach Investigations Report
– Ponemon Cost of Cyber Crime
– Center for Strategic and International Studies
– Gartner: 2015 The Impact of Data Center Transformation on Security