Why Outsourcing Information Security Can Help You Avoid...
Transcript of Why Outsourcing Information Security Can Help You Avoid...
Why Outsourcing Information Security Can Help You Avoid Cyber-Attacks
NTT Security
Christopher CamejoDirector of Produce Management - Threat Intelligence
28 March, 2018
Christopher Camejo-Confidential-Draft-v0.2
Christopher CamejoWhy Outsourcing Information Security Can Help You Avoid Cyber-Attacks
© 2018 NTT Security
Common threats
Latest attack trends
Managed Security ServicesCosts and Benefits
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Contents
© 2017 NTT Security
Common Threats
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
© 2018 NTT Security
Attack Profiles
Opportunists
• They’ll take whatever falls off the table
Targeted Attacks
• They’re coming for you and you have no idea until it’s too late
28 March, 2018
© 2018 NTT Security
• Payment card/insurance fraud, blackmail
• Botnets, spam, DDoS, mining, ransomwareCriminal
• National level intelligence activities
• Political/media/industrial espionage/sabotageEspionage
• Politics and vigilante justice
• Maximum embarrassmentHacktivism
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Attackers
© 2018 NTT Security
• Contractors
• Remote support
Who has access to your network?
• Partners
• Cloud services
Where does data leave the network?
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
3rd parties
Almost 75% of respondents:Third party partners would play a highly important or critical role in their businesses, up from 60% the year before
Deloitte’s 2016 Third Party Governance and Risk Management (TPGRM)
© 2018 NTT Security
Average Cost per incident to address and resolve correlates
with business size:
1,000-5,000 employees and contractors: ~$2 million per incident
>75,000 employees and contractors: ~$7.8
million
Insider breaches mostly unintentional
25% overtly hostile
75% accidental, negligent, or against
policy
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Insider Threats
© 2017 NTT Security
Attack Trends
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
© 2018 NTT Security
•Research from specific threats
•Recent publicly-disclosed breaches and recommendations on how to mitigate and prevent similar attacks
•Malicious actor tactics, techniques and procedures (TTPs)
Findings:
•NTT Security researchers
•Open source intelligence tools
•NTT Honeypot network
•NTT Security’s Managed Security Services (MSS) platforms
Sources:
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
NTT Security Threat Intelligence Reports
© 2018 NTT Security
Q2 -> Q3:
24% increase in events
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Targeted industries
© 2018 NTT Security 28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Attack Trends
>40% increase in malware and phishing
• Reconnaissance in Q1/2, running in Q3/4
• Increased dependency on botnets, phishing, malicious attachments/links
Web app/application specific vulnerabilities: 80% targeted or affected vulnerabilities in Microsoft Edge
© 2018 NTT Security
49% of vulnerabilities targeted in September related to Apache Struts
CVE-2017-5638 heavy in both reconnaissance and targeted attempts prior to the Equifax breach
Spike in attacks on CVE-2017-5638 4 days after Apache Struts announced involvement in Equifax breach
NTT Security detected attack attempts almost immediately after other high-risk vulnerabilities reported
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Apache Struts Targeting
© 2017 NTT Security
Attack Source Countries
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
US in a league of its own for final attack base (63%)
© 2018 NTT Security
•Emotet
•Ursnif
Banking Trojans:
•Locky ‘lukitus’ 2
Ransomware:
•Trickbot
Dual Ransomware/Banking Trojan payload:
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Finance Deep Dive
HTTP brute-forcing financial websites
Attempts to inject malicious iFrames
42% increase in phishing followed by malware
© 2017 NTT Security
Outsourcing Information Security
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
© 2017 NTT Security
Preparing for the next attackOverall security strategy and effectiveness.
Am I spending my security resources in the right way?
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Tactical
Strategic
OperationalThreat actor motivations and campaigns.
Am I a target this week and what should I do about it?
Day to day network monitoring and incident response.
What’s happening on my network and is it bad?
© 2018 NTT Security
Risk Assessment CompliancePolicy/Procedure
DevelopmentInitial and Ongoing
Training
Inventory, Configuration,
Patch Management
User Management SDLC management
Vulnerability Assessment and
Penetration Testing
Threat Intelligence Collection
Monitoring (SOC) Incident Response Forensics
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Essential Functions
© 2018 NTT Security
Monitoring
28 March, 2018
© 2018 NTT Security
Options
Ignore it
Deal with it
Get help
28 March, 2018
© 2018 NTT Security
The Human Element
28 March, 2018
Tuning and Response
© 2018 NTT Security
Resources
24x73 shifts
Days offSick daysVacationTurnover
5 FTEs minimum
28 March, 2018
$495,950 per year
• 4x Security Operations Engineer $73,000
• Senior Security Operations Engineer $89,500
• +30% Benefits: $114,450
© 2018 NTT Security
Talent
28 March, 2018
Hiring
Retaining
Skills
© 2018 NTT Security
Options
Managed Detection and Response (MDR)
Managed Security Service (MSS)
Managed SIEM
Security Information and Event Management (SIEM)
28 March, 2018
Your Resources
3rd Party Resources
© 2018 NTT Security
Economies of Scale
• Personnel
• Software licensing
• Infrastructure Maintenance
Side Benefits
• Shared Threat Intelligence
• 3rd Party Monitoring
• Real-time
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
MSS Perks
© 2018 NTT Security
•What can MSS provide to reduce risk and liability?Current risk appetite and liability
limitations for a breach
•What can MSS provide by supplying additional metrics to increase the visibility?
Current metrics used to measure success of preventing a breach
•How can MSS provide reporting that will validate the effectiveness of the existing security controls?
What reporting is done on the effectiveness of the company’s security
controls
•How will MSS be able to address the limited resources available when trying to build an internal security organization?
Boards are concerned about the skill shortage and the ability to attract and
retain critical skills
•Can MSS provide a cost analysis identifying the delta between building the services internal versus outsourcing?
Is the Company spending increasingly higher amounts on resources and the tools
to mitigate their risks
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Questions:
© 2018 NTT Security
•How will MSS become an extension of the Company’s security department and integrate their expertise with the Company?
Should the company focus their resources on security commodity areas, or use those resources
to focus on what the business does best
•How can MSS assist a company in reducing the regulatory audit response burden? The Company and Boards have more regulatory
and audit requirements across multiple jurisdictions
•What can MSS provide to ensure that threat intelligence, threat management, attack vectors, and threat actor information is provided on a continual basis to help the company be proactive and reduce their risk?
How will the company stay current on changing threats and the threat landscape
•What will MSS provide to address 24 by 365 monitoring of assets?Does the Company have 24-hour monitoring of
their assets today and do they plan do have that function in the future
•How will MSS provide incident response as an integrating function with the company’s business process?
What incident response capability does the company have in place
28 March, 2018Christopher Camejo-Confidential-Draft-v0.2
Questions:
Evaluation How-to:
▪ Your feedback drives
SIG Event content
▪ By signing and
submitting your
evaluation, you are
automatically entered
into a prize drawing
Why?
From the App
1. Select Sessions
2. Select Day
3. Select Session S17
4. Click on Clipboard Icon
How?
COMPLETE &
SUBMIT EVAL
Session # 17
Christopher Camejo
Tweet: #SIGspring18
Download the App: sig.org/app
Why Outsourcing Information Security Can
Help You Avoid Cyber-Attacks
Thoughtonomy
Have an idea or want to present?
If yes, please take a moment and submit your name and idea here:
www.sig.org/present