Your Money or Your Life. Be prepared in the Latest Cyber ... Cyber... · 「罐頭 」般即用的...
Transcript of Your Money or Your Life. Be prepared in the Latest Cyber ... Cyber... · 「罐頭 」般即用的...
© Copyright Fortinet Inc. All rights reserved.
Your Money or Your Life. Be prepared in the Latest Cyber Threat Landscape in 2017 Nick Ng, Team Lead, Presales Consultant
Fortinet Hong Kong and Macau
2
Agenda
1. Security review 2016
2. Cyber Threat Predictions 2017
3. Get prepared for security challenge in 2017
• Security Framework fabrics
• APT Framework overview
3
APTs, Data Breaches Top of Mind
Priority of IT Security Initiatives in 2016 2016
Critical/
High
Priority
2015
Critical/
High
Priority
79% 77%
75% 67%
71% 75%
68% N/A
68% N/A
63% 71%
59% N/A
55% 58%
50% 60%
30%
24%
27%
24%
23%
22%
15%
20%
18%
49%
51%
44%
43%
45%
42%
43%
35%
32%
16%
18%
23%
25%
25%
27%
28%
35%
28%
4%
6%
5%
4%
5%
8%
9%
8%
14%
Pro tec t i on /de tec t ion f o r APTs (advanced pe rs i s ten t t h rea ts )
Enc ryp t i on o r DLP
Next -Gene ra t i on F i rewa l l
I n te rna l Ne two rk Segmen ta t i on secu r i t y (Ze ro Trus t , i n te rna l f i r ewa l l s )
So f twa re De f i ned Ne two rk Secu r i t y
P r i v i l eged use r access
BYOD and IoT management
Regu la t i ng on l i ne se rv i ces ( shadow IT)
Ou tsou rc i ng secu r i t y se rv i ces
Critical priority High priority Moderate priority Low priority Not a priority
Source: IDG Research, January 2016
4
Organisations breached in the last 12 Months
Has your organization experienced at least one security breach over the past 12 months?
Yes, 71%
No, 27% I don't know, 2%
HK
Yes, 59%
No, 38%
I don't know, 3%
APAC
International survey conducted in 13 territories in July-August 2016
1,399 qualified IT decision makers
5
News about Ransomware and Advanced Threat
【on.cc東網專訊】 黑客入侵大公司電腦的手法五花八門。有黑客向大公司人事部「埋手」,假扮應徵者呈交的履歷(CV檔案),人事部不為意打開檔案即中招;有黑客更入侵CEO(公司行政總裁)的電腦,借CEO名義以電郵指示秘書或生意夥伴將款項存入另一銀行戶口。黑客近年亦愈來愈聰明,甚至可破解防毒軟件及防火牆,令人防不勝防。
星島日報 – 2016年9月27日星期二上午6:11
亦有黑客在網絡「暗網(Deep Web)」,黑市買賣像「罐頭」般即用的電腦勒索程式,「付款後直接download(下載)就用得,毋須像以往再打十萬個code(碼)。」
RAAS
6
News about Ransomware and Advanced Threat
【on.cc東網專訊】 「如果你24小時內唔交贖款,我會每個鐘頭delete(刪除)你一個file(檔案)!」「網上綁架」犯案手法層出不窮,綁匪最近更玩「心理戰」,掌握受害人弱點,利用最新勒索軟件JIGSAW犯案,當受害人親眼目擊檔案每小時被逐一刪除,心裏焦急萬分,自然會立即就範繳付贖款;另有綁匪「扮好心」解除受害人部分被鎖檔案,博取受害人信任,令受害人相信只要繳交贖款便可「贖回」餘下資料,結果上當。
警方數字顯示,今年首7個月共接獲674宗「非法進入電腦系統」案件,較去年同期的747宗下跌,但涉及金額則高達13億港元,較去年同期的7.7億港元大幅上升近七成,當中不少涉及「網上綁架」案件,單一宗最大損失的案件涉款更高達數億港元。
7
Monthly Top 3 Ransomware Activity Q3 2016
0
5000
10000
15000
20000
25000
30000
35000
40000
2016/07 2016/08 2016/09
Cerber CryptoWall Locky
How to protect yourself
Three simple rules...
9
Rule 1: Avoid Infection
Be Aware and Smart to the danger
» Do not attempt to open email attachments without being sure
» Beware of links to websites in emails or social media
Keep software & signature updated
» Exploit kits use vulnerabilities in software for which updates are usually available
Use a reputable security solution
» Host antivirus
» Multiple Defense layer required
Antivirus / Botnet protection
Intrusion Prevention
IP Reputation
URL Filtering
» Sandboxing to detect zero-day malware
10
Rule 2: Back up your files
Backup are important
» Not just for ransomware!
Ensure to keep several restore point
» Please… do not backup ransomware encrypted file then overrided your old backup…
» Provide security safe to your backup
DO NOT back up on same harddisk
» Most ransomware will delete local restore point and backup
DO NOT back up on network file shares
» Ransomware will ensure network connected drive as well..
DO NOT back up to a connected external hard drive and then leave it connected
11
Rule 3: Respond to the infection
If you are infected
» Disconnect all "Wired" and "Wireless" network connections
» Report to your IT Support immediately
» They will not help you clean up … but may prevent more ppl infecting…
» Seek help from security consultant and/or product vendors, such as Fortinet
If you paid the ransom
» God bless you can get back your files…
» Remember perform a full Antivirus check after decryption
» Re-install everything… cyber criminal may come back for more later
If you have a backup
» Best is to completely reinstall the device software
» Re-install the OS, then restore the data
Cyber Threat Predictions 2017
13
Cyber Threat Prediction #1
AUTOMATED AND
HUMAN-LIKE ATTACKS
WILL DEMAND MORE
INTELLIGENT DEFENCE
Threats getting smarter and
increasingly able to operate
autonomously
AI or “human-like” malware designed
with adaptive, success-based
learning to improve the success and
efficacy of attacks
Growth of cross-platform
autonomous malware designed to
operate on and between a variety of
mobile devices
FROM SMART TO SMARTER:
IMPACT: Autonomous malware that are designed to proactively spread between platforms
can have a devastating effect on our increasing reliance on connected devices
to automate and perform everyday tasks.
14
Cyber Threat Prediction #2
IoT manufacturers will be held accountable
for security breaches
IoT is a cornerstone of the digital revolution, however IoT
manufacturers have flooded the market with highly insecure
devices
More IOT devices are headless, which means users can’t
add a security client or even effectively update their software
or firmware
Demand for creation and enforcement of security standards,
from consumers, vendors and other interest groups
IMPACT: If IoT manufacturers fail to secure their devices, consumers may begin to hesitate to buy.
IoT manufacturers need to take immediate and direct action, or suffer economic loss
and become targets of legislation
15
Cyber Threat Prediction #3
The weakest link in cloud security is the millions of
remote devices accessing cloud resources
Increasing attacks targeting IoT devices with over 20
billion IoT devices online by 2020, versus one billion
PCs
Expect to see attacks designed to compromise this
trust model by exploiting endpoint devices, resulting in
client side attacks that can breach cloud providers
20 billion IoT and endpoint devices are
the weakest link for attacking the cloud
IMPACT: Cloud –based storage has expanded the potential attack service. Cloud providers need to
design networks with Layer 2 and 3 security technologies to segment the cloud between users,
control access, and protect the cloud providers’ internal network from their public offering
16
Cyber Threat Prediction #4
Hackers will target the growing number of building
automation and management systems
Like with the IoT DDoS attacks, these exploits will
likely be blunt instrument attacks at first, such as
shutting down a building’s systems
Attacks will grow more sophisticated – potential for
holding a building for ransom by locking the doors,
shutting off elevators, rerouting traffic, or
turning on the alarm system
Attackers will begin to turn up the heat
in smart cities
IMPACT: Potential for massive civil disruption if integrated systems are compromised.
Trends point towards more interconnected critical infrastructure, such as
emergency services, traffic control, and IoT devices (such as self-driving cars)
17
Cyber Threat Prediction #5
Automated attacks introduce an economy of
scale to ransomware
Hackers can cost-effectively extort small
amounts of money from multiple victims
simultaneously, especially by targeting
online IoT devices.
Expect focused attacks against high-profile
targets, such as celebrities, political figures, and
large organizations
Healthcare organizations are also a key target.
Patient records and human data cannot be so
easily replaced as credit cards
Ransomware was just the
gateway malware
IMPACT: Ransomware affects everyone. Consumers will be reluctant to adopt new connected devices if
safety is not assured. Organizations must secure networks and
need to be held accountable for protecting sensitive information and human data.
18
Cyber Threat Prediction #6
The current shortage of skilled
cybersecurity professionals means that
many organizations looking to
participate in the digital economy will do
so at great risk
Predict that savvy organizations will
turn to security consulting services that
can guide them through the labyrinth of
security
Or to managed security services
providers, like MSSPs, who can provide
a turnkey security solution
Technology will have to
close the gap on the
critical cyber skills
shortage
IMPACT: In today’s digital economy, businesses need to connect online or die. But many organizations
internally lack specialised staff with professional skills to protect their systems.
Security vendors need to rethink their traditional, siloed approach to developing security tools.
Get prepared for security in 2017~
20
First, categorize your security needs
Gateway Security
Security
Operations
FortiAnalyzer FortiManager FortiSIEM
FortiGate
ISFW
VDOM
Secure Access
FortiSwitch
FortiAP
FortiClient
FortiAuthenticator
APT Protection
FortiSandbox
FortiMail
FortiWeb
FortiGate
FortiClient
Application Security
FortiMail
FortiWeb
FortiADC
Security Framework Fabrics
22
Next Security Framework FABRIC
The Security Fabric is the vision that delivers on the promise of Security without
Compromise: Intelligent, Powerful and Seamless
Advanced Threat
Intelligence
Access
Client Cloud
Partner API
NOC/SOC
Network
Application
23
Intelligent security is AWARE The Security Fabric provides complete visibility, enabling network segmentation
VISIBILITY SEGMENTATION AUTOMATED
OPERATION
Single pane of glass for
full Fabric-wide policy
control
Create network
segments by trust
level
All infrastructure
including endpoints,
network, data center,
cloud and data
AWARE
24
Powerful security is SCALABLE The Security Fabric scales from IoT to the cloud
ENDPOINT CLOUD ACCESS BRANCH CAMPUS
& DATA
CENTER
Embedded
Security Endpoint Security
Private
Hybrid
Public
Multi-SPU
Powered SPU
Powered
SCALABLE
SoC
NP CP
25
Seamless security is ACTIONABLE The Security Fabric provides cooperative security alerts, recommendations and audit reports
5
Critical 5
Medium 4
Advisory 3
Rank Severity Recommendation
Zero-Day Vulnerability
Not Connected to Fabric
Logging Disabled Regulatory Template,
i.e. PCI
FABRIC ELEMENT
ALERT
AUDIT REPORT
ACTIONABLE
26
FortiView - Security Fabric
Consolidated views across Security Fabric
Present consolidated data from itself and its downstream FortiGates
Available on all views
Consolidated data across connected FortiGates
ISFW
VDOM
FortiGate FortiGate
27
Compliance – Security Fabric Audits
Audit Reporting and
Remediation
Simplified best practice
and security fabric
implementations
28
Compliance – Endpoint Vulnerability Scan
FortiView Scan
Status
Present information
regarding detected
vulnerabilities on
FortiClients
29
NSS Labs Next Generation Firewall (Apr 2016)
“A Recommend rating from NSS Labs indicates
that a product has performed well and deserves
strong consideration.”
Recommended
FortiGate-3200D
APT Framework overview
31
The comprehensive APT solution from
Edge to EndPoint
FortiGuard Lab
FortiGuard Services
FortiGate
FortiMail
FortiWeb
FortiClient
FortiSandbox
Turn the unknown into the known for prevention
Complete your APT Framework
Sandbox
NGFW
EndPoint
Cloud WAF
Email Security
32
NSS Labs Breach Detection System (Aug 2016)
Recommended
FortiSandbox 3000D
“A Recommend rating from NSS Labs indicates
that a product has performed well and deserves
strong consideration.”
33
FortiSandbox
FortiMail
FortiManager
FortiAnalyzer
HK Data Center
FortiWeb
Fortigate
Fortigate
Fortigate
Fortigate
Fortigate
Fortigate
HK
Real Time Security Patching across Distance
34
FortiSIEM Centralize NOC SOC log consolidation Visual Security & Operational Intelligence
35
“ We take care of security so you can take
care of business.
“ Ken Xie
CEO & Chairman of the Board