Download - SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Transcript
Page 1: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

2017 Cybersecurity Trends: Making Progress by Aiming Ahead of the Target

John Pescatore, SANSDirector, Emerging Security Trends

Chris Carlson, Vice President, Product Management, Qualys

Page 2: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

May You Be Cursed/Blessed to Live In Interesting Times

Page 3: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

Obligatory Agenda Slide

Housekeeping infoHere’s what we will do

– 1:05 – 1:25 Overview – John Pescatore– 1:25 – 1:45 Qualys – – 1:45 – 2:00 – Q&A

Thanks to our sponsor:

Page 4: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

Q & A

Please use GoToWebinar’s

Questions tool to submit

questions to our panel.

Send to “Organizers”

and tell us if it’s for

a specific speaker.

Page 5: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

5© 2017 The SANS™ Institute – www.sans.org

What Should We Learn From the Past Year?

Page 6: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

6© 2017 The SANS™ Institute – www.sans.org

Vulnerabilities Did Slow Down

Source: Microsoft Security Intelligence Report

Page 7: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

7© 2017 The SANS™ Institute – www.sans.org

Damage from Attacks Did Not

Yahoo — Impacted value of sale to VerizonIRS — Get Transcript breachPremier Healthcare — Laptop still not encryptedWendy's — Ever-expanding point-of-sale breachSF Muni — RansomwareDynDNS — Mirai IoT DDoS

Page 8: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

8© 2017 The SANS™ Institute – www.sans.org

Evolution in Targeting and Evasion

Source: Fireeye iSight

Page 9: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

9© 2017 The SANS™ Institute – www.sans.org

Not Just Breaches - Ransomware

Source: Kaspersky

Page 10: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

10© 2017 The SANS™ Institute – www.sans.org

“New” Threat Mechanisms — DNS Tunneling

Source: Infoblox

Page 11: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

11© 2017 The SANS™ Institute – www.sans.org

Critical Infrastructure AttacksThe Seven Most Dangerous New Attack Techniques, and What’s Coming Next

2015 Ukraine Attack Summary

Page 12: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

12© 2017 The SANS™ Institute – www.sans.org

New Forms of Infrastructure Vulnerabilities

Page 13: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

13© 2017 The SANS™ Institute – www.sans.org

Protecting Your Company From the Company It Keeps

Business is increasingly interconnected and interdependent

The bad guys have figured that out

So have the regulators The cloud exacerbates

that trend, additional levels of parties

Page 14: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

Third Parties in the Breach Chain

Source: The Aerospace Corp.

Page 15: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

Mobility and the Cloud

A mobile, distributed workforce is the norm

The cloud exacerbates that trend

The bad guys have figured this out

Visibility and mitigation need to be extended

Source: Citrix

Page 16: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

SaaS Is a Given, PaaS Is Happening, IaaS Is Growing

Nontraditional Application Ecosystems

Good Old Data Center

Data.gov

Wired/Wireless Internet

Page 17: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

The Internet of Vulnerable Things

Page 18: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

“Obviously, some people here do not appreciate the gravity of our situation.”

Increasing Boards of Directors’ Focus

Page 19: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

The Messages Back from Directors“Security people don’t speak our language. In fact, at each briefing they seem to speak a different language.”“The CISO is great at talking about ‘blood in the streets’ but very weak on strategy to avoid disasters.”“We know bad things will happen — the CEO and CFO and VPs inform us of business problems frequently. We want to have confidence that basic competence and strategies are in place to reduce bottom line impact.”“The board is not an ATM — we are not here to give you resources.”“A big part of being believable and building our trust is showing us how we compare to competitors, other industries, some kind of standards or benchmarks.”

Page 20: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

20© 2017 The SANS™ Institute – www.sans.org

Delivering Security Efficiency and Effectiveness

Decrease the cost of dealing with known threats Decrease the impact of residual risks Decrease the cost of demonstrating compliance Reduce business damage due to security failures Maintain level of protection with less EBITDA impact

Increase the speed of dealing with a new threat or technology Decrease the time required to secure a new business application, partner or supplier Reduce incident costReduce downtimeDecrease customer defections Position security as a competitive business factor

Efficiency Effectiveness

Page 21: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

21© 2017 The SANS™ Institute – www.sans.org

Good News: Many Organizations Avoided or Reduced Damage

980 breaches in 2016– What did the other 9,020 of the

F10000 do differently?– (781 in 2015)

On average, 36K records exposed per breach

– What did those that limited breach size do differently?

– (Average = 215K in 2015)Almost invariably, the organizations with the least cyber incident impact have the strongest CISOs and security teams.

Source: Identity Theft Resource Center

Page 22: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

22© 2017 The SANS™ Institute – www.sans.org

Some Things Don’t Change

Sample Red/Yellow/Green Metric

1 23

4

5

6

7

8910111213

14

15

16

17

1819 20

Center for Internet Security Critical Security Controls

PreventionDetection & ResponseIdentity, Access, Governance & Architecture

Page 23: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

23© 2017 The SANS™ Institute – www.sans.org

CISO Hot Topic: Application Security

Problem: Healthcare company needs to reduce threat exposure and bug fix costs across all corporate applications.Solution: Focus on Secure (and Agile!) Software Development LifecycleResults:

– Defect density decreased by 92% for high/moderate vulnerabilities– Apps using secure library increased each month– Threat modeling approach reduced resource time from 40 hours to 2– Overall CDLC productivity increase of 15% estimated

Page 24: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

24© 2017 The SANS™ Institute – www.sans.org

When You Get Back to WorkThreats evolve but still need vulnerabilities to exploit

– Reduce people-attack aperture– Decrease time to detect and mitigate software vulnerabilities

Make sure you are collecting the right security metrics so you can demonstrate value, improvement, danger—and connection to business goals.Take advantage of any transitions coming:

– Moving to Windows 10, cloud services, mobile apps, agile dev, etc.– M&A, re-org, new C-level management– Audit results

Identify high-leverage, short-term basic-security-hygiene win to gain trustGrab a few third rails!

Page 25: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

DevSecOpsBuilding Continuous Security

into IT and Application Infrastructures

Chris CarlsonVP, Product Management

Qualys

Page 26: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Terminology

DevOps Build AutomationContinuous Integration (CI)Continuous Deployment (CD)

Containers

(Docker)Repositor

y

AgileWaterfallAgile-fall

XP

Test Driven

Automation

Page 27: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Waterfall vs. Agile Dev Methodologies

Page 28: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Waterfall vs. Agile Dev Methodologies

Page 29: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Agile (Dev) + Deploy (Ops) Automation

Page 30: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Where do Security Assessments Fit?

Page 31: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Terminology: Shift Left

Page 32: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Apply Shift Left to Security?

Page 33: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Transparent Security or Process Blockers

Page 34: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

DevOps + Security: Friend or Foe?

Page 35: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

“Shift Left” Security

Page 36: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Integrate Security into the CI/CD Process

Page 37: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Shift Left Security – Continuous Security

Page 38: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

DevSecOps – How to Accelerate Usage

Page 39: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

DevSecOps: Docker Containers

Page 40: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Next Steps and What Works

Page 41: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Next Steps and What Works

Page 42: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Next Steps and What Works

Page 43: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

Thank You

Chris [email protected]

VP, Product Management, Qualyswww.qualys.com

Page 44: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

Page 45: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

ResourcesSANS : https://www.sans.org/webcasts/archive/20167What Works: https://www.sans.org/critical-security-controlsSANS SOC – https://www.sans.org/event/security-operations-center-summit-2017Qualys: https://www.Qualys.com/Questions: [email protected]@[email protected]

Page 46: SANS Webcast | 2017 Cybersecurity Trends: Aiming Ahead of the Target to Increase Security

© 2017 The SANS™ Institute – www.sans.org

Acknowledgments

Thanks to our sponsor:

And also to our speaker and to our attendees:

Thank you for joining us today