conventional defenses + unconventional adversaries ??? joshua corman director of security...
TRANSCRIPT
![Page 1: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/1.jpg)
![Page 2: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/2.jpg)
Conventional Defenses+
Unconventional Adversaries
???Joshua Corman
Director of Security IntelligenceAkamai Technologies
@joshcorman
![Page 3: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/3.jpg)
Joshua CormanDirector of Security Intelligence
Akamai Technologies
@joshcorman
![Page 4: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/4.jpg)
Akamai Confidential ©2011 AkamaiPowering a Better Internet
About Joshua Corman• Director of Security Intelligence for Akamai Technologies
• Former Research Director, Enterprise Security [The 451 Group]• Former Principal Security Strategist [IBM ISS]
• Industry Experience:• Expert Faculty: The Institute for Applied Network Security (IANS)• 2009 NetworkWorld Top 10 Tech People to Know• Co-Founder of “Rugged Software” www.ruggedsoftware.org
• Things I’ve been researching:• Compliance vs Security• Disruptive Security for Disruptive Innovations• Chaotic Actors• Espionage• Security Metrics
4
![Page 5: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/5.jpg)
Relative Risk
Replaceability
Irreplaceable Highly Replaceable
Human Life Intellectual Property PHI Credit Cards
![Page 6: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/6.jpg)
2011 VZ DBIR
Mission Accomplished (no, not really)
![Page 7: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/7.jpg)
Key Points from 2011 VZ DBIR
All-Time High # of Incidents
All-Time Low # of Breached Records
Higher Value Records
All but one thing got worse
MOST cases SMB
![Page 8: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/8.jpg)
Non-CCN Asset Type Breakdown
2009141 incidents
2010761 incidents
Delta
Intellectual Property 10 41 + 31
National Security Data 1 20 + 19
Sensitive Organizational 13 81 + 68
System Information ZERO 41 + 41
![Page 9: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/9.jpg)
2010 Unholy Trinity:• Google.cn and Operation Aurora• Stuxnet• Bradley Manning/WikiLeaks (and Operation Payback)
2011:• Anonymous• EMC/RSA SecurID• Sony’s Punishment Campaign• LulzSec• Lockheed• IMF
![Page 10: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/10.jpg)
![Page 11: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/11.jpg)
RSA 2011PechaKucha Happy Hour
20 Slides x 20 Seconds(6 min 40 sec)
Joshua Corman@joshcormanResearch DirectorEnterprise Security
![Page 12: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/12.jpg)
PechaKucha Happy Hour
Why Zombies Love PCI:or “No Zombie Left Behind Act”
Joshua CormanResearch DirectorEnterprise SecurityThe 451 Group
SPEAKER:
![Page 13: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/13.jpg)
Why Zombies?
Hungry
Persistent
1 at a time vs…
![Page 14: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/14.jpg)
Zombies ++
14RSA Conference 2011
![Page 15: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/15.jpg)
Is PCI The No Child Left Behind Act for Information Security?
Early Adopters Mainstream Laggards
15
![Page 16: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/16.jpg)
When “good enough”… isn’t
16
![Page 17: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/17.jpg)
It’s all about Zombies
![Page 18: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/18.jpg)
It’s all about Zombies
![Page 19: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/19.jpg)
EvolvingThreat
EvolvingCompliance
EvolvingTechnology
EvolvingEconomics
EvolvingBusiness
CostComplexity
Risk
Disruptive Changes
19
![Page 20: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/20.jpg)
Evolving Threat:Adaptive Persistent Adversaries
![Page 21: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/21.jpg)
Fear the auditor more than the attacker
21
![Page 22: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/22.jpg)
We broke the Information Security Market
EvolvingThreat
EvolvingCompliance
EvolvingTechnology
EvolvingEconomics
EvolvingBusiness
CostComplexity
Risk
HIPAAHITECH
SOXGLB
![Page 23: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/23.jpg)
![Page 24: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/24.jpg)
Thriller
24
1984 1994 2004 2014?
Sony Walkman Sony Discman iPod ?
?Signature AV Signature AV Signature AV Signature AV
![Page 25: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/25.jpg)
25
94%
89%
0%
![Page 26: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/26.jpg)
26
![Page 27: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/27.jpg)
Defensible Infrastructure
Survival Guide/Pyramid
www.ruggedsoftware.org
![Page 28: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/28.jpg)
Defensible Infrastructure
Operational Discipline
Survival Guide/Pyramid
![Page 29: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/29.jpg)
Defensible Infrastructure
Operational Discipline
Situational Awareness
Survival Guide/Pyramid
![Page 30: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/30.jpg)
Defensible Infrastructure
Operational Discipline
Situational Awareness
Countermeasures
Survival Guide/Pyramid
![Page 32: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/32.jpg)
Evolving Threat: Adaptive Persistent Adversaries
![Page 33: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/33.jpg)
![Page 34: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/34.jpg)
Anonymous
![Page 35: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/35.jpg)
An Alignment Chart
![Page 36: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/36.jpg)
Anon Unmasked? (Alleged Participants)
![Page 37: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/37.jpg)
APT
![Page 38: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/38.jpg)
You must be *this* tall to ride…
![Page 39: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/39.jpg)
Moore’s Law
Moore’s Law:
Compute power doubles every 18 months
HDMoore’s Law:
Casual Attacker Strength grows at the rate of MetaSploit
![Page 40: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/40.jpg)
1 2 3 4 5 6 7 8 9 10 110
20
40
60
80
100
120
Security InvestmentCasual SuccessAnon/Lulz SuccessAPT?APA SuccessQSA
HDMoore’s Law
Attacker Drop-Offs: Casual
![Page 41: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/41.jpg)
1 2 3 4 5 6 7 8 9 10 110
20
40
60
80
100
120
Security InvestmentCasual SuccessAnon/Lulz SuccessAPT?APA SuccessQSA
Attacker Drop-Offs : QSAs
![Page 42: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/42.jpg)
1 2 3 4 5 6 7 8 9 10 110
20
40
60
80
100
120
Security InvestmentCasual SuccessAnon/Lulz SuccessAPT?APA SuccessQSA
Attacker Drop-Offs: APTs/APAs
![Page 43: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/43.jpg)
1 2 3 4 5 6 7 8 9 10 110
20
40
60
80
100
120
Security InvestmentCasual SuccessAnon/Lulz SuccessAPT?APA SuccessQSA
Attacker Drop-Offs: Chaotic Actors
![Page 44: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/44.jpg)
Does it matter?
Top Threat Action Types used to steal INTELLECTUAL PROPERTY AND CLASSIFIED INFORMATION by number of breaches - (excludes breaches only involving payment card data, bank account information, personal information, etc)
Was #18 in overall
DBIR
![Page 45: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/45.jpg)
Compare and contrast
QSACasual
AttackerChaotic Actor
APT/APA
Asset Focus CCNs CCNs… Reputation, Dirty
LaundryDDoS/
Availability
IP, Trade Secrets, National Security
Data
Timeframe Annual Anytime Flash Mobs Long Cons
Target Stickiness NA LOW HIGH HIGH
Probability 100% MED ? ?
“Impact” Annual $ 1 and done Relentless Varies
![Page 46: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/46.jpg)
Early Adopters Mainstream Laggards
YouAre
Here
Case Study: Zombie Killer of the Week?
![Page 47: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/47.jpg)
Case Study: Zombie KillerLanCope
BigFix (IBM)
NetWitness (RSA)
Fidelis XPS
HBGary
FireEye
ArcSight (HP)
Defensible Infrastructure
Operational Discipline
Situational Awareness
Countermeasures
A real use case of 'better security' in the face of adaptive adversarieshttp://www.the451group.com/report_view/report_view.php?entity_id=66991
![Page 48: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/48.jpg)
Which classes of adversaries are we likely to face?
Which assets are most at risk as a consequence?
How tall do we need to be?
Table Top Exercises
An ounce of prevention?
Recovery may not be technical…
Failing Well
![Page 49: Conventional Defenses + Unconventional Adversaries ??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman](https://reader038.vdocument.in/reader038/viewer/2022103022/56649cf35503460f949c0ff8/html5/thumbnails/49.jpg)
Q&AJoshua Corman
Director of Security Intelligence, Akamai Technologies
@joshcorman
@RuggedSoftware