erepublic hawaii dgs 14 presentation information security threatscape_mario balakgie

8/10/2019 ERepublic Hawaii DGS 14 Presentation Information Security Threatscape_Mario Balakgie

1/26

Copyright 2014 World Wide Technology, Inc. All rights reserved.

Cyber Analytics: The New Security Dimension

Mario Balakgie Director Cybersecurity

World Wide Technology, Inc


2/26

Primary Security Challenges for 2014:

As trust erodesand it becomes harder to define which systems and relationsh

are trustworthy and which are notorganizations face several key issues that

undermine their ability to address security with:

1) Greater attack surface area

2) Proliferation and sophistication of the attack model3) Complexity of threats and solutions

Industry Assessment of Challenge

*Source: Cisco Annual Security


3/26

*Source: Verizon Data Breach

Todays Threats

THE VICTIM

It could be you. All

sizes of businesses

and all industries are

at risk of some kind of

security event.

THE TARGET

Mainly payment and

bank data, which can

be quickly converted

into cash. User

credentials are also a

popular target as

gateways to other

kinds of data or

systems.

THE ATTACK

Hacking and malware

are the most popular

attack methods.

Server and user

devices are the main

targets.

Most attacks are

perpetrated by

external actors.

Financially-motivated

criminal gangs are the

dominant type.

THE CULPRIT


4/26

2000The Silver Bullet

Does Not Exist ANTI-VIRUS

CERTIFICATE MGMT

INTRUSION DETEC

NETWOR

FIREWALL

2014

100%Valid credentials used

243Median # of days before

detection

40Average # of systems

accessed

63Victims n

extern

ADVANCED THREATS ARE HARD TO DETECT

TIMELINE OF SECURITY CAPABILITIES


5/26

To achieve a reasonable level of protection, organizations must deploy

defenses against both known and unknown threatsincluding:

ZERO DAY

EXPLOITS

SPEAR

PHISHING

TARGETED

ATTACKS

TIMED

ATTACKS

LURES AND

REDIRECTS

Stopping known threats with current state of blocking and preven

IS NO LONGER ADEQUATE!

Next Generation Techniques and Ana


6/26

Signature Detection Methods are NOT EnThe average timeline for identifying a security breach is

measured in weeks or months.

FULL IDENTITYMANAGEMENT

Who, what device,

connected how a

Full context of

network traffic

PACKET AND LOGCOLLECTION

We must change

the way we view

detection of

threats


7/26

A New Security Approach Is Requi

IT CONTROLLED

PERIMETER-BOUND

PREVENTION

SIGNATURE-BASED

PAST

PLATFORMLAN/Internet Client/Server

PC

TODAY

PLATFORMobile Cloud Big

Mobile Dev

USER-CENT

BORDERLE

DETECTI

INTELLIGENCE

*So


8/26

Shift in Priorities and Capabilities

Todays

Priorities

Prevention

80%

Monitoring

15%

Response

5%

Prevention

80%

Monitoring

15%

Response

5%

Preventio

33%

Intelligence-

Securit

Monitoring

33%

*So


9/26

Why Cyber Analytics Architec Establishes a Flexible Security Model for the Enterprise

Demonstrate Security Best Practices, including:

Security Architecture Design

Governance, Risk, and Compliance Processes and Tools

Packet Capture, Log, and Metadata Generation

Security Analysis, Big Data, and Visualizations

Security Incident Response

Forensics

Multi-vendor Integrated Security Solutions

Competency around Security, Big Data, Data Center, Ne

Wireless, and other technologies


10/26

First Step: Assess your Readiness and Maturity Level

LEVEL 2LEVEL 1 LEVEL 3 LEVEL 4 LEVEL 5

SECURITYCAPABILITIES

RESILIENCE TO THREATS AND VULNERABILITIES

Ad hoc

No formal capabilities

Represents risks

Limited or non-existing

policies

Informal roles

Security practices

present but not

formalized

Established policies

Roles defined

Some accountability

present

Compliance focused

Risks measured

Governance and

process defined

Information centric

approach

Metrics defined

Risk-aware culture

Continuous risk imp

Business owners

Proactive approach

in business, techno

compliance

REPEATABLE

INITIAL

DEFINED

MANAGED

OPTIMIZED

Application of CMMI maturity models to Information Security


11/26

CYBER ANALYTICS

Advanced Cyber Analytics

Correlate

Tune

Eliminate false positives

REPORT

SIEM

MONITOR

BIG DATA PACKETCAPTURE

Tune

Correlate

Eliminate false positives

HIDS/IPS/IDS

Anti-virus

Firewalls

Access Control

Data Loss

Application Control

TRADITIONAL INPUTS ADVANCED


12/26

Cyber Analytics Reference Architecture

INFRASTRUCTUREIT Infrastructure

enterprise netwoNETWORK | COMPUTE | STORAGE

SENSORSSensors capture

forward packets,

netflows, logs, etSECURITY SENSORS | DATA SOURCES

ANALYTICSAnalytics process

data looking for

activities and ano

NEAR REAL TIME | BATCH

AWARENESSDashboards and

provide summarSITUATIONAL AWARENESS

RESPONSE

Rules engines process alerts

and enable automated or

procedural responses

MANAGEMENT

Management tools allow

continuous monitoring,

updates and maintenance


13/26

Improving the

Analytics Cycle

BEFORE

Prepare Enterprise;

Advance Analytics

AFTER

Analyze Anomalies;

Forensic Analysis

ADAPT

Adapt;

Remediate;

Tune

DURINGREPEATABLE

INITIAL

DEFINED

MANAGED

OPTIMIZED

USE CASE


14/26

Security EventStratificationWhat are the most important eve

Which events can I ignore?

Which events are actionable?

What actions should be taken?

USE CASEBIG DATA & ADVANCED

ANALYTICS

USE CASE


15/26

Malware Forecasti

Analysis and ImpacWhat malware currently exists?

Which of my systems are vulnerable?

Which immediate patches or upgrade

Prioritized risk scoring of malware


ANALYTICS

USE CASE


16/26

Exploit and Attack

PredictionWhat are the signs of imminent attac

Where and how would such an attack

Which IT systems are vulnerable?

What would be the impact of such an


ANALYTICS

USE CASE


17/26

Insider ThreatWhat employees are at a security

Who has access to sensitive data

Are they exhibiting anomalous be

Where and when are they accesssystem?


ANALYTICS

USE CASE


18/26

Enterprise Risk

ManagementWhat assets are non-compliant?

What threats exist against those

What has changed in the environ

Where is the sensitive data and waccess?


ANALYTICS

USE CASE


19/26

Incident Managem

and ForensicsWhere did the attacker go?

What was the timeline of the breach?

What was taken?

What was left behind, if anything?


ANALYTICS

USE CASE


20/26

Fraud Detection:

ECommerce CustomWho is a normal user?

What is abnormal behavior?

How do they interact with the system

Where and when are they accessing tsystem?


ANALYTICS


21/26

Key Take Away

Organizations are at risk - likely to b

breached Detect ion is Critical

Multi-Technology / Multi-Vendor Ap

Enterprise Processes and ContinuoImprovement are necessary


22/26

Summary

Cyber Analytics provides:

Multi-vendor integrated architecture for defendetection, response, and continuous improve

Individuals products can be changed

Core functions remain constant

Aligns Enterprise IT, Security and Big Data

Flexibility in Use Case Design and Implemen


23/26


24/26

IT PRODUCTS, SERVICES & SUPPLY CHAIN SOLUTIONS

PROFESSIONAL & ADVANCED SERVICES

PUBLIC SECTOR SERVICE PROVIDER COM

End-to-End Expertise

ADVANCED TECHNOLOGY CENTERARCHITECTURAL SOLUTIONS

NETWORK

Enterprise Campus/Branch

Data Center Networking High-End Routing & Optical

Wireless & Mobility

Software-Defined

Networking

SECURITY

Access Control

Network & Data Protection Security Management &

Analysis

Risk & Compliance

COLLABORATION

Unified Communications

Video Conferencing & Client

Experience

Contact Center

DATA CENTER

Facilities

Information Storage & Backup Compute & Virtualization

Data Center Transformation

Big Data

SUPPLY

Integrati

Global In Staging a

Product

Serial #


25/26

Advanced Technology Center (ATC)

ATC V

To create a

design, bui

and deploy

products an

solutions fo

and employ


26/26

erepublic hawaii dgs 14 presentation information security threatscape_mario balakgie

Documents