information security challenges and strategies for 2007+
DESCRIPTION
Information Security Challenges and Strategies for 2007+. Mark Bouchard, CISSP Missing Link Security Services, LLC [email protected]. Agenda. data center. B. A. D. Enterprise IT What’s hot, what’s not, and what could be Enterprise Security Threat and Vulnerability Trends - PowerPoint PPT PresentationTRANSCRIPT
Information Security Information Security Challenges and Strategies for Challenges and Strategies for
2007+2007+
Mark Bouchard, CISSPMissing Link Security Services, LLC
Missing Link Security ServicesTM
2
AgendaAgenda
Enterprise IT What’s hot, what’s not, and what could be
Enterprise Security Threat and Vulnerability Trends Communications vs. Content Countermeasures: what’s hot, what’s not
In Focus: Threat & Vulnerability Management Bits and pieces The emergence of the Enterprise TVM System
Summary & Conclusions Call to action
data center
AB D
Missing Link Security ServicesTM
3
Enterprise IT – Part 1Enterprise IT – Part 1
Virtualization Objective: efficient resource
utilization Implication: complicates monitoring
VoIP Objective: reduced costs Implication: more stuff to secure
SOA / Web services Objective: flexible, re-usable
modules Implication: less structured comms
Software-as-a-Service (SaaS) Objective: faster; lower TCO Implication: more/bigger Internet
connections
61% security breaches
55% acts of terrorism
40% corp. malfeasance
21% product recalls
19% workforce violence
Executive Concerns
(Source: Harris Interactive, n= 197)
Missing Link Security ServicesTM
4
Enterprise IT – Part 2Enterprise IT – Part 2
What’s Not Hot Budgets
• Flat to slightly positive; but also focusing on cost cutting
RFID• Pockets only
Vista (and Office 2007)• ~64% say “not in 2007”
(source: Deutsche Bank Equity Research)
What Could Be Hot Think consumer/personal
crossovers• Video (e.g., in retail banking)• 3D Graphics (e.g., in education)• Intranet blogging, etc
WAN optimization
Computerized stereolithograph skull of a
2000 year old Egyptian mummy
Missing Link Security ServicesTM
5
AgendaAgenda
Enterprise IT What’s hot, what’s not, and what could be
Enterprise Security Threat and Vulnerability Trends Communications vs. Content Countermeasures: what’s hot, what’s not
In Focus: Threat & Vulnerability Management Bits and pieces The emergence of the Enterprise TVM System
Summary & Conclusions Call to action
data center
AB D
Missing Link Security ServicesTM
6
The Threat LandscapeThe Threat Landscape
Greater volume of threats Change in hacker motivation Exploit development tools Modularity of threats
Faster creation of threats V-to-E window is shrinking
Fast propagation of threats Stable, but still not great
More elusive than ever! Blended becoming status quo Greater variety of threat types Attacking higher up the stack Increasingly targeted
280
90
25 10 <5
0
50
100
150
200
250
300
'01 '02 '03 '04 '05
(Approximate. Various sources.)
Vulnerability to Exploit (avg. in days)
2006: <3 days
Missing Link Security ServicesTM
7
The Vulnerability LandscapeThe Vulnerability Landscape
Greater volume of vulns 2,249 new vulns in 1H06; up 18% 80% are “easily exploitable”
Vuln drivers Expanding/complex tech portfolio Adoption of mobility solutions More web applications Window of exposure Availability of fuzzing tools
Implications Better asset management Greater efficiency in mature areas More flexible security solutions
Average Days From Vulnerability to Patch
(Source: Symantec ISTR Vol. IX)
0
10
20
30
40
50
60
70
2H04 1H05 2H05
40
64
49
Missing Link Security ServicesTM
8
Communications vs. ContentCommunications vs. Content
OSI Reference Model (Layers 1-
7)
CommsServices
Content & Biz Logic
Physical
Data Link
Network
Transport
Session
Presentation
Application
Utility App
Business App
Data
1
7
6
5
4
3
2
Additional ‘Real-World’
Layers (i.e., > 7)
There are many tools that provide “app layer” protection Deep inspection firewalls Intrusion prevention systems
But what does “app layer” really mean? Layer 7 = application “services” Layer 7 ≠ utility app logic Layer 7 ≠ business app logic Layer 7 ≠ data
Better model/approach Communications protection Content protection
Missing Link Security ServicesTM
9
Layer 8+ Security SolutionsLayer 8+ Security Solutions
Web application firewalls Mostly covering layer 9 Mostly positive model Challenging to implement Do not alleviate need for TVM PCI DSS v1.1, Requirement 6.6
Database “firewalls” Mostly covering layer 10 (?)
• SQL injection attacks
Shouldn’t be necessary• Other protection features tip the
scale
Examples:• Application Security, Guardium,
Imperva
Missing Link Security ServicesTM
10
Data (Layer 10) Security SolutionsData (Layer 10) Security Solutions
Information leak prevention Driven by privacy and
compliance Multi-channel issue
• Dubious breakdown/stats Low effectiveness, very high
cost
Disk encryption Response to laptop loss/theft Not just file Intersection of two themes
Mobile/endpoint security One of the weakest links Configuration mgmt vs security Microsoft is rising fast
Key ILP Contenders
Missing Link Security ServicesTM
11
Not So HotNot So Hot
Network Admission Control Cluttered market Slow roller Is it what you really want?
Identity Management Becoming background “noise” Policy/authorizations bigger deal
Compliance Fatigue Foundations are in place
De-perimeterization Poor term for relatively good ideas Pervasive perimeterization instead
NAC: NetworkAdmission Confusion
Missing Link Security ServicesTM
12
AgendaAgenda
Enterprise IT What’s hot, what’s not, and what could be
Enterprise Security Threat and Vulnerability Trends Communications vs. Content Countermeasures: what’s hot, what’s not
In Focus: Threat & Vulnerability Management Bits and pieces The emergence of the Enterprise TVM System
Summary & Conclusions Call to action
data center
AB D
Missing Link Security ServicesTM
13
Evolution of Threat & Vuln Mgmt - Evolution of Threat & Vuln Mgmt - 11
Threat Management Hot: better visibility Med: policy enforcement Cold (still): automated response
Vulnerability Management Hot: remediation Med: penetration integration Cold (still): asset integration
Log management Why is it so hot?
The emergence of TVM Lifecycle approach Systems approach Services approach
AfterAttack
BeforeAttack
DuringAttack
Time/Value of Impact
•Analyze•Recover•Respond
•Police•Protect
•Detect•Interdict
Must Have Full Coverage
Missing Link Security ServicesTM
14
Evolution of Threat & Vuln Mgmt - Evolution of Threat & Vuln Mgmt - 22
Vuln.Detection Context
ThreatDetection
Analyzers
Vuln. Knowledge
Threat Knowledge
Remediation
Policy Enforcement Interdiction
Forensics
Environment
Behavior
Identity
Act
ive
Pas
sive
Pen
. T
est
Sign
atu
res
Heu
rist
ics
An
omal
ies
Missing Link Security ServicesTM
15
AgendaAgenda
Enterprise IT What’s hot, what’s not, and what could be
Enterprise Security Threat and Vulnerability Trends Communications vs. Content Countermeasures: what’s hot, what’s not
In Focus: Threat & Vulnerability Management Bits and pieces The emergence of the Enterprise TVM System
Summary & Conclusions Call to action
data center
AB D
Missing Link Security ServicesTM
16
Summary & ConclusionsSummary & Conclusions
Call to Action Be prepared to account for and secure other IT initiatives Be prepared for threat and vulnerability trends by
establishing:• Comprehensive functional coverage• Comprehensive logical coverage• Comprehensive physical coverage
Plan to embrace the most promising countermeasures• Web app firewalls, disk encryption, network behavior
analysis• Others: unified threat management, managed security
services Be wary of less mature (/more complex) “solutions”
• NAC, information leak prevention, de-perimiterization Embrace the concept of a TVM System
• Components first; integrated system soon