pharming > 50% of all pcs compromised application attacks botarmies/ddos 2 organized cyber-crime...
TRANSCRIPT
• Pharming• > 50% of all PCs
compromised• Application Attacks• BotArmies/DDOS2
• Organized Cyber-crime Ecosystem• Hacktivism • Cyber Terrorism
• Phishing• Identity Theft • OS Hacking• BotNets/DDOS• Cyber Criminals• Script Kiddies
• Nothing short of game-change innovation can stem this rising tide
• Seems everything changes, everyday
THREATS ARE ESCALATING AT A NEAR EXPONENTIAL RATES
THE NEW CYBER COMMAND IS STILL VERY YOUNG AND DOES NOT YET HAVE A BASE OF OPERATIONS
Needs a good home
PUBLIC AWARENESS IS LARGELY ABSENCE DRIVEN BY UNCONNECTED AND ONE-OFF DRAMATIC EVENTS.
MANY IN THE MEDIA LACK A THOROUGH UNDERSTANDING OF THE
ISSUES“Estonia Sending Cyber Defense Experts to Georgia”
Network World
SUMMARIZING THE CONTEXT
THREATS ARE ESCALATING AT AN ALARMING RATE PUBLIC POLICY HAS GENERALLY FAILED US GOVERNMENT ACTION HAS BEEN INADEQUATE MEDIA/PUBLIC IS AT BEST CONFUSED ABOUT
CYBER THREATS TECHNOLOGY HAS PROVIDED LITTLE MORE THAN
A BAND-AID MANY BELIEVE CYBER-CRIMINALS HAVE ALMOST
MYSTICAL POWERS
MOST CYBER-SECURITY CONVENTIONAL WISDOM ATTEMPTS TO MODEL OUR CYBER DEFENSES BASED ON TRADITIONAL DEFENSE IN DEPTH IMPLEMENTATIONS
Calsten Fortress c. 1600’s, Marstrand, Sweden
CHANGING THE GAMEThe digital warrior
A FUNDAMENTAL CHANGE IN TACTICSPRINCIPLES OF A RESILIENT CYBER DEFENSE
1. IT’S TOO EASY TOO BE HARD!
Where: 80%+ of all successful cyber-attacks exploit vulnerabilities in four categories;
none require rocket science to fix Input validation, poor coding technique – business logic, authentication and access
control, device hardening – patching, secure baselines Building in security is 60 times less expensive that bolting-on later
Up-level security in SDLC
We must develop: Strong vulnerability management program Assessment and remediation of legacy code used in operating systems and
applications Assessment and remediation of web site vulnerabilities
This will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code.
Assessment and remediation third party code and widgets An attractive attack vector
Demonstrated by the “Secret Crush” malware that posed as a Facebook widget to install itself on about 1 million PCs in late 2007 and early 2008
2. BE A REALLY GOOD FIRST RESPONDER
Where: Complex systems fail complexly, it is not possible to anticipate all
the failure modes Complexity provides both opportunity and hiding places for
attackers Damping out complexity is impossible when coupled with change,
growth and innovation Security failures are inevitable
We Must Develop: Robust incident management integrating all aspects of business
(e.g. communications, development, legal) Security SME throughout the SDLC Deploy analytical tools to continually assess the security of
development and the infrastructure Provide security training to development and infrastructure teams
3. GRACEFULLY DEGRADE
If: A successful attack is inevitable
Then we must develop: A thorough understanding of the business, key
business assets and critical functionality Define defensible perimeters Expanded firewall and IPS footprint Develop/understanding network choke-points Bandwidth allocation Dynamic re-configuration
3A. DIVERSITY…DIVERSITY…DIVERSITY
Where: You can’t live without it!
“Run from monoculture in the name of survivability” – Dan Geer
We must develop: Multiple tools for detection and analysis Multiple mitigation methods Segmentation for everything New thinking – situational awareness – attack
simulation…
4. TREAT THE INSIDE LIKE THE OUTSIDE
Where: Every cyber criminal is our next door neighbor We can never retreat to a safe neighborhood
We must develop: The ability to defend knowing the current
threat profile, generally and specifically to us. Encryption for everything moving in our
networks Defensive applications coding
More important than ever with 3rd party software
5. IT’S THE DATA AND THE TRANSACTIONS
Where: Cyber criminals are attacking transaction
streams Transaction attacks are extremely difficult
to detectWe must develop: Protect data Protect the transactions Employee exfiltration blocking
6. DEFENSE IS GUARANTEED TO BE A LOSING STRATEGY,
PLAY OFFENSE WHENEVER POSSIBLE
May be averting a crises, but not getting in front of the problem
8. KNOW WHAT IS HAPPENING, KNOW WHAT HAPPENED
Where: Attacks are becoming much more subtle Attacks are using multiple channels
9. CONTINUOUSLY ADAPT THE STRATEGY – BE AGILE
• If you are not moving forward you are falling behind…status quo is unacceptable• Nothing is stable• Surprise is constant• We work at a permanent, structural disadvantage compared to our attackers