shift toward dynamic cyber resilience
TRANSCRIPT
Shi$ Toward Dynamic Cyber Resilience Security in the Post-‐AV Era
Darren Argyle CISSP CISM Senior Director, EMEA Security CTO @ Symantec
Cyber Security in the Post-‐AV Era 1
So$ware and Data powers the world
Cyber Security in the Post-‐AV Era 2
2020 40ZB
2015 7.9ZB
2010 1.2ZB
Informa?on is exploding
Cyber Security in the Post-‐AV Era 4
Coffee Shop Office Home
Industrial Devices
Government Data
Web Transac?ons
From a security perspecFve there’s more and more to protect in more and more places
Airport …
Corporate Assets
Cyber Security in the Post-‐AV Era
We’re also moving toward an inherently insecure ecosystem where…
OK • • • • • • OK
• Low power, mobile, non-‐sophis?cated devices are common
• Everything needs authen?ca?on – and passwords are a really poor way to protect your iden?ty
Ø The only thing between an aPacker and your bank account is a weak password
5
Cyber Security in the Post-‐AV Era 7
We’re not succeeding in solving this today… >500M idenFFes were exposed last year
Cyber Security in the Post-‐AV Era 8
Why? There’s an asymmetry between aTackers and defenders
ATTACKERS DEFENDERS Can focus on one target
Only need to be right once
Hack can be worth millions of dollars
Focus only on geZng in
ATackers can buy and test security products
Must defend everything
Need to be right every Fme
Blocks are expected & maintain status quo
Must balance defense with business impact
Defenders can’t pre-‐test targeted malware
If only we could use our collecFve
defense technologies to watch acFviFes, determine paTerns, and find anomalies.
Cyber Security in the Post-‐AV Era 9
To balance this, we need an asymmetric advantage of our own
Cyber Security in the Post-‐AV Era 10
To balance this, we need an asymmetric advantage of our own
! We can … Big Data AnalyFcs
It’s impossible to implement an aTack without leaving a trace
Cyber Security in the Post-‐AV Era 11
Big Data Approach
Network Server Endpoint
C L O U D
Cyber Security in the Post-‐AV Era 12
What if …
Apply Context
Correlate & Priori?ze
• We could collect info from every endpoint, network device, and server
• We could watch this data at the enterprise level – looking for paPerns and anomalies
• We could apply knowledge and learning from across many customers
Indicators of
Breach
Knowledge about URLs, file hashes
APack paPerns & actors
Correla?on across
ecosystem
E N T E R P R I S E
D E V I C E S
Cyber Security in the Post-‐AV Era 13
We can do those things
• Data analysis value comes from ability to apply intelligence on premise & in cloud
• Data value comes from volume & variety
13
E N T E R P R I S E
C L O U D
D E V I C E S
Cyber Security in the Post-‐AV Era 14
• Trace • Correlate & Priori?ze
• Connect to ac?ons at other Enterprises
14 14
E N T E R P R I S E
C L O U D
D E V I C E S
Apply Context
Correlate & Priori?ze
This allows us to …
Unknown source email received by
XXX
IoCs detected on device
Connected to remote server
ConnecFon aTempted to other
higher value targets on enterprise network
Link clicked, connecFon established
Files downloaded
Cyber Security in the Post-‐AV Era 15
Result
We can apply our asymmetric
advantage against theirs We ALSO need an approach to
protec?ng the insecure ecosystem: Need to make it easier to be secure
PROBLEM: Devices don’t allow visibility & control
SOLUTION: App-‐Centric Protec?on
PROTECT APPS/DATA – App: Before installing, understand what
behaviors the app will perform Manage the apps in the device with containers
– Data: Seal apps in a container that ensures sensi?ve data is managed and encrypted
PROTECT CONNECTIONS – Wifi hotspot reputa?on (use big data to collect data) – VPNs
Cyber Security in the Post-‐AV Era 16
Lock down the insecure system and connecFons
Cyber Security in the Post-‐AV Era 17
Move past idenFty through passwords
YESTERDAY’S NEEDS
TOMORROW’S NEEDS
STATIC devices, users & servers
MOVING AND CHANGING devices, users & servers
SEPARATE PASSWORDS for everything
SINGLE BIOMETRIC AUTHENTICATION
BROKERED TRUST with certs &
federated roots of trust
Cyber Security in the Post-‐AV Era 18
Self Driving Cars Medical Devices “Internet of Things”
We’re reaching a criFcal point – New technologies willl require people to feel more secure
Photo by: Steve Jurvetson/Wikipedia Crea?ve Commons
19
SILVER
Tradi&onal Security Approach
– 80%
External Threat
Intelligence and Trending
Enhanced Intelligence Exchange & Sharing
Incident Response, Malware Analysis & Forensics
Cyber Risk Assessment
Business Awareness & Involvement
Informa?on Governance
Advanced Threat
Protec?on
So what Do I Need to Do Differently?
20
A definiFon…..
Cyber-‐resilience is the organiza?on's capability to withstand nega?ve impacts due to known, predictable, unknown,
unpredictable, uncertain and unexpected threats from ac?vi?es in cyberspace.
(Informa>on Security Forum)
21
……it’s now a business conversa>on?
From cyber-‐security to cyber-‐resilience
Welcome to a new era of Cyber-‐Resilience
• It’s the acknowledgement that something bad will happen, or has happened alreday, and you don’t even know it yet
• From known risks to unknown threats • Requirement to extend controls beyond just your enterprise • Look beyond your own back yard, collabora?on more, gather and share Cyber-‐intelligence (internal & external)
• Different audiences will now care that didn’t before. New language = more engagement from the business
22
23
TIMELINE
Recognise breach is inevitable and become resilient
OF ORGANIZATIONS HAVE >25 INCIDENTS EACH MONTH1
AVERAGE NUMBER OF DAYS TO DISCOVER A BREACH
60% 243
PREPARE PREVENT DETECT & RESPOND RECOVER
24
TIMELINE
PROTECT COMPANY INFORMATION FROM MALICIOUS ATTACK
AND MISUSE
REDUCE TIME TO RECOVERY TO
MAINTAIN BUSINESS CONTINUITY
WHERE IS MY SENSITIVE DATA -‐ UNDERSTAND MY SECURITY & RISK
POSTURE
PROVIDE RAPID DETECTION AND RESPONSE TO
SECURITY INCIDENTS
RISK MANAGEMENT RESPONSE P
LANNING
TRANSFORM
PREPARE PREVENT DETECT & RESPOND RECOVER
Our Vision – InformaFon Governance and Cyber Resilience
26
What’s your – InformaFon Governance and Cyber Resilience posture?
Resources
27
www.emea.symantec.com/cyber-‐resilience/
FINTEL
Thank you!
Copyright © 2014 Symantec CorporaFon. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corpora?on or its affiliates in the U.S. and other countries. Other names may be trademarks of their respec?ve owners. This document is provided for informa?onal purposes only and is not intended as adver?sing. All warran?es rela?ng to the informa?on in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The informa?on in this document is subject to change without no?ce.
28
Thank You ! Darren Argyle CISM CISSP
[email protected] 0774 0830210 TwiPer D_Argyle
“Google Car” Photo Credit:
"Jurvetson Google driverless car trimmed" by Flckr user jurvetson (Steve Jurvetson). Trimmed and retouched with PS9 by Mariordo -‐ hPp://commons.wikimedia.org/wiki/File:Jurvetson_Google_driverless_car.jpg. Licensed under Crea?ve Commons APribu?on-‐Share Alike 2.0 via Wikimedia Commons -‐ hPp://commons.wikimedia.org/wiki/File:Jurvetson_Google_driverless_car_trimmed.jpg#mediaviewer/File:Jurvetson_Google_driverless_car_trimmed.jpg.