MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat Intelligence, Faster Detection & Automated Response Adaptive Security Strategy for SOC Ramy AlDamati Principle CyberSecurity Solution Architect Kaspersky Lab Middle East Africa and Turkey Sponsor Logo
Global CyberThreats Landscape Sponsor Logo
MALWARE EVOLUTION Looking back at 25 years of malware development 1994 2006 2011 2017 1 1 1 323,000 NEW VIRUS NEW VIRUS NEW VIRUS NEW SAMPLES EVERY HOUR EVERY MINUTE EVERY SECOND EVERY DAY Sponsor Logo
THREAT EVOLUTION Actors/Targets Attacks/Defenses Significant Nuisance Sponsor Logo
Trends and Threats Main GOAL: to understand global IT Trends and the Threats they bring Privacy & data protection Cars become smarter Connected Cities challenge Internet of Things Consumerization & mobility Increasing Cloud & virtualization online commerce Big data Critical infrastructure at risk Fragmentation of the Internet Attacks on Smart Cities Malware for ATMs IoT botnets Commercialization of APTs Ransomware in Targeted Attacks Merger of cybercrime and APTs T argeted attacks Hacktivism Decreasing cost of APTs Supply chain attacks Vulnerable connected cars Mobile threats Online Massive data leaks Targeting Internet of Things Cyber-mercenaries banking at risk hotel networks Ransomware � Wipers � & cyber-sabotage Financial phishing attacks Threats Attacks on PoS terminals to Smart Cities Sponsor Logo
THE MODERN CYBERTHREAT LANDSCAPE ENDPOINTS NETWORK CLOUD AND SAAS USERS EXPANDING MOBILE DEVICES ATTACK SURFACE IoT SPEAR-PHISHING MALICIOUS INSIDERS TERRORISTS CUSTOM MALWARE ZERO-DAY EXPLOITS ORGANIZED CRIME HACKTIVISTS SOCIAL ENGINEERING MOTIVATED AND WELL- NATION STATES PHYSICAL COMPROMISE SOPHISITCATED FUNDED ATTACKS THREAT ACTORS Sponsor Logo
Cybersecurity challenges of «nearest future» Endpoints Essential Compliance Skills Demand Malware focus Manual Work Multiple solutions issue Advanced Security Lack of integration Complexity Sponsor Logo
Security Expert Yesterday – Today – Tomorrow Role : Threat Hunter Responsibility : discover threats and manage advanced engines Goal : Protect the business Role : Security Analyst Responsibility : monitor and react Goal : Unify the processes and automate routine Role : Security Engineer Responsibility : building protection Goal : Prevent the external threats Tomorrow??? Today 5 - 10 years ago Sponsor Logo
Enterprise Security Trends Sponsor Logo
THE AVERAGE FINANCIAL IMPACT OF A BREACH $14K Additional Internal Staff Wages $13K Lost Business Average Total SMB $11K Employing External Professionals $9K Damage to Credit Rating/Insurance Premiums Impact: $8K Extra PR (to repair brand damage) $8K Compensation $891K $86.5k $10K Improving Software & Infrastructure $7K Training $7K New Staff AVERAGE COST OF A SINGLE BREACH $126K Additional Internal Staff Wages $116K Damage to Credit Rating/Insurance Premiums Enterprise Average Total $106K Lost Business OCCURRED $92K Compensation Impact: $91K Extra PR (to repair brand damage) $86K Employing External Professionals $119K Improving Software & Infrastructure $891k $79K Training $77K New Staff The reallocation of IT staff time represents the single largest source of additional cost for both SMBs and Enterprises Results fro� Kaspersky La�’s Corporate IT Se�urity Risks. Survey ���6, Sponsor Logo conducted worldwide by Kaspersky Lab Base: 926 SMBs/ 590 Enterprises Suffering At Least One Data Breach
Financial impact of security incident growth of the recovery cost during the first week 200% of discovering a security breach for Enterprises $1092 303 $1100 000 $897 055 $1000 000 $864 214 $900 000 $800 000 $700 000 $555 274 $600 000 $392 984 $500 000 $400 000 $300 000 Almost instant Within a few Within a day Several days Over a week (Detection System In Place) hours *Cost of recovery vs. time needed to discover a security breach for enterprises Sponsor Logo
Enterprise Security Trends: External Factors Most advanced Availability and lowering Attacks on third-party: threats using basic prices leading to SMBs can become a part vulnerabilities and Cybercrime-as-a-Service of an attack chain human factor Sponsor Logo
Enterprise Security Trends: Internal Factors Growing IT sophistication An average targeted attack Perimeter security results in visibility gap stays undetected for more is overestimated and lack of operational than 214 days information Sponsor Logo
The smallest percentage of threats creates the highest risk Machine learning, threat intelligence, APT: unique malware, 0-days advanced sandboxing 0.1 % Heuristics and behavior analysis, 9.9 % Targeted attacks: sophisticated cloud reputation malware 90 % Signature and rule- based protection Generic malware Sponsor Logo
TARGETED ATTACK KILL CHAIN: THEORY VS REALITY • In theory … pretty straightforward: Recon & Penetration Propagation Execution Incident Testing Sponsor Logo
TARGETED ATTACK KILL CHAIN: THEORY VS REALITY • I� reality… sophisti�ated a�d �o�li�ear Penetration 1 – Attached exploit Execution – Local Recon & Incident Execution – Remote Testing Propagation 1 – E-mail Penetration 2 – Watering hole Propagation 2 – Network Sponsor Logo
Targeted Attack Groups rapidly increased Duqu 2.0 Metel Darkhotel ProjectSauron Stuxnet TeamSpy 2010 201 - part 2 Darkhotel Naikon Adwind MsnMM Saguaro Duqu 201 2011 Miniduke Campaigns CosmicDuke Hellsing Lazarus Satellite StrongPity RedOctober Turla Gauss Regin Sofacy Lurk 2012 201 Flame 2013 201 2014 201 201 2015 2016 201 Icefog Careto / The Mask Carbanak GCMan miniFlame Wild Winnti Ghoul Neutron Desert Falcons Epic Turla Poseidon Blue NetTraveler Fruity Armor Termite Energetic Bear / Equation Danti Crouching Yeti Spring Kimsuky ScarCruft Dragon Animal Dropping Farm Elephant Sponsor Logo
The New Era of SOC Sponsor Logo
TRADITIONAL SOC – Functionality SECURITY DEVICE MANAGEMENT AND PERIMETER MAINTENANCE Proxy SECURITY EVENT MONITORING THROUGH SIEM Perimeter logs SIEM Firewall INCIDENT FORENSICS AND REMEDIATION INTERNAL OR REGULATORY COMPLIANCE SUPPORT (e.g. PCI-DSS) IPS/IDS Sponsor Logo
TRADITIONAL SOC – RISK LACK OF A COMPREHENSIVE THREAT OVERVIEW, IMPEDING EFFICIENT SECURITY PROGRAM DEVELOPMENT Proxy POOR PRIORITIZATION OF DETECTED THREATS Perimeter logs UNDISCOVERED THREATS STILL ACTIVE WITHIN THE ORGANIZATION SIEM Firewall LACK OF IN-HOUSE EXPERTISE AND SHORTAGE OF SKILLED PROFESSIONALS ON THE MARKET INEFFICIENT INCIDENT RESPONSE PROCEDURES IPS/IDS LEADING TO HIGH RECOVERY COSTS Sponsor Logo
Traditional SOC Required REDISIGN CONVENTIONAL REACTIVE NO STRATEGIC INEFFICIENT INCIDENT LACK APPROACH OVERWIEW PRIORIZATION OF EXPERTISE Log collection Aggregation & Correlation Ticketing Reporting SECURITY OPERATIONS CENTER Unstructured processes Sponsor Logo
Ice-climbing requires trusted teamwork and agility to continually detect and respond to hidden dangers in a challenging and ever changing landscape, by utilizing the proper tools in same harmony. so does your SOC ?! Sponsor Logo
MAIN FOUR KEY ELEMENTS FOR INTELLIGENCE-DRIVEN APPROACH THREAT INTELLIGENCE FROM MANY DIFFERENT SOURCES IS ESSENTIAL Knowledge Incident Threat TO THE TIMELY DETECTION OF EMERGED THREATS Management Response Intelligence and Framework Threat Hunting THREAT HUNTING PROACTIVELY SEARCHES FOR THREATS REMAINING UNDETECTED BY TRADITIONAL SECURITY SYSTEMS KNOWLEDGE MANAGEMENT PREVENTS AND Predict Prevent RESPONDS TO INCREASINGLY SOPHISTICATED ATTACKS INCIDENT RESPONSE FRAMEWORK LIMITS DAMAGE AND REDUCES REMEDIATION COSTS CSOC/SIC Respond Detect Sponsor Logo
The role of an Adaptive Security Strategy PREVENT PREDICT Cybersecurity training Penetration testing service Targeted Enterprise Solutions Application security assessment Endpoint security Targeted Attack Discovery Service Datacenter Security Threat Intelligence Portal Embedded security … Customized APT reports Security Awareness Industrial Cybersecurity DETECT RESPOND Global APT reports Premium support Threat data feeds Dedicated Security Advisor Threat Hunting Service Incident response service Advanced Threat Defense Digital Forensics platform Malware Analysis Endpoint Detection & Response Endpoint Detection & Response Sponsor Logo
Security Operations framework rely on Three key functions People Formal Training On-the-Job Internal Experience Training Vendor-Specific Training [ SOC ] Process Technology Preparation Endpoint Netflow Identification Incident Lessons Detection/ Learned Management Containment Network Recovery Monitoring Forensics Eradication Threat Intel Sponsor Logo
Recommend
More recommend
