PR PROACTIVE CTIVE SE SECUR CURITY ITY: : DATA A BREA BREACH - - PowerPoint PPT Presentation

PR PROACTIVE CTIVE SE SECUR CURITY ITY: : DATA A BREA BREACH CH ASSE ASSESSM SSMENT ENT

CyberSecurity Chicago September 2018

PROPRIETARY AND CONFIDENTIAL 2

Security In The News

Frequency and severity of cyber security news on the rise

PROPRIETARY AND CONFIDENTIAL 3

Understanding The Problem

Enterprise Strategy Group (ESG) – Project Overview

• Cybersecurity Realities and Priorities for 2018 and Beyond

– 413 completed online surveys with cybersecurity and IT respondents with influence over cybersecurity decision-making/strategy at their organization – Enterprise (2,500 or more employees and $100 million or more in annual revenue in US and 1,000 or more employees and $50 million or more in annual revenue

• utside of US) organizations in United States, United Kingdom and Australia
• 61% United States, 20% United Kingdom, 20% Australia

– Multiple industry verticals including manufacturing, financial, retail/wholesale and health care, among others

(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)

PROPRIETARY AND CONFIDENTIAL 4

Understanding The Problem

Most Significant Impact on Security Strategy

31% 36% 37% 37% 37% The need to support new business initiatives Need to balance application/network performance and security requirements The need to support new IT initiatives Proactively minimizing and mitigating risks Preventing/detecting malware threats

Which of the following factors have the most significant impact on shaping your organization’s security strategy? (Percent of respondents, N=413, three responses accepted)

(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)

PROPRIETARY AND CONFIDENTIAL 5

Understanding The Problem

Why Cybersecurity Has Become More Difficult Over the Past Two Years

29% 32% 34% 38% 42% An increase in network traffic An increase in the number of devices connecting to the network An increase in the number of targeted attacks that may circumvent traditional network security controls An increase in the number of new IT initiatives has made it difficult to keep up with cybersecurity An increase in malware volume and sophistication

You indicated that cybersecurity has become more difficult over the last two years. In your opinion, which of the following factors have had the greatest impact on increasing cybersecurity difficulty? (Percent of respondents, N=326, three responses accep

(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)

PROPRIETARY AND CONFIDENTIAL 6

Understanding The Problem

Areas of Cybersecurity Budget Change for 2018

(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)

22% 28% 31% 34% 36% 46% 46% 39% 43% 44% 50% 50% 41% 45% 37% 27% 23% 16% 12% 12% 7% 2% 2% 1% 1% 1% 1% 1% 1%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Personnel Training Host-based security Security testing/validation Application/database security Cloud security Network security

You stated that your organization’s cybersecurity budget will go up in 2018. Please indicate how the cybersecurity budget will change in each of the following areas: (Percent of respondents, N=413)

Increase significantly from 2017 Increase somewhat from 2017 Remain about the same as 2017 Decrease somewhat from 2017 Decrease significantly from 2017

PROPRIETARY AND CONFIDENTIAL 7

Understanding The Problem

Why Organizations Conduct More Security Testing

(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)

12% 20% 22% 28% 29% 29% 33% 33% 33% 34% Third-party customers have mandated that we do security testing more often My organization has purchased cyber insurance and we are obligated to do more security testing in support of this My organization suffered a security breach which led us to do more frequent security proactive testing Our security budget has increased recently, freeing up funds for more security testing Business managers are more involved with cybersecurity and they require us to do more security testing for risk assessment purposes We’ve implemented new types of production applications over the past two years We must perform security testing more often as part of regulatory compliance Our CISO (or similar senior position) has pushed the organization to do more proactive security testing Many of our application workloads now reside in the cloud so we felt it was important to increase security testing in support of using cloud infrastructure services We have come to believe that frequent security testing is a best practice

You indicated that your organization does more security testing today than it did two years ago. Which of the following factors most contributed to this increase? (Percent of respondents, N=372, three responses accepted)

PROPRIETARY AND CONFIDENTIAL 8

Understanding The Problem

The Bigger Truth

• Traditional cybersecurity strategies are not working

– Cybersecurity grows incrementally more difficult – Organizations are understaffed and lack the right skills

• “An ounce of prevention is worth a pound of cure”

– Security is “moving to the left” – More comprehensive testing – Proactivity

• Changes are happening

– CISO responsibilities – Transition to cloud computing – Budget increases – SaaS

(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)

PROPRIETARY AND CONFIDENTIAL 9

Data Breach Assessment

Data Breach Statistics

• There has been the consistent rise over the past

few years in the total number of data breaches

– Massive data breaches like Equifax, Yahoo, or Target expose or compromise sensitive information on the

• rder of millions, or even billions of accounts

– 2017 was a record-breaking year with a total of 5,207 data breaches, exposing nearly 8 billion information records (source: Dark Reading)

PROPRIETARY AND CONFIDENTIAL 10

“The art of war teaches us to rely not on the likelihood

• f the enemy’s not coming,

but on our own readiness to receive him”

– Sun Tzu, The Art of War

PROPRIETARY AND CONFIDENTIAL 11

Automated Purple Team Assessments

Continual validation of your network’s threat landscape

• Define your topology including zone details

and begin to perform automated red vs. blue assessments

• Data Breach Assessment can leverage

knowledge of zone to tailor its executed exploits and malware to your environment

• Meet / prepare for regulatory compliance

requirements with continual assessments

Assess your threat landscape and find the holes before the bad guys do

PROPRIETARY AND CONFIDENTIAL 12

Emulation over Simulation

When you look closely you can tell it isn’t real…

• Emulation – reproduction of the exact scenario such that

it is a recreation or replicate and indistinguishable from the original

• Simulation – fabrication of a scenario with the goal to

mimic or resemble said scenario that it could be passable if not evaluated closely

• Solutions in the market today leverage pcap replay (i.e.,

simulation) which can lead to incorrect results and false sense of security

Only use emulated attacks and malware

PROPRIETARY AND CONFIDENTIAL 13

Evasion Techniques

Evade detection by leveraging attacker techniques

• Hide your attacks in plain sight by

using tried and true techniques used by attackers to evasion detection

• Validate all techniques across all

attack vectors (including exploits and malware) to confirm your security solutions cannot be easily bypassed

Confirm security solutions cannot be easily fooled by evasion techniques

PROPRIETARY AND CONFIDENTIAL 14

Active Monitoring

Know the impacts of security content inspection in real-time

• Assess the impacts of security inspection by

generating legitimate, hyper-realistic emulated traffic for the same services you are protecting

• Limit the impact to users by finding security

policies that degrade performance and do not provide additional security coverage

Fine tune your security policies with active monitoring

PROPRIETARY AND CONFIDENTIAL 15

Secure communications without compromising them

• Verify that security solutions don’t just block

all files of that filetype but actually inspect them to stop the malicious ones without impact to your user’s daily work

• Validate that intellectual property and other

sensitive file content (e.g., SSNs, credit card numbers) does not leave your network Security Device

IP/DLP

Verify data loss policies across filetypes and network vectors

False Positive And Data Loss Prevention Verification

PROPRIETARY AND CONFIDENTIAL 16

Internet Corporate LAN Secure Datacenter

Allowed Denied Firewall Policies

Evaluating Multi-Tier Security Protection

Emulating Scenarios That Look and Feel Like An Attacker

Multi-path Attack – Data Loss Prevention (DLP)

1. User browses to the Internet and accesses a website controlled by the attacker 2. User laptop is compromised and is under the control of the attacker 3. The attacker pivots and attacks a server within the secure datacenter 4. Once compromised, the attacker can control the internal server and send data

• utbound to servers

controlled by the attacker

PROPRIETARY AND CONFIDENTIAL 17

Data Breach Assessment

Example deployment for emulating data loss prevention

1. Corporate LAN agent attempts to download malware scenarios from Cloud agent 2. Corporate LAN agent successful in downloading a Petya variant 3. Corporate LAN begins to run attacks to Secure Datacenter agent 4. Corporate LAN is successful in executing Apache Struts exploit 5. Secure Datacenter agent attempts to exfiltrate data to Cloud agent 6. Secure Datacenter agent is successful in data exfiltration using DoublePulsar C&C communications channel

1 2 3 4 5 6

PROPRIETARY AND CONFIDENTIAL 18

Data Breach Assessment

Example deployment for emulating data loss prevention

Attacks and malware that were detected by NGFW during assessment Attacks and malware that were blocked by NGFW during assessment

Data Breach Assessment

Data Breach Assessment

A Data Brach Assessment strategy allows you to automate your purple team assessments leveraging hyper-realistic emulated attacks and malware applying evasion techniques to confirm your security effectiveness while actively monitoring for no impact to your user experience including zero false positives.

PROPRIETARY AND CONFIDENTIAL 20

Security Assurance

Reduce risk

Spirent provides intelligence required to proactively elevate defenses & customer experience while radically reducing risk and maximizing operating expenses.

Accelerate time to market

Spirent reduces time and costs to develop and launch new products and networks.

Automated Testing Continuous Monitoring About Spirent

PROPRIETARY AND CONFIDENTIAL 21

PenTesting and Vulnerability Scanning to Identify and Mitigate Risk Security and Performance Testing for App-Aware Solutions

About Spirent

Spirent Security Solutions mike.jack@spirent.com