打造 Secure by Design 為軸心 的數位企業 台灣恩悌悌系統股份有限公司 資深解決方案 業務經理 楊進盛 Jason Yang
打造 Secure by Design 為軸心的數位企業 台灣恩悌悌系統股份有限公司 資深解決方案 業務經理 楊進盛 Jason Yang
2020 全球威脅情報報告 強化資安韌性,打造以安全設計為軸心的企業
基於實際威脅數據的分析報告 NTT 收集 2018 年 10 月 1 日至 2019 年 9 月 31 日期間,來自全球客戶的安全日誌、事件、攻擊、故障及漏洞等數據, 透過 NTT Ltd. 全球威脅情報平台加以分析,集結成年度全球威脅情報報告,反映持續變化的全球資安威脅形勢。 150 組資安 10 家 SOC NTT 自有全球 全球六大洲 7 家 R&D 4000 多家客戶 諮詢評估資料 資安營運中心 威脅情報平台 全球研發中心
六大關鍵洞察 六大關鍵洞察 1 2 3 攻擊者不斷創新 物聯網武器化 舊漏洞仍是被攻擊 主要目標 Mirai 及其變種 最常見的攻擊類型 企業組織未遵循修 IoTroop 和 Echobot 是遠端代碼執行 補程式管理的最佳 等殭屍網路,透過 (15%) 和注入攻擊 實踐 自動化提高其傳播 (14%) 能力
4 5 6 內容管理系統 (CMS) 治理風險及合規 (GRC) 受攻擊目標產業 面臨風險 不斷演進 的轉變 去年度所有攻撃事 2019 年是法規遵循 科技業成為頭號攻 件中, 20% 的攻擊 的「執行年」,新 擊目標,佔總攻擊 針對內容管理系統 法規措施持續增加, 數的 25% ,去年為 平台 GRC 變得更複雜且 17% 更具挑戰性
當前動盪不安的環境下,資安威脅形勢更為詭譎多變 企業務須作好萬全準備,應對任何突發事件 致力於實施 安全設計 和 韌性網路 ,以確保網際安全 面對突如其來的疫情衝擊, NTT 建議企業聚焦五大要點: 2 3 5 1 4 以人為本 調整順序 不忘安全 員工教育 持續更新 動態調整計畫 專注於確保員 以安全的方式 與員工持續溝 持續修補和更新 與行動的優先 通變動中的策 工的安全,並 持續業務營運 所有系統,妥善 順序,評估任 提供一切必要 並完成工作, 略、業務、流 備份並強化端點 何可能的影響 的支援與工具 保護企業資產 程與安全要求 控制與防護
前五大受攻擊產業 常見攻擊類型 2019 2019 2018 2018 產業 排名 排名 12% % % 5% 33% 科技 1 25% 2 17% 14% 政府 2 16% 5 9% 金融 3 15% 1 17% 14% 22% 商業與 4 12% 3 12% 專業服務 特殊應用 網路應用程式 偵查 教育 5 9% 4 11% 網路操控 其他 DoS/DDoS
企業必須基於安全設計 (Secure by Design) 實施 01 基礎架構、應用程式和操作程序 利用智慧網際安全解決方案支持業務敏捷性,並保 01 02 02 持企業組織可接受的風險水平 確保您的企業組織在整個資訊和通訊技術環境中擁 03 有適當的可視性 資安威脅 07 03 定期進行滲透測試活動,包括應用程式測試和社交 04 應對 之道 工程 管理惡意軟體相關的風險,持續發展防禦措施 05 06 04 將 GRC 納入企業組織的運作常規中,進行定期的技 06 術和非技術活動評估,以確認潛在的薄弱環節 05 隨著 5G 和相關設備陸續部署,對物聯網的攻擊將顯 07 著增加,必須提高警覺妥善防護
Cybersecurity GTM Cybersecurity Advisory Secure by Design Managed Security Services Assess security posture, Pre-defined solution based on Transforms cybersecurity identify gaps, and best practices helps to give a posture to combat the evolving recommend improvements better picture of what a threat landscape and deliver to ensure your security Cybersecurity posture looks effective business outcomes architecture addresses like for a client your business needs
Cybersecurity Advisory What is it? A globally consistent, business- driven framework for delivering security outcomes to clients How does it w ork? We conduct series of technical and non-technical workshops, documentation and architecture reviews, as well as optional technical security testing to set security maturity levels across their business What is the client deliverable? With maturity levels mapped to easy to understand dashboards addressing the client’s current state and target state, we benchmark the client against their peers and develop a roadmap for them to reach their desired security posture
Cybersecurity Advisory Cybersecurity Advisory Maturity and Capability Levels Level of Maturity: Non-Existent Initial Repeatable Defined Managed Optimized Formally Some basic Formal and Mature and Ad-hoc and documented Process No process exists templates or integrated automated informal processes are checklists exist workflows workflows consistent Formally Advanced metrics Basic metrics, documented and semi- Fully automated Metrics No metric exists Ad-hoc reporting informal reporting metrics, manual automated reporting reporting reporting Basic functionality Functionality Integrated platform, No technology implemented with Integrated logging, Tools Planning underway implemented and automated control exists only elemental manual correlation aligned to policies correlation capabilities Education, Energy & Utilities, Healthcare, Manufacturing, Mining & Natural Resources, Minimum Federal Intelligence / Media & Recommended Government, Defence agencies, Communications, Security MSP Pharma, Professional Financial Services, Targets Service Providers Services, Public Sector, Real Estate & Construction, Retail, Technology
Information Security Dashboard Business Security Vision and Strategy View Compliance, Policies, Security Domain Model Standards and Guidelines Information Security Framework Roles and Responsibilities Data Classification Architect’s View Assurance Assets Risk Management Framework Threats Vulnerabilities Operations Endpoint Designer’s Logical Security Architecture View Applications Infrastructure Maturity Scale: Non-Existent Initial Repeatable Defined Managed Optimised
Security Controls Dashboard Access Asset / Config Change Event Monitoring Incident Vulnerability / Patch GRC Management Management Management and Management Management Management Operations Application Security Vulnerability Application Security Management Testing API App Control Application Source Code CASB App Container Security RASP WAF BAS Security Whitelisting Sandboxing Analysis Data Security DAM - DB Activity DRM - Document Rights Applications Monitoring Management Data Fraud Prevention & PKI / Certificate Secure Collaboration and Data Discovery& Data Masking Host DLP FIM Encryption Transaction Security Management File Transfer Classification Endpoint and Mobile Protection Identity & Access management Asset / Secure Configuration HIPS EDR Antivirus / NGAV Management Password MFA SSO IAM AAA PAM Mobile Data Remote Browser Patch Devices Management NAC VDI Security MDM Protection Management Isolation Infrastructure Protection Network Security Threat Management CWP - Cloud Workload Threat Firewall /NGFW / UTM / Network Deception / APT SIEM TIP - Platform Protection Intelligence Segmentation Honeypots IDPS DNS NBAD - Network Behaviour DRP - Digital Risk Network Malware Web Security VPN GW / (IPSEC & ETA – Encrypted Security Anomaly Protection Protection Sandboxing SSL) Traffic Analysis Infrastructure Messaging & Wireless Network Packet SOAR – Security Automation, Email Sec. Security UEBA DDOS Protection Network DLP Orchestration & Response Forensics Maturity Scale: Defined Optimised Non-Existent Initial Repeatable Managed
Roadmap – People and Process 3.1 Vision and Strategy 3.8 Align Tactical Operations to Strategy 1.7 Security Framework 3.8 Enhance Incident Management Gap Analysis for Resources Enhance Global Information Security Awareness and Enforcement Complete Data Ownership Global Information Security Model Develop DLP Program Risk Management 1.7 3.6 Asset Classification Business Impact Analysis Establish BCP Plan including RACI Matrix 3 rd Parties Risk Assessment User security audit and improve Threat analysis for critical Assets Complete Risk Taxonomy Risk Management Process Enhance Global Risk Management Enhance Patch Management & Enhance Change Management Vulnerability Remediation 1 Year 2 Year 3 Year 24 Month 30 Month 18 Month
Roadmap – Technology (Security Architecture) Quick Win 3.5 1.1 Operations Consolidate Asset Management Tools Incident Management Testing Applications WAF PoC DB Monitoring PoC Layered Application Security APT Data Classification DLP Endpoints Expand MFA Vulnerability Remediation Control Endpoint Removable Storage SSO Integration Endpoint DLP Infrastructure Continue WAN Project IPS Network Anti-Malware Network Sandboxing Investigate DDOS URL Filtering Site-Site VPN. Breach Detection Network DLP Secure File transfer enforcement 1 Year 2 Years 3 Years 24 Month 30 Month 18 Month
Recommend
More recommend
