2017 security report presentation

1© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |

SECURITY REPORT2 0 1 7


THE YEAR IN REVIEW

HUMAN ELEMENT

HACKERS

COMPLEXITY

GROWTH

FINDINGS BASED ON20 YEARS OF VISIBILITY

AND VALIDATION

GROWTH IN ATTACK SURFACE LED TO

GROWTH IN ATTACKS


IXIA ATI RESEARCH CENTER

• Combines proficiency in cybersecurity threats and application protocol behavior.

• Application and threat intelligence across test, visibility, and security solutions to:

• Create realistic application attacks—from protocols through loading and threats

• Block malicious inbound and outbound communications

• Collect ongoing intelligence on new threats • Identify unknown applications • Detect traffic locations


GROWTH


LEADING CONTRIBUTOR OF GROWTH:THE CLOUD AND ITS EVOLVING ATTACK SURFACE

Growth

Shared Responsibility

Speed of Change(Container and Virtualized)

Attack Surface = ∑ of attack vectors where an unauthorized user can enter and extract data

from an enterprise.

How much data do I have?Where is my data?

What applications do I run?


THE CLOUD: GROWTH

Global Cloud Index, Cisco, 2016

15.3 Zettabytes

Total Data Center Traffic

92% of

Workloads

Are Cloud Based

By 2020


THE CLOUD: SPEED OF CHANGESERVER LIFETIME

Containerized Data Center

DAYSVirtualized Data Center

WEEKSTraditional Data Center

MONTHS


SaaSSoftware as a

Service

• Email• CRM• Virtual Desktop• Gaming

PaaSPlatform as a

Service

• Database• Web Server• Dev Tools• Execution Runtime

IaaSInfrastructure as a Service

• Servers and Virtual Machines

• Storage• Network

THE CLOUD: SHARED RESPONSIBILITY

Software delivered over the web:

Platform for creation of software:

Hardware & softwaredelivered on-demand:


determine your responsibility and exposure

Source: Gartner, Staying Secure in the Cloud Is a Shared Responsibility, April 2016 Report.

THE CLOUD: SHARED RESPONSIBILITY

IaaS PaaS SaaSPeople People People

Data Data Data

Applications Applications Applications

Runtime Runtime Runtime

Middleware Middleware Middleware

Operating System Operating System Operating System

Virtual Network Virtual Network Virtual Network

Hypervisor Hypervisor Hypervisor

Servers Servers Servers

Storage Storage Storage

Physical Network Network Network

Customer ResponsibilityCSP Responsibility

THE SERVICES YOU USE


10x 670more cloud services are deployed than what IT expects

of these cloud services are

unknown to IT

3800+total services and

most lack basic security

THE CLOUD: UNDERSTAND THE SHADOW CLOUD

APPLICATIONS UNAUTHORIZED OR UNKNOWN BY IT


THE CLOUD: UNDERSTAND THE RISKS

If in a regulated industry, understand

your exposure

Combat the Shadow Cloud

Ensure your employees are trained avoid risky behavior


COMPLEXITY


C O M P L E X I T Y – M O R E C H A N C E O F S O M E T H I N G B R E A K I N G T H R O U G H , U N N O T I C E D .

M O R E V E N D O R S , M O R E C L O U D , M O R E L O C A T I O N S A N D R I S K Y B E H A V I O R S T H A T N E E D T O B E M O N I T O R E D -

67% deploy business-critical applications on the public cloud which is often opaque.

How do you secure this?

COMPLEXITY: THE FOG OF SECURITY


Securing the attack surface takes on its own complexity. Vendors. Regulations. The Cloud. Conflicting Guidance.


460,000 Dockerized applications

4 Billion containers pulled

192% enterprise container growth

Virtualization Containers

Security Vendor Management

2015 2020

Workload Density

7.311.9

500Number of rules

allowed per Security Group

COMPLEXITY: THE LAW OF NUMBERS


PerimeterSecurity

NetworkSecurity

EndpointSecurity

Application

Security

Web/Data Security

Threat IntelligenceRisk and Compliance

Security Operations and Incident ResponseFraud Prevention / Transaction Security

Identity and Access Management

INDUSTRY TERMINOLOGY – SIEM – Security Information Event Management EPP – Endpoint ProtectionDCAP - Data Center Audit and Protection DLP – Data Loss PreventionIDPS – Intrusion Detection and Protection Systems NGFW – Next Generation FirewallWAF – Web Application Firewall AST – Application Security TestingCASB – Cloud Access Security Broker

Mobile Security

CloudSecurity

Industrial (IoT)

Security

MessagingSecurity

NGFW EPP

DLP DCAP

IDPS WAF

SIEM

AST CASB

IAM

COMPLEXITY: EXPERTISE IN ALL THINGS


C O M P L E X I T Y – M O R E C H A N C E O F S O M E T H I N G B R E A K I N G T H R O U G H , U N N O T I C E D .

M O R E V E N D O R S , M O R E C L O U D , M O R E L O C A T I O N S A N D R I S K Y B E H A V I O R S T H A T N E E D T O B E M O N I T O R E D -

COMPLEXITY: THE CISO’S CHALLENGE

16he © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |

Even well-protected systems can and will be hacked

Constantly monitor, test, and shift tactics to keep ahead of attackers


HUMAN ELEMENT


THE HUMAN ELEMENT: THE ENEMY WITHINMitigating the human element

of security leaders expect a major cloud provider to suffer a significant security breach

44%of employees adequately trained to avoid risky

behavior that could lead to a data breach

Yes No

44%

56%

Yes No

20%

80%

20%


THE HUMAN ELEMENT: VECTORS FOR ATTACK Decreasing attack vectors: Network and perimeter

Increasing attack vectors: Soft underbelly of user vulnerabilities

Server

User Device

Person

Media

Kiosk/Terminal

Network

2009 2010 2011 2012 2013 2014 20150%

10%

20%

30%

40%

50%

Percent of breachesper asset

category over time, (n=7.736)


THE HUMAN ELEMENT: VECTORS FOR ATTACK

Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged

credentials or insider theft, and not cloud provider vulnerabilities. 48%52%

Malicious Intent

Human error &process failure

If there is any redeeming factor, less than half (48%) are

due to malicious intent. The other 52% are due to human

error (25%) and IT or business process failures (27%).

80%


THE HUMAN ELEMENT: REACTION SPEEDBreaches, planned or unplanned, take time to discover

Breach Time

MINUTESData Collection

DAYSDiscovery

MONTHS

The time to discovery averages over 200 days and is compounded by a further 70 days to contain them

Humans can’t react quickly enough


HACKERS


HACKERS: DEMOCRATIZATION AND COMMODITIZATION

Most attackers were not APTsMost were looking for one mistake among many targetsTools are widely available on the Internet

The most extensive breaches were through brute force:• Checking for passwords that are 14 years old

• Probing for vulnerabilities that are over 10 years old

• Serving up malware that has not changed in years


HACKERS: EASY TARGETS

Easily exploitable systems will be

exploited

Easily exploitable people will be exploited

Laziness leads to exploitation


HACKERS: YOUR WORTH

Essentially, you’re not worth much

Consumers do not even bat an eyelid when their credit cards

are compromised

If the $300,000 asking price for the 1 billion Yahoo email

records said to be compromised is true, your identity on the Internet is worth 3/100th’s

of a cent


HACKERS: CLASSIC ATTACKS

37%

11%

20%

32%

Malware

Exploits

Phishing

Other

Mostly from U.S.

Mostly from U.S.

ATTACKS

Mostly from U.S.& China


HACKERS: SOCIAL, SAAS, AND FINANCE TARGETS

FacebookAdobeYahoo

AOLDropboxGooglePaypal

Wells FargoEbay

Bank of AmericaLinkedIn

PayPalPoste Italiane

AppleAlibaba

American ExpressUSAA

AmazonUPS

mail.com

Phishing Attacks


HACKERS: SLOPPY PASSWORDSroot

adminubnt

supportuser

pitest

1234motherusuario

oracle111111

password123456

guestPlcmSplp

123321ubuntu

ftpserver Top 30

guesses seen over a year of secure shell (SSH) user names and passwords

postgresakyachtftpusertomcatnagios

ablank

git

5453315565

46142790

174513561263

12131024

926708

672535

442371359359350

300270

222220

191176175173169159

10000010000100010010


BEST PRACTICES AND RECOMMENDATIONS


BEST PRACTICES AND RECOMMENDATIONS: SPEND INTELLIGENTLY

2016 2021

$187B

$85B2017

$9.2B in Cloud

But is it all intelligent spend?

GLOBAL CYBERSECURITY

GLOBAL CYBERSECURITY


BEST PRACTICES AND RECOMMENDATIONS:DEPLOY A UNIFIED VIEW

Virtual Private Cloud

Single ViewAcross Common Tools

Private Cloud Public Cloud

V

Hybrid Cloud


PERCENTAGE of your network

segments currently being actively

monitored

Have less than 2/3 visibility coverage

47%

BEST PRACTICES AND RECOMMENDATIONS: DEPLOY FULL COVERAGE

Source: Ixia Survey of 242 enterprises


Legacy Visibility Solutions

Data Volume

Blind Spot – attacker can enter and hide his tracks in an instant

BEST PRACTICES AND RECOMMENDATIONS: KEEP UP WITH THE DATA

ASK YOUR VENDOR:

Dropped packets at

peak volumes?

Performance with all

features on?

Visibility architecture

easy to configure / change?


BEST PRACTICES AND RECOMMENDATIONS: SAFETY ACTIONS

MONITOR YOUR SOFT SPOTS

KNOW YOUR SUPPLIERS

FIX WHAT IS BROKEN

BE A DRILL SERGEANT

SECURITY IS A VERB

ARE YOU (YOUR TESTS)SMARTER THAN A 5TH GRADER

THINK LIKE A CROOK


BEST PRACTICES AND RECOMMENDATIONS: TEST OFTEN AND ENSURE TOTAL VISIBILITY

IXNETWORK • IXLOAD • IXIA IOT • VISION ONE • BYPASS • FLEX TAPS

BreakingPoint • CloudLens • ThreatARMOR


CONCLUSION: KEY TAKE AWAYS

Protect the simple stuff

Challenge your security architecture

Validate provisioning

Adopt a Zero Trust Model

Inspect encrypted

traffic

Limit your attack surface

1 2 3

4 5 6

2017 security report presentation

Marketing