2017 security report presentation
TRANSCRIPT
2© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE YEAR IN REVIEW
HUMAN ELEMENT
HACKERS
COMPLEXITY
GROWTH
FINDINGS BASED ON20 YEARS OF VISIBILITY
AND VALIDATION
GROWTH IN ATTACK SURFACE LED TO
GROWTH IN ATTACKS
3© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
IXIA ATI RESEARCH CENTER
• Combines proficiency in cybersecurity threats and application protocol behavior.
• Application and threat intelligence across test, visibility, and security solutions to:
• Create realistic application attacks—from protocols through loading and threats
• Block malicious inbound and outbound communications
• Collect ongoing intelligence on new threats • Identify unknown applications • Detect traffic locations
5© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
LEADING CONTRIBUTOR OF GROWTH:THE CLOUD AND ITS EVOLVING ATTACK SURFACE
Growth
Shared Responsibility
Speed of Change(Container and Virtualized)
Attack Surface = ∑ of attack vectors where an unauthorized user can enter and extract data
from an enterprise.
How much data do I have?Where is my data?
What applications do I run?
6© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE CLOUD: GROWTH
Global Cloud Index, Cisco, 2016
15.3 Zettabytes
Total Data Center Traffic
92% of
Workloads
Are Cloud Based
By 2020
7© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE CLOUD: SPEED OF CHANGESERVER LIFETIME
Containerized Data Center
DAYSVirtualized Data Center
WEEKSTraditional Data Center
MONTHS
8© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
SaaSSoftware as a
Service
• Email• CRM• Virtual Desktop• Gaming
PaaSPlatform as a
Service
• Database• Web Server• Dev Tools• Execution Runtime
IaaSInfrastructure as a Service
• Servers and Virtual Machines
• Storage• Network
THE CLOUD: SHARED RESPONSIBILITY
Software delivered over the web:
Platform for creation of software:
Hardware & softwaredelivered on-demand:
9© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
determine your responsibility and exposure
Source: Gartner, Staying Secure in the Cloud Is a Shared Responsibility, April 2016 Report.
THE CLOUD: SHARED RESPONSIBILITY
IaaS PaaS SaaSPeople People People
Data Data Data
Applications Applications Applications
Runtime Runtime Runtime
Middleware Middleware Middleware
Operating System Operating System Operating System
Virtual Network Virtual Network Virtual Network
Hypervisor Hypervisor Hypervisor
Servers Servers Servers
Storage Storage Storage
Physical Network Network Network
Customer ResponsibilityCSP Responsibility
THE SERVICES YOU USE
10© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
10x 670more cloud services are deployed than what IT expects
of these cloud services are
unknown to IT
3800+total services and
most lack basic security
THE CLOUD: UNDERSTAND THE SHADOW CLOUD
APPLICATIONS UNAUTHORIZED OR UNKNOWN BY IT
11© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE CLOUD: UNDERSTAND THE RISKS
If in a regulated industry, understand
your exposure
Combat the Shadow Cloud
Ensure your employees are trained avoid risky behavior
13© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
C O M P L E X I T Y – M O R E C H A N C E O F S O M E T H I N G B R E A K I N G T H R O U G H , U N N O T I C E D .
M O R E V E N D O R S , M O R E C L O U D , M O R E L O C A T I O N S A N D R I S K Y B E H A V I O R S T H A T N E E D T O B E M O N I T O R E D -
67% deploy business-critical applications on the public cloud which is often opaque.
How do you secure this?
COMPLEXITY: THE FOG OF SECURITY
13© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Securing the attack surface takes on its own complexity. Vendors. Regulations. The Cloud. Conflicting Guidance.
14© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
460,000 Dockerized applications
4 Billion containers pulled
192% enterprise container growth
Virtualization Containers
Security Vendor Management
2015 2020
Workload Density
7.311.9
500Number of rules
allowed per Security Group
COMPLEXITY: THE LAW OF NUMBERS
15© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
PerimeterSecurity
NetworkSecurity
EndpointSecurity
Application
Security
Web/Data Security
Threat IntelligenceRisk and Compliance
Security Operations and Incident ResponseFraud Prevention / Transaction Security
Identity and Access Management
INDUSTRY TERMINOLOGY – SIEM – Security Information Event Management EPP – Endpoint ProtectionDCAP - Data Center Audit and Protection DLP – Data Loss PreventionIDPS – Intrusion Detection and Protection Systems NGFW – Next Generation FirewallWAF – Web Application Firewall AST – Application Security TestingCASB – Cloud Access Security Broker
Mobile Security
CloudSecurity
Industrial (IoT)
Security
MessagingSecurity
NGFW EPP
DLP DCAP
IDPS WAF
SIEM
AST CASB
IAM
COMPLEXITY: EXPERTISE IN ALL THINGS
16© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
C O M P L E X I T Y – M O R E C H A N C E O F S O M E T H I N G B R E A K I N G T H R O U G H , U N N O T I C E D .
M O R E V E N D O R S , M O R E C L O U D , M O R E L O C A T I O N S A N D R I S K Y B E H A V I O R S T H A T N E E D T O B E M O N I T O R E D -
COMPLEXITY: THE CISO’S CHALLENGE
16he © 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Even well-protected systems can and will be hacked
Constantly monitor, test, and shift tactics to keep ahead of attackers
18© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE HUMAN ELEMENT: THE ENEMY WITHINMitigating the human element
of security leaders expect a major cloud provider to suffer a significant security breach
44%of employees adequately trained to avoid risky
behavior that could lead to a data breach
Yes No
44%
56%
Yes No
20%
80%
20%
19© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE HUMAN ELEMENT: VECTORS FOR ATTACK Decreasing attack vectors: Network and perimeter
Increasing attack vectors: Soft underbelly of user vulnerabilities
Server
User Device
Person
Media
Kiosk/Terminal
Network
2009 2010 2011 2012 2013 2014 20150%
10%
20%
30%
40%
50%
Percent of breachesper asset
category over time, (n=7.736)
20© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE HUMAN ELEMENT: VECTORS FOR ATTACK
Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged
credentials or insider theft, and not cloud provider vulnerabilities. 48%52%
Malicious Intent
Human error &process failure
If there is any redeeming factor, less than half (48%) are
due to malicious intent. The other 52% are due to human
error (25%) and IT or business process failures (27%).
80%
21© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
THE HUMAN ELEMENT: REACTION SPEEDBreaches, planned or unplanned, take time to discover
Breach Time
MINUTESData Collection
DAYSDiscovery
MONTHS
The time to discovery averages over 200 days and is compounded by a further 70 days to contain them
Humans can’t react quickly enough
23© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HACKERS: DEMOCRATIZATION AND COMMODITIZATION
Most attackers were not APTsMost were looking for one mistake among many targetsTools are widely available on the Internet
The most extensive breaches were through brute force:• Checking for passwords that are 14 years old
• Probing for vulnerabilities that are over 10 years old
• Serving up malware that has not changed in years
24© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HACKERS: EASY TARGETS
Easily exploitable systems will be
exploited
Easily exploitable people will be exploited
Laziness leads to exploitation
25© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HACKERS: YOUR WORTH
Essentially, you’re not worth much
Consumers do not even bat an eyelid when their credit cards
are compromised
If the $300,000 asking price for the 1 billion Yahoo email
records said to be compromised is true, your identity on the Internet is worth 3/100th’s
of a cent
26© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HACKERS: CLASSIC ATTACKS
37%
11%
20%
32%
Malware
Exploits
Phishing
Other
Mostly from U.S.
Mostly from U.S.
ATTACKS
Mostly from U.S.& China
27© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HACKERS: SOCIAL, SAAS, AND FINANCE TARGETS
FacebookAdobeYahoo
AOLDropboxGooglePaypal
Wells FargoEbay
Bank of AmericaLinkedIn
PayPalPoste Italiane
AppleAlibaba
American ExpressUSAA
AmazonUPS
mail.com
Phishing Attacks
28© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
HACKERS: SLOPPY PASSWORDSroot
adminubnt
supportuser
pitest
1234motherusuario
oracle111111
password123456
guestPlcmSplp
123321ubuntu
ftpserver Top 30
guesses seen over a year of secure shell (SSH) user names and passwords
postgresakyachtftpusertomcatnagios
ablank
git
5453315565
46142790
174513561263
12131024
926708
672535
442371359359350
300270
222220
191176175173169159
10000010000100010010
30© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
BEST PRACTICES AND RECOMMENDATIONS: SPEND INTELLIGENTLY
2016 2021
$187B
$85B2017
$9.2B in Cloud
But is it all intelligent spend?
GLOBAL CYBERSECURITY
GLOBAL CYBERSECURITY
31© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
BEST PRACTICES AND RECOMMENDATIONS:DEPLOY A UNIFIED VIEW
Virtual Private Cloud
Single ViewAcross Common Tools
Private Cloud Public Cloud
V
Hybrid Cloud
32© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
PERCENTAGE of your network
segments currently being actively
monitored
Have less than 2/3 visibility coverage
47%
BEST PRACTICES AND RECOMMENDATIONS: DEPLOY FULL COVERAGE
Source: Ixia Survey of 242 enterprises
33© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Legacy Visibility Solutions
Data Volume
Blind Spot – attacker can enter and hide his tracks in an instant
BEST PRACTICES AND RECOMMENDATIONS: KEEP UP WITH THE DATA
ASK YOUR VENDOR:
Dropped packets at
peak volumes?
Performance with all
features on?
Visibility architecture
easy to configure / change?
34© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
BEST PRACTICES AND RECOMMENDATIONS: SAFETY ACTIONS
MONITOR YOUR SOFT SPOTS
KNOW YOUR SUPPLIERS
FIX WHAT IS BROKEN
BE A DRILL SERGEANT
SECURITY IS A VERB
ARE YOU (YOUR TESTS)SMARTER THAN A 5TH GRADER
THINK LIKE A CROOK
35© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
BEST PRACTICES AND RECOMMENDATIONS: TEST OFTEN AND ENSURE TOTAL VISIBILITY
IXNETWORK • IXLOAD • IXIA IOT • VISION ONE • BYPASS • FLEX TAPS
BreakingPoint • CloudLens • ThreatARMOR
36© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
CONCLUSION: KEY TAKE AWAYS
Protect the simple stuff
Challenge your security architecture
Validate provisioning
Adopt a Zero Trust Model
Inspect encrypted
traffic
Limit your attack surface
1 2 3
4 5 6