a university uses an intelligent approach against malicious threats (264287876)

8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)

http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 1/48

Evolving

Security @ UNBHow UNB is using policy, practice and technology to enhance cyber securit

David Shipley, University of New Brunswickay !, "#$!% &SE'$!



(his presentation leaves copyright of the content to the presenter%Unless otherwise noted in the )aterials, uploaded content carries th'reative 'o))ons *ttribution+Non'o))ercial+Share*like license,which grants usage to the general public with the stipulated criteria



-hat are we here to talk about.

UNB’s cyber security struggle

Using security intelligence from multiple

sources for both tactical and strategicdecisions

Moving away from playing a losing game of

cyber security whack-a-mole



y background

Bachelor of *rts in /nfor)ation and 'o))unications S01#!2% aster of Business *d)inistration 01$!2

3or)er 'anadian *r)y reservist 0ar)oured vehicle drgunner2

3or)er reporter for the provincial newspaper

3or)er web content strategist for UNB 'o))unicatioarketing

*ccidental /( Security professional and fortunate )e)an a)a5ing tea)



(he Security *ction (ea) 0S*(2

6rovides /( security

leadership

3or)ulates, i)ple)entsand coordinates polices,plans and pro7ects

/ncident 8esponse

*dvises /( security

resourcing, technologies,and co))unity education%



*bout UNB

North *)erica9s

oldest English publicuniversity 0Est%$:;!2

$$,### students

",### 3(E 3acultyand Sta<

Hybrid /(environ)ent

0centrali5ed anddecentrali5ed



/n defence of =cybersecurity

>?cially, /S>/E' ":#A" addresses ='ybersecurity or='yberspace security, dened as the =preservation ofcondentiality, integrity and availability of infor)ation inthe 'yberspace%

/n turn =the 'yberspace 0co)plete with denite articleis dened as =the co)ple environ)ent resulting fro)the interaction of people, software and services on the/nternet by )eans of technology devices and networksconnected to it, which does not eist in any physicalfor)%



-hy are universities a target.

$% -e we9re designed to be open

"% -e have a treasure trove of 6//

A% -e have valuable intellectual property0ours and others2

% -e o<er a great platfor) fro) which tolaunch attacks

!% -e are a route into )ore secure orgs



>ur challenges

-e average between ;A and !! atte)pts per second to

breach our network 0)assively auto)ated re)ote intrusion2

-e have )ore than "%" )illion security events daily on ournetwork

-e have )ore than !## o<ences weekly

-e have as )any as $"# co)pro)ised endpoints a )onth0half of which are students2

-e are the ulti)ate BF>D environ)ent



Higher education cyber securitychallenges

:A8eported data breaches reported at colleges and universitiesbetween "##! and "#$! as a result of hacking, )alware orinadvertent disclosure% SourceG 6rivacy8ights%org Ellucian

http://privacyrights.org/

http://privacyrights.org/



(he cost of a breach

$; dollars on average per record ineducation, based on gures fro) a "#$6one)on /nstitute Study



(he challenge for UNBG

Balance the need for openness andprinciples such as acade)ic freedo)

with legal, )oral and ethicalresponsibilities to protect data

/nvest in the right )i of )odernsecurity technologies in a di?cultbudgetary environ)ent

/nvest the ti)e and hu)an resourcesto act on security intelligence andreact to incidents while investing inproactive security strategies andinitiatives

Engage the university co))unity in acultural change about cyber security



3ighting s)arter



(hreat /ntelligence Sources

I8adar Security /ntelligence Eventanage)ent 0S/E2

(rend icro Deep Discovery /nspectoralware detection tool

Jaspersky *nti+Kirus 8eporting Syste) Lovern)ent, industry contacts and

listservs

/nfoSec News Sources and Social edia



alware 'N' 'allBacks 0A# days2



*<ected Hosts



How Deep Discovery -orksG (heS6N

GLOBALSENSORNET

0via honeypots,co))unity,

custo)ers, threatresearchers

and )ore2

DAILY STA• 'ollects $!(B • *naly5es $%!B

sa)ples

• /denties $;#Jthreats

• Blocks "!# th

Collects

Protects

Identifes

• URLs/IPs/Domains

• Files• Vulnerabilities• Network Traffic

• Cyber Criminals

• obile !""s• #$"loit %its



S6N M Kirtual *naly5er M 8adar

$;

DeepDiscovery

InspectorAn!ly"ere#!ilAn!ly"er

$R!d!r



* solid partnership



(hreat 6atterns



8e)ote /ntrusion *tte)pts Source



8e)ote /ntrusion *tte)ptsDestination



Security ><ences



Security Events, ><ences and/ncidents @ UNB

!,$:ANu)ber of ti)es the Deep Discovery virtuali5er ran between)id+Dece)ber and )id+Panuary%




";Nu)ber of )alicious les discovered during the Nove)ber analysis




$!,!$Esti)ated ti)e to )anually do sa)e )alware analysis, assu)ingresources



ovingbeyond

tacticalresponse



UNB9s )ove to /( 8iskanage)ent

Day+to+day /( >perations

/( Security >perations

(hreat *nalysis, 6olicy 4 6rocedure Develo

/( 8isk anage)ent

a t u r

i t y



/terative i)prove)ent )odel

8isk anage)ent

/( >perations

Security>perations

(hreat *nalysis6olicy 4 6rocedure

Develop)ent



(he Security Building Blocks

>perations Service Desk

Security *ction (ea)

'o))unications

8isk anage)ent, Iuality *ssurance and Standards Develop)ent



Service Desk

Help Desk escalatesthreats to S*(

*ssists with usereducation

Desktop Lroup helpsharden end pointsand triageco)pro)ises



>perations

Syste)s andNetwork)onitoring,reporting of threats,ensuring patchingand reporting policyor procedureco)pliance issues%

6articipates in



'o))unications

*ssists with develop)ent and eecutionof user awareness and culture changeca)paigns%

*ssists with developing and eecutingincident co))unications



(he cross+functional workRow

'lient provides

userna)e andpassword in phishingatte)pt

Help Desk or evel >ne

advises M assists clientwith safe passwordreset

/( Security initiatesincident investigat

>perations sta<engaged to assist withlog review accesschecks

UNB 6rivacy >?cerengaged in event of apotential data breach

'lient advised investigation, eto take awaren'o))unicationreuired to co)



-hat ghter 7ets in the Jorean -ar can teacus about cybersecurity in Higher Education.

(h >>D*



(he >>D* oop

>bserve

>rient

Decide

*ct>>D* 'ycle

S it St t 6ill



Security Strategy 6illars

Security Strategy

/( Security 6olicyData Lovernance

Security *rchitectureG (ools, 6eople, 6rocess

'ulture 'hangeGUser *wareness MBehaviour 'hange

(he Digital /))une Syste)



(he Digital /))une Syste)

8adar

Endpoint*K

NetworkalwareDetection

K6N

NL3-*dvancedN*'



(ranslating 'yber Security+ese toBusiness+ese

ki th



aking the case

-herecybersecurityts in 6orter9sKalue 'hain



(he disconnect between threat awarenesand concern about threats



Do you believe your organi5ation has anaccurate picture on the threats it faces on abasis.



Q$Tweren9t sure or weren9t condent

*nony)ous, non+scientic poll conducted during a webinar / delivered in *pril "#$!%



How concerned are you about attack leading to a data breach

*nony)ous, non+scientic poll conducted during a webinar / delivered in *pril "#$!% N #



Q!Tvery concerned

*nony)ous, non+scientic poll conducted during a webinar / delivered in *pril "#$!% N A



-e need to change

the cybersecurity story

-e can use our security technoloto build a new narrative, one base

real threats, with real solutions



Iuestions.

a university uses an intelligent approach against malicious threats (264287876)

Documents