a university uses an intelligent approach against malicious threats (264287876)
TRANSCRIPT
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 1/48
Evolving
Security @ UNBHow UNB is using policy, practice and technology to enhance cyber securit
David Shipley, University of New Brunswickay !, "#$!% &SE'$!
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 2/48
(his presentation leaves copyright of the content to the presenter%Unless otherwise noted in the )aterials, uploaded content carries th'reative 'o))ons *ttribution+Non'o))ercial+Share*like license,which grants usage to the general public with the stipulated criteria
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 3/48
-hat are we here to talk about.
UNB’s cyber security struggle
Using security intelligence from multiple
sources for both tactical and strategicdecisions
Moving away from playing a losing game of
cyber security whack-a-mole
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 4/48
y background
Bachelor of *rts in /nfor)ation and 'o))unications S01#!2% aster of Business *d)inistration 01$!2
3or)er 'anadian *r)y reservist 0ar)oured vehicle drgunner2
3or)er reporter for the provincial newspaper
3or)er web content strategist for UNB 'o))unicatioarketing
*ccidental /( Security professional and fortunate )e)an a)a5ing tea)
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 5/48
(he Security *ction (ea) 0S*(2
6rovides /( security
leadership
3or)ulates, i)ple)entsand coordinates polices,plans and pro7ects
/ncident 8esponse
*dvises /( security
resourcing, technologies,and co))unity education%
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 6/48
*bout UNB
North *)erica9s
oldest English publicuniversity 0Est%$:;!2
$$,### students
",### 3(E 3acultyand Sta<
Hybrid /(environ)ent
0centrali5ed anddecentrali5ed
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 7/48
/n defence of =cybersecurity
>?cially, /S>/E' ":#A" addresses ='ybersecurity or='yberspace security, dened as the =preservation ofcondentiality, integrity and availability of infor)ation inthe 'yberspace%
/n turn =the 'yberspace 0co)plete with denite articleis dened as =the co)ple environ)ent resulting fro)the interaction of people, software and services on the/nternet by )eans of technology devices and networksconnected to it, which does not eist in any physicalfor)%
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 8/48
-hy are universities a target.
$% -e we9re designed to be open
"% -e have a treasure trove of 6//
A% -e have valuable intellectual property0ours and others2
% -e o<er a great platfor) fro) which tolaunch attacks
!% -e are a route into )ore secure orgs
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 9/48
>ur challenges
-e average between ;A and !! atte)pts per second to
breach our network 0)assively auto)ated re)ote intrusion2
-e have )ore than "%" )illion security events daily on ournetwork
-e have )ore than !## o<ences weekly
-e have as )any as $"# co)pro)ised endpoints a )onth0half of which are students2
-e are the ulti)ate BF>D environ)ent
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 10/48
Higher education cyber securitychallenges
:A8eported data breaches reported at colleges and universitiesbetween "##! and "#$! as a result of hacking, )alware orinadvertent disclosure% SourceG 6rivacy8ights%org Ellucian
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 11/48
(he cost of a breach
$; dollars on average per record ineducation, based on gures fro) a "#$6one)on /nstitute Study
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 12/48
(he challenge for UNBG
Balance the need for openness andprinciples such as acade)ic freedo)
with legal, )oral and ethicalresponsibilities to protect data
/nvest in the right )i of )odernsecurity technologies in a di?cultbudgetary environ)ent
/nvest the ti)e and hu)an resourcesto act on security intelligence andreact to incidents while investing inproactive security strategies andinitiatives
Engage the university co))unity in acultural change about cyber security
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 13/48
3ighting s)arter
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 14/48
(hreat /ntelligence Sources
I8adar Security /ntelligence Eventanage)ent 0S/E2
(rend icro Deep Discovery /nspectoralware detection tool
Jaspersky *nti+Kirus 8eporting Syste) Lovern)ent, industry contacts and
listservs
/nfoSec News Sources and Social edia
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 15/48
alware 'N' 'allBacks 0A# days2
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 16/48
*<ected Hosts
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 17/48
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 18/48
How Deep Discovery -orksG (heS6N
GLOBALSENSORNET
0via honeypots,co))unity,
custo)ers, threatresearchers
and )ore2
DAILY STA• 'ollects $!(B • *naly5es $%!B
sa)ples
• /denties $;#Jthreats
• Blocks "!# th
Collects
Protects
Identifes
• URLs/IPs/Domains
• Files• Vulnerabilities• Network Traffic
• Cyber Criminals
• obile !""s• #$"loit %its
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 19/48
S6N M Kirtual *naly5er M 8adar
$;
DeepDiscovery
InspectorAn!ly"ere#!ilAn!ly"er
$R!d!r
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 20/48
* solid partnership
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 21/48
(hreat 6atterns
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 22/48
8e)ote /ntrusion *tte)pts Source
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 23/48
8e)ote /ntrusion *tte)ptsDestination
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 24/48
Security ><ences
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 25/48
Security Events, ><ences and/ncidents @ UNB
!,$:ANu)ber of ti)es the Deep Discovery virtuali5er ran between)id+Dece)ber and )id+Panuary%
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 26/48
Security Events, ><ences and/ncidents @ UNB
";Nu)ber of )alicious les discovered during the Nove)ber analysis
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 27/48
Security Events, ><ences and/ncidents @ UNB
$!,!$Esti)ated ti)e to )anually do sa)e )alware analysis, assu)ingresources
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 28/48
ovingbeyond
tacticalresponse
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 29/48
UNB9s )ove to /( 8iskanage)ent
Day+to+day /( >perations
/( Security >perations
(hreat *nalysis, 6olicy 4 6rocedure Develo
/( 8isk anage)ent
a t u r
i t y
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 30/48
/terative i)prove)ent )odel
8isk anage)ent
/( >perations
Security>perations
(hreat *nalysis6olicy 4 6rocedure
Develop)ent
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 31/48
(he Security Building Blocks
>perations Service Desk
Security *ction (ea)
'o))unications
8isk anage)ent, Iuality *ssurance and Standards Develop)ent
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 32/48
Service Desk
Help Desk escalatesthreats to S*(
*ssists with usereducation
Desktop Lroup helpsharden end pointsand triageco)pro)ises
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 33/48
>perations
Syste)s andNetwork)onitoring,reporting of threats,ensuring patchingand reporting policyor procedureco)pliance issues%
6articipates in
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 34/48
'o))unications
*ssists with develop)ent and eecutionof user awareness and culture changeca)paigns%
*ssists with developing and eecutingincident co))unications
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 35/48
(he cross+functional workRow
'lient provides
userna)e andpassword in phishingatte)pt
Help Desk or evel >ne
advises M assists clientwith safe passwordreset
/( Security initiatesincident investigat
>perations sta<engaged to assist withlog review accesschecks
UNB 6rivacy >?cerengaged in event of apotential data breach
'lient advised investigation, eto take awaren'o))unicationreuired to co)
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 36/48
-hat ghter 7ets in the Jorean -ar can teacus about cybersecurity in Higher Education.
(h >>D*
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 37/48
(he >>D* oop
>bserve
>rient
Decide
*ct>>D* 'ycle
S it St t 6ill
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 38/48
Security Strategy 6illars
Security Strategy
/( Security 6olicyData Lovernance
Security *rchitectureG (ools, 6eople, 6rocess
'ulture 'hangeGUser *wareness MBehaviour 'hange
(he Digital /))une Syste)
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 39/48
(he Digital /))une Syste)
8adar
Endpoint*K
NetworkalwareDetection
K6N
NL3-*dvancedN*'
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 40/48
(ranslating 'yber Security+ese toBusiness+ese
ki th
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 41/48
aking the case
-herecybersecurityts in 6orter9sKalue 'hain
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 42/48
(he disconnect between threat awarenesand concern about threats
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 43/48
Do you believe your organi5ation has anaccurate picture on the threats it faces on abasis.
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 44/48
Q$Tweren9t sure or weren9t condent
*nony)ous, non+scientic poll conducted during a webinar / delivered in *pril "#$!%
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 45/48
How concerned are you about attack leading to a data breach
*nony)ous, non+scientic poll conducted during a webinar / delivered in *pril "#$!% N #
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 46/48
Q!Tvery concerned
*nony)ous, non+scientic poll conducted during a webinar / delivered in *pril "#$!% N A
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 47/48
-e need to change
the cybersecurity story
-e can use our security technoloto build a new narrative, one base
real threats, with real solutions
8/9/2019 A University Uses an Intelligent Approach against Malicious Threats (264287876)
http://slidepdf.com/reader/full/a-university-uses-an-intelligent-approach-against-malicious-threats-264287876 48/48
Iuestions.