connecting the information security community...1,000+ clients: technology & service providers,...

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 1 UBM Copyright 2015. All Rights Reserved

Connecting The Information Security Community

Sara Peters Senior Editor, Dark Reading Eric Hanselman Chief Analyst, 451 Research

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 2

2015 Enterprise Securities Priorities Connecting The Business Technology Community

1 – Source: Gartner, Aug 2014 2 – Source: InformationWeek Strategic Security Survey, April 2014

Worldwide IT security spending was over $70B in 2014, and expected to reach almost $77B in 2015.1

75% of IT professionals believe their organizations are about the same or more vulnerable to attacks than a year ago.2

Security’s Hottest Trends • Frequency, cost, and size of breaches continues to rise • Higher percentage of targeted and politically-motivated threats • Current, Single-Purpose Security Technology Is Not Working • Increasing Portion of Computing Is Out of IT’s Control • Shortage of Staffing, Skills

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 3

The Critical Role of IT Security Professionals Create A Secure Business That Doesn’t Hinder Operations

• Alerts on attacks and vulnerabilities as soon as they are discovered

• Insight on emerging threats and vulnerabilities to help “triage” current dangers and prioritize responses

• Feedback from industry colleagues on the right actions to take and how to implement them

• Understanding vendor strategies – not just what’s new

Today’s Enterprises Are Faced With Some of the Most Sophisticated Threats They Have Ever Encountered • Today’s security pros are tasked with figuring out what is compromising their

systems, how to fix the damage, and how to prevent it from happening again. • They have no single place to both gather and share information, relying on a myriad

of sites and social networks.

What IT Security Pros Need To Succeed

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 4

451 Research

Founded in 2000

210+ employees, including over 100 analysts

1,000+ clients: Technology & Service providers, corporate advisory, finance, professional services, and IT decision makers

15,000+ senior IT professionals in our research community

Over 52 million data points each quarter

4,500+ reports published each year covering 2,000+ innovative technology & service providers

Headquartered in New York City with offices in London, Boston, San Francisco, and Washington D.C.

451 Research and its sister company Uptime Institute comprise the two divisions of The 451 Group

Research & Data

Advisory Services

Events

451 Research is an information technology research & advisory company

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 5

Agenda

A true Crash Course – InfoSec in an hour • Introduction • The State of Enterprise Security • Today’s Enterprise Threat Environment • Why Enterprise Security Requires a Multi-Layered Defense • Understanding Targeted Attacks • The Real Risks of Mobile Technology In the Enterprise • Users, Endpoints, and Passwords – What Really Works • Insider Threats and Preventing Data Leaks • Social Engineering – How Users Get Fooled (And How to Stop It) • Eliminating Risk In Cloud Computing Environments • Q&A

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 6

The State of Enterprise Security Collision of requirements

• Protection • Mitigation • Governance, regulatory, compliance • Enablement

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 7

We’re Playing Defence Threats are on the attack

Whether in detection, control, or prevention, we are notching personal bests but all the while the opposition is setting world records. - Dan Geer, CISO In-Q-Tel

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 8

Meet Your Adversaries Changing players with varied motivations

• Your users • Your vendors • Lower skilled attackers • Cyber criminals • Hacktivists • Nation states

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 9

Your Users Well meaning and trying to get work done

• Risks: Device/data loss, Phishing victims • Consumer technology mindset • Limited understanding of risks • Some malicious users, too

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 10

Your Vendors and Partners Good intentions, but imperfect

• Risks: Vulnerable software and equipment, data and identity compromise • Operational costs for maintenance and patching • Access often not limited well • Audits not often extended

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 11

Lower skilled attackers Annoying, but potentially dangerous

• Risks: Door knob rattling, systems damage • Script kiddies and the like • Tool availability spawns experimentation

– A path for snooping or malicious users

• Can be part of reconnaissance process

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 12

Cyber Criminals It’s just a job…

• Risks: Data and financial loss, denial of service • The rise of guild culture

– Specialized services

• Tools part of the infosec arms race – There’s money in this

• Persistent and sophisticated

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 13

Hacktivists Politically motivated, but which politics?

• Risks: Data release, denial of service, collateral damage • Poorly defined groups • Motivations not always clear • Power in numbers • Reasonably sophisticated tools

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 14

Nation States Complex motivations, murky definition

• Risks: Data loss, Denial of service, collateral damage • More actors arriving • The most sophisticated tools • Often invoked, seldom fully identified

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 15

Anatomy of an Attack Determined attackers have a plan

Reconnaissance Beachhead Exploration

Compromise Export Cleanup

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 16

Advanced Persistent Threats APT’s, all the time!

• Some clarity is needed on definition • APT’s are people and attack campaigns • APT’s are not technology or tools • An APT attack will span considerable time • Effective protections look to break attack process

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 17

Effective Security in a Changing World There is no single path, but many can be effective

• Enhancing security posture requires enterprise efforts • Many components with shared intelligence

– Complex coordination task

• Much more than anti-malware

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 18

Attitudes Need to Change Presuming that you’ve been compromised

• Best defence is enhanced situational awareness

• Current attack capabilities are overwhelming • Best tools increase visibility while limiting

complexity • Security can’t be the department of “No!”

– Transformation to department of “know!”

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 19

We’re Still Buying Lots of Security Budgets and purchasing expectations are up

Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 20

But We’re Changing What We Buy Chasing effective mitigations

Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014

Q. How will your spending on this technology change in 2015 as compared to 2014? n=210 to 213. Data from respondents not using the technology or that don't know about spending are hidden.

2%

3%

6%

4%

1%

2%

1%

1%

1%

5%

10%

4%

8%

3%

28%

74%

73%

77%

28%

26%

20%

47%

25%

47%

53%

40%

28%

41%

9%

9%

9%

11%

12%

15%

17%

18%

20%

25%

27%

27%

27%

31%

Threat IntelligencePatch Management

Anti-spam/Email SecurityAntivirus/Endpoint Security

Anti-DDoSWeb Application Firewall

Network Data-loss Prevention…IT Sec Training/Edu/AwarenessEndpoint Data-loss Prevention…

Event Log Management SystemNIDS/NIPS

Security Information Event…Application-aware/Next-gen Firewall

Mobile Device Management

Less Spending About the Same More Spending

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 21

Multi-Layered Defence is Needed Sophisticated attacks need sophisticated defence

• No one tool does all tasks • Need visibility across many points • Protection on different platforms • Protection through different means

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 22

The Perimeter is No Longer Enough Bulwarks are important, but not everyone’s within the walls

• No one tool does all tasks • Need visibility across many

points • Protection can’t depend on

location – Refocusing on points of use – Data path awareness

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 23

Internal Segmentation is Critical Protection against the results of compromise

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 24

Understanding Targeted Attacks Acting with an enhanced security posture

• How do you disrupt targeted attacks? – Enhance the targets! – Train teams in attack patterns – Act on your threat intelligence Enabling the “kill chain”

• What do you do when you find them? – Have an incident response plan Make sure that you’ve exercised it regularly!

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 25

Incident Response Planning Follow up is just as important as protection

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 26

The Real Risks of Mobile Technology What threatens mobile technology?

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 27

What’s to be Done About Mobile Security? It’s a balancing act with your users

• Device protections can work – Encryption is effective – MDM and MAM are possible, but fragile Compliance monitoring is necessary

– Device fragmentation varies capabilities

• Users have to participate • It’s all about balancing risk, protection and functionality

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 28

Users, Endpoints, and Passwords Passwords have issues…

From Nok Nok Labs

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 29

Password Alternatives Aren’t Awesome Improvements, but still some limitations

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 30

And It’s Only Getting More Complex As devices and applications proliferate, complexity grows

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 31

The FIDO Alliance Provides an Option Standards for integrating more sophisticated authentication

• Founded in 2013 • iOS and Android support

– KitKat and Lollipop – Samsung S5, Tab S,

Note4 – iOS8 Secure Enclave – iPhone 5S, 6, 6+, Air2,

iPad mini

• Requires integration

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 32

Insider Threats and Preventing Data Leaks Getting the best from your communities

• Authorized users are the greatest risk • People

– Awareness is your greatest tool – Provide tools and capabilities

• Protections – Monitoring to gain understanding

• Policies – Reward reporting – Understand mistakes and errors

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 33

Data Exposure Will Happen Limiting risk and reducing time to detection are critical

• Expect the best, prepare for the worst • Understand your data

– Classification

• Protect – Partition access – Manage identities Privileged user accumulations

• Act – Follow the policies

Slip ups

Snoops

Sneaks

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 34

Social Engineering How Users Get Fooled (And How to Stop It)

• People are human – And we need to understand that – Technology can’t change this

• Social engineering is very effective – 91% of targeted attacks involve spear-phishing emails (1) – Over 95% of state-affiliated espionage breaches involved the use of

phishing emails (2) – Over 95% of information security incidents involve human error(3)

1 Trend Micro 2013 2 Verizon Data Breach Investigations Report 2013 3 IBM 2014

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 35

Mobility Adds Social Engineering Challenges The small screen gets immediate attention

• App downloads 1

– Lack of understanding of permissions – Relying on word of mouth and ratings

• Email Phishing 2

– Worse on mobile phones – Mobile phones first to arrive at phishing websites – 3x more likely to submit credentials

• SMS attacks – Smishing, links, reply to

1 P. Gage Kelley, S. Consolvo, L. Cranor, J. Jung, N. Sadeh, D. Wetherall, “A Conundrum of Permissions: Installing Applications on an Android Smartphone”, USEC2012 2 Trusteer, 2011

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 36

Managing Social Engineering Risk People are your greatest asset, too

• Training is key • Real life scenario training • Repeated exposure • Continuous process

– Assess Knowledge tests, mock attacks

– Educate Interactive training

– Reinforce Newsletters and rewards

– Measure Reports and trend analysis

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 37

Reducing Risk In Cloud Computing Environments It’s what you don’t know that will hurt you

• Changes in risk expectations

• Improvements in understanding

2010 2013

Abuse of API Data Breaches

Insecure API Data Loss

Malicious Insiders Account Hijacking

Shared Technology Vulns Insecure APIs

Data Loss/Leakage Denial of Service

Hijack of Acct, Service & Traffic Malicious Insiders

Unknown Risk Profile Abuse of Cloud Services

Insufficient Due Diligence

Shared Technology Issues

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 38

Top Issues With Cloud Usage The “SalesForce Effect” is real and prevalent

• Problem: Limited awareness of cloud use • Mitigation: Engage business managers and monitor

traffic

• Problem: Data disclosure or non-compliant use • Mitigation: Classify data! Encrypt or use replacement

services

• Problem: Inconsistent usage controls • Mitigation: Leverage native encryption and data controls

where available and look to platforms when needed

1

2

3

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 39

Q&A We’ve covered a lot of ground and there is much more to consider

• How will you apply what we’ve discussed?

• Can your organization adapt it security thinking?

• What are your first steps from here?

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 40 UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

Pg. 40