cyber in the age of digital transformation · 2018. 5. 7. · ken ducatel director it security...
Post on 19-Sep-2020
1 Views
Preview:
TRANSCRIPT
Informatics
Cyber in the Age of Digital Transformation –Threat or opportunity?26/04/2018
Ken Ducatel Director IT Security (DIGIT.S)
IT Security and change
2. New trends – reasons for concern- The threat landscape- The wider attack surface
AGENDA
1. Traditional Cybersecurity
3. Approaches – Holding things back, reacting or driving things on?
• Secure network architectures – secure the perimeter and segmentation
• End points –clean work stations and servers• Access control – least privilege• Secure coding and review• Monitor (incoming) network traffic• Reactivity: detect and respond – rules based• Cyber awareness and the tone from the top
Traditional cyber security
• Stealth• Encryption• Malwareless attacks• Supply chain compromise
• Scale • Amplification DDoS attacks• Concentration of assets, e.g. in the Cloud• Increased organisational dependency on IT
• Sophistication / Severity• Wiper attacks
New trends in the threat landscape
- Mobile }- Cloud } Beyond our perimeter?- Social media }- IoT / OT - } a bit of both … ? - BYOD }- Collaboration } Beyond our control?- Big data }
New trends in the attack surface
1. Cloud
What is Cloud?• IT services on-demand • Delivered and accessed over the internet• Shared resources• Flexibility of resources• "Pays as you go" & "Use as you need"
Reasons to go Cloud?• Lower costs• Better technology• Quicker delivery• Better security*
Cloud IT Security"
ü Validate provider towards our internal regulations
ü Provide a tool box for system ownerü Share best practices at inter-institutional level
Several open issues to solve
ü Technical security of providers is highü But how does it integrate with Commission's
detection, monitoring and response processes
ü How to detect an incident in the cloudü How to respond to an incident (scoping,
containment, recovery, etc).
1. Cloud & IT Security - 1
1. Cloud & IT Security - 2Depending on the cloud services
Some IT security tasks will be done by the provider. Some not!
Servers come pre-installedand patched
Code maintained by the provider
Important !
Who does What?
Question is less…
Is the provider compliant? Secure?
(bests are)
PaaSSaaS
What remains to the customer, to be
compliant, secure
But
1. Cloud & IT Security - 3
Security benefits
come from Economies
of scale
24/7 monitoring and responseTop notch datacentres, specialistsGeographic spreadQuick patching and updating
Does not mean
all applications can go Cloudusing any Cloud serviceusing any Cloud provider
IT securitydue diligence
Snowden,Belgacom hack
ButAccess requests by foreign
jurisdictions
US providers in Cloud I
Select right provider, Select right service , Make application cloud-ready
"Security is not a barrier, but a
driver for cloud"
This is very importantwith today's cyber threats
Data, Information and Knowledge Management Strategy (2016)• Pillar 1 - Improving information retrieval and
delivery • Pillar 2 – Working together and sharing
information and knowledge • Pillar 3 - Maximising use of data for better policy-
making • Pillar 4 - Creating a culture of knowledge sharing
and learning
2. Data and Collaboration
1. Improving retrieval and delivery• Unique or interlinked repositories: data lakes• Corporate search – access, semantic interoperability,
automatic indexing and linking of data• Text analysis - access to all information in the business
domainResponse?• Data classification / data loss prevention schemes• Intrusion detection systems: spotting lateral movement • User and Entity Behaviour Analysis (UEBA) – machine
learning
2. Data and Collaboration - 1
Working together and sharing information and knowledge
• Dynamic access controls for collaborative working• Information ownership – who is responsible? Response?• Reinforced emphasis on dynamic identification and access
management – analytics based• Restricted and structured internal and external
collaboration groups • Privileged user monitoring / profiling
2. Data and Collaboration - 2
• Mapping and scoping• Learning / training• Supervised learning – heuristics & threat hunting• Unsupervised machine learning (anomaly
detection)• Insider threat spotting / monitoring• Low and slow detection
UEBA: some lines…
3. Maximising use of data for better policy-making• Business intelligence – indexing, inventories and common tools for
discovery, capture and sharing of data starting with – HR, financial and internal processes.
• AI and data analytics: • tools to search large datasets, • classifying and linking content and AI-assisted summarisation, • automatic detection of document-similarity, • automatic detection of names to detect potential conflicts of
interest• Data managementResponse?• Extended collection and analysis of logs – application level monitoring• Application of AI / machine learning to the defence of these systems
2. Data and Collaboration - 3
4. Creating a culture of knowledge sharing and learning• Communication campaign – awareness• Cross-department collaboration• Supporting tools and physical environments.Response?• Policies, guidelines, acceptable behaviour • User sensitisation – enhanced cyber awareness • Control over access privileges• Data loss prevention tools
2. Data and Collaboration - 4
Static IT SEC Digital transformationPrediction ExploreCompliance orientated Business drivenChecklists & static security plans Risk basedTech centric People centricControl RespondPolice officer CoachDefender FacilitatorPrevent Enable
The new paradigm – approaches 1
• Security cannot hold back change• The risk profile is changing and less controllable• It is not bad: some IT Security and risks are better
outsourcedSolutions – towards a new security paradigm?• Vigilance – leveraging threat intelligence• Insight – broader analyses of logs• Managed diversity – who bears the cost• Stepping up to known-unknowns and unknown-unknowns• EUBA / Machine learning• Forming a team with the vendors / ISMS
3 Approaches 2
Informatics
Contact us
Ken.Ducatel@ec.europa.euDIGIT-S@ec.europa.eu
top related