the economics of cyber securityita-sec2017.dais.unive.it/slides/palo alto networks at...imperative :...
Post on 07-Jul-2020
1 Views
Preview:
TRANSCRIPT
The Economics of Cyber Security
Mr Arnaud KOPP, Chief Security Officer, Southern Europe
Today
NUMBER OF SUCCESSFUL ATTACKS
COST OF LAUNCHING A SUCCESSFUL ATTACK
WE MUST CHANGE THE COST OF ATTACKS
COST OF LAUNCHING A SUCCESSFUL ATTACK
NUMBER OF SUCCESSFUL ATTACKS
Imperative : leverageTHE ECONOMICS HAVE CHANGED
Adversary arithmetic
Cheapercomputing
power
Effectiveautomated
toolkits
+ +Available
malware & exploits
=Successful
data breaches
$
Imperative : leverageATTACKERS ARE LAZY : TESLACRYPT
Taken from Crypto locker
And mimics CryptoWall
Obfuscation from Carberp
2013 – source code posted on Russian ForumAnd uses dynamic library & function loading…
Imperative : leverageIMPACT OF AUTOMATION
63 percentIncreased usage of toolkits
64 percentTools are highly effective
$1,387Spent on toolkits per attack
68 percentAutomated tools make it easier to execute attacks
Imperative : leverageMASSIVE OVERLOAD
10,000+
64%
52%
40%
events per month
duplicates
false positives
human inspection
Imperative : leverageSHARING INCREASES RESILIENCE
Threats shared with all
Respondents believe that 39 percent of attacks can be prevented by shared intelligence.
Imperative : leverageAUTOMATED: YOUR VIEW
Imperative : leverageAUTOMATED: FOR ALL
IDENTIFYING 1 IN 7.4 BILLION
https://www.fbi.gov/wanted/topten
Imperative : leverageTHE “MAGIC” : CORRELATION
LeverageExploit
ExecuteMalware
ControlChannel Steal DataGather
Intelligence
Exploit
Exploit_DNS_request
Exploit_Src_IP
Exploit_Protocol
Exploit_APP
Binary_Source
Binary_Protocol
Binary_MD5/SHA256
Bin_Digital_Sig
Binary_sys_changes
DNS_Req_Source
App_IP_request
App_Protocol
App_Protocol_CMD
App_Protocol_Encryption
THREAT SHARING: INDUSTRY COOPERATES
FOUNDING MEMBERS
TIME IS OUR FRIEND
Increasing the time to breach an organization by less than 2 days deters 60% of attacks
13%
24%
36%
60%
0% 10% 20% 30% 40% 50% 60% 70%
Attacks deterred by an increase of 5 hours to conduct an attack
Attacks deterred by an increase of 10 hours to conduct an attack
Attacks deterred by an increase of 20 hours to conduct an attack
Attacks deterred by an increase of 40 hours to conduct an attack
5 THOUGHTS
1. Share intelligence with your security partners
2. Collaborate in industry communities• Industry – FS-ISAC• National – CISP• Vendor – Cyber Threat Alliance
3. We have the CPU power to turn the scales: the cloud
4. Kill the whole attack lifecycle, not just the attack binary
5. Integrated & automated security platforms are the enemy of the attacker
16 | ©2015, Palo Alto Networks. Confidential and Proprietary.
§ Purpose§ The Palo Alto Networks Academy is designed to equip students with the next-generation
cybersecurity knowledge they’ll need to succeed in today’s rapidly changing cyber-threat landscape
§ Who & Where?§ 160+ Authorized Academy Centers (AACs) in 20 countries (as of January 2017)§ Any degree-granting, nationally accredited university or college
§ Academy Benefits§ Faculty training (TTT) at no cost§ Training lab support at no cost§ Courseware at no cost§ PCNSE certification vouchers at 50% discount
§ How?§ Simply sign our NDA and the AAC agreement on our public website at
www.paloaltonetworks.com/academy, and the Academy team will train faculty and help set up labs—all at no cost to the school
Palo Alto Networks Academy Overview
17 | ©2015, Palo Alto Networks. Confidential and Proprietary.
Academy Colleges & Universities
THANK YOUakopp@paloaltonetworks.com@akopp92www.linkedin.com/in/arnaudkopp/+33 6 09 16 75 66
top related