4 Pillars of Architecture

Three Pillars of Security Architecture

• Protection

• Detection

• Response

• Prediction

Detection and Prevention

Cloud Access Security Brokers

Challenges with SaaS/Cloud

• Sanctioned IT:

– Lack of user behavior visibility or audit trail,

– Ability to encrypt/secure

– Ability to directly prevent threats

• Shadow IT:

– No visibility

– No control

CASB

• Cloud Access Security Brokers (CASBs) are security enforcement points between consumers and service providers that apply security controls to access cloud services

– Data Security/Encryption

– Visibility

– Threat Protection

– Compliance

Image Source: Cloud Access Security Broker (CASB): A pattern for secure access to cloud services EDUARDO B. FERNANDEZ et al

CASB

• Ciphercloud

• Skyhigh

• Palerra

• Bitglass

• Adallom

Application Control

• Bit9

• Avecto

• Viewfinity

RASP and IAST

RASP and IAST

• IAST – Combine SAST and DAST

• RASP – Self Defending Applications

– Vendors • Arxan

• Prevoty

• Waratek

Specialized Security Analytics

Beyond SIEM

• SIEM failed to deliver as per expectation

• Domain specific Analytics

– User Behavior Analytics

– Network Behavior Analytics

– Network Sandboxing

– RASP

– CASB

Attack Deception

Turning the table

• New type of technologies which deceives the attacker

– Isolate attacker

– Deceive and Observe

• Vendors

– Illusive

– Topspin

– TrapX

Security Awareness Doesn’t Deliver Beyond a Point. Invest in Habits.

Insider Threats

Response

Micro Segmentation and End Point Isolation

You will get hacked…but that’s ok

• Isolate Browser and Applications

• Trusted Container in un-trusted system

• Un-trusted Container in trusted system

• Microsegmentation Vendors • Illumio

• Cloudpassage

• Vidder

• Catbird

• Certes

• Endpoint Isolation

– Bromium

– Invincea

– Avecto

– Armor5

– Menlo Security

– Spikes security

EDR – Endpoint Detection and Response

EDR

• Cybereason

• Triumphant

• Countertack

• Mandiant

Incident Response Platforms

• CSG

• DFLabs

• Resilient

• Hexadite

Prediction

Threat Intelligence

Threat Intelligence

Intel 101

• Data vs Intelligence – Context, Intent, Capability

• Tactical vs Strategic – How and what?

– Who and why?

• Atomic vs Composite – IP, packet string, hash

– Combine multiple things

• TTP- Tactics, Techniques and Procedures

Taxonomy for Threat Intelligence

Threat intelligence

Threat Intelligence

Platform

Threat Intelligence Enrichment

Threat Intelligence Integration

Open Source Intel Human Intel

Technical Intel

Adversary Intel

Vulnerability Intel

Strategic Intel

Vendor Landscape

• Total Vendors studied: 23

• Prominent Vendors

– Open Source Intel: Recorded Future, Digital Shadows, Cyveillance

– Human Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Cyveillance

– Technical Intel: Norse Corporation , Anubis Networks, Emerging Threats

– Adversary Intel: Booz Allen Hamilton, CrowdStrike, iSIGHT Partners, Verisign iDefence, Symantec Deepsight

– Vulnerability Intel: iSIGHT Partners, Verisign iDefence

– Strategic Intel: , Surfwatch labs, Cytegic

Tying Things Together

Threat Vector

Protective Controls

Detective Controls

Responsive Controls

Predictive Controls

Thank You