UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 1 UBM Copyright 2015. All Rights Reserved
Connecting The Information Security Community
Sara Peters Senior Editor, Dark Reading Eric Hanselman Chief Analyst, 451 Research
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 2
2015 Enterprise Securities Priorities Connecting The Business Technology Community
1 – Source: Gartner, Aug 2014 2 – Source: InformationWeek Strategic Security Survey, April 2014
Worldwide IT security spending was over $70B in 2014, and expected to reach almost $77B in 2015.1
75% of IT professionals believe their organizations are about the same or more vulnerable to attacks than a year ago.2
Security’s Hottest Trends • Frequency, cost, and size of breaches continues to rise • Higher percentage of targeted and politically-motivated threats • Current, Single-Purpose Security Technology Is Not Working • Increasing Portion of Computing Is Out of IT’s Control • Shortage of Staffing, Skills
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 3
The Critical Role of IT Security Professionals Create A Secure Business That Doesn’t Hinder Operations
• Alerts on attacks and vulnerabilities as soon as they are discovered
• Insight on emerging threats and vulnerabilities to help “triage” current dangers and prioritize responses
• Feedback from industry colleagues on the right actions to take and how to implement them
• Understanding vendor strategies – not just what’s new
Today’s Enterprises Are Faced With Some of the Most Sophisticated Threats They Have Ever Encountered • Today’s security pros are tasked with figuring out what is compromising their
systems, how to fix the damage, and how to prevent it from happening again. • They have no single place to both gather and share information, relying on a myriad
of sites and social networks.
What IT Security Pros Need To Succeed
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 4
451 Research
Founded in 2000
210+ employees, including over 100 analysts
1,000+ clients: Technology & Service providers, corporate advisory, finance, professional services, and IT decision makers
15,000+ senior IT professionals in our research community
Over 52 million data points each quarter
4,500+ reports published each year covering 2,000+ innovative technology & service providers
Headquartered in New York City with offices in London, Boston, San Francisco, and Washington D.C.
451 Research and its sister company Uptime Institute comprise the two divisions of The 451 Group
Research & Data
Advisory Services
Events
451 Research is an information technology research & advisory company
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 5
Agenda
A true Crash Course – InfoSec in an hour • Introduction • The State of Enterprise Security • Today’s Enterprise Threat Environment • Why Enterprise Security Requires a Multi-Layered Defense • Understanding Targeted Attacks • The Real Risks of Mobile Technology In the Enterprise • Users, Endpoints, and Passwords – What Really Works • Insider Threats and Preventing Data Leaks • Social Engineering – How Users Get Fooled (And How to Stop It) • Eliminating Risk In Cloud Computing Environments • Q&A
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 6
The State of Enterprise Security Collision of requirements
• Protection • Mitigation • Governance, regulatory, compliance • Enablement
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 7
We’re Playing Defence Threats are on the attack
Whether in detection, control, or prevention, we are notching personal bests but all the while the opposition is setting world records. - Dan Geer, CISO In-Q-Tel
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 8
Meet Your Adversaries Changing players with varied motivations
• Your users • Your vendors • Lower skilled attackers • Cyber criminals • Hacktivists • Nation states
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 9
Your Users Well meaning and trying to get work done
• Risks: Device/data loss, Phishing victims • Consumer technology mindset • Limited understanding of risks • Some malicious users, too
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 10
Your Vendors and Partners Good intentions, but imperfect
• Risks: Vulnerable software and equipment, data and identity compromise • Operational costs for maintenance and patching • Access often not limited well • Audits not often extended
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 11
Lower skilled attackers Annoying, but potentially dangerous
• Risks: Door knob rattling, systems damage • Script kiddies and the like • Tool availability spawns experimentation
– A path for snooping or malicious users
• Can be part of reconnaissance process
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 12
Cyber Criminals It’s just a job…
• Risks: Data and financial loss, denial of service • The rise of guild culture
– Specialized services
• Tools part of the infosec arms race – There’s money in this
• Persistent and sophisticated
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 13
Hacktivists Politically motivated, but which politics?
• Risks: Data release, denial of service, collateral damage • Poorly defined groups • Motivations not always clear • Power in numbers • Reasonably sophisticated tools
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 14
Nation States Complex motivations, murky definition
• Risks: Data loss, Denial of service, collateral damage • More actors arriving • The most sophisticated tools • Often invoked, seldom fully identified
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 15
Anatomy of an Attack Determined attackers have a plan
Reconnaissance Beachhead Exploration
Compromise Export Cleanup
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 16
Advanced Persistent Threats APT’s, all the time!
• Some clarity is needed on definition • APT’s are people and attack campaigns • APT’s are not technology or tools • An APT attack will span considerable time • Effective protections look to break attack process
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 17
Effective Security in a Changing World There is no single path, but many can be effective
• Enhancing security posture requires enterprise efforts • Many components with shared intelligence
– Complex coordination task
• Much more than anti-malware
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 18
Attitudes Need to Change Presuming that you’ve been compromised
• Best defence is enhanced situational awareness
• Current attack capabilities are overwhelming • Best tools increase visibility while limiting
complexity • Security can’t be the department of “No!”
– Transformation to department of “know!”
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 19
We’re Still Buying Lots of Security Budgets and purchasing expectations are up
Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 20
But We’re Changing What We Buy Chasing effective mitigations
Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014
Q. How will your spending on this technology change in 2015 as compared to 2014? n=210 to 213. Data from respondents not using the technology or that don't know about spending are hidden.
2%
3%
6%
4%
1%
2%
1%
1%
1%
5%
10%
4%
8%
3%
28%
74%
73%
77%
28%
26%
20%
47%
25%
47%
53%
40%
28%
41%
9%
9%
9%
11%
12%
15%
17%
18%
20%
25%
27%
27%
27%
31%
Threat IntelligencePatch Management
Anti-spam/Email SecurityAntivirus/Endpoint Security
Anti-DDoSWeb Application Firewall
Network Data-loss Prevention…IT Sec Training/Edu/AwarenessEndpoint Data-loss Prevention…
Event Log Management SystemNIDS/NIPS
Security Information Event…Application-aware/Next-gen Firewall
Mobile Device Management
Less Spending About the Same More Spending
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 21
Multi-Layered Defence is Needed Sophisticated attacks need sophisticated defence
• No one tool does all tasks • Need visibility across many points • Protection on different platforms • Protection through different means
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 22
The Perimeter is No Longer Enough Bulwarks are important, but not everyone’s within the walls
• No one tool does all tasks • Need visibility across many
points • Protection can’t depend on
location – Refocusing on points of use – Data path awareness
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 23
Internal Segmentation is Critical Protection against the results of compromise
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 24
Understanding Targeted Attacks Acting with an enhanced security posture
• How do you disrupt targeted attacks? – Enhance the targets! – Train teams in attack patterns – Act on your threat intelligence Enabling the “kill chain”
• What do you do when you find them? – Have an incident response plan Make sure that you’ve exercised it regularly!
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 25
Incident Response Planning Follow up is just as important as protection
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 26
The Real Risks of Mobile Technology What threatens mobile technology?
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 27
What’s to be Done About Mobile Security? It’s a balancing act with your users
• Device protections can work – Encryption is effective – MDM and MAM are possible, but fragile Compliance monitoring is necessary
– Device fragmentation varies capabilities
• Users have to participate • It’s all about balancing risk, protection and functionality
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 28
Users, Endpoints, and Passwords Passwords have issues…
From Nok Nok Labs
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 29
Password Alternatives Aren’t Awesome Improvements, but still some limitations
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 30
And It’s Only Getting More Complex As devices and applications proliferate, complexity grows
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 31
The FIDO Alliance Provides an Option Standards for integrating more sophisticated authentication
• Founded in 2013 • iOS and Android support
– KitKat and Lollipop – Samsung S5, Tab S,
Note4 – iOS8 Secure Enclave – iPhone 5S, 6, 6+, Air2,
iPad mini
• Requires integration
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 32
Insider Threats and Preventing Data Leaks Getting the best from your communities
• Authorized users are the greatest risk • People
– Awareness is your greatest tool – Provide tools and capabilities
• Protections – Monitoring to gain understanding
• Policies – Reward reporting – Understand mistakes and errors
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 33
Data Exposure Will Happen Limiting risk and reducing time to detection are critical
• Expect the best, prepare for the worst • Understand your data
– Classification
• Protect – Partition access – Manage identities Privileged user accumulations
• Act – Follow the policies
Slip ups
Snoops
Sneaks
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 34
Social Engineering How Users Get Fooled (And How to Stop It)
• People are human – And we need to understand that – Technology can’t change this
• Social engineering is very effective – 91% of targeted attacks involve spear-phishing emails (1) – Over 95% of state-affiliated espionage breaches involved the use of
phishing emails (2) – Over 95% of information security incidents involve human error(3)
1 Trend Micro 2013 2 Verizon Data Breach Investigations Report 2013 3 IBM 2014
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 35
Mobility Adds Social Engineering Challenges The small screen gets immediate attention
• App downloads 1
– Lack of understanding of permissions – Relying on word of mouth and ratings
• Email Phishing 2
– Worse on mobile phones – Mobile phones first to arrive at phishing websites – 3x more likely to submit credentials
• SMS attacks – Smishing, links, reply to
1 P. Gage Kelley, S. Consolvo, L. Cranor, J. Jung, N. Sadeh, D. Wetherall, “A Conundrum of Permissions: Installing Applications on an Android Smartphone”, USEC2012 2 Trusteer, 2011
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 36
Managing Social Engineering Risk People are your greatest asset, too
• Training is key • Real life scenario training • Repeated exposure • Continuous process
– Assess Knowledge tests, mock attacks
– Educate Interactive training
– Reinforce Newsletters and rewards
– Measure Reports and trend analysis
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 37
Reducing Risk In Cloud Computing Environments It’s what you don’t know that will hurt you
• Changes in risk expectations
• Improvements in understanding
2010 2013
Abuse of API Data Breaches
Insecure API Data Loss
Malicious Insiders Account Hijacking
Shared Technology Vulns Insecure APIs
Data Loss/Leakage Denial of Service
Hijack of Acct, Service & Traffic Malicious Insiders
Unknown Risk Profile Abuse of Cloud Services
Insufficient Due Diligence
Shared Technology Issues
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 38
Top Issues With Cloud Usage The “SalesForce Effect” is real and prevalent
• Problem: Limited awareness of cloud use • Mitigation: Engage business managers and monitor
traffic
• Problem: Data disclosure or non-compliant use • Mitigation: Classify data! Encrypt or use replacement
services
• Problem: Inconsistent usage controls • Mitigation: Leverage native encryption and data controls
where available and look to platforms when needed
1
2
3
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 39
Q&A We’ve covered a lot of ground and there is much more to consider
• How will you apply what we’ve discussed?
• Can your organization adapt it security thinking?
• What are your first steps from here?
UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 40 UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 40