reducing the hacker's information advantage: leveraging … · 2017-11-28 · the future of...
TRANSCRIPT
Reducing the Hacker’s Information Advantage: Leveraging Analytics to Improve Cybersecurity
Stu Bradley, Senior Business Director, Security Intelligence Practice, SAS
Bryan Harris, Director, Research and Development, Cyber Analytics Research and Development, SAS
Alan Webber, Research Director, Digital Government, IDC
Big Data and Predictive Analytics: On the Cybersecurity Front Line
Alan Webber
Global Research Director
National Security and Public Safety
The Nature of the Battle
“All advantages go to the offense in cyber. It just does. On the
defensive side, you have to say ‘I must defend all 100,000 machines
and all 50,000 employees.’ The offensive side thinks ‘I only need to
break into one and I’m on the inside.’”
Kevin Mandia
President, FireEye
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 3
How Bad Is It?
PwC estimated that there were 42.8 million attacks in 2014
That is over 117,000 every day
Successful attacks are expensive
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 4
Distribution of Targets
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 5
Source: http://hackmageddon.com/
3rd Platform – Channels and Targets Multiply
6
We have moved on to the 3rd
platform with millions of
apps, billions of users, and
trillions of things.
Each of these has a
vulnerability.
We still have the
vulnerabilities from the 1st
and second platform.
Innovation Accelerators Driving Disruption And More
Security Issues
7
Innovation Accelerators
come with positives
and negatives.
Specific areas of
concern are robotics,
IoT, and the expansion
of data.
Next generation
security will focus on
analytics and
behavioral analysis.
Key Areas of Risk
Lack of visibility
Mobility and mobile devices
Exponential growth of end points
Interconnected systems
Outdated systems (ex. SCADA)
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 8
Big Data and Analytics Are Key Security Tools
Benefits
Shift from reactive to proactive
Network visibility
Threat intelligence
Better precision
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 9
Big Data and Analytics Are Key Security Tools
Benefits
Shift from reactive to proactive
Network visibility
Threat intelligence
Better precision
Challenges
Scalability
Expertise
Integration
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 10
Everything (and Everyone) is a Target
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 11
The Future Of Cyber Security
“The potential for a cyber Pearl Harbor exists. Security professionals
and the U.S. government have predicted it. The question is, will
businesses take the threat of cyber warfare seriously and make it a
priority in their budgets? Fair warning…”
Gideon Rasmussen
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 12
Thank You
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 13
Join me and your peers and the conversations in
our IDC Government Insights Community
http://idc-insights-community.com/government
Alan WebberResearch Director, Digital Government Innovation and Transformation
IDC Government Insights
@alanwebber
C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .
CYBERSECURITY
BRYAN HARRIS
C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .
9 Months
C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .
ANATOMY OF A
SOPHISTICATED
CYBER ATTACK
Customer
Data
Weakness in supply chain is used to gain
access to your network
Credentials of supplier was compromised
due to poor security implementation or poor
security processes
Mimic known “service accounts” to avoid
host-based detection
Compromised machine begins to perform
active network reconnaissance
A command and control point is established
on the network, with end nodes being the
POS
Install BlackPOS malware targeted POS
systems
Exfiltration of customer data via multiple
servers & monetization on black market
POS POSPOS
C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .
10 Billion
C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .
Contextually-Enriched, Priority-Ranked Security Alerts
Stream Processing
and
Behavioral Analytics
Firewalls, IPS, IDS, Malware,
Web Proxy Logs, DLP, SIEM
Firewalls, IPS, IDS, Malware,
Web Proxy Logs, DLP, SIEM
SAS
CYBERSECURITYDATA TYPES AND MONTHLY DATA VOLUMES
PCAP
Trillions
FLOW
Billions
POINT SOLUTION
ALERTS
Millions
Thousands
?
C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .
SAS BEHAVIORAL
ANALYTICS
APPROACH
?
Behavioral Analytics
On Massive VolumeMachine to Machine Interactions
Not Normal interaction
Not Normal interaction
Not Normal Throughput
Market Need: Detect changes in Machine-to-
Machine interactions using behavioral analytics
as it happens
Prioritized IP Address / Hostnames for
integration into Incident Management Process
C op yr i g h t © 2015 , SAS Ins t i t u te Inc . A l l r i g h ts r eser v ed .
KEY TAKEAWAYS
• Enrich network data with business context to detect risks based on specific
business workflows and peer groups
• Behavioral analytics across the real-time, “near-time” & “any-time”
continuum for better situational awareness
• Store only relevant, optimized data for ongoing analytic effectiveness
• Analytic-driven intelligence & data visualization to streamline investigations
• Leverage existing cybersecurity investments & threat feeds for holistic view
of risk
GAINING BETTER VISIBILITY OF NETWORK BEHAVIORS