the data breach –it’s no longer if, but when! · symantec internet security threat report vol...

Cyber Threat WorkshopThe data breach – it’s no longer if, but when!

Measuring Trust and Risk in Cloud: A New Perspective

Muttukrishnan Rajarajan

Professor of Security Engineering

Contact: [email protected]

SLIDES NOT DISPLAYED

DUE TO CONFIDENTIALITY AND

PUBLICATION RESTRICTIONS.

ANY QUERIES, PLEASE CONTACT:

Muttukrishnan Rajarajan

Professor of Security Engineering

Contact: [email protected]

PRESENTED BY

Ray Dalgarno

Empowering the Human Elementwithin the Security Eco-system

Agenda

Phishing – General Background

Why Phish5

Phish5 Service - Features & Functionalities

Q&A

Live demonstration (post presentations)

Phishing & Spear Phishing

Phishing refers to emails utilising a shotgun, indiscriminate

approach. Designed to trick recipients into opening

attachments which have malicious code embedded,

submitting credentials or visiting a website which hosts

malicious code

Spear Phishing aims are similar to Phishing but are in an

increasingly sophisticated & targeted form that, to the

recipient, appears to come from a legitimate, trusted source

No-one is Safe

USA - White House systems

USA retailers - Target, Home Depot

Sony Pictures

NATO Conference – Wales (October 2014)

Chartered Institute for Securities and Investment

UK Cyber Security

90% of large businesses & 74% of smaller ones

surveyed suffered a cyber security attack in 2014

the average cost of a breach to business has

increased dramatically since 2014,

£1.46m - £3.14m

Cost to larger organisations

£75k - £311k

Cost to SMB organisations

PWC-Information Security Breaches Survey 2015

Distribution of Spear-Phishing Attacks

Small & Medium Businesses1-250 Employees

34% 30%2014 2013

41% 39%2014 2013

Large Enterprises2,500 + Employees

Symantec Internet Security Threat Report Vol 20-2015

Growing International Exposure

+/-100 International Banks (est. losses to-date £650M)

Inga Beale, CEO Lloyds of London…”UK companieslose up to £268 million per year”…”the situation is onlyworsening” CMI online

07 April 2015

New data protection laws being finalised in the EU“… general data breach notification obligation…”,

European Data Protection Supervisor, Giovanni Buttarelli April 2015

Only 14% of breaches publicly declared…however…(PWC Survey)

Verizon Global Breach Statistics

70 contributing organisations;

CERT UK, CERT EU, US Secret Service, A.F.P

61 countries represented;

U.K, U.S.A, Japan

70% of attacks included a secondary victim

Hackers gain access to a secure environment via a less secure environment

Phishing Breach Acceleration

82

90%

seconds from start of

phishing attack to first bite

chance or greater that at

least 1 person will become

the phishing criminals prey

Verizon Breach Report 2015

Aberdeen Group Report

Want to significantly reduce your organisation’s IT

security-related risks?

Before-and-after click rates show that investment in

user awareness and training reduces infections

(breaches) from user behaviour by…

www.Aberdeen.com: The last mile in IT security – Changing User Behaviours Oct 2014

- Change the behaviour of your end-users

45% to 70%

Vulnerabilities Growth Rate

National Institute of Standards and Technology US Dept of Commerce Feb 2015

Cyber-Security Environment

9 Threat Platforms listed; from the Internet of Things to

BOTS, 4 of these 9 platforms identified for phishing attacks

3 Security “Effect” levels;

Harden Defences,

Enhance Detection,

Reduce Impact

20 Priorities; From Inventory of Authorised and

Unauthorised devices to Penetration Testing

Use simulated attacks to improve readiness: Conduct regular internal and external penetration tests that mimic an attack

The Council on Cybersecurity - 20 Critical Security Controls…http://www.counciloncybersecurity.org

Why Phish5

On demand scalability in a highly secure, cloud service

Developed by a dedicated team lead by respected

international cyber-security consultants

Campaigns executed by customer or business partner

Ease-of-use by non-technical people

Why Phish5

Rapid phishing attack simulation = Pro-Active

Immediate management awareness leads to

training & other remedial action

Enhances existing security immediately

Highly competitive pricing - Great value for money

Global customers’ experiences in both the publicand private sectors

Phish5 Features

MS Office Macro based campaigns:

Know which users open attached Office documents &enabled macros

Campaign Scheduling:

One or many campaigns in staggered launchesSchedule campaigns’ launching to the second

Mx Over-ride:Bypass message filtering provider such as Mimecast& Messagelabs

Phish5 Features cont.

PDF reporting:

Flexible PDF reporting at the click of a button having the ability to fine-grain reports

User management:

Easily tag and target groups of users e.g. HR, Sales, Legal, Management, Divisions, Branches, Regions

Anonymous Campaigns: Know the number of users that were caught, with all

of the supporting campaign info, without identifying individual users

Phish5 Features cont.

Template options: HTTPS-based phishing sites DKIM backed sender domainsDifferent lures for different user groups

Staggered Delivery:Avoid alerting through every office phone beeping at once

Browser and plug-in vulnerabilities:Interrogates the status of each client-side machine attacked and reports by vendor/product and release

Phish5 – Example Pie Charts

Vulnerable browser distribution

Vulnerable plug-indistribution

Activity Monitoring & Reporting

Real-time Dashboard

10 users - opened attachments

50 users - provided credentials

49 users - vulnerable to browser or plugins issues

7 users - been previously phished

Summary and Detail reporting

Statistical graphs and charts

Activity Monitoring & Reporting

Code build; development

&

on-going maintenance

costs, people dependency

Phish5 research and development

costs spread over multiple users

globally, cross-industry experiences

Skilled knowledge

typically required for

changing attack profiles

Industry recognised templates with

easily customisable lures or

messages

Attack execution needs

skilled staff availability

Immediate availability – you execute

when you wish as often as you wish

Quantifiable campaign measurements

with comprehensive reporting

Unique / In House Phish5 Package

Free Assessment.

To all participants in today’s Kingston Smith Cyber Event

We are pleased to offer a free, 50 email user account

From a single 50 email anonymous “baseline”

campaign to a number of smaller campaigns –

your choice

Test the Phish5 range of options – your choice

Register interest at

https://phish5.com/enquiries

Insert words “KS Cyber Event” in the Message

block

Empowering the Human Element within the Security Eco-system…..

Thank you.Ray [email protected]://phish5.com

mailto:[email protected]

Dimension Data today

2014 global

revenues of

USD 6.7

billion

72% of Global Fortune 100 and

60% of Global Fortune 500

are Dimension Data clients

Client-centric,

services-focused

business

Extensive experience in

emerging

markets

Over 28,000 employees

with operations in

58 countries

across 5 regions

Over

6,000enterprise clients

across all

industry sectors

Enabling Robust Protection for the

Next Generation Data Centre

Used properly, it can be transformed into knowledge for guiding

strategy, making key business decisions and managing day-to-day

operations

Digital information is the lifeblood of every modern organisation

accelerate your ambition 32

Applications

& Infrastructure

Data Centre transformation that we are in today…

Site Selection

DC Design

DC BuildRelocation

Optimize & Consolidate

Applications

& Infrastructure

Managed and Operate

Public

Private

Data Centre

IT supporting Business Applications and Infrastructure

Business

Applications

Public

SAAS

Business

Data Centre

Data Centre operating model aligning to business

Applications

&

Infrastructure

Co-locate

Governance

Architecture principle

and model

N-tier architecture

Service-oriented

architecture

Virtualised security

SaaS

Security

architecture

Strategy

Role and

responsibility

Risk management

Legal and regulatory

Compliance

Policy

Security operation

Change

management

Incident

management

Configuration

and asset

management

Forensics

investigation

Event

monitoring and

management

Application security

Internet

facing web

server

Data

warehouseEmail

Identity

manage-

ment

Instant

messaging

Data

encryptionSSO

Server and endpoint security

Antivirus and

HIPS

Patch

managementDLP Wireless

Vulnerability

managementDLP

Perimeter and infrastructure

Network

security

Virtualised

F/W and

IPS

Network

admission

control

WirelessNetwork

antivirus

Web

gateway

solutions

DLP

Virtualised IT platform

Application platforms Collaboration Assess management

AuthenticationServer and endpoint

Private cloud Public cloud Hybrid cloud

Heightened threat

potential

► Potential hackers

► State- and corporation-

sponsored

► Highly targeted attacks

accelerate your ambition 34

Enterprise Security Architecture Layers

Contextual

Architecture

Conceptual

Architecture

Logical

Architecture

Physical

Architecture

Component

Architecture

Operational

Architecture

The business, its assets to be protected and business needs for information security.

(Business assets, goals, objectives and initiatives)

The importance of protection translated into control objectives derived from risk analysis.

(Security domains, accountability/responsibility, frameworks/strategies, risk appetite)

Security requirements, translated into technical and non-technical controls.

(Information assets, domain policies, information flows and associations)

The physical interpretation of policies per domain to protect information assets.

(Applications, systems, security mechanisms, host platforms, layout and networks)

The necessary components to enable the physical protection of information assets.

(Security products, tools, protocols, identities, nodes, addresses and locations)

The assurance of operational continuity, efficiency and excellence.

(Risk assessments, auditing, reviews, support and management)

In our Policy Driven Security Architecture Approach we consider all layers of Enterprise Security Architecture

Data Centre Development Model | Overview

Spanning 11 Domains

Next-generation desktop and enterprise mobilityMaturity

Business

Aligned

Service-based

Automated

Standardised

Basic

Data Centre Architecture

Service Architecture

Virtualisation Platform

Storage

Platform

Compute

Platform

Security

Platform

Network

Platform

Data Centre

Interconnect

Cloud

Services

Facilities

Security Architecture

Applications and workloads

Gain Insight

Data Centre Development Model | Process

Assess MaturityBest practices

and roadmap

Identify where to start,

what to do next, key

internal actions on

skills, partnerships

Discovery of data

centre on

infrastructure,

operations,

organisation and

strategy

Understand client

maturity from an ‘as-is

and ‘to-be’ perspective

based on stated

business outcomes

Understand clients

business needs, data

centre overview,

terminology,

approaches, industry

trends, standards, etc.

What we deliver to clients - intelligent security

PROTECTIONTo architect, build,

implement, integrate and

maintain the correct policy,

process and architecture

for a robust, reliable

security posture

VISIBILITYTo qualify and quantify

actual threats and remove

the cloud of uncertainty, fear

and doubt

AWARENESSTo have knowledge of and remain ahead of the

constantly evolving threat landscape

AGILITYTo embrace new and innovative ways to do

business (mobility, cloud, ITO) while protecting

their assets, information and brand reputation

Managed Services

Consulting

Security Policy

IT Governance Risk and Compliance

Vulnerability Management

En

d P

oin

t

Pro

tectio

n

Netw

ork

&

Data

Cen

tre

Pro

tectio

n

Ap

plic

ation

Pro

tectio

n

Data

Pro

tectio

n

Security Monitoring

Thank you

Pete Hulme – Technical Lead

[email protected]

Data Centric Security

What’s wrong and what to do about it

Mike Shanahan

Regional Sales Manager

Albert Dolan

Senior Systems Engineer, EMEA

IT’s Dirty Little Secret

30+

100%

1

Years super users have been managing our

servers, their configurations, and data.

Percent of data that super users have access to

in the systems they manage.

Number of compromised users required to cause

havoc.

Why is privilege so important?

Threat Protection – Transparent

Encryption

Application/Utility

Database

FS Agent

Storage

File Systems

VolumeManagers

Storage

Valid Users

DBAsSysAdmin

s

Outsourced/Cloud Admins

Storage Admins

Disk Theft/ Negligence

Storage

APT

New TechnologiesOffer Business Advantage …. But come with additional risks

Cloud

Big Data

Flexibility

Cost efficiency

Deep customer profiling and relationships

Business trend analysis and correlations

New RisksBusiness Advantage

Higher Data Breach Risk

Data Residency/Privacy

Compliance violations

Sensitive data is everywhere

Reports and results

What if …You could use cloud IaaS without enhanced data breach risk?

VPN Link

Enterprise Data Center Environment

Policies &Logs

Keys

Encryption and Access Control - only the enterprise has access to their data

Data access logs – provide audit and insight into enterprise data access patterns

Data cannot be legally compelled from the cloud provider

Management Appliance or Software

Data Access Policy and Encryption Key

management

What if …You could use cloud and still meet Data Residency/Privacy requirements?

UK – Local encryption key management

Germany & Spain

• Local encryption key management for all data

• Tokenize PII … Private Information never leaves the countryFrance – Local

encryption key management

What if …You could use SaaS Storage without risk of data exposure?

Give users access to cloud storage environments – retain local control of data

Data access by policy … All data encrypted before it leaves the enterprise

Audit Data/Access logs

Personal Computers

Mobile Devices

Servers Cloud Encryption Gateway

Enterprise Premise Cloud Storage

DSM

…

What if …Big Data environments were safe for data –inside and out?

Encryption, access controls, tokenization protect data from inside-out and outside-in

Data

Data source Analytics

Big Data

Reports

Dashboards

What if queries

Database

Datawarehouse

ERP

CRM

Audio video

Excel, CSV

Social media

Logs

Un

str

uctu

r

ed

Str

uctu

r

ed

Financial Data

Healthcare Data

Credit cards

Logs

PII

Error logsDisk cache Configuration

System logs

Encrypt at OS level and Tokenize or Encrypt within application

Protect with encryption + access controls + access monitoring at OS/File system level

Encrypt at OS level and Tokenize or Encrypt within application

Vormetric Data Security Platform

Vormetric DSM

Vormetric Application Encryption

Vormetric Tokenization

Vormetric Transparent Encryption

Vormetric Cloud

Gateway

Vormetric Key Management

2015 Vormetric Insider Threat Report

HealthcareRetail Other EnterpriseFinancial Services

Polling by Harris

2015 VORMETRICINSIDER THREAT REPORT

818 IT DECISION MAKERSUS, UK, Germany, Japan, ASEAN

100%Enterprises:

$200M + US$100M + UK, Germany,

Japan, ASEAN

Analysis and Reporting by Ovum

TOP IT SPENDING PRIORITIESCOMPLIANCE IS LAST FOR THE FIRST TIME

50% PREVENTING A DATA BREACH INCIDENT

44% PROTECTION OF CRITICAL IP

41% PROTECTION OF FINANCES AND OTHER ASSETS

32% FULFILLING REQUIREMENTS FROM CUSTOMERS, PARTNERS AND PROSPECTS

32% FULFILLING COMPLIANCE REQUIREMENTS AND PASSING AUDITS

DATABREACH

A Word About Vormetric

VisionTo Secure the World’s Information

Customers1500+ Customers Across 21 Countries

17 of Fortune 30

15+ Cloud and Hosting Providers

Global PresenceGlobal Headquarters - San Jose, CA, USA

EMEA Headquarters - Reading, United Kingdom

APAC Headquarters - Singapore

Data-at-Rest Protection ProductsTransparent Encryption, Application-layer Encryption

Tokenization with Dynamic Data Masking

Cloud Encryption Gateway

Key Management

Lizzie Clitheroe11th June 2015

Cyber Security and the Application Layer

57

Layered SecurityAnd then there

are the layers

within the

layer…

58

The software ecosystem is

big, complex and insecure.

applications

PHP

ColdFusion

C/C++C#

iOS

AndroidBlackberry

Windows Mobile

Ruby

Java

ASP.net

VB.net

J2ME

Windows

LinuxSolaris

JSP

OPEN SOURCEOUTSOURCED

MOBILE

COMMERCIAL

SAAS

59

Any application utilised in

the 21st century must be

able to operate in a hostile

environment.

+ of all attacks now

target the application layer

enterprises test all of their

business-critical applications.Source: Verizon DBIR & SANS

The Challenge

60

Why are there so many application-layer attacks?

61

The path of least resistance

1. Lowest Hanging Fruit

62

2. Cobbled togetherHybrid code from in-house development, third-party libraries & open source

63

3. Never-ending coding…..

Applications are continuously being updated

64

4. Constant exposure to

cyber attackers

65

Why is it Hard?

66

1. Tug of War

Functionality Security

67

2. Parlez-Vous Francais?

68

> Start with a corporate website…

3. Proliferation of Applications

69

> Then add divisional websites…

70

> And brand-specific websites…

71

> And so on… You get to a big number very quickly

73

Most organisations do not know their application inventory. Discover all your public-

facing applications and identify the most exploitable vulnerabilities.

1. Understand your Battlefield

Global Manufacturer needed visibility into

their risk posture across thousands of web

applications — both known and unknown.

Immediately examined 30,000 domain

names and IP addresses

Assessed 3,000 applications in 8 days

Reduced risk from critical and high

vulnerabilities by 79% in eight months

74

Embrace automation and multi-technique testing solutions

which can deliver results at speed and scale.

2. Rapid Identification of Application Threats

Aerospace firm implemented multi-technique

testing across a geographically-distributed &

technologically- diverse landscape; including

Static Analysis, Web Perimeter Monitoring, Mobile

& Software Composition Analysis

Before program, 90% of 3rd-party apps had

OWASP Top 10 vulnerabilities

Assessed 2,900 internal apps and 250+ third-

party apps in 16 months

1.5M flaws fixed

75

Coach developers in secure coding practices and get them working with application

security experts on how to rapidly prioritise and remediate vulnerabilities.

3. Invest in Your Developers

European Bank implements scalable application security

programme, improving SDLC security processes

Remediation coaching helping to bring nearly

100 applications into compliance with corporate

policies each quarter

2,300 developers scanning/reporting on security

vulnerabilities, with consistent set of policies

Automation reduced cost to identify exploitable

vulnerabilities by over 95%

76

So Who Are These Veracode People?

Veracode – the most Visionary leader in the market at 2014

GARTNER

“Veracode offers scalable SaaS and tests tens of thousands of applications per year.”

GARTNER

3 of the 4 top banks – as well as 25+ of the world’s top 100 brands now trust in Veracode

Completeness of Vision

Abili

ty t

o E

xecute

77

Vendor Application

SecurityDynamic Analysis

(DAST)

Web Application

Perimeter Monitoring

Mobile Application

Security

Binary Static

Analysis (SAST)

Single Cloud-

Based Platform

Application Security

Testing Services

THANK YOU

© 2014 Cyberseer Private & Confidential

80

Andrew Tsonchev

E: [email protected]

T: 0203 823 9030W: www.cyberseer.net

@CyberseerNet

Darktrace Demo: http://goo.gl/hEAjaz

By Andrew Tsonchev

Lead Cyber Security Analyst

mailto:[email protected]

http://www.cyberseer.net/

http://goo.gl/hEAjaz

© Pentest Limited 2015. All rights reserved

Eye-Fi

Quick, convenient, secure?


Card


Camera


Subject


As if by magic


What’s inside


Pairing


Software install


Wi-Fi setup


Uh oh...


nmap


Subject


Wireshark


TCP stream


Public info


eyefi-client.py


Upload key


Imitating an Eye-Fi card


Process monitor


Experimenting


What happens?


Directory traversal


What happens?


Malicious payload


Launch Eye-Fi Center


Pwned


Weaponise


Man in the middle


Finding the helper


• Protects file contents

• MD5 hash

• TCP checksum

Integrity digest


payload.asm


All inside 1kb


Vendor response


No mention of flaw


Questions

the data breach –it’s no longer if, but when! · symantec internet security threat report vol...

Documents