The Economics of Cyber Security

Mr Arnaud KOPP, Chief Security Officer, Southern Europe

Today

NUMBER OF SUCCESSFUL ATTACKS

COST OF LAUNCHING A SUCCESSFUL ATTACK

WE MUST CHANGE THE COST OF ATTACKS

COST OF LAUNCHING A SUCCESSFUL ATTACK

NUMBER OF SUCCESSFUL ATTACKS

Imperative : leverageTHE ECONOMICS HAVE CHANGED

Adversary arithmetic

Cheapercomputing

power

Effectiveautomated

toolkits

+ +Available

malware & exploits

=Successful

data breaches

$

Imperative : leverageATTACKERS ARE LAZY : TESLACRYPT

Taken from Crypto locker

And mimics CryptoWall

Obfuscation from Carberp

2013 – source code posted on Russian ForumAnd uses dynamic library & function loading…

Imperative : leverageIMPACT OF AUTOMATION

63 percentIncreased usage of toolkits

64 percentTools are highly effective

$1,387Spent on toolkits per attack

68 percentAutomated tools make it easier to execute attacks

Imperative : leverageMASSIVE OVERLOAD

10,000+

64%

52%

40%

events per month

duplicates

false positives

human inspection

Imperative : leverageSHARING INCREASES RESILIENCE

Threats shared with all

Respondents believe that 39 percent of attacks can be prevented by shared intelligence.

Imperative : leverageAUTOMATED: YOUR VIEW

Imperative : leverageAUTOMATED: FOR ALL

IDENTIFYING 1 IN 7.4 BILLION

https://www.fbi.gov/wanted/topten

Imperative : leverageTHE “MAGIC” : CORRELATION

LeverageExploit

ExecuteMalware

ControlChannel Steal DataGather

Intelligence

Exploit

Exploit_DNS_request

Exploit_Src_IP

Exploit_Protocol

Exploit_APP

Binary_Source

Binary_Protocol

Binary_MD5/SHA256

Bin_Digital_Sig

Binary_sys_changes

DNS_Req_Source

App_IP_request

App_Protocol

App_Protocol_CMD

App_Protocol_Encryption

THREAT SHARING: INDUSTRY COOPERATES

FOUNDING MEMBERS

TIME IS OUR FRIEND

Increasing the time to breach an organization by less than 2 days deters 60% of attacks

13%

24%

36%

60%

0% 10% 20% 30% 40% 50% 60% 70%

Attacks deterred by an increase of 5 hours to conduct an attack

Attacks deterred by an increase of 10 hours to conduct an attack

Attacks deterred by an increase of 20 hours to conduct an attack

Attacks deterred by an increase of 40 hours to conduct an attack

5 THOUGHTS

1. Share intelligence with your security partners

2. Collaborate in industry communities• Industry – FS-ISAC• National – CISP• Vendor – Cyber Threat Alliance

3. We have the CPU power to turn the scales: the cloud

4. Kill the whole attack lifecycle, not just the attack binary

5. Integrated & automated security platforms are the enemy of the attacker

16 | ©2015, Palo Alto Networks. Confidential and Proprietary.

§ Purpose§ The Palo Alto Networks Academy is designed to equip students with the next-generation

cybersecurity knowledge they’ll need to succeed in today’s rapidly changing cyber-threat landscape

§ Who & Where?§ 160+ Authorized Academy Centers (AACs) in 20 countries (as of January 2017)§ Any degree-granting, nationally accredited university or college

§ Academy Benefits§ Faculty training (TTT) at no cost§ Training lab support at no cost§ Courseware at no cost§ PCNSE certification vouchers at 50% discount

§ How?§ Simply sign our NDA and the AAC agreement on our public website at

www.paloaltonetworks.com/academy, and the Academy team will train faculty and help set up labs—all at no cost to the school

Palo Alto Networks Academy Overview

17 | ©2015, Palo Alto Networks. Confidential and Proprietary.

Academy Colleges & Universities

THANK YOUakopp@paloaltonetworks.com@akopp92www.linkedin.com/in/arnaudkopp/+33 6 09 16 75 66