Upload
summit-professional-networks
View
385
Download
0
Embed Size (px)
Citation preview
Cybersecurity: Threats, Response
and Best Practices
Independent Accountants’ Investment
Counsel, Inc.
8 December 2015 Copyright 2015 eSentire, Inc. 1
Leader in threat protection servicesBY THE NUMBERS
8 December 2015 Copyright 2015 eSentire, Inc. 2
2001FOUNDED
500+
CUSTOMERS
99.6%RETENTION RATING
100%YOY GROWTH
$2.5TASSETS PROTECTEDTHREAT
ACTIVE
PROTECTION
Just how much is two trillion?
8 December 2015 Copyright 2015 eSentire, Inc. 3
DISTANCE to the MOON
One Euro coins placed
end-to-end
121 ONE-WAY TRIPS
60.5 ROUND TRIPS
PINTS of GUINNESS
13,500 Staff & Students at CIT
each drink 1 pint every hour
6,172,840 DAYS
16,912 YEARS
US ECONOMY
Hedge Funds: 5% US GDP
We protect 30% of Hedge Funds
OR 1.5-1.75% of US GDP
Serving mid-market industry most
vulnerable to cyber attacks
8 December 2015 Copyright 2015 eSentire, Inc. 4
HIGH
ASSET
VALUE
HIGH
SENSITIVITY
to RISK
MIN.
IN-HOUSERESOURCES
8 December 2015 Copyright 2015 eSentire, Inc. 5
You Will Be HACKED
2014: The year the Internet broke
8 December 2015 Copyright 2015 eSentire, Inc. 6
eBAY
145M
SONY
47,000
HOME DEPOT
109M
TARGET
110M
J.P. MORGAN
83M
HEARTBLEED
SHELLSHOCK
NATION
STATES
ANONYMOUS
SANDWORM
CYBER CRIME IS BIG BUSINESS
$70BILLION DOLLARS
spent on cybersecurity in 2014
$375-575BILLION DOLLARS
in estimated losses in 2014
MOTIVATING FACTORS
Easy Access to
Cyber Weaponry
No Negative
Repercussions
Motivation
is High
Minimal Cyber
Skills Required
THREAT ACTORS
HACTIVIST NATION STATE ACTOR
SMASH+GRAB CRIMINAL INSIDER ORGANIZED CRIME
8 December 2015 Copyright 2015 eSentire, Inc. 10
ANATOMY OF A CYBER ATTACK
INFILTRATEEstablish Beach Head
EXPANDLocate Core Assets
Multiple Exploitations
$ ID IP
EXPLOITSteal and Sell Assets
$
ID
IP
SOPHISTICATED CYBER ATTACKSlike phishing and watering hole attacks are
dominating the landscape.
8 December 2015 Copyright 2015 eSentire, Inc. 12
PHISHING/SPEARPHISHING
8 December 2015 Copyright 2015 eSentire, Inc. 13
Successfully Identified
NONE of the Fake Emails
Successfully Identified
HALF of the Fake Emails
Successfully Identified
ALL of the Fake Emails
10% 42% 1%
NOT ALL ATTACKS TARGET TECHNOLOGY
99% Of readers were susceptible
to a phishing campaign
8 December 2015 Copyright © eSentire, Inc. | Confidential 14
Social engineering is a term that
describes a non-technical kind of intrusion
that relies heavily on human interaction and
often involves tricking other people to break
normal security procedures.
8 December 2015 Copyright 2015 eSentire, Inc. 15
RANSOMWARE CRYPTOLOCKER
$1.0Min 6 months
113%
Increase
9.0MAttacks
1000Attacks/Day
FINSEC targeted by attacks
8 December 2015 Copyright 2015 eSentire, Inc. 16
Credential harvesting
8 December 2015 Copyright 2015 eSentire, Inc. 17
$1.9MStolen in
24 HO
UR
S
Legacy security paradigms add new
layers in response to each new threat
8 December 2015 Copyright 2015 eSentire, Inc. 18
PII
Data
Brand
Reputation
Secret designs
Patents/IP
Access to
Critical Systems
Trading
Strategies
Wire Transfer
Credentials
USER PASSWORDS
TWO-FACTOR AUTHENTICATION
MALWARE DETECTION
FIREWALLS
INTRUSION PREVENTION
VPN / SSL / PKI
VIRTUALIZATION
Yet criminals get in and breaches still
happen and the criminals steal our data
8 December 2015 Copyright 2015 eSentire, Inc. 19
ASSETSSmash-Grab
Criminal
Criminal
Cartels Hacktivists
Nation
States
Terrorists
Insiders
8 December 2015 Copyright 2015 eSentire, Inc. 20
TECHNOLOGY IS NOT ENOUGH.
LESS
THAN 40% Of attacks we see are malware based.
So where are the rest of the threats coming from?
Increase in
Spearphising Attacks
Increase in
Drive-By Download Attack
Increase in
Brute Force Attacks
100% 10% 20%
Legacy security is no match for
targeted attacks
8 December 2015 Copyright 2015 eSentire, Inc. 21
Smash-n-GrabIndiscriminate
Targeted HeistAdvanced | Persistent | Organized | Motivated
Threats are evolving from nuisance to targeted attacks
TRADITIONAL SECURITYCompliance-based | Reactionary
NEW APPROACHIntelligence-driven | Continuous
PHILOSOPHY Perimeter (multiple, dislocated) Assume constant compromise
FOCUS Protect all systems Prioritize high-risk assets
DETECTION Signature-based technology Behavioral-based technology & methods
AWARENESS Headline news Consume real-time threat feeds
RESPONSE Shut down/wipe compromised systems Quarantine, gather and preserve forensics
TECHNOLOGY
Advanced IPS Technology
Custom SOC MGMT Systems
Full Packet Capture Forensics
PEOPLE
Grey Matter Analytics
Skilled Security Analysts
Crack Threat Research Team
PROCESS
Continuous Threat Research
SOC Incident Response
Certification and Education
Continuous Advanced Threat Protection
8 December 2015 Copyright 2015 eSentire, Inc. 22
8 December 2015 Copyright 2015 eSentire, Inc. 23
OUR QUICK DETECTION AND CONTAINMENT MITIGATES
THREATS IMMEDIATE
VS. TO ENSURE THAT YOU
WONT FACE A
CHERNOBYL-SIZED
SECURITY
BREACH
SOC trending data (+500)
8 December 2015 Copyright 2015 eSentire, Inc. 24
SOC funnel
8 December 2015 Copyright 2015 eSentire, Inc. 25
RAW142,012,187
FILTERED10,424,904
AGGREGATED1,072,897
ESCALATED3223
ALERTS115,699
AUTOMATED
DETECTION &
CONTAINMENT
HUMAN
INVESTIGATION &
CONTAINMENT
35SEC
Valley of
Despair
Regulators are worried
8 December 2015 Copyright 2015 eSentire, Inc. 26
We know accounts are getting hacked and the broker dealers
are making the customer whole just to protect their names,
what my bosses are worried about is what happens when
they can’t or choose not to write that check – does the
government have to intervene?
Mike Ruffino, COO, FINRA
The government doesn’t want to get drawn in a position to
prop up the market like it did with the housing crisis. It is our
belief our clients can do considerably more to manage these
risks. We are in the learning phase now.
Jane Jarcho, SEC
February 3 2015: SEC and FINRA Reports Released
I. Risk Governance and Oversight
II. Risk Assessments
III. Cybersecurity Technical Controls
IV. Incident Response – Management and Resilience
V. External Dependency Management/Vendor Due Diligence
VI. Employee Training
VII. Threat Intelligence and Information Sharing
8 December 2015Follow Us @eSentire
Copyright © eSentire 2015Slide 27
Pragmatic Cybersecurity To-Do List
for 2015
» Document security defense mechanisms (I, II, III, V, VII)
» Document defense strategies should an incident occur (IV)
» Implement Employee Education Efforts (VI)
» Participate in Peer Groups (VII)
» Become familiar with industry “best practices” (VII)
» Investigate Gartner’s Adaptive Security Architecture (III, VI)
Follow Us @eSentire
Copyright © eSentire 2015Slide 28
Cybersecurity Must-haves
8 December 2015 Copyright 2015 eSentire, Inc. 29
CONTINUOUS
MONITORING24x7 Network/Data Security
Threat Management NOT
Device Management
INCIDENT RESPONSEPrepare for the Inevitable
Have a Plan
Perform Regular Fire drills
Based on Your Plan
PERIODIC REVIEWPerform Regular Vulnerability
AssessmentsTest Physical Security Systems
SECURITY TECHRegular Patch
and Firmware UpdatesMonitor Security Nodes
NETWORKEnforce Passwords and Least
Privilege
Regular Back-ups and
Log Network Access
PEOPLEThink before you click!
(Healthy skepticism)
Cyber Security Training
Acceptable Use Policy
Cybersecurity Must-haves
8 December 2015 Copyright 2015 eSentire, Inc. 30
CONTINUOUS
MONITORING24x7 Network/Data Security
Threat Management NOT
Device Management
INCIDENT RESPONSEPrepare for the Inevitable
Have a Plan
Perform Regular Fire drills
Based on Your Plan
PERIODIC REVIEWPerform Regular Vulnerability
AssessmentsTest Physical Security Systems
SECURITY TECHRegular Patch
and Firmware UpdatesMonitor Security Nodes
NETWORKEnforce Passwords and Least
Privilege
Regular Back-ups and
Log Network Access
PEOPLEThink before you click!
(Healthy skepticism)
Cyber Security Training
Acceptable Use Policy
Cybersecurity Must-haves
8 December 2015 Copyright 2015 eSentire, Inc. 31
CONTINUOUS
MONITORING24x7 Network/Data Security
Threat Management NOT
Device Management
INCIDENT RESPONSEPrepare for the Inevitable
Have a Plan
Perform Regular Fire drills
Based on Your Plan
PERIODIC REVIEWPerform Regular Vulnerability
AssessmentsTest Physical Security Systems
SECURITY TECHRegular Patch
and Firmware UpdatesMonitor Security Nodes
NETWORKEnforce Passwords and Least
Privilege
Regular Back-ups and
Log Network Access
PEOPLEThink before you click!
(Healthy skepticism)
Cyber Security Training
Acceptable Use Policy
Cybersecurity Must-haves
8 December 2015 Copyright 2015 eSentire, Inc. 32
CONTINUOUS
MONITORING24x7 Network/Data Security
Threat Management NOT
Device Management
INCIDENT RESPONSEPrepare for the Inevitable
Have a Plan
Perform Regular Fire drills
Based on Your Plan
PERIODIC REVIEWPerform Regular Vulnerability
AssessmentsTest Physical Security Systems
SECURITY TECHRegular Patch
and Firmware UpdatesMonitor Security Nodes
NETWORKEnforce Passwords and Least
Privilege
Regular Back-ups and
Log Network Access
PEOPLEThink before you click!
(Healthy skepticism)
Cyber Security Training
Acceptable Use Policy
Cybersecurity Must-haves
8 December 2015 Copyright 2015 eSentire, Inc. 33
CONTINUOUS
MONITORING24x7 Network/Data Security
Threat Management NOT
Device Management
INCIDENT RESPONSEPrepare for the Inevitable
Have a Plan
Perform Regular Fire drills
Based on Your Plan
PERIODIC REVIEWPerform Regular Vulnerability
AssessmentsTest Physical Security Systems
SECURITY TECHRegular Patch
and Firmware UpdatesMonitor Security Nodes
NETWORKEnforce Passwords and Least
Privilege
Regular Back-ups and
Log Network Access
PEOPLEThink before you click!
(Healthy skepticism)
Cyber Security Training
Acceptable Use Policy
Cybersecurity Must-haves
8 December 2015 Copyright 2015 eSentire, Inc. 34
CONTINUOUS
MONITORING24x7 Network/Data Security
Threat Management NOT
Device Management
INCIDENT RESPONSEPrepare for the Inevitable
Have a Plan
Perform Regular Fire drills
Based on Your Plan
PERIODIC REVIEWPerform Regular Vulnerability
AssessmentsTest Physical Security Systems
SECURITY TECHRegular Patch
and Firmware UpdatesMonitor Security Nodes
NETWORKEnforce Passwords and Least
Privilege
Regular Back-ups and
Log Network Access
PEOPLEThink before you click!
(Healthy skepticism)
Cyber Security Training
Acceptable Use Policy
Must reads on cybersecurity
8 December 2015 Copyright 2015 eSentire, Inc. 35
Must reads on cybersecurity
8 December 2015 Copyright 2015 eSentire, Inc. 36
SEC
CYBERSECURITY
EXAMINATIONS
____
FINRA
CYBERSECURITY
REPORT
NIST
CYBERSECURITY
FRAMEWORK
Thank you
eSentire Active Threat Protection
8 December 2015Copyright 2015 eSentire, Inc. 37
+1 866 579 2200
www.esentire.com
@eSentire