Embed Size (px)
Citation preview
1© Copyright Fortinet Inc. All rights reserved.
Cyber Threat Predictions for 2017November 2016
Juan Manuel López Tecpoyotl – SE Center Region
2
▪Expanding digital economy
Higher digital footprint increases
the potential attack surface
▪Risks all around
Everything is a target and
anything can be a weapon
▪Intelligent, autonomous attacks
Threats are becoming intelligent,
can operate autonomously, and
are increasingly difficult to detect
▪Two attack types
Automated attacks against groups
of smaller targets and customized
attacks against larger targets
▪Blended attacks
Automated attacks being used as
a first phase, and targeted attacks
as a second phase
▪Return of old threats, but
enhanced
New technologies are making old
cyber threats more sophisticated
2016 Cyber Threat Observations
3
Cyber Threat PredictionsTipping Point For Cybersecurity in 2017
4
Cyber Threat Prediction #1
AUTOMATED AND HUMAN-LIKE ATTACKS WILL DEMAND MORE INTELLIGENT DEFENCE
▪ Threats getting smarter and
increasingly able to operate
autonomously
▪ AI or “human-like” malware designed
with adaptive, success-based
learning to improve the success and
efficacy of attacks
▪ Growth of cross-platform
autonomous malware designed to
operate on and between a variety of
mobile devices
FROM SMART TO SMARTER:
IMPACT: Autonomous malware that are designed to proactively spread between platforms
can have a devastating effect on our increasing reliance on connected devices
to automate and perform everyday tasks.
5
Cyber Threat Prediction #2
IoT manufacturers will be held accountable for security breaches
▪ IoT is a cornerstone of the digital revolution, however IoT
manufacturers have flooded the market with highly insecure
devices
▪ More IOT devices are headless, which means users can’t
add a security client or even effectively update their software
or firmware
▪ Demand for creation and enforcement of security standards,
from consumers, vendors and other interest groups
IMPACT: If IoT manufacturers fail to secure their devices, consumers may begin to hesitate to buy.
IoT manufacturers need to take immediate and direct action, or suffer economic loss
and become targets of legislation
6
Cyber Threat Prediction #3
▪ The weakest link in cloud security is the millions of
remote devices accessing cloud resources
▪ Increasing attacks targeting IoT devices with over 20
billion IoT devices online by 2020, versus one billion
PCs
▪ Expect to see attacks designed to compromise this
trust model by exploiting endpoint devices, resulting in
client side attacks that can breach cloud providers
20 billion IoT and endpoint devices are the weakest link for attacking the cloud
IMPACT: Cloud –based storage has expanded the potential attack service. Cloud providers need to
design networks with Layer 2 and 3 security technologies to segment the cloud between users,
control access, and protect the cloud providers’ internal network from their public offering
7
Cyber Threat Prediction #4
▪ Hackers will target the growing number of building
automation and management systems
▪ Like with the IoT DDoS attacks, these exploits will
likely be blunt instrument attacks at first, such as
shutting down a building’s systems
▪ Attacks will grow more sophisticated – potential for
holding a building for ransom by locking the doors,
shutting off elevators, rerouting traffic, or
turning on the alarm system
Attackers will begin to turn up the heat in smart cities
IMPACT: Potential for massive civil disruption if integrated systems are compromised.
Trends point towards more interconnected critical infrastructure, such as
emergency services, traffic control, and IoT devices (such as self-driving cars)
8
Cyber Threat Prediction #5
▪ Automated attacks introduce an economy of
scale to ransomware
▪ Hackers can cost-effectively extort small
amounts of money from multiple victims
simultaneously, especially by targeting
online IoT devices.
▪ Expect focused attacks against high-profile
targets, such as celebrities, political figures, and
large organizations
▪ Healthcare organizations are also a key target.
Patient records and human data cannot be so
easily replaced as credit cards
Ransomware was just the gateway malware
IMPACT: Ransomware affects everyone. Consumers will be reluctant to adopt new connected
devices if safety is not assured. Organizations must secure networks and
need to be held accountable for protecting sensitive information and human data.
9
Cyber Threat Prediction #6
▪ The current shortage of skilled
cybersecurity professionals means that
many organizations looking to
participate in the digital economy will do
so at great risk
▪ Predict that savvy organizations will
turn to security consulting services that
can guide them through the labyrinth of
security
▪ Or to managed security services
providers, like MSSPs, who can provide
a turnkey security solution
Technology will have to close the gap on the critical cyber skills shortage
IMPACT: In today’s digital economy, businesses need to connect online or die. But many
organizations internally lack specialised staff with professional skills to protect their systems.
Security vendors need to rethink their traditional, siloed approach to developing security tools.
10
FortiGuard Threat IntelligenceFortinet’s Value Proposition
11
FortiGuard by the Numbers
12
Application
Control Service
Intrusion
Prevention Service
Web
Filtering Service
Anti-spam
Security Service
Web
Security Service
Database
Security Service
IP Reputation
Service
Vulnerability
Management Service
FortiGuard Threat Intelligence
Antivirus Service
13
FortiGuard Threat Intelligence - Sources
Preprocessing
Deduplication
False-positive removal
Packaging
Distribution
FortiGuardIntelligence
FortiCare
Commercial Feeds FortiCloud
FortiSandbox
Community Feeds
Internal ResearchCollaboration Partnerships
Fortiguard
Distribution
Network
14
FortiGuard Threat Intelligence - Processing
Analyze samples
in sandbox
Unknown botnet
protocols analyzed
by AppCtrl team
Botnet C&C
URLs fed to Web
Filtering team
IP addresses and domains
fed to Botnet teams
Web Filtering Anti-Botnet Application Control
Antivirus
15
Security Without CompromiseFortinet Security Fabric for End-to-End Protection
16
THE EVOLVING DIGITAL ECONOMYTechnology is a strategic imperative
INFRASTRUCTURE
EVOLUTION
EVOLVING THREAT
LANDSCAPE
REGULATION, COMPLIANCE
AND CERTIFICATION
17
NEW SECURITY STRATEGY:
Powerful
NEW SECURITY STRATEGY:
Seamless
NEW SECURITY STRATEGY:
Intelligent
SECURITY WITHOUT COMPROMISESecurity strategies must change
TODAY’S NETWORK
IS BORDERLESS
SLOW IS BROKEN COMPLEXITY IS
THE ENEMY OF
SECURITY
18
NetworkEndpoint CloudApplicationAccess
Operations
Center
Advanced
Threat Intelligence
Fabric-Ready
THE FORTINET SECURITY FABRICThe Fortinet Security Fabric is the vision that delivers on the promise of Security without
Compromise: Intelligent, Powerful and Seamless
19
Intelligent security is AWARE The Fortinet Security Fabric provides complete visibility, enabling network segmentation
VISIBILITY SEGMENTATIO
N
AUTOMATED
OPERATION
▪Single pane of glass for
full Fabric-wide policy
control
▪Create network
segments by trust
level
▪All infrastructure
including endpoints,
network, data center,
cloud and data
AWARE
20
Powerful security is SCALABLE The Fortinet Security Fabric scales from IoT to the cloud
ENDPOINT CLOUDACCESS BRANCH CAMPUS
& DATA
CENTER
Embedded
SecurityEndpoint
Security
Private
Hybrid
Public
Multi-SPU
PoweredSPU
Powered
SCALABLE
SoC
NP CP
21
Seamless security is ACTIONABLE The Fortinet Security Fabric provides cooperative security alerts, recommendations and audit reports
5
Critical5
Medium4
Advisory3
Rank Severity Recommendation
Zero-Day Vulnerability
Not Connected to Fabric
Logging DisabledRegulatory Template,
i.e. PCI
FABRIC ELEMENT
ALERT
AUDIT REPORT
ACTIONABLE
22
