PROACTIVE SECURITY: DATA BREACH ASSESSMENT...Cloud security Network security You stated that your organization’s cybersecurity budget will go up in 2018. Please indicate how the

PROACTIVE SECURITY: DATA BREACH ASSESSMENT

CyberSecurity ChicagoSeptember 2018

PROPRIETARY AND CONFIDENTIAL 2

Security In The News

Frequency and severity of cyber security news on the rise


Understanding The Problem

Enterprise Strategy Group (ESG) – Project Overview

• Cybersecurity Realities and Priorities for 2018 and Beyond

– 413 completed online surveys with cybersecurity and IT respondents with

influence over cybersecurity decision-making/strategy at their organization

– Enterprise (2,500 or more employees and $100 million or more in annual revenue

in US and 1,000 or more employees and $50 million or more in annual revenue

outside of US) organizations in United States, United Kingdom and Australia

• 61% United States, 20% United Kingdom, 20% Australia

– Multiple industry verticals including manufacturing, financial, retail/wholesale and

health care, among others

(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)



Most Significant Impact on Security Strategy

31%

36%

37%

37%

37%

The need to support new business initiatives

Need to balance application/network performance and securityrequirements

The need to support new IT initiatives

Proactively minimizing and mitigating risks

Preventing/detecting malware threats

Which of the following factors have the most significant impact on shaping your organization’s security strategy? (Percent of respondents, N=413, three responses accepted)




Why Cybersecurity Has Become More Difficult Over the Past Two Years

29%

32%

34%

38%

42%

An increase in network traffic

An increase in the number of devices connecting to the network

An increase in the number of targeted attacks that may circumventtraditional network security controls

An increase in the number of new IT initiatives has made it difficult tokeep up with cybersecurity

An increase in malware volume and sophistication

You indicated that cybersecurity has become more difficult over the last two years. In your opinion, which of the following factors have had the greatest impact on increasing cybersecurity difficulty?

(Percent of respondents, N=326, three responses accep




Areas of Cybersecurity Budget Change for 2018


22%

28%

31%

34%

36%

46%

46%

39%

43%

44%

50%

50%

41%

45%

37%

27%

23%

16%

12%

12%

7%

2%

2%

1%

1%

1%

1%

1%

1%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Personnel

Training

Host-based security

Security testing/validation

Application/database security

Cloud security

Network security

You stated that your organization’s cybersecurity budget will go up in 2018. Please indicate how the cybersecurity budget will change in each of the following areas: (Percent of respondents, N=413)

Increase significantly from 2017 Increase somewhat from 2017 Remain about the same as 2017

Decrease somewhat from 2017 Decrease significantly from 2017



Why Organizations Conduct More Security Testing


12%

20%

22%

28%

29%

29%

33%

33%

33%

34%

Third-party customers have mandated that we do security testing more often

My organization has purchased cyber insurance and we are obligated to do more securitytesting in support of this

My organization suffered a security breach which led us to do more frequent securityproactive testing

Our security budget has increased recently, freeing up funds for more security testing

Business managers are more involved with cybersecurity and they require us to do moresecurity testing for risk assessment purposes

We’ve implemented new types of production applications over the past two years

We must perform security testing more often as part of regulatory compliance

Our CISO (or similar senior position) has pushed the organization to do more proactivesecurity testing

Many of our application workloads now reside in the cloud so we felt it was important toincrease security testing in support of using cloud infrastructure services

We have come to believe that frequent security testing is a best practice

You indicated that your organization does more security testing today than it did two years ago. Which of the following factors most contributed to this increase? (Percent of respondents, N=372, three responses accepted)



The Bigger Truth

• Traditional cybersecurity strategies are not working

– Cybersecurity grows incrementally more difficult

– Organizations are understaffed and lack the right skills

• “An ounce of prevention is worth a pound of cure”

– Security is “moving to the left”

– More comprehensive testing

– Proactivity

• Changes are happening

– CISO responsibilities

– Transition to cloud computing

– Budget increases

– SaaS(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)


Data Breach Assessment

Data Breach Statistics

• There has been the consistent rise over the past

few years in the total number of data breaches

– Massive data breaches like Equifax, Yahoo, or Target

expose or compromise sensitive information on the

order of millions, or even billions of accounts

– 2017 was a record-breaking year with a total of 5,207

data breaches, exposing nearly 8 billion information

records (source: Dark Reading)


“The art of war teaches us

to rely not on the likelihood

of the enemy’s not coming,

but on our own readiness

to receive him”

– Sun Tzu, The Art of War


Automated Purple Team Assessments

Continual validation of your network’s threat landscape

• Define your topology including zone details

and begin to perform automated red vs. blue

assessments

• Data Breach Assessment can leverage

knowledge of zone to tailor its executed

exploits and malware to your environment

• Meet / prepare for regulatory compliance

requirements with continual assessments

Assess your threat landscape and find

the holes before the bad guys do


Emulation over Simulation

When you look closely you can tell it isn’t real…

• Emulation – reproduction of the exact scenario such that

it is a recreation or replicate and indistinguishable from

the original

• Simulation – fabrication of a scenario with the goal to

mimic or resemble said scenario that it could be

passable if not evaluated closely

• Solutions in the market today leverage pcap replay (i.e.,

simulation) which can lead to incorrect results and false

sense of security

Only use emulated attacks and malware


Evasion Techniques

Evade detection by leveraging attacker techniques

• Hide your attacks in plain sight by

using tried and true techniques used

by attackers to evasion detection

• Validate all techniques across all

attack vectors (including exploits and

malware) to confirm your security

solutions cannot be easily bypassed

Confirm security solutions cannot be

easily fooled by evasion techniques


Active Monitoring

Know the impacts of security content inspection in real-time

• Assess the impacts of security inspection by

generating legitimate, hyper-realistic

emulated traffic for the same services you

are protecting

• Limit the impact to users by finding security

policies that degrade performance and do not

provide additional security coverage

Fine tune your security policies

with active monitoring


Secure communications without compromising them

• Verify that security solutions don’t just block

all files of that filetype but actually inspect

them to stop the malicious ones without

impact to your user’s daily work

• Validate that intellectual property and other

sensitive file content (e.g., SSNs, credit

card numbers) does not leave your network

Se

cu

rity D

evic

e

IP/DLP Verify data loss policies across filetypes

and network vectors

False Positive And Data Loss Prevention Verification

PROPRIETARY AND CONFIDENTIAL 16Internet

Corporate LAN

Secure DatacenterAllowed

Denied

Firewall Policies

Evaluating Multi-Tier Security Protection

Emulating Scenarios That Look and Feel Like An AttackerMulti-path Attack –

Data Loss

Prevention (DLP)

1. User browses to the

Internet and accesses

a website controlled by

the attacker

2. User laptop is

compromised and is

under the control of

the attacker

3. The attacker pivots

and attacks a server

within the secure

datacenter

4. Once compromised,

the attacker can

control the internal

server and send data

outbound to servers

controlled by the

attacker



Example deployment for emulating data loss prevention

1. Corporate LAN agent attempts to

download malware scenarios from

Cloud agent

2. Corporate LAN agent successful in

downloading a Petya variant

3. Corporate LAN begins to run attacks to

Secure Datacenter agent

4. Corporate LAN is successful in

executing Apache Struts exploit

5. Secure Datacenter agent attempts to

exfiltrate data to Cloud agent

6. Secure Datacenter agent is successful

in data exfiltration using DoublePulsar

C&C communications channel

1

2

34

5

6



Example deployment for emulating data loss prevention

Attacks and malware that

were detected by NGFW

during assessment

Attacks and malware that

were blocked by NGFW

during assessment

Data Breach AssessmentData Breach Assessment

A Data Brach Assessment strategy allows you to

automate your purple team assessments

leveraging hyper-realistic emulated attacks and

malware applying evasion techniques to confirm

your security effectiveness while actively

monitoring for no impact to your user experience

including zero false positives.


Security Assurance

Reduce risk

Spirent provides intelligence required to

proactively elevate defenses & customer

experience while radically reducing risk and

maximizing operating expenses.

Accelerate time to market

Spirent reduces time and costs

to develop and launch new products

and networks.

Automated Testing Continuous Monitoring

About Spirent


PenTesting and Vulnerability Scanning

to Identify and Mitigate Risk

Security and Performance Testing

for App-Aware Solutions

About Spirent

Spirent Security Solutions

[email protected]

Documents

PROACTIVE SECURITY: DATA BREACH ASSESSMENT...Cloud security Network security You stated that your organization’s cybersecurity budget will go up in 2018. Please indicate how the