Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
PROACTIVE SECURITY: DATA BREACH ASSESSMENT
CyberSecurity ChicagoSeptember 2018
PROPRIETARY AND CONFIDENTIAL 2
Security In The News
Frequency and severity of cyber security news on the rise
PROPRIETARY AND CONFIDENTIAL 3
Understanding The Problem
Enterprise Strategy Group (ESG) – Project Overview
• Cybersecurity Realities and Priorities for 2018 and Beyond
– 413 completed online surveys with cybersecurity and IT respondents with
influence over cybersecurity decision-making/strategy at their organization
– Enterprise (2,500 or more employees and $100 million or more in annual revenue
in US and 1,000 or more employees and $50 million or more in annual revenue
outside of US) organizations in United States, United Kingdom and Australia
• 61% United States, 20% United Kingdom, 20% Australia
– Multiple industry verticals including manufacturing, financial, retail/wholesale and
health care, among others
(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)
PROPRIETARY AND CONFIDENTIAL 4
Understanding The Problem
Most Significant Impact on Security Strategy
31%
36%
37%
37%
37%
The need to support new business initiatives
Need to balance application/network performance and securityrequirements
The need to support new IT initiatives
Proactively minimizing and mitigating risks
Preventing/detecting malware threats
Which of the following factors have the most significant impact on shaping your organization’s security strategy? (Percent of respondents, N=413, three responses accepted)
(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)
PROPRIETARY AND CONFIDENTIAL 5
Understanding The Problem
Why Cybersecurity Has Become More Difficult Over the Past Two Years
29%
32%
34%
38%
42%
An increase in network traffic
An increase in the number of devices connecting to the network
An increase in the number of targeted attacks that may circumventtraditional network security controls
An increase in the number of new IT initiatives has made it difficult tokeep up with cybersecurity
An increase in malware volume and sophistication
You indicated that cybersecurity has become more difficult over the last two years. In your opinion, which of the following factors have had the greatest impact on increasing cybersecurity difficulty?
(Percent of respondents, N=326, three responses accep
(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)
PROPRIETARY AND CONFIDENTIAL 6
Understanding The Problem
Areas of Cybersecurity Budget Change for 2018
(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)
22%
28%
31%
34%
36%
46%
46%
39%
43%
44%
50%
50%
41%
45%
37%
27%
23%
16%
12%
12%
7%
2%
2%
1%
1%
1%
1%
1%
1%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Personnel
Training
Host-based security
Security testing/validation
Application/database security
Cloud security
Network security
You stated that your organization’s cybersecurity budget will go up in 2018. Please indicate how the cybersecurity budget will change in each of the following areas: (Percent of respondents, N=413)
Increase significantly from 2017 Increase somewhat from 2017 Remain about the same as 2017
Decrease somewhat from 2017 Decrease significantly from 2017
PROPRIETARY AND CONFIDENTIAL 7
Understanding The Problem
Why Organizations Conduct More Security Testing
(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)
12%
20%
22%
28%
29%
29%
33%
33%
33%
34%
Third-party customers have mandated that we do security testing more often
My organization has purchased cyber insurance and we are obligated to do more securitytesting in support of this
My organization suffered a security breach which led us to do more frequent securityproactive testing
Our security budget has increased recently, freeing up funds for more security testing
Business managers are more involved with cybersecurity and they require us to do moresecurity testing for risk assessment purposes
We’ve implemented new types of production applications over the past two years
We must perform security testing more often as part of regulatory compliance
Our CISO (or similar senior position) has pushed the organization to do more proactivesecurity testing
Many of our application workloads now reside in the cloud so we felt it was important toincrease security testing in support of using cloud infrastructure services
We have come to believe that frequent security testing is a best practice
You indicated that your organization does more security testing today than it did two years ago. Which of the following factors most contributed to this increase? (Percent of respondents, N=372, three responses accepted)
PROPRIETARY AND CONFIDENTIAL 8
Understanding The Problem
The Bigger Truth
• Traditional cybersecurity strategies are not working
– Cybersecurity grows incrementally more difficult
– Organizations are understaffed and lack the right skills
• “An ounce of prevention is worth a pound of cure”
– Security is “moving to the left”
– More comprehensive testing
– Proactivity
• Changes are happening
– CISO responsibilities
– Transition to cloud computing
– Budget increases
– SaaS(source: ESG – Cybersecurity Realities and Priorities for 2018 and Beyond)
PROPRIETARY AND CONFIDENTIAL 9
Data Breach Assessment
Data Breach Statistics
• There has been the consistent rise over the past
few years in the total number of data breaches
– Massive data breaches like Equifax, Yahoo, or Target
expose or compromise sensitive information on the
order of millions, or even billions of accounts
– 2017 was a record-breaking year with a total of 5,207
data breaches, exposing nearly 8 billion information
records (source: Dark Reading)
PROPRIETARY AND CONFIDENTIAL 10
“The art of war teaches us
to rely not on the likelihood
of the enemy’s not coming,
but on our own readiness
to receive him”
– Sun Tzu, The Art of War
PROPRIETARY AND CONFIDENTIAL 11
Automated Purple Team Assessments
Continual validation of your network’s threat landscape
• Define your topology including zone details
and begin to perform automated red vs. blue
assessments
• Data Breach Assessment can leverage
knowledge of zone to tailor its executed
exploits and malware to your environment
• Meet / prepare for regulatory compliance
requirements with continual assessments
Assess your threat landscape and find
the holes before the bad guys do
PROPRIETARY AND CONFIDENTIAL 12
Emulation over Simulation
When you look closely you can tell it isn’t real…
• Emulation – reproduction of the exact scenario such that
it is a recreation or replicate and indistinguishable from
the original
• Simulation – fabrication of a scenario with the goal to
mimic or resemble said scenario that it could be
passable if not evaluated closely
• Solutions in the market today leverage pcap replay (i.e.,
simulation) which can lead to incorrect results and false
sense of security
Only use emulated attacks and malware
PROPRIETARY AND CONFIDENTIAL 13
Evasion Techniques
Evade detection by leveraging attacker techniques
• Hide your attacks in plain sight by
using tried and true techniques used
by attackers to evasion detection
• Validate all techniques across all
attack vectors (including exploits and
malware) to confirm your security
solutions cannot be easily bypassed
Confirm security solutions cannot be
easily fooled by evasion techniques
PROPRIETARY AND CONFIDENTIAL 14
Active Monitoring
Know the impacts of security content inspection in real-time
• Assess the impacts of security inspection by
generating legitimate, hyper-realistic
emulated traffic for the same services you
are protecting
• Limit the impact to users by finding security
policies that degrade performance and do not
provide additional security coverage
Fine tune your security policies
with active monitoring
PROPRIETARY AND CONFIDENTIAL 15
Secure communications without compromising them
• Verify that security solutions don’t just block
all files of that filetype but actually inspect
them to stop the malicious ones without
impact to your user’s daily work
• Validate that intellectual property and other
sensitive file content (e.g., SSNs, credit
card numbers) does not leave your network
Se
cu
rity D
evic
e
IP/DLP Verify data loss policies across filetypes
and network vectors
False Positive And Data Loss Prevention Verification
PROPRIETARY AND CONFIDENTIAL 16Internet
Corporate LAN
Secure DatacenterAllowed
Denied
Firewall Policies
Evaluating Multi-Tier Security Protection
Emulating Scenarios That Look and Feel Like An AttackerMulti-path Attack –
Data Loss
Prevention (DLP)
1. User browses to the
Internet and accesses
a website controlled by
the attacker
2. User laptop is
compromised and is
under the control of
the attacker
3. The attacker pivots
and attacks a server
within the secure
datacenter
4. Once compromised,
the attacker can
control the internal
server and send data
outbound to servers
controlled by the
attacker
PROPRIETARY AND CONFIDENTIAL 17
Data Breach Assessment
Example deployment for emulating data loss prevention
1. Corporate LAN agent attempts to
download malware scenarios from
Cloud agent
2. Corporate LAN agent successful in
downloading a Petya variant
3. Corporate LAN begins to run attacks to
Secure Datacenter agent
4. Corporate LAN is successful in
executing Apache Struts exploit
5. Secure Datacenter agent attempts to
exfiltrate data to Cloud agent
6. Secure Datacenter agent is successful
in data exfiltration using DoublePulsar
C&C communications channel
1
2
34
5
6
PROPRIETARY AND CONFIDENTIAL 18
Data Breach Assessment
Example deployment for emulating data loss prevention
Attacks and malware that
were detected by NGFW
during assessment
Attacks and malware that
were blocked by NGFW
during assessment
Data Breach AssessmentData Breach Assessment
A Data Brach Assessment strategy allows you to
automate your purple team assessments
leveraging hyper-realistic emulated attacks and
malware applying evasion techniques to confirm
your security effectiveness while actively
monitoring for no impact to your user experience
including zero false positives.
PROPRIETARY AND CONFIDENTIAL 20
Security Assurance
Reduce risk
Spirent provides intelligence required to
proactively elevate defenses & customer
experience while radically reducing risk and
maximizing operating expenses.
Accelerate time to market
Spirent reduces time and costs
to develop and launch new products
and networks.
Automated Testing Continuous Monitoring
About Spirent
PROPRIETARY AND CONFIDENTIAL 21
PenTesting and Vulnerability Scanning
to Identify and Mitigate Risk
Security and Performance Testing
for App-Aware Solutions
About Spirent
Spirent Security Solutions