Upload
peter-cochrane
View
1.146
Download
2
Embed Size (px)
DESCRIPTION
The big challenge facing cyber security professionals is to think like the enemy, anticipate their next move, and enact measures to combat the exponentially growing number of attacks. Passively monitoring defences in the hope of detecting probes and breaches is insufficient as it is likely that threats are already on the inside in human, machine, or some malware form. And these may be continually active, sporadic, dormant, sleeping, dumb, smart, intelligent, broad or highly focused, and located anywhere in an organisation, machine, device or network. Fortunately, Cloud Technologies and new working practices mitigate agains all this, but only if we leverage new technologies and nurture new behaviours and operating strategies. We are no longer looking for a ‘needle in a haystack’ but bent needles, or even needles prone to bending, in a ‘needle stack’. Layered defences such as multiple firewalls, virus protection, malware scanners, people screening and sporadic checks are insufficient. We have to be more sophisticated and consider the activity traits and sociology of people, machines, networks and malware. Perhaps most importantly this has to be achieved without degrading the performance of systems, networks, individuals and organisations. To achieve effective cyber security solutions we have to migrate to a more organic, globally cooperative, and fully networked model that sees a new detection, reaction and solution sharing regime between companies and countries. And as the technology (good and bad) continues to accelerate and spread the end point will most likely be the realisation of a ‘living cyber immune system’ devoid of human intervention.
Citation preview
Finding
N e e d l e s in
N e e d l e S t a c k sorFuture aspects of Cyber Security
Peter Cochrane cochrane.org.uk
ca-global.biz
COCHRANE a s s o c i a t e s
Thursday, 21 November 13
C y b e r S e c u r i t y
- Attacks are growing and are increasingly sophisticated- We need to up our game & become more anticipatory
There
are no
simple
or sing
ular s
olutio
ns
Thursday, 21 November 13
Finding the
B e n t N e e d l e s or
N e e d l e s a b o u t t o b e n dThe good majority
The evil minority
The potentially evil
Thursday, 21 November 13
C y b e r I N S e c u r i t yWhat we know for sure - There is always a threat
- The threat never sleeps- The threat evolves rapidly
People are by far the biggest risk factor
The perceived threat ⧣ the actual threat
The biggest threat is always on the inside
Security people are never their own customer
The best defenders have been the best attackers
Cracking systems is far more fun than defending them
The biggest threat is in the direction you are not looking
Resources are generally deployed inversely proportional to actual riskThursday, 21 November 13
Breaking intomost companies and institutionsreally isn’t all that difficult!
Thursday, 21 November 13
Thebiggestthreatsare
inside
the
FireWall
Rogue:Equipment NetworksChipsCodePortsPeople
Lax:PeopleVisitorsSecurityOperations
Thursday, 21 November 13
No single solutioncan deal with all forms of attack....
Thursday, 21 November 13
Fire Walls andmalware protection are certainly not enough...
Thursday, 21 November 13
Reproduced Courtesy of Akamai 2013
C y b e r A t t a c k sMajor Country Nodes
Thursday, 21 November 13
Reproduced Courtesy of Akamai 2013
C y b e r A t t a c k sMajor Tra f f i c Po r t s
Thursday, 21 November 13
Financial 34.4%
Payment Services 32.1%
Gaming 14.7%
ISP 9.5%
Other 6.78%
Social Nets 6.0%Retail 5.12%
Auctions 2.07%Government 1.0%
Classifieds 0.3%
P r i m a r y C y b e r T a r g e t s Q4 2012
Thursday, 21 November 13
Data Courtesy of Detica 2011
2004 2005 2006 2007 2008 2009 2009 2011 2012
200
150
100
50
0
$Bn
17Bn 21Bn
100Bn
>200Bn
C y b e r C r i m e > > C Y B E R - S E C U R I T YNot clear which side is spending more on software
The cost of cyber crime
Cyber Defence
expenditure
Thursday, 21 November 13
C y b e r S e c u r i t yImprovements for free ?
What will we benefit from if we don nothing ?
Thursday, 21 November 13
A multi-device, multi-screen,mobile world, of rapidly
renewed and replaced devices,new and updated apps
With built-in security features
automatically updated
Connectingon the
move via wifi, 3G, 4G, LTE,
BlueTooth AnyNetAny
where
BYOD = Fewer corporate constrains and greater variabilitiesBMOB = Be My Own Boss - shorter assignment periods
Increasinglytransientpeople &machinebehaviour
Thursday, 21 November 13
Many networksto attack not just one
3,4,5G,LTE, WiFiWiFi WiMaxBlueTooth ++
Thursday, 21 November 13
Many OS typesto attack not just one
Thursday, 21 November 13
Many applicationsto attack not just one
Thursday, 21 November 13
InterfaceBoardsChips
ConfigFirmware
Huge devicevariance
Thursday, 21 November 13
CircuitryLayout
AntennasAnalogue
DesignFacilities
Huge hardwareand circuitvariance
Thursday, 21 November 13
On Grid
On & Off Grid
Off Grid
Far more variable human and device connection
behaviours
Thursday, 21 November 13
A fast spreading realisation that this really isn’t good enough!
Thursday, 21 November 13
is sufficient
No One
security
technique
The concatenation of multiple low cost methods rapidly
delivers a very high level of protection
HabitsPersonal
LocationsNetworks BiometricsKnowledge++++++++
Thursday, 21 November 13
S O M E T H I N G S Unique to you a loneWhat you:
arewereknowdrove
work onwearownuseeatdo+
Who you: work with
live withmanagementordislike
+++
Why you:like
dislikeprefer
thoughtimaginedmigratedassumed
helpedfailedwon
++
How you:talk
type stand
appearwritewalk
++
Thursday, 21 November 13
But whatabout the cloud ?
Thursday, 21 November 13
çF U T U R E N E T W O R K I N GThe Internet wil l not Scalefunctionally or economically
9Bn People and >> 50Bn Things on line
2013 2025
But Clouds/Cloud working will !
<5Bn People on (and off) line
Thursday, 21 November 13
Thursday, 21 November 13
Data courtesy of Cisco.
R E C E N T H E A D L I N E
Thursday, 21 November 13
Mobile networksbut a minor
player !
Thursday, 21 November 13
ç
More degrees of freedom to exploit that make it all inherently more secure than anything we have seen before
C y b e r S e c u r i t yClouds change everything
Thursday, 21 November 13
Axiom..
1,000,000s
of Clouds
and not 1Thursday, 21 November 13
And they come in many forms
- Corporate- Government- Private- Personal- Long term- Sporadic
- Visible- Invisible- Dynamic- Fixed- Mobile- Wireless- Wired
- Open- Closed- Secure- Insecure- Regular- Unknown- Unquantified- Experimental
Thursday, 21 November 13
ç
Diverse routing and increasingly hidden and disguised data storage in depth
C y b e r S e c u r i t yHidden by multi-hop depth
InvisibleC l o u d
Corporate/Private/Government
C l o u d
P u b l i c/ O p e nC l o u d
InvisibleC l o u d
InvisibleC l o u d
InvisibleC l o u d
Corporate/Private/Government
C l o u d
Thursday, 21 November 13
ç
Every Cloud demands a key and all routings are hidden - data parsed/coded
C y b e r S e c u r i t yIn Cloud Gating/Encryption
Thursday, 21 November 13
T h e B i g g e s t R i s k
Service providers do not guarantee your data!
Thursday, 21 November 13
we need SCAlable
networkSolut ions
Thursday, 21 November 13
This isn’t tenable...
Thursday, 21 November 13
This is...
Thursday, 21 November 13
Smart car...Smart gas...Smart net...
Thursday, 21 November 13
C l o u d s c o n n e c t dynamically, driven by need, location, work, groups and associations...
Thursday, 21 November 13
T H E S e c u r i t y P r o b l e mEven deeper protection required
Thursday, 21 November 13
DETECTIONBUILT INTO
EVERY ELEMENT
OF A DEVICE
Thursday, 21 November 13
On Server
On Device
In Network
In Individual Apps
In Hardware
Thursday, 21 November 13
H o n e y p o t , a n d m a l w a r e t r a p s , distributed across the cloud spectrum
Thursday, 21 November 13
Data decimation and distribution with individual encryption
Thursday, 21 November 13
Dynamic Addressing
url hopping
Thursday, 21 November 13
Ghost Cloud
Ghost Device
Have an alias, be invisible, don’t be what you appear, be there but absent...
Thursday, 21 November 13
Distributed Attacks demand aDistributed Defence
Dynamic Attackers necessitateDynamic Defenders
We can act a lone or we can uniteand a c t toge the r
Thursday, 21 November 13
M O R E C Y B E R - B E N E F I T S Going for free in the default future
Thursday, 21 November 13
Fewer full time people
and less predictablecorporate/network/device/
behavior
Thursday, 21 November 13
People job and location Half Lifegetting shorter
Thursday, 21 November 13
Data Half Lifegetting shorter
and shorter
Mean Time to Destruction
unknown!
Thursday, 21 November 13
The Ace in theHole
Global CooperationDevice, App, Network
Thursday, 21 November 13
Finding Those NeedlesThe sociology and habits of
ApplicationsNetworksMachinesSoftwareMalware
PeopleBugs
++
Thursday, 21 November 13
T H E E N D G A M E
We all own multiple
clouds
Things cooperateinter and extra community to
defeat attacks
AI systems monitoractivities and identify trends to thenanticipate andfend off allattacks
Auto-immune response systems emerge aspart of the overallevolving behaviours
Thursday, 21 November 13
The Art of War by Sun Tzu, 600 BC
“Speed is the essence of war. Take advantage of the enemy's unpreparedness ; t rave l by unexpected routes and strike him where he has taken no precautions”
Thursday, 21 November 13
Thank You
cochrane.org.ukca-global.org
COCHRANE a s s o c i a t e s
Thursday, 21 November 13