What Cyber Criminals Know Most People Don`t?

Download Report

Transcript What Cyber Criminals Know Most People Don`t?

_________________________________________________________________________
Cyber Security Threats Overview
Golden Technology
Services
Carl Hill, President
[email protected]
www.gtscloud.com
© 2014 Golden Technology Services
_________________________________________________________________________
Executive Summary – Presentation Objective
Golden Technology Services, Inc. (GTS) is engaged in providing innovative and affordable cyber security,
cloud, and resilience and recovery services offerings to large enterprises, small and midsize businesses, and
public sector organizations.
The objective of this presentation is to:
•
Increase visibility of the cyber threat landscape
•
Increase awareness regarding the risk to Intellectual Property, assets, revenue, and brand/reputation
•
Establish an understanding of the foundation for proper cyber security
In summary, GTS understands the cyber security threats landscape, and works our clients to implement
complete, hardened security solutions that can evolve to keep pace with the evolving threats landscape.
The Golden Edge
Deep industry expertise, globally applied.
The foundation of our value creation model.
Deep industry expertise. Global scale and presence. Extensive network of Operating Executives. And a
wealth of industry portfolio data; we call it The Golden Edge. These are the four pillars of Golden Technology
Services (GTS) value creation model. By leveraging these core capabilities and resources—Golden has
established an overall track record of bringing industry leading technologies, that matter, to our clients.
© 2014 Golden Technology Services
2
_________________________________________________________________________
The threat landscape is continually evolving…..
•
External threats. With the continual breakdown of the traditional perimeter, external
threats now exist within the corporate premises as enterprises have opened
themselves to Internet-based commerce and remote users.
•
Internal threats. Once the domain of human error, malicious intent and various forms
of propagating malware, internal threats now include advanced persistent threats and
the coordinated actions of well funded and determined adversaries.
•
Compliance. Enterprises today are under growing pressure to comply with mandates
such as Sarbanes-Oxley, GPG-13, FSA, Garante, HIPAA, FISMA, GLBA, PCI and
NERCO—including regulators that can impose financial penalties for nonconformance.
As organizations continue to embrace mobility and innovative new technologies,
compliance regulations will in turn embrace more sophisticated controls.
April 9, 2015
© 2014 Golden Technology Services
3
_________________________________________________________________________
Cyber Security attacks must be analyzed to determine the threat level
April 9, 2015
Source: “IBM Security Services Cyber Security Intelligence Index,” IBM Corp., July, 2013
© 2014 Golden Technology Services
4
_________________________________________________________________________
Virtually all industries experience cyber attacks, but some are “serious targets”
April 9, 2015
Source: “IBM Security Services Cyber Security Intelligence Index,” IBM Corp., July, 2013
© 2014 Golden Technology Services
5
_________________________________________________________________________
Malicious code and sustained scans are the most common cyber attacks
April 9, 2015
Source: “IBM Security Services Cyber Security Intelligence Index,” IBM Corp., July, 2013
© 2014 Golden Technology Services
6
_________________________________________________________________________
“Opportunistic Attacks” are the most frequent type of cyber attack
April 9, 2015
Source: “IBM Security Services Cyber Security Intelligence Index,” IBM Corp., July, 2013
© 2014 Golden Technology Services
7
_________________________________________________________________________
Most security breaches occur as the result of human intent or error
April 9, 2015
Source: “IBM Security Services Cyber Security Intelligence Index,” IBM Corp., July, 2013
© 2014 Golden Technology Services
8
_________________________________________________________________________
The most important security practices include building a risk-aware culture, and
managing and responding to incidents as quickly as possible
April 9, 2015
Source: “IBM Security Services Cyber Security Intelligence Index,” IBM Corp., July, 2013
© 2014 Golden Technology Services
9
_________________________________________________________________________
Cyber Security breach examples abound…
Target Data Breach (SMB HVAC Vendor 60 employees)?
Nationwide retail giant Target is investigating a data
breach potentially involving millions of customer credit
and debit card records, multiple reliable sources tell
KrebsOnSecurity. The sources said the breach appears
to have begun on or around Black Friday 2013 — by far
the busiest shopping day the year.
Data breach affects more than 6,000
December 17, 2013
More than 6,000 current and former employees,
vendors and students are being notified that their
personal information may have been compromised
in a data breach.
April 9, 2015
Phishing email fools university staff,
compromises thousands
October 25, 2013
Employees fell victim to a phishing
email that resulted in them providing
account information, subsequently
putting thousands at risk.
Insecure email puts more than a
thousand patients at risk
October 07, 2013
An employee sent out an insecure
email containing personal information
on more than 1,300 patients.
© 2014 Golden Technology Services
10
_________________________________________________________________________
Attackers optimize and refine target selection…
more than
half a billion records*
of personally identifiable information (PII) were leaked in 2013
*X-Force Research - 2013
April 9, 2015
© 2014 Golden Technology Services
11
_________________________________________________________________________
The sophistication of cyber threats, attackers and motives is rapidly escalating.
1995 – 2005
2005 – 2015
1st
2nd Decade of the Commercial Internet
Decade of the Commercial Internet
Motive
National Security
Espionage,
Political Activism
Monetary Gain
Revenge
Curiosity
Nation-state Actors; Targeted Attacks /
Advanced Persistent Threat
Competitors, Hacktivists
Organized Crime, Hackers and Crackers using
sophisticated tools
Insiders, using inside information
Script-kiddies or hackers using tools, web-based “how-to’s”
Adversary
*X-Force Research - 2013
April 9, 2015
© 2014 Golden Technology Services
12
_________________________________________________________________________
Common Threat to Online Channels & Internal Systems: Malware, Phishing
Fraud
Money
Scheme
Loss
Social
Execution
Malware
Engineering Vulnerability
Infection
Exploit
(Phishing)
Data
Exfiltration
Three Losing Battles
•
Humans will always make mistakes
•
System and application
vulnerabilities continue to emerge
•
April 9, 2015
Malware detection will always lag
Two Major Impacts
Widespread Fraud
• $3.4B est lost to online fraud in 20121
Advanced Threats and Breaches
• 85% of breaches go undetected2
• $8.9M average cost of cyber-attacks3
1JPMorgan:
3Ponemon
2012 Online Fraud Report , 2Gartner: 2290415,
Institute: 2012 Cost of Cybercrime Report: US
Enterprise
Breach
© 2014 Golden Technology Services
13
_________________________________________________________________________
Where should you start? These three controls can help you address the top
vulnerabilities and begin to reduce risk.
Build a
risk-aware
culture
April 9, 2015
Automate security
hygiene & manage
incidents with
intelligence
Protect the
network &
end-points
© 2014 Golden Technology Services
14
_________________________________________________________________________
The top 5 reasons why attacks are possible are all related to system
hygiene or user knowledge.
1 End user didn’t think before clicking
2 Weak password/default password in use
3 Insecure configuration
4 Use of legacy or un-patched hardware or software
5 Lack of basic network security protection/segmentation
April 9, 2015
© 2014 Golden Technology Services
15
_________________________________________________________________________
Proper IT Security requires a wide range of focus and capabilities
•
Understanding of Security drivers – threats, standards, regulations, business objectives
•
Security Policy
•
Security Processes
•
Security Metrics – collection and management
•
Security architecture and infrastructure – people, hardware, software, communications,
analytics
Define
April 9, 2015
Capture
Analyze
Monitor & Measure
Act
© 2014 Golden Technology Services
16
_________________________________________________________________________
The organization drives the Security Model
April 9, 2015
© 2014 Golden Technology Services
17
_________________________________________________________________________
Each organization’s security model is supported by infrastructure…
The Security Products marketplace is a broad and growing one, according to IDC
Security Products
Acronyms:
IAM
Identity & Access Management
AA
Advanced Authentication
W-SSO
Web Single Sign-on
E-SSO
Enterprise Single Sign-on
LA
Legacy Authorization
UP
User Provisioning
UTM
Unified Threat Management
SDSM
IDP
Intrusion Detection & Prevention
Vulnerability
Management
VPN
Virtual Private Network
SVM
Security & Vulnerability Management
SIEM
Security Intelligence & Event
Management
PERM
Proactive Endpoint Risk Management
FII
Forensics & Incident Investigation
SDSM
Security Device & Systems Management
IAM
Network
Endpoint
Messaging
Web
SVM
AA
Firewall
Antimalware
Antimalware
URL Filtering
SIEM
W-SSO
UTM
Server
Security
Antispam
Antimalware
PERM
Content
Filtering
Content
Filtering
FII
Web
Application
Firewall
Policy &
Compliance
E-SSO
IDP
Suites
LA
VPN
Access &
Information
Protection
UP
Other
Source: IDC Web Site: http://www.idc.com/getdoc.jsp?containerId=IDC_P261, July 2014
April 9, 2015
© 2014 Golden Technology Services
18
_________________________________________________________________________
The Security Products vendor landscape is fragmented, and continually changing
due to the evolution of threats and the technology advances to address them
Security Products Vendors
Absolute Software
F5
Kaspersky
Sophos
Alcatel-Lucent
FireEye
LSI
Sourcefire
Axway
Fortinet
Microsoft
Symantec
Barracuda Networks
F-Secure
NetForensics
Trend Micro
Blue Coat
Gemalto
NetIQ
Trustwave
CA Technologies
Google
Oracle
Vericept
Check Point
HP
Palo Alto Networks
Vmware
Cisco
IBM
PassLogix
WatchGuard
Damballa
Invincea
Proofpoint
Webroot
Dell Secureworks
Intel/McAfee
Qualys
Websense
Entrust
InteproIQ
SafeNet
Zscalar
ESET
Juniper
SonicWALL
Wombat
Leaders in this market segment include, but are not limited to: Symantec, Intel/McAfee, Cisco,
IBM, Check Point, Trend Micro, Juniper Networks, Microsoft, EMC, and Kaspersky Lab.
Source: IDC Web Site: http://www.idc.com/getdoc.jsp?containerId=IDC_P261, GTS Analysis, July 2014
April 9, 2015
© 2014 Golden Technology Services
19
_________________________________________________________________________
The IT Services marketplace also offers “Managed Security Services”
IDC defines managed security services as "the around-the-clock
remote management or monitoring of IT security functions
delivered via remote security operations centers (SOCs), not
through personnel onsite."
The rise in frequency and complexity of attacks and the need for
increasingly sophisticated security solutions have led to a new
echelon of MSS that IDC is calling MSS 2.0.
A MSSP 2.0 is further "up the stack" than traditional MSSPs which
are offering MSS 1.0 services such as basic managed and
monitored services (firewalls, intrusion detection services
[IDS]/intrusion prevention services [IPS], unified threat
management [UTM], IAM, log monitoring, vulnerability scanning,
etc.).
Traditional MSSPs may also offer advanced services such as
DDoS, Web application security, managed SIEM, and managed
SOC. MSSPs that are focused on MSS 2.0 deliver basic and
advanced traditional MSS plus professional/complementary
services.
And, they are investing in mobile/BYOD, cloud, threat
intelligence/big data, and incident response/forensics. Cloud,
mobile/BYOD, and big data are three of four pillars that IDC has
identified as top trends in 2014. The fourth pillar, which doesn't
factor into this IDC MarketScape, is social media. Social media,
however, does impact security, and advanced MSSP capabilities,
in our analysis, can help detect, analyze, and protect against
threats in the social media arena.
Source: “IDC MarketScape: Worldwide Managed Security Services 2014 Vendor Assessment,” IDC Corp., June 2014
April 9, 2015
© 2014 Golden Technology Services
20
_________________________________________________________________________
Security Technology Stack
GRC
Information & Event
Mgmt.
Data Security
Identity,
Entitlement,
Access
Application Security
Cryptography
Host Security
Network Security
Physical Security
April 9, 2015
© 2014 Golden Technology Services
21
_________________________________________________________________________
Let’s look at network security, and its relationships to the stack
Data Security
Host Security
Monitor and control
data flows on network
Interconnected hosts on network
Establish secure channel
Control hosts on network
Network Security
Use identity
Retrieve access control
Identity and Access
Monitor and control applications
running on network
Application Security
April 9, 2015
Send security logs
Detect security incidents
Security Info & Event Management
Key management
Crypto offload
Cryptography
© 2014 Golden Technology Services
22
_________________________________________________________________________
Security Intelligence has differentiated levels of capabilities
Basic : Organizations employ
perimeter protection, which
regulates access and feeds
manual reporting
Proficient: Security is layered
into the IT fabric and business
operations
Optimized: Organizations use
predictive and automated
security analytics to drive
toward security intelligence
April 9, 2015
© 2014 Golden Technology Services
23
_________________________________________________________________________
An example of comprehensive cyber security capabilities:
IBM Managed Security Services
Getting to “intelligent security”
April 9, 2015
© 2014 Golden Technology Services
24
_________________________________________________________________________
Checklist for Compromised Accounts - What should a firm do after it discovers
that a customer’s account has been compromised?
* This checklist is not exhaustive, and a firm may need to take other steps depending on the
nature/cause of the intrusion, business model, customer base, the threats, and the law.
–
Monitor, limit, or temporarily suspend activity in the account until the situation is resolved.
–
Alert others in the firm (including the firm’s Legal and Compliance Department, if applicable) to be
mindful of unusual activity in other customer accounts. Should consider designating in advance a
specific individual or department to serve as a central contact for questions about the intrusion.
–
Identify, if possible, the root cause of the intrusion (e.g., the firm’s system was compromised, the
individual account was hacked, the customer was the victim of identity theft) and determine
whether the intrusion is isolated to one account.
–
Contact the SEC and your FINRA Coordinator. In the event of an account intrusion, have the
following information readily available if possible:
•
•
•
•
•
•
•
Date(s) and time(s) of activity
IP addresses used to access the account
Security or securities involved (name and symbol)
Time and date of the activity
Customer account affected by the activity, including name and account number
Whether the customer has been or will be reimbursed and by whom
If appropriate, contact law enforcement agencies, such as the FBI or, if the U.S. mail is involved, the United
States Postal Inspector.
April 9, 2015
© 2014 Golden Technology Services
25
_________________________________________________________________________
Summary
•
The number of “bad actors” and the sophistication of cyber security threats is
continually increasing
•
The effects of cyber security attacks on businesses and governments are increasing
in impact and cost
•
An understanding of threats to your enterprise, and of your current security
capabilities and gaps that must be filled, is imperative
•
Become familiar with security standards, regulations, available capabilities and
infrastructure NOW to meet your enterprise objectives, and to protect your
stakeholders’ interests
April 9, 2015
© 2014 Golden Technology Services
26
_________________________________________________________________________
Additional Information
© 2014 Golden Technology Services
GOLDEN TECHNOLOGY SERVICES, Inc. (GTS)
_________________________________________________________________________
Our Mission is Simple – We are focused on Value Creation for our Clients.
We are the Trusted Advisor to our Clients and Partners.
GTS is a privately held business technology
services company.
GTS is a diverse, minority-owned company
We have two principal goals:
1.Helping clients to become more innovative, efficient,
and competitive through the application of business
insight and IT cloud solutions.
2.To develop and leverage an ecosystem of Vendors,
Alliance and Business Partners who bring best-in-class
Information technologies and services to the markets
and clients we serve.
Our commitment: To be the Trusted Advisor to
our and Clients and Partners.
April 9, 2015
How GTS Creates Client Value
The GTS Competitive Advantage is our
global experience and accomplishment,
our cloud knowledge and specialization,
our multi-vendor certifications, our broker
services, and most importantly, our
network of people and partner ecosystem
model.
Our focus is on the client. Our focus is
the client’s business challenges.
GTS is missioned to help clients solve IT
and business problems through consulting
and the use of advanced information and
cloud-delivered technologies. GTS offers a
base portfolio of cloud services that enable
clients to optimize their IT environments,
thereby driving efficiency, flexibility, and
productivity into their business operations,
while reducing costs.
© 2014 Golden Technology Services
28
GTS Executive Biographies
_________________________________________________________________________
Carl Hill is CEO for Golden Technology Services.
With over three decades of marketing and sales experience in the IT industry, Mr. Hill brings a unique perspective to any
project or engagement when it comes to developing and working with clients. His responsibilities have included new
product launch, international marketing, sales development, creating marketing and business plans, strategic account
management, sales development and responsibilities for C- level client relationship and satisfaction across multiple
industries.
Mr. Hill had a successful 25+ year career with IBM. Starting his career in sales with IBM, he had held multiple Executive
Sales and Marketing Management responsibilities where he had revenue and people responsibility for IBM’s channel
business in US and Global markets.
Carl Hill graduated from Rhodes College in Memphis with a BA in Psychology and a minor in Economics.
Justin Golden is COO and founder of Golden Technology Services.
Mr. Golden has compiled over thirty years of sales, marketing and business development experience in the Information
Technology industry both here and internationally. Beginning in sales he was early advocate of alternate channel sales
utilizing Business Partners across multiple product lines. This was followed by a business development role in an
emerging technology, Speech Recognition, where he was awarded several Invention Disclosures for this technology. He
established the role of General Business Consultant in a sales assignment in the Czech Republic which led to record
sales in revenue, new business and profitability. Mr. Golden also launched the first inside sales (Telesales) team in the
US Sales Centers for applications hosting customers. In a most recent assignment, Mr. Golden integrated the offerings
of an IBM acquisition, Arsenal Digital, into the company’s services portfolio.
Mr. Golden is a graduate of University of Vermont in Burlington with a major in Political Science and a minor in History.
After graduation, he spent one year abroad in Ireland and the United Kingdom employed in Solicitors offices, Cork and
Southampton.
Kevin Skelly is Managing Director and Vice President, Business and Technology Strategy, for Golden Technology
Services.
Mr. Skelly most recently worked for IBM Corporation, where he had a successful 37-year career. His most recent work
in IBM was in directing the analysis and planning in IBM Corporate Strategy of IBM’s strategic initiatives, with a specific
focus on advanced analytics and Cloud platforms.
Mr. Skelly’s areas of expertise include market strategy, market management, competitive analysis, business plan
development, product management, sales/consulting, software architecture and development, and IT technology
planning.
Mr. Skelly attended Pace University’s Lubin School of Business and majored in Management Information Systems, and
is a member of the Society of Competitive Intelligence Professionals and the American Marketing Association.
April 9, 2015
© 2014 Golden Technology Services
29
_________________________________________________________________________
Network Security has a number of layers and capabilities, and is EVOLVING
•
•
•
•
•
•
•
•
Network Firewalls
VPN Gateways
Network Intrusion Detection/Prevention
DDoS
WiFi security
Network Access Control
DNS Security
Web, Email and IM filtering
April 9, 2015
© 2014 Golden Technology Services
30