STEVE GOODING JUNE 15, 2018

Size: px

Start display at page:

Download "STEVE GOODING JUNE 15, 2018"

Toby Caldwell
5 years ago
Views:

1 ARMOR: THE STATE OF THE INDUSTRY STEVE GOODING JUNE 15, 2018

2 Agenda 1. Welcome 2. Introduction to Armor 3. Honeypot Report 4. Black Market Report 2

3 ARMOR IN THE CYBERSECURITY SPACE 3

4 About Armor DATA CENTERS: COMPLIANCE: 1,200+ clients 42 countries 286% ROI Over 3 Years with Payback in 4 Months Dallas Phoenix London 6 cloud-based security patents pending % OF SECURITY THREATS BLOCKED Amsterdam Singapore 100B+ EVENTS ANALYZED PER MONTH & GROWING ISO certified SOC II annual audit PCI-validated service provider HITRUST certified GDPR-ready 4

5 Ongoing Cybersecurity Challenges $5 Bn ESTIMATED COST OF RANSOMWARE IN Days THE GLOBAL MEDIAN TIME FROM COMPROMISE TO DISCOVERY HAS DROPPED SIGNIFICANTLY FROM 146 DAYS IN 2015 TO 99 DAYS $3.6 M AVERAGE COST OF A DATA BREACH. 2X CYBER RISK INSURANCE MARKET (US) TO DOUBLE BETWEEN 2017 AND 2020 TO $5.6B. 2 Min. ELAPSED TIME BEFORE THE FIRST ATTACK HIT ARMOR HONEY POTS ON PUBLIC CLOUD INFRASTRUCTURE M SHORTAGE OF 1.8M CYBERSECURITY WORKERS BY

6 Defend valuable data workloads and applications no matter where they re located. Armor s security and threat intelligence solutions protect third-party clouds or customer-owned environments. Armor security, in any cloud. WITH ARMOR ANYWHERE Armor s managed security-as-a-service delivers holistic cloud security for your applications, data, and services. PROACTIVE INCIDENT RESPONSE & REMEDIATION RIGHT WORKLOAD, RIGHT SECURITY FIVE PROVEN SECURITY LAYERS Patch Monitoring Log & Event Management Managed Malware Protection File Integrity Monitoring External Vulnerability Scans Host Based Intrusion Detection PROTECTED BY WORLD- CLASS SOC AVAILABLE ON G CLOUD 6

Unified Visibility & Control Armor Management

INSTALLATION PROCESSES GET SUPPORT VIA SECURE

7 Unified Visibility & Control Armor Management Portal & APIs VISUALIZE YOUR SECURITY POSTURE GAIN SECURITY COMPONENT DETAILS AND STATUS SEE YOUR GLOBAL VM ENVIRONMENT LEVERAGE SIMPLE INSTALLATION PROCESSES GET SUPPORT VIA SECURE COMMUNICATION ENJOY STRAIGHTFORWARD USER MANAGEMENT 7

8 HONEYPOT REPORT 8

9 The Setup 9

10 The Business 10

Observations ATTACKS WERE DETECTED WITHIN

THREAT ACTORS THE MAJORITY OF THE ATTACKS

11 Observations ATTACKS WERE DETECTED WITHIN MINUTES OF ACTIVATING HONEYPOT SENSORS TOP 5 MOST ATTACKED PORTS OVER A 24HR PERIOD EACH SERVER WAS SCANNED 1,000 s OF TIMES BY THREAT ACTORS THE MAJORITY OF THE ATTACKS WERE AUTOMATED, BRUTE FORCE AUTHENTICATION ATTACKS 11

12 Hackers Get The Word Out AFTER COMING ONLINE AND STARTING TO DO BUSINESS, OUR SITE QUICKLY SHOWED UP ON FORUMS 12

13 Your business may be local, but the risk is global. 13

14 The Bottom Line TOTALLY HELPLESS FLAGGED BASIC ATTACKS ADDRESSED ATTACKS, VULNERABILITIES AND REMEDIATION 14

high alert Technology alone is not enough to solve the problem As long

15 Key Takeaways Shared responsibility is required Defense in-depth is not a want to it s a need to This is the norm and businesses must be on high alert Technology alone is not enough to solve the problem As long as it took me to cover this slide in 90 seconds..you have been attacked 15

16 THE BLACK MARKET REPORT A LOOK INSIDE THE DARK WEB

17 Peek Inside the Dark Web with the TRU Team ARMOR S THREAT RESISTANCE UNIT (TRU) RESEARCHERS FOR 3 MONTHS COMPILED INFORMATION FROM DOZENS OF FORUMS AND MARKETS IT MONITORS ON THE DARK WEB 17

Beneath the Surface SURFACE WEB This represents everything on the Internet indexed by search engines such as Yahoo and Google, and is only a small portion of what is online.

18 Beneath the Surface SURFACE WEB This represents everything on the Internet indexed by search engines such as Yahoo and Google, and is only a small portion of what is online. OUR MESSAGE IS CLEAR FOR BUSINESS LEADERS 1 Tools to enable persons to commit cybercrimes are highly developed, easy to acquire and easy to use, even for novices. INVISIBLE TO STANDARD SEARCH ENGINES DEEP WEB While sometimes confused with the term Dark Web, the Deep Web is the part of the Web not indexed by standard search engines, and represents the bulk of the content online. The vast majority of this content is innocuous. 2 The market to sell and buy illegally obtained data is well established, and based on our monitoring, all data has value in the underground black market. It s all for sale. SPECIAL ACCESS REQUIRED DARK WEB A subset of the Deep Web, the Dark Web refers to content on darknets and overlay networks that can only be accessed with specific software, configurations or authorization. 3 No matter where your business is based and no matter what market you may operate in, your organization is open for business to threat actors on a worldwide scale. Enable your security leaders with the resources to do what is necessary to protect your organization. 18

19 Den of Thieves THE CYBER UNDERGROUND IS FLOODED WITH DATA. CREDIT CARDS BANK ACCOUNTS SOCIAL SECURITY NUMBERS CYBERCRIME- AS-A-SERVICE EVERYTHING A BUDDING CYBERCRIMINAL NEEDS TO GET STARTED. 19

20 The Treasure Trove CREDIT CARD DATA FROM COUNTRIES AROUND THE WORLD SELLING FOR AS LITTLE AS Example: Compromised ATM Cards WITH A $2,000 BALANCE SECURITY CODE 20

21 Bank Heist Thieves go where the money is, so it is not surprising that they continue to have some of the largest banks and online payment providers in their sights. 21

22 Identities, SSN, and Passports Oh My! FAKE PASSPORTS AND OTHER DOCUMENTS MAKE IT EASY TO ASSUME IDENTITIES. Example: Identities for Sale GET AN ONTARIO DRIVER S LICENSE A CANADIAN PASSPORT 22

23 Identities, SSN, and Passports Having a fake identity opens the door to all kinds of fraud; nevertheless, the market for fake and stolen documents is thriving. 23

24 Cybercrime-As-A-Service HOW CYBERCRIME-AS-A-SERVICE AND MALWARE DEVELOPERS PITCH THEIR CUSTOMERS. Example: Hacker Handbooks Offer a How-to for Criminals TUTORIAL BUNDLES OFFERED AT LOW COST TO LOW-SKILL HACKERS 24

25 Cybercrime-As-A-Service The movers and shakers of this market have various models for generating income, one of the most profitable of which is selling cybercrimeas-a-service. 25

26 C-LEVEL B-LEVEL A-LEVEL Commodity Threat Targeted Threat Advanced Targeted Threat 80% 19.9% 0.1%

27 Mo Money WHY YOUR SOCIAL MEDIA ACCOUNTS ARE WORTH MORE THAN YOU THINK. Example: The Price of Instagram Brute Forced Accounts 1,000 ACCOUNTS 2,500 ACCOUNTS 5,000 ACCOUNTS 10,000 ACCOUNTS 27

28 Reward Points and More HOTEL AND AIRLINE REWARDS POINTS ARE TURNED INTO PROFIT. Example: The Price of a Hotel Loyalty Account COMPROMISED REWARDS ACCOUNT WITH 50,000 POINTS 28

29 95% OF CLOUD SECURITY FAILURES THROUGH 2020 WILL BE THE CUSTOMERS FAULT. That means the biggest threat to your cloud is you don t know what you don t know. Let s Talk About Cloud

30 THANK YOU Download these full Stephen.Gooding@armor.com

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER