Defence Strategies For Managing Network Security Risks

Transcription

1 In association with Defence Strategies For Managing Network Security Risks October 2017 Axians is the VINCI Energies brand dedicated to ICT

2 Chapter 1. Security Insights 1. Introduction - The Battle of the Network 2. Network Security Defence 2.1 Data Protection What are the best practices to protect you network? Match the Security Monster Move for Move with Sky ATP 2.2 Malware What are the best practices to protect you network? Juniper Networks: When Malware Strikes 2.3 DDoS What are the best practices to protect you network? Verisign: Detect and Mitigate 3. The Axians Approach - Security Assessments Defence Strategies for managing network security risks 2

3 Network Gods and Monsters THE BATTLE AGAINST CYBER SECURITY THREATS Mythology has taught us to avoid the traps and the beaten path and keep an eye out for the monsters. In Greek Mythology, the monsters are varied in size, style and appearance, and much like the types of security breaches that continue to emerge, these are threats we need to know how to overcome. But sometimes when you cut of the head of the three-headed monster, two more heads appear in their place. So, what defences are there and how do we defeat them? Network failure is not an option in a world where connection is a demand from consumers 24/7. When there is a security breach in your network, there needs to be minimal delay in mitigating that risk with no disruption to service. Network security attacks are constantly evolving and becoming more intelligent and harder to detect, but so is the technology that helps to defend your business. In today s environment, the security landscape needs regular monitoring and refinement and the right tools to protect against any attacks. If you protect yourself against one type of monster, you may find that next time it attacks, it has some new tricks up its sleeve. So do not ignore the monsters lurking in the dark corner of the network; discover their weaknesses and sharpen your tools in preparation. Defence Strategies for managing network security risks 3

4 Network Security Defence KNOW YOUR DEMONS AND HOW TO DEFEAT THEM The Tale of Jamven Taletreader (The Iron Knight) and Spycron, The Data Demon According to legend, Jamven Daveak was trained in the clouds as a young boy, wielding his bow and arrows to strike The Data Demons from great distances. He is never seen without his layers of armour in order to protect his people from Spycron, who pick vulnerable networks to swoop down on, clawing through data and taking rich pickings that they can blackmail for gold. Defence Strategies for managing network security risks 4

5 Network Security Defence BEST PRACTICES TO PROTECT YOUR NETWORK DATA Defence Strategy Data protection must form an integral part of the architecture of every organisation, considering the way people work and communicate and how it can be done as safely and efficiently as possible. All organisations need to balance the level of importance of the data held, where it comes from, how it s hosted, and who it goes to, with the level of security measures they put in place. A sustainable framework for data governance and security, crisis management procedures and IT architecture needs to be established to achieve a strong security ecosystem and should be at the heart of every piece of technology used. Defensive tools Sky Advanced Threat Protection (ATP) accesses intelligence from the network on where attacks are and how to mitigate them. This integrates into the Juniper Software Defined Secure Network portfolio, building a self-healing policy and security into the core of the network. Under this framework the response is automated so that you can fight more than one security monster at a time, bringing together a more coherent and powerful protection. Flowmon will detect unusual activity in the network. Not only will it detect it, but it will isolate the issues to be fixed. It allows you to look at the behaviour of the network rather than the specific infection. Axians Security and Risk Assessments help understand the network challenges, for an outcome that protects your specific needs. By reviewing, understanding and interpreting data we can build risk assessments to help towards data compliance regulations. Attack Spying and stealing your data Accessing your business Eating away at your operations Defence Real-time protection Extra layers of defence Direct Detection Defence Strategies for managing network security risks 5

6 MATCH YOUR SECURITY MONSTER MOVE FOR MOVE WITH JUNIPER SDSN Defence Strategies For Managing Network Security Risks 6

7 Juniper Networks As security threats continue to rise, it is not enough to use traditional security measures for defence. To outsmart cyber criminals, you need an intelligent and automated security solution that can match the bad guys move for move. The Software-Defi ned Secure Network (SDSN) is a cyber defence ecosystem, ready to defend your business with end-to-end security capabilities that mitigate the risk of a breach. Juniper s software defined secure networks looks to automate security and adapts to stop new, hardto-detect threats. Increase Sophistication Increase variability Detecting threats that are already inside Crucially keeping data secure throughout your network The Next Line of Defence Crucially keeping data secure throughout your network Why Juniper Leverage the entire network, including the access switches Expanded defence posture includes third part switches SDSN adapts to stop new, hard to detect threats Utilise end-to-end automated security Defence Strategies for managing network security risks 7

8 Network Security Defence BEST PRACTICES TO PROTECT YOUR NETWORK FROM MALWARE The Tale of Daveak Goblinsfoe and Kribsell,The Ransomware Reptile Daveak, known for his firey auburn hair and sharp wit, is poised with his fist of fire and flaming sword to protect the network from Kribsell, The Ransomware Reptile. His long, green tentacles reaching into the network and poisoning systems will make your systems and business vulnerable. Defence Strategies for managing network security risks 8

9 Network Security Defence BEST PRACTICES TO PROTECT YOUR NETWORK FROM MALWARE Defence Strategy Attacks like phishing s are dangerous. They reach out to the whole business, easily going undetected. Big attacks such as Mirai and Petya have shown that these threats can damage your business by infecting and deleting data. Some of these attacks come through trusted sources and software, so your systems are the fi rst line of defence. But your network needs strong visibility to detect and isolate these attacks. All web connected devices, if not secured, are open doors for any malicious organisations or individuals to gain access to internal networks or the end-point device itself. Consequently, businesses need to ensure that they seek expertise from professionals to understand the risks and vulnerabilities as well as the effective mitigation and prevention methods. Defensive tools Sky ATP (Advanced Threat Protection) accesses intelligence from the network on where attacks are and how to mitigate them. It seeks out the monster and informs the network, saving your business valuable time and operational costs. Flowmon Network Behaviour Anomaly Detection (NBAD) solution will detect if there is malware on any device, sensing unusual activity in the network. Not only will it identify the activity, it will isolate the malware to be fi xed. This allows the administrator to look at the behaviour of the network rather than the specific infection. Axians Security Assessments and Audits will provide the visibility and expertise to help understand the network challenges. By reviewing, understanding and interpreting the data you can make sure that improvements are continually made. Defence Direct Detection Eradicates infections Isolation and Mitigation Attack Malicious Ransomware Damages and blocks information Infects your systems Defence Strategies For Managing Network Security Risks 9

10 WHEN MALWARE STRIKES: HOW WILL YOU PROTECT YOUR NETWORK? Sky Advanced Threat Protection (ATP) Defence Strategies For Managing Network Security Risks 10

11 Juniper Networks Sky ATP uses machine learning across all detection techniques. It employs a number of innovative techniques to lure malware into revealing itself, which measurably increase detection rate. Sky ATP also detects software communicating to unusual servers and evaluates that activity. A full networking hardware portfolio routers, switches, and fi rewalls gives a much richer set of data and behaviour, far beyond what is available to vendors who only offer standalone security appliances. New strains of malware are constantly threatening businesses and creating angst for IT Managers. As cyber risks grow in both volume and sophistication, the tools used to fi nd and eradicate them have to get smarter and scale better. Early in Sky ATP s analysis pipeline, each new sample is run against a suite of anti-virus engines, which is a fast and effi cient way to catch and fi lter out known threats and their close variants. The Juniper Approach Juniper Networks Sky ATP cloud-based solution detects malware and mitigates threats. Unlike many other security systems, which started out simplistic and evolved over time, Sky ATP was purposebuilt to take full advantage of modern and innovative machine-learning techniques. Sky ATP includes the information and identifies what traditional threat prevention tools use but, in addition, takes advantage of ambiguous structural and behavioural properties of potential malware to determine maliciousness. Removing these known threats from the analysis pipeline as early as possible reduces the load on the more computationally expensive parts of the pipeline, which include static analysis engines and full sandbox detonation. Traffi c is fed to the cloud from customers Juniper Networks SRX Services Gateways. This way, requirements to adapt to the current threat landscape are made centrally, and customers do not have to change out their fi rewalls. Conclusion While machine-learning isn t, by itself, the golden bullet, it fundamentally changes the security landscape by improving accuracy of detection. Machine-learning doesn t remove the people in the network, it enables them by handling complex data. Combined with other security methods, machine-learning is the only tool available that can tame attacks at a massive scale. Defence Strategies For Managing Network Security Risks 11

12 Network Security Defence BEST PRACTICES TO PROTECT YOUR NETWORK FROM DDOS The Tale of Aluvial Urthadar (The Scout) and Drisddos, The Bison Aluvial Urthadar, with her powerful rope skills is the best of the best, never failing at a quest to defend the paths of the kingdom as its most loyal scout. She has a knack to trick The Bison, sending him off the capacity path. Without this protection from Aluvial, Drisddos and his botnets can easily overwhelm the village, causing distraction and consuming your data crops. Defence Strategies for managing network security risks 12

13 Network Security Defence BEST PRACTICES TO PROTECT YOUR NETWORK FROM DDOS Defence Strategy DDoS attacks can overwhelm the network bandwidth, which could lead to satisfaction in your services dropping. It not only sits on your network consuming bandwidth, but can be used to distract you from other viruses and monsters that are elsewhere, infecting systems. All is not lost, as 75% of DDoS attacks could be mitigated with the hardening of your network. Using fl ow-based protection, you can detect spikes in the bandwidth across a large estate. It helps by identifying things out of the ordinary. On-premise detection and mitigation is also a defence strategy. This will show you what is going in and out of the network, allowing you to stop monsters getting through. If you have more than one path of network traffi c to deal with, there are solutions and tools available to provide a control room, so you can direct bad traffi c to where it can be mitigated, without disrupting day-to-day operations. Defensive tools Verisign s DDoS protection services, cloud-based mitigation platform, offers a complete DDoS protection solution; intelligence-driven to protect your critical applications and network. Corero uses an on-premise mitigation solution, where the search for cyber attacks who have invaded a network allows for these intruders to be mitigated immediately. Axians DDoS Risk Assessments provides you with a report based on the data and best practice to implement, mitigate or limit the exposure of a DDoS attack. Attack Eats and blocks bandwidth Distracts you from other attacks Possessive and hungry Defence Detecting their network movements Maintaining the path Multiple route mitigation Defence Strategies For Managing Network Security Risks 13

14 VERISIGN In Q2 2017, Verisign observed that DDoS attacks remain unpredictable and persistent, and vary widely in terms of volume, speed and complexity. As such, DDoS events need to be closely monitored for changing vectors in order to optimize mitigation strategies. NUMBER OF ATTACKS ATTACK PEAK SIZE AVERAGE ATTACK PEAK SIZE MOST COMMON ATTACK TYPE MITIGATED 55% decrease compared to fi rst quarter Volume: 12 gigabits per second Speed: 2.5 Million packets per second 2.7 Gbps 25% of attacks over 5Gbps 57% User Datagram Protocol Floods 74% Employed multiple attack types Q Verisign DDOS Trends Report EXECUTIVE SUMMARY DDoS attacks and ransomware attacks are damaging enough when used separately to cripple an organization s network. However, cybercriminals are becoming more sophisticated and are combining DDoS attacks and ransomware for greater impact. In one published attack, there was a ransomware variant that held the organization s machine and data hostage until the ransom was paid. While the attackers waited for the ransom payment, they used the organisation s machines as botnets to launch DDoS attacks on another unsuspecting victim. Defence Strategies For Managing Network Security Risks 14

15 DETECT AND MITIGATE Defence Strategies For Managing Network Security Risks 15

16 Defence Strategies for managing network security risks 16

17 The Axians Approach REDUCE THE IMPACT OF CYBER SECURITY BREACHES ON THE NETWORK A large percentage of businesses in the UK have suffered a security breach in their network in the last year, costing in operations loss, brand reputation damage and profi tability. With the complexity of attacks increasing, it is diffi cult to keep up to date and ensure that you have the appropriate security infrastructure in place to mitigate any threats and protect your network and customers. Our Network Security Assessment has been designed to deliver a rapid, detailed picture of the current state of your network and access security. Helping businesses meet objectives and ensure defences are in place. Our approach includes a three-phase programme; assess, educate and prepare. We start by understanding your security needs and requirements for change: Conducting an in-depth audit of: The Current Network Access Security Structure Services And Features Our recommendations: Where And How Changes Can Be Made How To Be More Secure And Reduce Risk Address Gaps And Meeting Business Security Requirements At the end of the assessments we offer: Observations And Recommendations For Next Steps Analysis Of Data Gathered A Final Workshop To Discuss Findings In Detail And Provide Consultancy. Defence Strategies For Managing Network Security Risks 17

18 #battleforthenetwork Viables 3, Jays Close Basingstoke RG224BS +44 (0) axians.co.uk