Connect Securely in an Unsecure World. Jon Clay Director: Global Threat

Transcription

1

2 Connect Securely in an Unsecure World Jon Clay Director: Global Threat

3 More devices More data More risks

4 Global Risks Landscape 2018 Source:

5

6

7

8

9 Threat Landscape in Review In the second quarter of 2018 the Trend Micro Smart Protection Network security infrastructure blocked over 11 billion threats a 1.6 billion increase from last quarter.

10 Number of threats blocked threats made up 84% of the overall threats blocked in Q2.

11 Malware detections 1H 18

12 Home Router Data

13 202 SCADA HMI vulnerabilities this midyear, versus 144 for the entire previous year.

14 Connect Securely

15 Security Vendor Support Industry Consumers Business Government Healthcare Law Enforcement Responsible disclosure Alerts, blogs, news, reports, guidance Threat Intelligence Sharing Free tools Public/Private Partnerships Threat Research Cyber Threats Vulnerabilities & Exploits Targeted Attacks AI & Machine Learning IoT OT / IIoT Cybercriminal Undergrounds Future Threat Landscape Insights to improve technology and products

16 Data The Foundation of AI / Machine Learning Malware and benign samples Behavior logs Statistics of File, IP, Domain Histogram, Prevalence, Distribution, etc. Honey pot s Hosted Service Web URL Web page contents Exploit kits Device info & identification CVE database NetFlow logs Process behavior logs Correlated Data + In-depth Knowledge

17 Vulnerability Lifecycle Pre-disclosure Virtual Patch Post-disclosure Patch Vulnerability Discovered Vulnerability Privately Disclosed Vulnerability Publicly Disclosed Vulnerability Introduced Patch Available Patch Installed Patch Installed Patch Installed

18 Best Practices User Security Passwords Safety Online Safety Outside of the office Use a different password for EVERY account Use a password manager Trend Micro Password Manager LastPass 1Password Use long and complex passwords No Post-it notes under your keyboard Don t tell anyone your password(s)

19 Best Practices User Security Passwords Safety Online Safety Outside of the office Phishing awareness training Trend Micro Phish Insight Cofense KnowBe4 Use encryption

20 Best Practices User Security Passwords Safety Online Safety Outside of the office Use Two Factor Authentication Trust but verify links Minimize use of cloud file-sharing Dropbox Box Google Drive Don t overshare online

21 Best Practices User Security Passwords Safety Online Safety Outside of the office Be cautious with public Wi-Fi Keep private work conversations private Restrict remote access Close RDP ports Enforce VPN use Only necessary users

22 Best Practices Device Security Computers/Servers Mobile Devices Wi-fi Routers Other Devices (Printers, Copiers, Switches, Routers) Centrally managed, business grade security software Isolate payment systems Restrict access to servers Use two-factor authentication Update software/firmware regularly

23 Best Practices Device Security Computers/Servers Mobile Devices Wi-fi Routers Other Devices (Printers, Copiers, Switches, Routers) Enforce passwords/passcodes Install security software Use two-factor authentication Update software/firmware regularly

24 Best Practices Device Security Computers/Servers Mobile Devices Wi-fi Routers Other Devices (Printers, Copiers, Switches, Routers) Change default username/password Disable remote management Restrict access to specific MAC addresses Use a separate SSID for Guests Enable encryption (WPA2) Use two-factor authentication Update software/firmware regularly

25 Best Practices Device Security Computers/Servers Mobile Devices Wi-fi Routers Other Devices (Printers, Copiers, Switches, Routers) Change default username/password Disable remote management Restrict access to specific MAC addresses Use two-factor authentication Update software/firmware regularly

26 THANK YOU Jon Clay Director: Global Threat