Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

Transcription

1 Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

2 Modern Challenges

3 By 2020, 60% of Digital Businesses will suffer Major Service Failures due to the inability of IT Security Teams to manage Digital Risk! ~ Gartner

4 Lack of Security Talent 86% of respondents believe there is a shortage of skilled cybersecurity professionals 0% unemployment rate for cybersecurity professionals (Source: Information Systems Audit and Control Association - ISACA)

5 146 days before detecting Targeted Attacks 53% of attacks discovered externally

6 Source: Live proof of concepts 263 organizations, % 65% 80% Had zero-day or Had active Had network Command and Control unknown attacks in their or malware exploits networks

7 60% 90% of malware only affects Only 60 seconds of to malicious encrypt domains endpoints are alive with for one less ransomware device than hour Sources: Trend Research, Verizon Data Breach Report, 2016

8 Data Center Challenges

9 Infrastructure Modernization Containers Serverless Public Cloud AWS Lambda Azure Functions Physical Servers Virtual Servers Virtual Desktops

10 Increasingly, organizations are asking what can t go to the cloud, rather than what can Source: Gartner Blog Network. The end of the beginning of cloud computing by Lydia Leong

11 Performance Protection Simplified management against without advanced compromising and operational threats across security across environments efficiency, legacy especially and with modern ability in light to architectures of audit skills shortage

12 Timely Patch Management Wishful Thinking Test Completed Time Patch Available (if in support) Begin Deployment Vulnerability disclosed or exploit available

13 Ransomware in the Modern Data Center Attacks typically focus on users, but spread to servers through file shares Some new attacks (WannaCry) are focusing on unpatched and vulnerable servers!

14 Data Center Security Approach

15 #1 - Focus on Time to Detect

16 Block and Prevent Detect and Respond

17 Gartner s Adaptive Security Architecture Policy Predict Risk-prioritized exposure assessment Adjust posture Implement posture Harden systems Prevent Anticipate threats/attacks Baseline systems and security posture Remediate Design/model policy change Adjust posture Continuous visibility and assessment Users Systems System activity Payload Network Monitor posture Isolate systems Prevent attacks Detect incidents Confirm and prioritize risk Respond Investigate incidents/ retrospective analysis Contain incidents Detect Compliance

18 #2 Machine Learning and AI

19 Artificial Intelligence Deep Learning Neural Networks Machine Learning SUPERVISED LEARNING Nearest Neighbor Decision Trees Support Vector Machine (SVM) and more Clustering UN-SUPERVISED LEARNING and more Perception: Vision, object tracking and more Language: NLP, Translation

20 ML tricked to recognize photos as an ostrich Researchers tuned the input images to maximize the prediction error and called these adversarial examples. Exactly what malware authors are going to do. doing. Source: Intriguing properties of Neural Networks, Szegedy et al., Feb 2014,

21 #3 - Servers are Not Endpoints

22 Application-Specific: WAF, DDOS Less Critical AV Deception Vulnerability Shielding Optional server protection strategies Advanced behavioral Detection and response IAAS data at rest Encryption Exploit Prevention/Memory Protection Application controls/whitelisting Integrity Monitoring/Management Core server protection strategies Network Segmentation and Traffic Visibility Foundational No Arbitrary Code No , Web Client Configuration and Vulnerability Management Operations Hygiene Admin privilege Management Change Management Log Management Gartner Cloud Workload Security Source: Gartner (March 2016)

23 #4 - Intelligence Sharing Across Security Controls

24 Your Security is as strong as your Vendor s Threat Intelligence

25 #5 Centralized Visibility and Control

26 Mining of Security Data Lots of information but no correlation!

27 Minimum Best Practices

28 Key Best Practices

29 Trend Micro Approach

30 Defend Against Network & App Threats Sandbox Analysis Intrusion Prevention Application Control Machine Learning Integrity Monitoring Behavioral Analysis Log Inspection Anti-Malware & Content Filtering

31 LEGEND The Good, The Bad and The Unknown Known Good Known Bad Unknown Anti-Malware & Web Reputation Intrusion Prevention (IPS) & Firewall Integrity Monitoring & Log Inspection Application Control MUST Machine Learning Behavioral Analysis Safe files & actions allowed Custom Sandbox Analysis Malicious files & actions blocked

32 Reduce Operational Impacts Reduce operational costs of emergency & ongoing patching Protect systems where no patches will be provided Secure server and application-level vulnerabilities Virtual patch available Time Patch Available (if in support) Continuous protection Test Begin Deployment Completed WannaCry ransomware protection delivered in March, 2017, with enhancements at public disclosure (May 2017) Vulnerability disclosed or exploit available

33

34

35 Stop Ransomware Use layered security to: Stop ransomware on servers with advanced malware prevention that includes behavioral monitoring Lock down Windows & Linux servers with application control Shield from network attacks with IPS, including the protection of network file shares (over SMB) Stop lateral movement and detect command & control (C&C) traffic File Servers C&C Communication Other Servers

36 We are the BEST!!! Leader for 14 straight years!

37 The MARKET LEADER in server security for 7 straight years Other Intel 30% Symantec Source: IDC, Securing the Server Compute Evolution: Hybrid Cloud Has Transformed the Datacenter, January 2017 #US

38

39 Thank you MUHAMMAD WAJAHAT RAJAB, PRE-SALES CONSULTANT TREND MICRO, PAKISTAN & AFGHANISTAN