#MicroFocusCyberSummit

Transcription

1 #MicroFocusCyberSummit

2 Preparing for When Your Organization Will be Breached: Prioritizing and Protecting Paulo Veloso Shogo Cottrell #MicroFocusCyberSummit

3 What s happening in the market? Approximately 40,000 Tesco Bank accounts were compromised in a cyberattack November % companies were victims of cyber attack in the year Ponemon Institute Study 66% of consumers will stop doing business with a company that has suffered a cyber breach. Study by Centrify 3

4 The World is Feeling the Economic Pressures World Economic Forum 2018 Global Risk Report Top 10 risks in terms of likelihood #3 Cyber attacks 2015 Attack on Ukraine s power grid shut down 30 substations, interrupting power to 230,000 people 2016 SWIFT attack led to the theft of US$81 million from the central bank of Bangladesh Today European Aviation Safety Agency has stated their systems are subject to an average of 1,000 attacks each month Global interconnectedness continues to expand the attack surface 4

5 What is the Impact? Cost of breach as high as $74 million - Ponemon Institute study 40% increase in data breach last year - Identity Theft Resource Center 90% CFOs claim cyber-security concerns as the primary reason to implement new software security tools BDO Survey,

6 Cyber Risk Increased The new battlefield Patch or perish Monetization of malware Vanishing perimeter Perimeter in your pocket Defending interactions between users, apps, and data Back to the basics Unintended consequences Vendor transparency Ransomware ATM-malware Banking Trojans 6

7 Cycle of Security Breaking the Cyber Kill Chain

8 8

9 Security Focus Areas What to Prioritize and Protect APP Static, Dynamic, & Runtime application testing Application security-as-aservice DATA Data de-identification (encryption/tokenization) Key management Hardware-based trust assurance Messaging security IDENTITY & ACCESS Adaptive Identity governance Adaptive access management Adaptive privileged users ANALYTICS & MACHINE LEARNING GOVERNANCE, RISK & COMPLIANCE ediscovery & Classification Information Management ENDPOINT Lifecycle management Patching & containerization Application virtualization Mobile & server management OPERATIONS Real-time detection Workflow automation Open source data ingestion Hunt and investigation 9

10 Security Focus Areas What to Prioritize and Protect IDENTITY & ACCESS APP Static, Dynamic, & Runtime application testing Application security-as-aservice DATA Data de-identification (encryption/tokenization) Key management Hardware-based trust assurance Messaging security Adaptive Identity governance Adaptive access management Adaptive privileged users ANALYTICS & MACHINE LEARNING ENDPOINT Lifecycle management Patching & containerization Application virtualization Mobile & server management OPERATIONS Real-time detection Workflow automation Open source data ingestion Hunt and investigation 10

11 Identity Powers the Future of IT Users Devices Identity Access Insight Cloud Salesforce Workday Office365 SAP Hybrid Things Services Governance Provisioning Privileged Identity Self Service Social Registration Unified Identity Roles Analytics Data Security Risk Based Access SSO Privileged Access Federation Multi-Factor Mobile Social Access Analytics Data Security SIEM File Integrity Privileged Monitoring Configuration Monitoring Change Monitoring Analytics Data Security Azure AWS On-Premise

12 Identity Self Services Identity Management Self Service Password Reset Identity Manager Identity, Governance & Administration Governance & Compliance Identity Governance Identity Powered Security

13 WebAccess Access Manager Access Identity Powered Security Enterprise Access Secure Login

14 Identity Powered Security Authentication Advanced Authentication

15 Privileged Accounts Identity Powered Security Privileged Account Manager Security Directory & Resource Administrator Secure Administration Group Policy Administrator

16 Identity Powered Security SIEM Sentinel Activity Monitoring Change Guardian Reporting and Logging

17 Identity Self Services Identity Management Self Service Password Reset WebAccess Identity Manager Identity, Governance & Administration Access Access Manager Governance & Compliance Identity Governance Privileged Accounts Privileged Account Manager Security Identity Powered Security SIEM SIEM Authentication Advanced Authentication Enterprise Access Secure Login Directory & Resource Administrator Secure Administration Group Policy Administrator Activity Monitoring Reporting and Logging

18 Security Focus Areas What to prioritize and protect IDENTITY & ACCESS APP Static, Dynamic, & Runtime application testing Application security-as-aservice DATA Data de-identification (encryption/tokenization) Key management Hardware-based trust assurance Messaging security Adaptive Identity governance Adaptive access management Adaptive privileged users ANALYTICS & MACHINE LEARNING ENDPOINT Lifecycle management Patching & containerization Application virtualization Mobile & server management OPERATIONS Real-time detection Workflow automation Open source data ingestion Hunt and investigation 18

19 Best Approach: Build It In The only way to keep up is to build security into your processes and tools Key Concerns Business requires an increasing number of applications and faster release cycles hard for security to keep up Development and security teams are not integrated Tools across different teams are not standardized 90% Percentage of security incidents from exploits against defects in the design or code of software. 1 80% Percentage of applications containing at least one critical or high vulnerability Source: 1 U.S. Department of Homeland Security s U.S. Computer Emergency Response Team (US-CERT) Application Security Research Update by the HPE Software Security Research team, 2017

20 Best Approach: Build It In The only way to keep up is to build security into your processes and tools Solution Discussion The average cost of a security breach is $3.62M 1 The key to effective application security is to build it in to the development process Vulnerabilities found in the production/post-release phase are 30 times more costly to fix than vulnerabilities found earlier in the lifecycle Source: Ponemon Institute Cost of Data Breach Study 2 National Institute of Standards & Technology (NIST)

21 The Only Way to Keep Up is to Build It In Static Code Analysis Static Code Analyzer (SCA) Dev DevSecOps Ops Real-time Application Self Protection Create Plan Prevent Detect Continuous Integration Monitoring and Analytics Continuous Improvement Continuous Deployment Continuous Configuration Continuous Learning Monitoring and Analytics Continuous Monitoring Dynamic Application Security Testing Verify Preprod Continuous Delivery Predict Respond Source: 10 Things to Get Right for Successful DevSecOps, Gartner, Inc., 2017

22 Implementing an End-to-End AppSec Strategy Static Code Analysis (SAST) Web Dynamic Testing (DAST) Runtime Protection (RASP) Management Console Static Code Analyzer (SCA) WebInspect App Defender Design Code Test, Integration & Staging Production Application Development IT Operations 22

23 Security Focus Areas What to prioritize and protect IDENTITY & ACCESS APP Static, Dynamic, & Runtime application testing Application security-as-aservice DATA Data de-identification (encryption/tokenization) Key management Hardware-based trust assurance Messaging security Adaptive Identity governance Adaptive access management Adaptive privileged users ANALYTICS & MACHINE LEARNING ENDPOINT Lifecycle management Patching & containerization Application virtualization Mobile & server management OPERATIONS Real-time detection Workflow automation Open source data ingestion Hunt and investigation 23

24 Endpoint Security Securing the digital workspace User self-services Service Desk, Mobile Workspace, Desktop Containers USER WORKSPACE Self-services Automation configuration Configuration Management, Endpoint Security, Mobile Workspace, Service Desk, Patch Management, Desktop Containers, Asset Management Compliance Data Data User Based Devices Devices Single pane of glass Asset Management, Patch Management, FDE, Endpoint Security BYOD Apps Apps The ZENworks Control Center / Common End User Portal Security Full Disk Encryption, Endpoint Security, Mobile Workspace, Desktop Containers, Patch Management 24

25 Security Focus Areas What to prioritize and protect IDENTITY & ACCESS APP Static, Dynamic, & Runtime application testing Application security-as-aservice DATA Data de-identification (encryption/tokenization) Key management Hardware-based trust assurance Messaging security Adaptive Identity governance Adaptive access management Adaptive privileged users ANALYTICS & MACHINE LEARNING ENDPOINT Lifecycle management Patching & containerization Application virtualization Mobile & server management OPERATIONS Real-time detection Workflow automation Open source data ingestion Hunt and investigation 25

26 Shared content Security Operations Modular, Open, Intuitive Security Operations (On-prem & Managed) Security Analysts Level 1 Workbench Investigation, integration, case management Workbench Investigation Workbench Investigation Reporting & Compliance 3 rd Party BI Tools Security Analysts Level 2 Event Prioritization Risk Prioritization Hunt Team Real Time Correlation Detection Analytics Hunt Exploration Engines Archive, Search UEBA R ML BI Tools Data Sources (Structured & Unstructured) + Control points Users Cloud minutes 30 days Data Lake days 7 years 7 years Apps Servers & Workloads Message Bus Network Endpoints IoT Connectors IT OT IOT Cloud Physical Flow Data Sources Vuln Intel Asset Users Temporal Enrichment

27 From Data Chaos to Security Insight IT SIEM Hadoop IT SIEM Hadoop OT IOT UBA Advanced Analytics Hunt OT IOT Event Broker UBA Advanced Analytics Hunt Physical Visualization Physical Visualization Traditional N : 1 Architecture Open N : M Architecture

28 Intelligent SOC Solution More Sources More Use Cases More Secure

29 Security Focus Areas What to Prioritize and Protect IDENTITY & ACCESS APP Static, Dynamic, & Runtime application testing Application security-as-aservice DATA Data de-identification (encryption/tokenization) Key management Hardware-based trust assurance Messaging security Adaptive Identity governance Adaptive access management Adaptive privileged users ANALYTICS & MACHINE LEARNING ENDPOINT Lifecycle management Patching & containerization Application virtualization Mobile & server management OPERATIONS Real-time detection Workflow automation Open source data ingestion Hunt and investigation 29

30 Data security coverage End-to-end Protection New Best Practice: Data-centric Security Threats to Data Traditional IT Infrastructure Security Data Ecosystem Security Gaps Data-centric Security Credential Compromise Authentication Management Data and applications Security gap Traffic Interceptors SSL/TLS/ firewalls Middleware Security gap SQL injection, Malware Database encryption Databases Security gap Malware, Insiders SSL/TLS/ firewalls File systems Security gap Malware, Insiders Disk encryption Storage 30 30

31 Protect your data by using FPE Live data capture & protection at source Useful pseudonymised data in applications, storage, analytics Controlled granular access to sensitive data by policy Discovery, Classification, Conversion, Protection Governance & Use - central policy controlled granular data access and audit

32 Secure Stateless Tokenization (SST) Stateless - redundancy, failover, scalability are easy Customized token formats Token multiplexing Credit Card SST Partial SST Obvious SST AZ UYTZ 4321 BIN Mapping

33 Data Protection with FPE and SST Name SS# Credit Card # Street Address Customer ID James Potter Farland Avenue G Ryan Johnson Grant Street S Carrie Young Cambridge Court B Brent Warner Middleville Road G Anna Berman Hamilton Drive S FPE FPE SST FPE FPE Name SS# Credit Card # Street Address Customer ID Kwfdv Cqvzgk Ykzbpoi Clpppn S Veks Iounrfo Cmxto Osfalu B Pdnme Wntob Zejojtbbx Pqkag G Eskfw Gzhqlv Saicbmeayqw Yotv G Jsfk Tbluhm Wbbhalhs Ueyzg B Secured data access under strict policy controls Name SS# Credit Card # Street Address Customer ID Anna Berman Hamilton Drive S Guaranteed referential integrity or fully randomized output by policy Enables data protection and data de-identification from one framework Can be used to generate test data for QA, training, etc.

34 APP Static, Dynamic, & Runtime application testing Application security-as-aservice DATA Data de-identification (encryption/tokenization) Key management Hardware-based trust assurance Messaging security IDENTITY & ACCESS Adaptive Identity governance Adaptive access management Adaptive privileged users ANALYTICS & MACHINE LEARNING ENDPOINT Lifecycle management Patching & containerization Application virtualization Mobile & server management OPERATIONS Real-time detection Workflow automation Open source data ingestion Hunt and investigation 34

35 Thank You. #MicroFocusCyberSummit

36 #MicroFocusCyberSummit