EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Transcription

1 EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security

2 Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack Application Attack 5.29% 0.03% 0.02% application-attack Application Attack 10.60% brute-force Brute Force 7.40% brute-force Brute Force 18.75% 40.55% suspicious-activity recon 15.67% 40.79% trojan-activity suspicious-activity trojan-activity recon 28.01% denial-of-service 22.36% denial-of-service other other Source: Alert Logic CSR 2015

3 Threats by Customer Industry Vertical Suspicious Activity Recon DoS Brute Force 100% 90% 80% 70% 60% 50% Application Attack 40% 30% 20% 10% 0% Source: Alert Logic CSR 2015

4 Global Analysis

5 Internet of Things Planes, Trains and Automobiles

6 Internet of Things Keyfobs and Garage Doors

7 Latest News Update as needed

8 Latest Activity Darkode taken down on July 15, 2015 Arrests made in 20 countries Despite Coordinated law enforcement efforts BotNet takedowns are more effective

9 HOW DO WE DEFEND AGAINST THESE ATTACKS

10 Security Architecture Firewall/ACL Intrusion Detection Deep Packet Forensics Netflow Analysis Network NAC DDOS Scanner Vulnerabilities Log Mgmt SDLC Patch Mgmt Server/App Mail/Web Filter Scanner Backup Anti-Virus Encryption GPG/PGP FIM Host Anti Malware IAM Central Storage

11 Data Correlation is the Key

12 Enterprise Cyber Security Teams

13 24x7 Security Operations Center and Intelligence Monitor intrusion detection and vulnerability scan activity Escalate incidents and provide guidance to the response team to quickly mitigate Incidents Search for Industry trends and deliver intelligence on lost or stolen data Identify and implement required policy changes Cross product correlate data sources to find anomalies Monitor for Zero-Day and New and Emerging attacks Collect data from OSINT and Underground Sources to deliver Intelligence and Content

14 SECURITY BEST PRACTICES

15 10 Best Practices of Cloud Security 1. Secure your code 2. Create access management policies 3. Data Classification 4. Adopt a patch management approach 5. Review logs regularly 6. Build a security toolkit 7. Stay informed of the latest vulnerabilities that may affect you 8. Understand your cloud service providers security model 9. Understand the shared security responsibility 10. Know your adversaries

16 1. Secure Your Code Test inputs that are open to the Internet Add delays to your code to confuse bots Use encryption when you can Test libraries Scan plugins Scan your code after every update Limit privileges Stay informed

17 2. Create Access Management Policies Identify data infrastructure that requires access Define roles and responsibilities Simplify access controls (KISS) Continually audit access Start with a least privilege access model

18 3. Data Classification Identify data repositories and mobile backups Identify classification levels and requirements Analyze data to determine classification Build Access Management policy around classification Monitor file modifications and users

19 4. Adopt a Patch Management Approach Inventory all production systems Devise a plan for standardization, if possible Compare reported vulnerabilities to production infrastructure Classify the risk based on vulnerability and likelihood Test patches before you release into production Setup a regular patching schedule Keep informed, follow bugtraqer Follow a SDLC

20 5. Importance of Log Management and Review Monitoring for malicious activity Forensic investigations Compliance needs System performance All sources of log data is collected Data types (Windows, Syslog) Review process Live monitoring Correlation logic

21 6. Build a Security Toolkit Recommended Security Solutions Antivirus IP tables/firewall Backups FIM Intrusion Detection System Malware Detection Web Application Firewalls Forensic Image of hardware remotely Future Deep Packet Forensics Web Filters Mail Filters Encryption Solutions Proxies Log collection SIEM Monitoring and Escalation Penetration Testing

22 7. Stay Informed of the Latest Vulnerabilities Websites to follow

23 8. Understand Your Service Providers Security Model Understand the security offerings from your provider Probe into the Security vendors to find their prime service Hypervisor Example Questions to use when evaluating cloud service providers

24 9. Service Provider & Customer Responsibility Summary Apps Secure coding and best practices Software and virtual patching Configuration management Access management Application level attack monitoring Hosts Hardened hypervisor System image library Root access for customer Access management Patch management Configuration hardening Security monitoring Log analysis Customer Responsibility Cloud Service Provider Responsibility Networks Logical network segmentation Perimeter security services External DDoS, spoofing, and scanning prevented Network threat detection Security monitoring Provider Services Compute Storage DB Network

25 10. Understand your Adversaries

26 To Follow our Research Twitter: Blog: - Newsletter: - Websites to follow Cloud Security Report - Zero Day Magazine -

27 Thank you.