Cybersecurity & Security as a Service Trends SteakOut, June 29, 2017
AGENDA Speaker Intros Top Cybersecurity Trends Security as a Service Trends Anti-Ransomware Solutions
MARK DALLMEIER CSO/CMO, Terra Verde Senior Executive, Entrepreneur Board Advisor, Consultant to Cybersecurity & Tech Companies Management Consultant to Start Up & Fortune 50 Companies: HP Hitachi Verizon Business DELL Century Link XO ABOUT TERRA VERDE Founded in 2008 by Cyber Security, Risk, Compliance Executives & Experts Headquartered in Phoenix Arizona Security, Risk, Compliance Consulting One of the Largest PCI QSA in Arizona Hundreds of Engagements Performed Across Multiple Continents Annually Invested Millions of Dollars, Thousands of Hours Developing TruSOC and Breach Radar - Managed Security Services TruSOC utilized by customers across the U.S.
Cybersecurity & Security as a Service Trends
You are a target: Its not paranoia - they really are Out to Get You! Criminals are organized, focused: Targeting businesses & individuals. It takes more than technology: People and Process (Gaps) create vulnerabilities.
March 2017 / Your Data = $: They want your data no really, they really want your data.
June 2017 / Your Data = $: They want your data no really, they really want your data.
Top Data Types Stolen 2016 (www.id911.com)
1.6 points 54 points 8 points -20 points -47.3 points Top Data Types Stolen June 2017 (www.id911.com)
Attack Trend 1: Ransomware - $1.8B+ (2016)
Ransomware Exploit Family Growth 2017
Ransomware 2017 Weaponized with NSA Tools
WannaCry 2.0 / EternalRocks When downloaded the tool downloads TOR browser and sends a signal to the tools server. Response delay set to 24 hours. It does not contain an attack command at this time however, leaves backdoor open for remote execution at any time. Renames itself to WannaCry once the callback is complete. Does not contain the KillSwitch that WannaCry does. Utilized 7 NSA Leaked Tools EternalBlue SMBv1 exploit tool EternalRomance SMBv1 exploit tool EternalChampion SMBv2 exploit tool EternalSynergy SMBv3 exploit tool SMBTouch SMB reconnaissance tool ArchTouch SMB reconnaissance tool DoublePulsar Backdoor Trojan
A large international company based in Asia Didn t know which of its devices and servers the hack had impacted, or even whether a hack had definitively occurred. Just a lot of weird stuff on their networks The company was already using security products like firewalls, network filters, and scanners, but none had detected an intrusion. After blocking the attackers from the network, they would resurge anywhere from 48 hours to four weeks later. In all, the attackers used over 70 different pieces of malware to carry out the various phases of the long-term attack. https://www.wired.com/2017/05/close-look-notorious-apt32-hacking-group-action/
Attack Trend 2: Business Email Compromise - $3B+ (2016)
Business Email Compromise Average Payout $140K
Attack Trend 3: Business Process Compromise - $3B+
Business Process Compromise Flow (Ave Payout - $1M+)
Business Trend 1: Compliance Investment, Enforcement
PCI DSS Compliance Average Fine: $5K-$50K+
HIPAA Compliance Average Fine: $1M+
Heath Record Data Breach Fine 2017: $115M
Consumer Financial Protection Bureau (CFPB) & Federal Trade Commission (FTC) Consumer Protection Average Fine & Penalty: $49M+
Telco MSPs Next Generation Security as a Service VARs Consulting Security as a Service Market Trend: Convergence
Market Trend: Telcos, IaaS, MSPs Entering The Market
Market Trend: Consolidation to Expand Services
Compliance PCI, HIPAA, SOX NIST, NERC-CIP COMBO Assessment Audit Pen Testing Vuln Scanning Prevention Social Engineering Risk Assessment Cyber Next Generation Security as a Service Ops SIEM IDS/IPS GRC Incident Response Detection Forensics Monitoring SIC vs SOC Threat Integration Big Data Analytics Risk Modeling Dark Web R/D R&D Market Trend: Security & GRC as a Service (2017-2018)
Top 10 Proactive Measures
Note: Utilize a maturity scale to identify what next steps are required to evolve your cybersecurity and compliance programs and your security defense posture, systems, tools, procedures. Cybersecurity Program development best practices resources and webinar can be found here: https://www.knowledgenet.com/cybersecurity-program-development-best-practices/ 1: Know Your Maturity Level & Define Future State
A. People B. Passwords C. Patching D. Backups https://www.terraverdeservices.com/resources 2-7: Deploy a Holistic Cyber-Hygiene Program
C Level Awareness Discussions Cyber Insurance Liability, Exposure Risk Management Process Disaster Recovery, Business Continuity 2016 SANS Cyber Insurance Survey Employee Awareness Campaigns Cyber-Hero & Cyber Squads: Internal Advocates. Cyber Minute: Ongoing Awareness. Cyber-Hygiene 101 Tips. SETA / LMS 8: Awareness Upstream & Downstream
https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf? 9: Map Out & Align with Critical Security Controls
Research resources, partners. (ISACA, ISSA, ISC2, CSA) Utilize available tools, partners, resources. (MS-ISAC) Subscribe to cyber intelligence resources, feeds. (Infragard.org, ACTRA) Participate in various cybersecurity industry associations and events. Find a trusted partner(s) & subject matter expert(s). Review, assess, rank, prioritize partners and vendors by ability to assist with planning, response. 10: Find Strategic Partners
Top 10 Measures 1. Cybersecurity & Compliance Gap Analysis (Current State) 2. Cyber-Hygiene Program (People, Passwords, Patching) 3. Ongoing Discovery (What is, should not be on network) 4. Modernize BCDR Plans (Ransomware, Social Engineering) 5. Data Back Ups (Off network) & Encryption (At Rest In Flight) 6. Update Tech & End Point Protection (+ Usage Policies) 7. Ongoing Risk, Cyber, Compliance Assessments (Program) 8. Security Education Training & Awareness 9. Evaluate Managed Security Operations & Compliance Services Partners (Making Investments in Next Gen Tech) 10. Identify Strategic Partners (Pre-Post Planning, Response)
Next Generation Anti-Ransomware Technology Paul Whittier, Channel Account Executive: Sophos 801.899.9317 Paul.whittier@sophos.com
PAUL WHITTIER Channel Account Executive, Sophos Business Builder Partner & Customer Advocate Sophos SonicWALL Novell Weber State University ABOUT SOPHOS Sophos began producing antivirus and encryption products nearly 30 years ago. Today our products help secure the networks used by 100 million people in 150 countries and 100,000 businesses, including Pixar, Under Armour, Northrop Grumman, Xerox, Ford, Avis, and Toshiba.
Synchronized Security Platform and Strategy Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere 38
Sophos Central Phish Threat Sophos Phish Threat is an advanced security testing and training platform designed to reduce your largest attack surface your end-users with effective security awareness testing and training. Optimized to help IT Organizations address the alarming increase in phishing and compliance threats, Sophos Phish Threat helps change user behaviour and reduce organizational risk through routine, real-world phishing simulations reinforced with effective training and actionable reporting. #1 Pick a Phishing Attack Campaign #2 Pick a Security Training Module #3 Manage End- User Response & Awareness
#1 Pick a Phishing Attack Campaign Import End-Users Select a Testing Campaign Select an Attack Email
#2 Pick a Security Training Module Select desired Training Module based on Campaign Objectives
#3 Manage End- User Response & Awareness Reporting and Results Security Posture by Organization, Department or Individual Performance
Sophos Ranks High in Forester and Gartner 43
The age of single-use disposable malware 400,000 75% SophosLabs receives and processes 400,000 previously unseen malware samples each day. 75% of the malicious files SophosLabs detects are found only within a single organization.
The Evolution of Endpoint Threats From Malware to Exploits 2009 - INTRODUCTION OF POLYPACK CRIMEWARE AS A SERVICE 1998 1999 2003 2007 2014 2015 2016 Melissa Virus Love Letter Worm FinFischer Spyware Exploit as a Service Locky Ransomware $1.2B $15B $780M $2.3B $800M $500M $1.1B TRADITIONAL MALWARE ADVANCED THREATS 45
The Evolution of Endpoint Security From Anti-Malware to Anti-Exploit Exposure Prevention Pre-Exec Analytics File Scanning Run-Time Exploit Detection URL Blocking Web/App/Dev Ctrl Download Rep Generic Matching Heuristics Core Rules Known Malware Malware Bits Behavior Analytics Runtime Behavior Technique Identification Traditional Malware Advanced Threats
} Where Malware Gets Stopped Note: Each Model Standalone is 80-95% Effective This 5% is the SCARY stuff 80% 10% 5% 3% 2% Exposure Prevention Pre-Exec Analytics Signatures Run-Time Exploit Detection URL Blocking Web Scripts Download Rep Generic Matching Heuristics Core Rules Known Malware Malware Bits Signatureless Behavior Analytics Technique Identification Traditional Malware Advanced Threats
Sophos Protects ALL 8 Gaps! Executable Malware Exploits Data Theft & Ransomware Root Cause Analysis Unauthorized Apps & Media Malicious Documents Script Based Malware Social Engineered & Bad URLs
Endpoint Advanced + Intercept X Next-Generation Endpoint Browser Exploit Prevention Exploit Exploit Technique Prevention Exploit Pre-Exec Behavior Analysis / HIPS Emulation Behavior Malicious Traffic Detection Behavior Cryptoguard Anti-Ransomware Extortion Heartbeat Synchronized Security Synchronize Root Cause Analysis Investigate Signatureless cleanup Clean Before it reaches device Preven t Before it runs on device Detect Respond Exposure Exposure File Scanning Behavior Remediate Web Security URL Category Blocking Download Reputation Application Control Device Control (USB) DLP Anti-Malware Potentially Unwanted App Live Protection Runtime Behavior Analysis / HIPS Quarantine Malware Removal Traditional Antivirus
Intercepting Exploits Exploit Prevention Monitors processes for attempted use of exploit techniques e.g Buffer overflow, code injection, stack pivot and others Blocks when technique is attempted Malware is prevented from leveraging vulnerabilities?
Anatomy of a Ransomware Attack Exploit Kit or Spam with Infection CryptoGuard Command & Control Established Simple and Comprehensive Universally Prevents Spontaneous Encryption of Data Restores Files to Known State Simple Activation in Sophos Central Local Files are Encrypted CRYPTOGUARD Ransomware deleted, Ransom Instructions delivered
CryptoGuard for Servers CRYPTOGUARD Protects files from ransomware running locally AND remote Synchronized - Automatically blocks connections from remote endpoints and creates Alerts in Sophos Central for those remote endpoints Upgrade to Central Server Protection Advanced* *CryptoGuard also available in EXP for SEC deployments, and included with SAVSVR license
Root Cause Analysis Understanding the Who, What, When, Where, Why and How 53
Sophos Clean Advanced Malware Removal. Second opinion scan. Removes Threats Deep System Inspection Removes Malware Remnants Full Quarantine / Removal Effective Breach Remediation On-Demand Assessment Identifies Risky Files / Processes Constantly Refreshed Database Provides Additional Confidence Command-Line Capable 100% Automated with Intercept X Also available as a standalone Forensic Clean Utility
Server Protection Strategy Server Standard Server Advanced Antimalware Lockdow MTD Cryptoguard n Optimized for performance PHYSICAL VIRTUAL IaaS Optimize performance Lightweight agent Performance is key Agentless/Light agent On-demand resources Usage based licensing 55
Server Lockdown Whitelisting = default-deny Stops known and unknown threats Ensures only authorized applications can run without the complexity! One-click deployment Automatic trust rules (managed by Sophos) Simple licensing Server Advanced
Free Tools Sophos gives out free tools that check for security risk, remove viruses and protect home networks Sophos Home Mobile Security for ios XG Firewall Home Edition Antivirus for Linux Free 30-day trial of HitmanPro and HitmanPro.Alert Mobile Security for Android UTM Home Edition 275,000+ average monthly visitors! 57
THANK YOU! ASK ABOUT A DEMO & COMPLIMENTRY EXTERNAL VULNERABILITY SCAN!