Cybersecurity & Security as a Service Trends. SteakOut, June 29, 2017

Similar documents
Cybersecurity & Security as a Service Trends. SteakOut, August 1, 2017

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Synchronized Security

Sustainable Security & Compliance Solutions

Next Generation Enduser Protection

Sophos. Allan Widell Channel Account Executive. 24. August 2017

Background FAST FACTS

Background FAST FACTS

Sophos Central for partners and customers: overview and new features. Jonathan Shaw Senior Product Manager, Sophos Central

Getting over Ransomware - Plan your Strategy for more Advanced Threats

INTRODUCING SOPHOS INTERCEPT X

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

Stopping the Threat at the Door

Sustainable Security & Compliance Solutions NSAA IT Conference & Workshop Copyright 2016 Terra Verde, LLC. All rights reserved.

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Security Made Simple by Sophos

CloudSOC and Security.cloud for Microsoft Office 365

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Next Generation Endpoint Security Confused?

Sophos Überblick. Stefan Jantzer Sales Executive

Symantec Endpoint Protection 14

Endpoint Protection : Last line of defense?

Building Resilience in a Digital Enterprise

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cyber Security. Our part of the journey

Synchronized Security

Best Practices in Securing a Multicloud World

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Symantec Ransomware Protection

AT&T Endpoint Security

Reinvent Your 2013 Security Management Strategy

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

with Advanced Protection

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

Securing the Modern Data Center with Trend Micro Deep Security

Securing Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

2017 Annual Meeting of Members and Board of Directors Meeting

Threat Centric Vulnerability Management

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Cybersecurity Auditing in an Unsecure World

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Stopping Advanced Persistent Threats In Cloud and DataCenters

ISACA Arizona May 2016 Chapter Meeting

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Securing the SMB Cloud Generation

locuz.com SOC Services

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Copyright 2011 Trend Micro Inc.

IBM Security Network Protection Solutions

Changing face of endpoint security

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Designing and Building a Cybersecurity Program

Intelligent Protection

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

A MULTILAYERED SECURITY APPROACH TO KEEPING HEALTHCARE DATA SECURE

Cisco Advanced Malware Protection against WannaCry

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Annexure E Technical Bid Format

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

DeMystifying Data Breaches and Information Security Compliance

KASPERSKY ENDPOINT SECURITY FOR BUSINESS

Cyber Risks in the Boardroom Conference

THE TRIPWIRE NERC SOLUTION SUITE

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Digital Wind Cyber Security from GE Renewable Energy

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Audience. Overview. Enterprise Protection Platform for PCI DSS & HIPAA Compliance

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

Cybowall Solution Overview

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Criminal Methods & Prevention Techniques. By

Compliance Audit Readiness. Bob Kral Tenable Network Security

June 2 nd, 2016 Security Awareness

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

PCI DSS Addressing Cyber-Security Threats. ETCAA June Gabriel Leperlier

Gladiator Incident Alert

Table of Content Security Trend

HIPAA 2017 Compliancy Group, LLC

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Business Context: Key for Successful Risk Management

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Seqrite Endpoint Security

Too Little Too Late: Top Reasons Why You Got Hacked

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Transcription:

Cybersecurity & Security as a Service Trends SteakOut, June 29, 2017

AGENDA Speaker Intros Top Cybersecurity Trends Security as a Service Trends Anti-Ransomware Solutions

MARK DALLMEIER CSO/CMO, Terra Verde Senior Executive, Entrepreneur Board Advisor, Consultant to Cybersecurity & Tech Companies Management Consultant to Start Up & Fortune 50 Companies: HP Hitachi Verizon Business DELL Century Link XO ABOUT TERRA VERDE Founded in 2008 by Cyber Security, Risk, Compliance Executives & Experts Headquartered in Phoenix Arizona Security, Risk, Compliance Consulting One of the Largest PCI QSA in Arizona Hundreds of Engagements Performed Across Multiple Continents Annually Invested Millions of Dollars, Thousands of Hours Developing TruSOC and Breach Radar - Managed Security Services TruSOC utilized by customers across the U.S.

Cybersecurity & Security as a Service Trends

You are a target: Its not paranoia - they really are Out to Get You! Criminals are organized, focused: Targeting businesses & individuals. It takes more than technology: People and Process (Gaps) create vulnerabilities.

March 2017 / Your Data = $: They want your data no really, they really want your data.

June 2017 / Your Data = $: They want your data no really, they really want your data.

Top Data Types Stolen 2016 (www.id911.com)

1.6 points 54 points 8 points -20 points -47.3 points Top Data Types Stolen June 2017 (www.id911.com)

Attack Trend 1: Ransomware - $1.8B+ (2016)

Ransomware Exploit Family Growth 2017

Ransomware 2017 Weaponized with NSA Tools

WannaCry 2.0 / EternalRocks When downloaded the tool downloads TOR browser and sends a signal to the tools server. Response delay set to 24 hours. It does not contain an attack command at this time however, leaves backdoor open for remote execution at any time. Renames itself to WannaCry once the callback is complete. Does not contain the KillSwitch that WannaCry does. Utilized 7 NSA Leaked Tools EternalBlue SMBv1 exploit tool EternalRomance SMBv1 exploit tool EternalChampion SMBv2 exploit tool EternalSynergy SMBv3 exploit tool SMBTouch SMB reconnaissance tool ArchTouch SMB reconnaissance tool DoublePulsar Backdoor Trojan

A large international company based in Asia Didn t know which of its devices and servers the hack had impacted, or even whether a hack had definitively occurred. Just a lot of weird stuff on their networks The company was already using security products like firewalls, network filters, and scanners, but none had detected an intrusion. After blocking the attackers from the network, they would resurge anywhere from 48 hours to four weeks later. In all, the attackers used over 70 different pieces of malware to carry out the various phases of the long-term attack. https://www.wired.com/2017/05/close-look-notorious-apt32-hacking-group-action/

Attack Trend 2: Business Email Compromise - $3B+ (2016)

Business Email Compromise Average Payout $140K

Attack Trend 3: Business Process Compromise - $3B+

Business Process Compromise Flow (Ave Payout - $1M+)

Business Trend 1: Compliance Investment, Enforcement

PCI DSS Compliance Average Fine: $5K-$50K+

HIPAA Compliance Average Fine: $1M+

Heath Record Data Breach Fine 2017: $115M

Consumer Financial Protection Bureau (CFPB) & Federal Trade Commission (FTC) Consumer Protection Average Fine & Penalty: $49M+

Telco MSPs Next Generation Security as a Service VARs Consulting Security as a Service Market Trend: Convergence

Market Trend: Telcos, IaaS, MSPs Entering The Market

Market Trend: Consolidation to Expand Services

Compliance PCI, HIPAA, SOX NIST, NERC-CIP COMBO Assessment Audit Pen Testing Vuln Scanning Prevention Social Engineering Risk Assessment Cyber Next Generation Security as a Service Ops SIEM IDS/IPS GRC Incident Response Detection Forensics Monitoring SIC vs SOC Threat Integration Big Data Analytics Risk Modeling Dark Web R/D R&D Market Trend: Security & GRC as a Service (2017-2018)

Top 10 Proactive Measures

Note: Utilize a maturity scale to identify what next steps are required to evolve your cybersecurity and compliance programs and your security defense posture, systems, tools, procedures. Cybersecurity Program development best practices resources and webinar can be found here: https://www.knowledgenet.com/cybersecurity-program-development-best-practices/ 1: Know Your Maturity Level & Define Future State

A. People B. Passwords C. Patching D. Backups https://www.terraverdeservices.com/resources 2-7: Deploy a Holistic Cyber-Hygiene Program

C Level Awareness Discussions Cyber Insurance Liability, Exposure Risk Management Process Disaster Recovery, Business Continuity 2016 SANS Cyber Insurance Survey Employee Awareness Campaigns Cyber-Hero & Cyber Squads: Internal Advocates. Cyber Minute: Ongoing Awareness. Cyber-Hygiene 101 Tips. SETA / LMS 8: Awareness Upstream & Downstream

https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf? 9: Map Out & Align with Critical Security Controls

Research resources, partners. (ISACA, ISSA, ISC2, CSA) Utilize available tools, partners, resources. (MS-ISAC) Subscribe to cyber intelligence resources, feeds. (Infragard.org, ACTRA) Participate in various cybersecurity industry associations and events. Find a trusted partner(s) & subject matter expert(s). Review, assess, rank, prioritize partners and vendors by ability to assist with planning, response. 10: Find Strategic Partners

Top 10 Measures 1. Cybersecurity & Compliance Gap Analysis (Current State) 2. Cyber-Hygiene Program (People, Passwords, Patching) 3. Ongoing Discovery (What is, should not be on network) 4. Modernize BCDR Plans (Ransomware, Social Engineering) 5. Data Back Ups (Off network) & Encryption (At Rest In Flight) 6. Update Tech & End Point Protection (+ Usage Policies) 7. Ongoing Risk, Cyber, Compliance Assessments (Program) 8. Security Education Training & Awareness 9. Evaluate Managed Security Operations & Compliance Services Partners (Making Investments in Next Gen Tech) 10. Identify Strategic Partners (Pre-Post Planning, Response)

Next Generation Anti-Ransomware Technology Paul Whittier, Channel Account Executive: Sophos 801.899.9317 Paul.whittier@sophos.com

PAUL WHITTIER Channel Account Executive, Sophos Business Builder Partner & Customer Advocate Sophos SonicWALL Novell Weber State University ABOUT SOPHOS Sophos began producing antivirus and encryption products nearly 30 years ago. Today our products help secure the networks used by 100 million people in 150 countries and 100,000 businesses, including Pixar, Under Armour, Northrop Grumman, Xerox, Ford, Avis, and Toshiba.

Synchronized Security Platform and Strategy Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere 38

Sophos Central Phish Threat Sophos Phish Threat is an advanced security testing and training platform designed to reduce your largest attack surface your end-users with effective security awareness testing and training. Optimized to help IT Organizations address the alarming increase in phishing and compliance threats, Sophos Phish Threat helps change user behaviour and reduce organizational risk through routine, real-world phishing simulations reinforced with effective training and actionable reporting. #1 Pick a Phishing Attack Campaign #2 Pick a Security Training Module #3 Manage End- User Response & Awareness

#1 Pick a Phishing Attack Campaign Import End-Users Select a Testing Campaign Select an Attack Email

#2 Pick a Security Training Module Select desired Training Module based on Campaign Objectives

#3 Manage End- User Response & Awareness Reporting and Results Security Posture by Organization, Department or Individual Performance

Sophos Ranks High in Forester and Gartner 43

The age of single-use disposable malware 400,000 75% SophosLabs receives and processes 400,000 previously unseen malware samples each day. 75% of the malicious files SophosLabs detects are found only within a single organization.

The Evolution of Endpoint Threats From Malware to Exploits 2009 - INTRODUCTION OF POLYPACK CRIMEWARE AS A SERVICE 1998 1999 2003 2007 2014 2015 2016 Melissa Virus Love Letter Worm FinFischer Spyware Exploit as a Service Locky Ransomware $1.2B $15B $780M $2.3B $800M $500M $1.1B TRADITIONAL MALWARE ADVANCED THREATS 45

The Evolution of Endpoint Security From Anti-Malware to Anti-Exploit Exposure Prevention Pre-Exec Analytics File Scanning Run-Time Exploit Detection URL Blocking Web/App/Dev Ctrl Download Rep Generic Matching Heuristics Core Rules Known Malware Malware Bits Behavior Analytics Runtime Behavior Technique Identification Traditional Malware Advanced Threats

} Where Malware Gets Stopped Note: Each Model Standalone is 80-95% Effective This 5% is the SCARY stuff 80% 10% 5% 3% 2% Exposure Prevention Pre-Exec Analytics Signatures Run-Time Exploit Detection URL Blocking Web Scripts Download Rep Generic Matching Heuristics Core Rules Known Malware Malware Bits Signatureless Behavior Analytics Technique Identification Traditional Malware Advanced Threats

Sophos Protects ALL 8 Gaps! Executable Malware Exploits Data Theft & Ransomware Root Cause Analysis Unauthorized Apps & Media Malicious Documents Script Based Malware Social Engineered & Bad URLs

Endpoint Advanced + Intercept X Next-Generation Endpoint Browser Exploit Prevention Exploit Exploit Technique Prevention Exploit Pre-Exec Behavior Analysis / HIPS Emulation Behavior Malicious Traffic Detection Behavior Cryptoguard Anti-Ransomware Extortion Heartbeat Synchronized Security Synchronize Root Cause Analysis Investigate Signatureless cleanup Clean Before it reaches device Preven t Before it runs on device Detect Respond Exposure Exposure File Scanning Behavior Remediate Web Security URL Category Blocking Download Reputation Application Control Device Control (USB) DLP Anti-Malware Potentially Unwanted App Live Protection Runtime Behavior Analysis / HIPS Quarantine Malware Removal Traditional Antivirus

Intercepting Exploits Exploit Prevention Monitors processes for attempted use of exploit techniques e.g Buffer overflow, code injection, stack pivot and others Blocks when technique is attempted Malware is prevented from leveraging vulnerabilities?

Anatomy of a Ransomware Attack Exploit Kit or Spam with Infection CryptoGuard Command & Control Established Simple and Comprehensive Universally Prevents Spontaneous Encryption of Data Restores Files to Known State Simple Activation in Sophos Central Local Files are Encrypted CRYPTOGUARD Ransomware deleted, Ransom Instructions delivered

CryptoGuard for Servers CRYPTOGUARD Protects files from ransomware running locally AND remote Synchronized - Automatically blocks connections from remote endpoints and creates Alerts in Sophos Central for those remote endpoints Upgrade to Central Server Protection Advanced* *CryptoGuard also available in EXP for SEC deployments, and included with SAVSVR license

Root Cause Analysis Understanding the Who, What, When, Where, Why and How 53

Sophos Clean Advanced Malware Removal. Second opinion scan. Removes Threats Deep System Inspection Removes Malware Remnants Full Quarantine / Removal Effective Breach Remediation On-Demand Assessment Identifies Risky Files / Processes Constantly Refreshed Database Provides Additional Confidence Command-Line Capable 100% Automated with Intercept X Also available as a standalone Forensic Clean Utility

Server Protection Strategy Server Standard Server Advanced Antimalware Lockdow MTD Cryptoguard n Optimized for performance PHYSICAL VIRTUAL IaaS Optimize performance Lightweight agent Performance is key Agentless/Light agent On-demand resources Usage based licensing 55

Server Lockdown Whitelisting = default-deny Stops known and unknown threats Ensures only authorized applications can run without the complexity! One-click deployment Automatic trust rules (managed by Sophos) Simple licensing Server Advanced

Free Tools Sophos gives out free tools that check for security risk, remove viruses and protect home networks Sophos Home Mobile Security for ios XG Firewall Home Edition Antivirus for Linux Free 30-day trial of HitmanPro and HitmanPro.Alert Mobile Security for Android UTM Home Edition 275,000+ average monthly visitors! 57

THANK YOU! ASK ABOUT A DEMO & COMPLIMENTRY EXTERNAL VULNERABILITY SCAN!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback