How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Similar documents
Fighting Fraud with Behavioral Biometrics and Cognitive Fraud Detection. IBM Security s Brooke Satti Charles on the Power of These New Capabilities

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

THE ROLE OF ADVANCED AUTHENTICATION IN CYBERSECURITY FOR CREDIT UNIONS AND BANKS

DDoS: Evolving Threats, Solutions FEATURING: Carlos Morales of Arbor Networks Offers New Strategies INTERVIEW TRANSCRIPT

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Security-as-a-Service: The Future of Security Management

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

2015 VORMETRIC INSIDER THREAT REPORT

Best Practices in Securing a Multicloud World

Leisure Business Center,Muntaza,Doha, Qatar Ph: Fax Your trusted security partner

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

CYBER RESILIENCE & INCIDENT RESPONSE

AKAMAI CLOUD SECURITY SOLUTIONS

Securing Your Digital Transformation

Transforming Security from Defense in Depth to Comprehensive Security Assurance

TRUE SECURITY-AS-A-SERVICE

Must Have Items for Your Cybersecurity or IT Budget in 2018

Skybox Security Vulnerability Management Survey 2012

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

CYBER SOLUTIONS & THREAT INTELLIGENCE

Cybersecurity Today Avoid Becoming a News Headline

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

Vulnerability Assessments and Penetration Testing

Building a Threat Intelligence Program

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Why This Major Automaker Decided BlackBerry Cybersecurity Consulting was the Right Road to Protecting its Connected Cars

ACHIEVING FIFTH GENERATION CYBER SECURITY

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Reduce Your Network's Attack Surface

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Incident Response Services

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

May the (IBM) X-Force Be With You

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

HP Fortify Software Security Center

locuz.com SOC Services

Kaspersky Security. The Power to Protect Your Organization

Traditional Security Solutions Have Reached Their Limit

Incorporating Hunt Teams To Defend Your Enterprise

Mobile County Public School System Builds a More Secure Future with AMP for Endpoints

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Avanade s Approach to Client Data Protection

Social Engineering: We are the target Sponsor Guide

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Inside the 6 principal layers of the cloud security ARMOR.COM PAGE PAGE 1 1

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

Nine Steps to Smart Security for Small Businesses

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Business White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data

Compliance Audit Readiness. Bob Kral Tenable Network Security

E-Guide CLOUDS ARE MORE SECURE THAN TRADITIONAL IT SYSTEMS -- AND HERE S WHY

in PCI Regulated Environments

Cyber Fraud What can you do about it?

IEC A cybersecurity standard approaching the Rail IoT

Department of Management Services REQUEST FOR INFORMATION

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Sales Presentation Case 2018 Dell EMC

Training and Certifying Security Testers Beyond Penetration Testing

HEALTH CARE AND CYBER SECURITY:

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

INTELLIGENCE DRIVEN GRC FOR SECURITY

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Sage Data Security Services Directory

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Second International Barometer of Security in SMBs

Securing Industrial Control Systems

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

STEVE GOODING JUNE 15, 2018

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

NINE MYTHS ABOUT. DDo S PROTECTION

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Cybersecurity Auditing in an Unsecure World

Cyber Defense Operations Center

INTERVIEW TRANSCRIPT Barriers to Adopting Multifactor Authentication

IBM Security Services Overview

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

CipherCloud CASB+ Connector for ServiceNow

What It Takes to be a CISO in 2017

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

An Aflac Case Study: Moving a Security Program from Defense to Offense

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Strengthening Capacity in Cyber Talent sans.org/cybertalent

Transcription:

How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web security products worldwide. He is an enterprise-wide information security systems expert with more than 25 years of experience in application and network security, including sales engineering, technical product design, technical marketing, business development, auditing and risk assessment for government, military and commercial companies worldwide. He is a subject matter expert who has spoken at numerous industry conferences, including RSA. Rosefelt received his Bachelor of Science in Electrical Engineering, and Bachelor of Science in Biomedical Engineering from the University of Southern California and is CISSP certified in Information and Network Security. In September, the annual G20 summit the gathering of leaders from 20 major global economies was held in China. NSFOCUS was selected to provide cybersecurity protection. Guy Rosefelt of NSFOCUS discusses that mission and its unique challenges. NSFOCUS is one of the largest security vendors in China, and it also has deep experience protecting high-profile events, says Rosefelt, Director of Threat Intelligence at NSFOCUS. NSFOCUS has protected other events besides the G20 Summit, including the 2008 Olympics in Beijing and the World Internet Conferences that were held in 2014 and 2015 in China, Rosefelt says. So we have a lot of experience in protecting very large events. What was the scope of the project? NSFOCUS was tasked with protecting 359,830 network, computer and application assets considered core to G20 and the network, computer and application assets that are part of the G20 affiliate agencies, which include financial institutions, media outlets, provincial government and telecom institutions across China. And what did the job ultimately entail? Blocking 2,075,590 web attacks during the two-day summit, including 133,254 strikes targeted at the G20 website, as well as 1,984 DDoS attacks. NSFOCUS also blocked another 1.9 million web attacks against secondary G20 partners. If the people you re protecting think nothing happened that day, then it was a good day, Rosefelt says. These numbers are impressive, especially when most large organizations, let alone countries, don t get two million web attacks in an entire year, let alone in three days. In an interview about securing the G20 Summit, Rosefelt discusses: Why NSFOCUS was selected for the job; What the mission entailed before, during and after the event; Lessons organizations can take away to improve everyday cybersecurity. We ve won the Microsoft Bug Bounty Award the past four years. We re the only company in the world that has won this award four times, let alone in consecutive years. NSFOCUS Involvement in G20 TOM FIELD: Why specifically was NSFOCUS selected to protect the G20 Summit? GUY ROSEFELT: NSFOCUS has been around for more than 16 years. We re one of the largest security companies in China, and we have a proven track record as it pertains to our suite of products and services. We have more than 90 global researchers who identify threats and publish this data around the globe. We ve won the Microsoft Bug Bounty Award the past four years. We re the only company in the world that has won this award four times, let alone in consecutive years. And, NSFOCUS has protected other events besides the G20 Summit, including the 2008 Olympics in Beijing and the How NSFOCUS Protected the G20 Summit 2

NSFOCUS developed its Intelligent Hybrid Security approach in response to existing defenses in the layered security model which have become obsolete. World Internet Conferences that were held in 2014 and 2015 in China. So we have a lot of experience protecting very large events. FIELD: NSFOCUS background is impeccable. So, what was NSFOCUS specific involvement in the G20 Summit? ROSEFELT: Twelve different security vendors deployed different types of technologies to protect the G20 Summit. Unlike previous G20 Summits, this summit was considered a national activity in China, which means companies and government agencies from across China were involved in this process. NSFOCUS was responsible for protecting 360,000 core assets during the summit. This included web servers, web applications, email servers and databases. It also included communication links between the G20 core institutions and financial institutions, telcos and infrastructure providers. How many organizations in the world have been given 350,000 assets to protect by themselves? I d say that s a pretty daunting task. Leveraging People and Technologies FIELD: What kind of manpower was involved in protecting the G20? ROSEFELT: We deployed about 120 security experts across 10 incident response teams throughout China. We started this process nearly six months before the summit took place, building a command and operations center where we deployed our products. We designed incident response capabilities and performed penetration testing on the G20 assets as they were identified. We identified vulnerabilities and patched these things. We handled all of this in the six months leading up to day one of the summit. FIELD: What NSFOCUS products were used to protect the G20 Summit? ROSEFELT: We used several different products to protect the G20 Summit, as part of our Intelligent Hybrid Security model. We deployed our Anti-DDoS System (ADS) for mitigating large-scale DDoS attacks that would be directed at the summit. We deployed our Web Application Firewall (WAF) technology to protect the web applications for the G20 Summit. We also deployed WebSafe SaaS, our cloud-managed service for web servers, which monitors, scans and manages websites for How NSFOCUS Protected the G20 Summit 3

vulnerabilities. In the six months leading up to the summit, we discovered 600,000 vulnerabilities in the assets we protected. Those were either patched directly by our teams, or if they couldn t be directly patched, the vulnerability scanning system automatically sent vulnerabilities directly to the WAF on premise. They could create virtual patches, policies within the WAFs themselves, to protect against these vulnerabilities. We then connected everything with our Threat Intelligence system so that our devices communicate with one another to identify threat actors, and consequently patch information across our devices to mitigate these blended attacks more quickly. We also deployed our Next Generation Intrusion Prevention System (NGIPS), with its sandbox capability to identify malware trying to gain access. For instance, we found several nasty credential-stealing apps trying to infiltrate G20, but we identified and eradicated them quickly. Why Best of Breed No Longer Works FIELD: Guy, you referenced the Intelligent Hybrid Security architecture. For those who aren t familiar with it, please give us some background. ROSEFELT: NSFOCUS developed its Intelligent Hybrid Security model in response to existing defenses in the layered security model which have become obsolete. For years organizations have been told to buy best of breed security products because they re the best at blocking whatever attack the product is known for. And until a couple of years ago, it made sense because attacks were directed at particular devices. In contrast, today most attacks are hybrid in nature. Different types of attacks are combined to circumvent these best of breed technologies, which is a problem if the best of breed solutions can t communicate with one another. Because today s best of breed products lack that level of communication, protection ends up being very static and reactive. Intelligent Hybrid Security enables organizations technologies and devices to speak to one another, either directly by sharing information among devices or by passing that information to our WebSafe SaaS to understand that data and filter relevant information back to other devices, either at the same location or other locations so that customers can mitigate new attacks in real time. NSFOCUS offers the only hybrid DDoS solution in the world. So, any DDoS attack directed at a WAF can be shifted to our on-premise or cloud solution to handle DDoS mitigation and allow the web traffic to go through, so the WAF can now process the web traffic and block all the events that are being hidden underneath the obfuscation or the diversion of a larger DDoS attack. We responded to and blocked nearly 2,000 DDoS attacks over the three days, mitigating a total of 41 terabytes of DDoS traffic. Did Nothing Happen? FIELD: Coming back to the G20 Summit, we didn t see any major stories about security incidents at the event. That s one measure of success. How do you measure how effective NSFOCUS was at protecting the Summit? ROSEFELT: If the people you re protecting think nothing happened that day, then it was a good day. In the six months leading up to the summit, we successfully blocked thousands of attacks. But the day leading up to the summit and the two days of the summit, over two million web attacks directly targeted the G20 website. Many of those were web defacement type pages, and those were all mitigated without any loss of service to the web application. Another 1.9 million web attacks were directed at secondary systems, such as the websites for related financial institutions, insurance companies, the Ministry of Defense, the Ministry of Finance for China, telcos, product communications and infrastructure. None of these had any loss of functionality. How NSFOCUS Protected the G20 Summit 4

If our devices couldn t communicate with each other or couldn t pass security information across devices or through our Threat Intelligence System, we couldn t have reacted as quickly to the threats that we faced. We responded to and blocked almost 2,000 DDoS attacks over the three days, mitigating a total of 41 terabytes of DDoS traffic. These numbers are impressive, especially when most large organizations, let alone countries, don t get two million web attacks in an entire year, let alone in three days. Protecting Customers and G20 FIELD: And you did this while protecting your existing customer base as well, which is really impressive. ROSEFELT: Correct. We have 40,000 boxes deployed in China alone. We have 8,000 customers and 700 managed service customers in 1,200 networks, and none of them saw any loss of service based on the impact of their operations, even as we were protecting everything surrounding the G20 Summit. The Intelligent Hybrid Security Difference FIELD: If you were to take some lessons away from the experience, what recommendations can you share to help security leaders protect their own organizations in the same way you protected the G20 Summit? ROSEFELT: Intelligent Hybrid Security makes a big difference. If our devices couldn t communicate with each other or couldn t pass security information across devices or through our Threat Intelligence System, we couldn t have reacted as quickly to the threats that we faced. So, a heterogeneous system where information is shared across devices is key going forward in the new age of cyber warfare. To listen to the podcast, visit: http://www.bankinfosecurity.com/interviews/how-nsfocus-protected-g20-summit-i-3396 How NSFOCUS Protected the G20 Summit 5

About ISMG Information Security Media Group (ISMG) is the world s largest media organization devoted solely to information security and risk management. Each of our 28 media properties provides education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Our annual global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges. Contact (800) 944-0401 sales@ismgcorp.com 902 Carnegie Center Princeton, NJ 08540 www.ismgcorp.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback