Security Landscape 2018 Thorsten Stoeterau Security Systems Engineer - Barracuda Networks
Traditional threat vectors Network Perimeter Email User Remote Access Web Applications Remote Users
https://csi.barracuda.com
In the beginning Legitimate Mail Internet Mail Server Corporate Inbox Users
Started with Security and Archiving Archiving Spam/malware Legitimate Mail Internet Mail Server Corporate Inbox Users Spam & Virus Protection, DLP, Encryption
Extended to the Cloud and added Backup Spam/malware Legitimate Mail Internet Spam & Virus Protection, DLP, Encryption Backup, Archiving Corporate Inbox Users
Advanced Threat Protection Spam/Malware Legitimate Mail Internet Zero Hour Corporate Inbox Users Spam & Virus Protection, DLP, Encryption Backup, Archiving, Sandboxing
Antivirus Signature-based tools alone A B C Malware constantly changes to evade AV tools Not enough diversity of threat data to be effective across all vectors Modern attacks evade IPS and gateway based detection solutions A Safe Signatures Database B Virus C Trojan
Advanced Threat Protection
Example: Advanced Threat 0-day attachment (RAR)
Global Threat Intelligence Network
Network Perimeter Email User Remote Access Web Applications Remote Users
New threats can bypass gateways Spam/Malware Legitimate Mail Internet Zero Hour Corporate Inbox Executives Spam & Virus Protection, DLP, Encryption Backup, Archiving, Sandboxing
Attacks are entering through the back door Spam/Malware Internet Legitimate Mail Zero Hour unified inboxes Personal Email Spear Phishing Spam & Virus Protection, DLP, Encryption Backup, Archiving, Sandboxing
So what is SPEAR PHISHING?
Multi-stage spear phishing bait, hook and catch Step 1 Infiltrate Step 2- Reconnaissance Step 3 Extract Value
Can you guess which ones are legitimate? Sender name Sender email link Subject DocuSign doc@www.docusigns. net http://www.reliancein struments.com/js/doc u.php Completed: Please DocuSign Amazon.com storenews@amazon.com https://www.amazon.c om/gp/r.html Most Read from The Washington Post Dropbox gonzalezfdc@gmail.co m http://agenciaquem.co m.br/folder/document / Your Financial Institution just sent you an important documents via Dropbox FedEx trackingupdates@fede x.com https://www.fedex.co m/insight/findit/nrp.js p?tracknumbers=7762 FedEx MPS Shipment 776229818182 Delivered
Can you guess which ones are legitimate? Sender name Sender email link Subject DocuSign doc@www.docusigns. net http://www.reliancein struments.com/js/doc u.php Completed: Please DocuSign Amazon.com storenews@amazon.com https://www.amazon.c om/gp/r.html Most Read from The Washington Post Dropbox gonzalezfdc@gmail.co m http://agenciaquem.co m.br/folder/document / Your Financial Institution just sent you an important documents via Dropbox FedEx trackingupdates@fede x.com https://www.fedex.co m/insight/findit/nrp.js p?tracknumbers=7762 FedEx MPS Shipment 776229818182 Delivered
Ransomware
The business model
The business model (contd.)
Network Perimeter Email User Remote Access Web Applications Remote Users
Securing the gateway is still necessary, but no longer sufficient
Next Generation Email Protection Human Firewall Fraud Protection Phishing Simulation and Training AI-based spear phishing protection DMARC to prevent domain spoofing Resiliency Cloud Backup Email Continuity Gateway Defense Inbound/Outbound Security Encryption and DLP for secure messaging Archiving for compliance O365 Exchange Confidential
So e-mail is bad. What else is new?
Timeline of the Equifax breach
WAF Extends Your Network Security Posture Layer 7 Network Firewall Applications are in the open Exploits are visible Layer 7 Network Firewall Applications are insulated Exploits are contained
What a Web Application Firewall Does Comprehensive Application Security Data Loss Prevention OWASP Top-10 Attacks Credit Card Numbers Application DDOS Social Security Number Proactive Defense Custom Patterns Application Cloaking Geo-IP Control Inbound Inspection Outbound Inspection
Network Perimeter Email User Remote Access Web Applications Remote Users
Anatomy of the Target breach HVAC Servers Step 2 Step 3 POS Step 1 Internet
Network Perimeter Email User Remote Access Web Applications Remote Users
From Next Generation to Cloud Generation Vertical Scaling Backhauled Networks Aggregated Policy Monolithic Architecture Feature Heavy Not Orchestrated Expensive Next Gen Cloud Gen Horizontal Scaling Distributed Policy Central Management Secure Connectivity No-MPLS Traffic Regulation 0-touch deployment Visibility Security at source Elastic Scaling Dispersed Workloads Orchestration API Support Cloud Use Cases Cloud Integrations Flexible Licensing
WAN Networking 5+ years ago Centralized Internet Break Out Internet Servers & Apps @ HQ or DC Headquarters Central Policy Management @ Headquarters MPLS with VPN backup
WAN Networking in the Cloud Era: Today Internet SaaS IaaS Headquarters Most companies still have WAN by MPLS with VPN backup
Headquarters WAN Networking in the Cloud Era: Tomorrow Internet SaaS IaaS SDWAN to reduce MPLS cost
Where will your applications be in 2 years? Some SaaS Public Cloud & SaaS Public Cloud & SaaS HQ HQ HQ Apps On Premises Data Center Apps Hybrid Public Cloud all in
Public Cloud Service Responsibility Customer Cloud Access Network Security Customer Applications & Content Identity & Access Control Operating Systems / Platform Data Encryption Backup/Restore You define controls and security IN the Cloud Public Cloud Platform Physical Infrastructure Network Infrastructure Virtualization Layer Provider takes care of the Security OF the Cloud
Network Perimeter Email User Remote Access Web Applications Remote Users
Thank you