Architecting a More Effective Enterprise Security Program

Similar documents
THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

The Internet of Everything is changing Everything

Are we breached? Deloitte's Cyber Threat Hunting

align security instill confidence

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

Expert Reference Series of White Papers. Cisco Completes the Security Picture with Sourcefire

HOSTED SECURITY SERVICES

with Advanced Protection

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Achieving End-to-End Security in the Internet of Things (IoT)

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Security-as-a-Service: The Future of Security Management

Cisco Firepower NGFW. Anticipate, block, and respond to threats

AKAMAI CLOUD SECURITY SOLUTIONS

CloudSOC and Security.cloud for Microsoft Office 365

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

RSA INCIDENT RESPONSE SERVICES

Teradata and Protegrity High-Value Protection for High-Value Data

CA Security Management

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Cisco Advanced Malware Protection. May 2016

Managed Endpoint Defense

FOR FINANCIAL SERVICES ORGANIZATIONS

The Top 6 WAF Essentials to Achieve Application Security Efficacy

A New Security Model for the IoE World. Henry Ong SE Manager - ASEAN Cisco Global Security Sales Organization

Service Provider View of Cyber Security. July 2017

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

U.S. State of Cybercrime

THE ACCENTURE CYBER DEFENSE SOLUTION

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

RSA INCIDENT RESPONSE SERVICES

CYBER RESILIENCE & INCIDENT RESPONSE

Effective Data Security Takes More Than Just Technology

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Advanced Malware Protection: A Buyer s Guide

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Panda Security 2010 Page 1

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

Cybowall Solution Overview

TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Securing Digital Transformation

Building Resilience in a Digital Enterprise

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Make security part of your client systems refresh

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Office 365 Buyers Guide: Best Practices for Securing Office 365

CYBER SOLUTIONS & THREAT INTELLIGENCE

to Enhance Your Cyber Security Needs

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

IBM Security Network Protection Solutions

Protecting Your Digital Business: The Case for Next-Generation Intrusion Prevention

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

Security Solutions. Overview. Business Needs

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cybersecurity for Service Providers

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Dell EMC Isolated Recovery

RSA NetWitness Suite Respond in Minutes, Not Months

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Cyber Insurance: What is your bank doing to manage risk? presented by

Security and Compliance for Office 365

Security for SIP-based VoIP Communications Solutions

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide

SIEM: Five Requirements that Solve the Bigger Business Issues

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

ForeScout ControlFabric TM Architecture

Evolution of Spear Phishing. White Paper

Combating Cyber Risk in the Supply Chain

Integrated Access Management Solutions. Access Televentures

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

An Investment Checklist

Securing Today s Mobile Workforce

Agile Security Solutions

RESELLER LOGO RADICALLY BETTER. DDoS PROTECTION. Radically more effective, radically more affordable solutions for small and medium enterprises

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

WHITEPAPER. Protecting Against Account Takeover Based Attacks

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Gujarat Forensic Sciences University

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cisco Start. IT solutions designed to propel your business

Cyber Attacks & Breaches It s not if, it s When

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

DDoS MITIGATION BEST PRACTICES

PrecisionAccess Trusted Access Control

Transcription:

Architecting a More Effective Enterprise Security Program WWW.NWNIT.COM

Architecting a More Efficient Enterprise Security Program As the threat matrix grows, securing IT infrastructures and digital assets has to be top priority. In this paper, we ll take a look at the types of threats companies are facing and what it takes to protect infrastructures today and the digital assets they support. The Growing Threat Matrix 3 Rising Costs 3 Increasing Ransomware Attacks Aimed at Enterprises 3 Phishing and Social Engineering Goes Corporate 4 Growing DDoS Threats 4 Expanding Insider Security Breaches Malicious and Benign 4 Preparing for More Sophisticated Attacks 4 Enterprise Protection Demands an Effective Security Strategy 5 End-to-end visibility 6 Analytics and modeling 6 Global control 6 Automation 6 Open APIs 6 Network Security 7 Fortifying Defenses 7 Unifying Access Control 7 Ensuring Uptime 7 Data Center Security 8 Mitigating Insider Threats 8 Optimizing Protection and Performance 8 Protecting Distributed Data Centers and Hybrid Environments 8 Endpoint Security 9 Managing BYOD 9 Meeting the IoT Challenge 9 Conclusion: Protection Starts with Assessment 10 2

The Growing Threat Matrix Cybercrime has become so lucrative and common that IT security professionals in companies of every size, in every industry need to understand what they are up against if they want to protect their customer information, intellectual property, financial processes and private communications. Rising Costs While bad actors are profiting tremendously from their exploits, the companies they attack are paying the price. The average cost of a security breach has reached $3.8 million, a 23% increase since 2013. Last year, 68% of companies were hacked so successfully that they were forced either to publicly report the incident or saw a negative impact on corporate finances. The average time between a system being compromised and a breach being detected is 146 days giving hackers ample time to exploit corporate assets. Increasing Ransomware Attacks Aimed at Enterprises Cyber criminals aren t relying solely on data theft to make their money. Now they can simply lock up a company s IT systems, shutting them down in order to hold them for ransom. The FBI reports that companies and individuals in the U.S. lost more than $24 million to ransomware attacks in 2015. Hollywood Presbyterian Medical Center was completely disabled with no access to electronic records until they agreed to pay off their attackers. SMBs are particularly vulnerable due to their lack of infrastructure and willingness to pay costing these companies an average of $10,000 per incident. 3

Phishing and Social Engineering Goes Corporate These attack vectors have become extremely successful. Authors of phishing schemes are now using them successfully to steal money, sensitive data and end-user credentials. CEO fraud that includes spoof messages to trick employees into wiring funds to fraudulent accounts has cost companies $2.3 billion in losses over the past three years. In Q1 of 2016, phishing attacks successfully stole W-2 data from 41 organizations. Regardless of the ultimate intent, 30% of phishing messages are successfully opened by the target across all campaigns. Preparing for More Sophisticated Attacks In its midyear security report, Cisco identified a set of highly sophisticated attack vectors designed to obfuscate hacker intentions and exploit specific weaknesses: Angler: Exploits flaws within Java, Flash, Silverlight and IE to throw out hooks to hijack online users by generating fake landing pages that mimic typical websites. Rombertik: Created to specifically to steal banking credentials, the Rombertik malware hooks into a users browser and sends sensitive information to an external server. Dridex: Exploits Microsoft Office to infect computers in order to steal credentials and deliver banking Trojans. Growing DDoS Threats DDoS attacks are also on the rise. While some activists use this attack vector to disable companies on principle, others use it as a smoke screen to launch more nefarious, sophisticated attacks. In 2015, DDoS attacks were up 148.85% over 2014 with a 168.82% increase in infrastructure layer (3 & 4) attacks. In Q1 of 2016, 34% of DDoS attacks were multi-vector. No company is immune, even Staminus Communications Inc., a specialist in protecting customers from massive DDoS attacks, was targeted and taken down by a DDoS attack for more than 20 hours Expanding Insider Security Breaches Malicious and Benign Internal threats are far more costly to companies as these users already have credentials to bypass perimeter-based defenses. Internal actors were responsible for 43% of data loss, one-half of which is intentional while the other half is accidental. Insider attacks were the most costly of all breach types in 2015. Employees at AT&T sold personal data associated with almost 280,000 U.S. customers, costing the company $25 million in civil penalties. 4

Enterprise Protection Demands an Effective Security Strategy Now that cyber criminals have become so sophisticated, they re not relying on data theft as their only path to profit. With so many cyber scams on the horizon (social engineering, ransoming, corporate espionage, etc.) no company should consider itself safe from attack. Today, it s not enough to simply drop in a firewall or deploy malware protection on endpoints companies need an enterprise-wide security strategy to effectively reduce risk. Being able to see the entire spectrum of threats aimed at your organization is the best way to protect your enterprise from threats.. When defenses are breached, you need to respond and move to remediation as quickly as possible. While the underlying technologies deployed will be unique for each organization, an effective enterprise security program requires. 5

End-to-end visibility Bad actors have learned that careful, step-wise maneuvering through your infrastructure is the best way avoid detection. These cunning criminals are patient, remaining hidden and slowing infiltrating a company for months at a time as they move toward their end-goal. These advanced, persistent threats are extremely costly as they target your most valuable assets sensitive data, intellectual property, private communications and more. To limit the risk of a high-profile breach, you need complete visibility across your networks, data center, cloud applications and all connected devices. Only by collecting data at all these points in your extended infrastructure, can you effectively detect, analyze and interpret indicators of compromise (IOCs) wherever they exist. Analytics and modeling With access to global threat intelligence, next-gen security solutions can shut down known attack vectors even if your company has never seen them before. However, the real value of security analytics lies in its ability to identify new types of malicious activity before, during and after an attack. By evaluating historical and current data on user behavior, network traffic flow, server behavior, application usage, attack telemetry, malware signatures and more, next-gen security solutions are better able to flag anomalies, characterize zero-day threats and predict problems before they lead to a full-blown breach. When systems are compromised, analytics can provide key forensic insights to determine exactly who did what. Global control Bringing all your security appliances and analytics tools under a centralized management system is critical for enacting and enforcing global policies. More importantly, it significantly cuts down on day-to-day administrative and change management work. Automation Automation ensures instant response and keeps administrators focused on the big picture. Without automated response, you cannot effectively mitigate risk. Therefore, if an employee laptop is infected by malware, you need to make sure it is blocked from compromising other devices on your network. If you have to manually react to specific alerts every time a potential threat is detected, you ll quickly fall prey to advanced, multi-vector attacks. Open APIs Threats are evolving so quickly that it s hard to predict exactly where your vulnerabilities exist. By choosing security solutions that adhere to industry-established standards such as ISO 177999 and Common Criteria for Information Technology Security Evaluation (CC), you ll be able to snap in next-gen solutions from any vendor when needed. This is particularly important for ensuring the efficacy of global policy enforcement, analytics models and simplified management of the security program as a whole. 6

Network Security As the gateway to corporate assets, networks have long been the target of extremely sophisticated, highly disruptive and quickly mutating attack vectors. Not only do security solutions have to block a growing set of malware and malicious inputs, they also have to ensure network uptime and enforce policies while being bombarded with DDoS attack traffic. All this has to be done as networks become more complex, virtualized, distributed and wireless. Fortifying Defenses To create a strong perimeter, you need visibility, analytics and vigilance. Simply installing a next-gen firewall where your private network meets the public Internet isn t enough. To gain visibility into the data needed to enhance analytics models, you need to place security appliances at key access points to collect, analyze and control the traffic flowing in and out of web servers, data centers, cloud applications, LAN/WAN connections, email servers, storage resources (arrays and switches) and more. Continuous analysis of these traffic flows will help you spot the anomalies and patterns indicative of a network compromise. This approach will significantly reduce risk before, during and after an attack and better protect your assets as your infrastructure evolves. Unifying Access Control Clearly, being able to tightly control how much access users have to the network is an important element of any security strategy. When implementing such a security system, choose one that can seamlessly manage settings for both wired and wireless networks. This will simplify the process and increase governance over a growing mobile workforce. Ensuring Uptime Today it is all too easy for bad actors to launch large scale, automated DDoS attacks. They can incapacitate companies and cost them dearly in lost productivity and customer revenue. The most effective way to avoid disruption is to clean packet traffic before it is allowed to enter the network. Next-gen firewall and intrusion prevention systems (IPS) can help, however, choosing a fabric built from the ground up to repel these attacks will add another layer of protection. NWN for Network Security Cisco FirePOWER NGFW: Next-gen appliances that combine firewall, IPS and advanced malware capabilities to deliver integrated threat defense across the entire attack continuum. Cisco Application Centric Infrastructure: A comprehensive SDN architecture with policy-based automation capabilities. Cisco AMP for Networks: Offers continuous visibility and control to protect against the largest set of sophisticated and targeted advanced malware attacks. Lancope StealthWATCH: Analyzes network flow records and application data to detect the stages of advanced attacks. Cisco Security Manager : Centralized management and policy control over the entire spectrum of security appliances deployed. 7

Data Center Security Whether you re being targeted for espionage or your store of personal information, the end goal of most advanced persistent threats lies in your data center. Protecting data center assets requires a specialized set of policies, technologies and implementation considerations. Taking the time to review to the security features of planned infrastructure upgrades will ensure that protections are built into the fabric of the data center as it evolves. Mitigating Insider Threats It may seem counter intuitive, but credentialed accounts actually pose a larger risk to companies because they are often overlooked as a possible vulnerability. Whether stolen or possessed by a disgruntled employee, they offer a chance to bypass standard security protocols and compromise files and data of interest. Clearly, establishing strong password policies and restricting global access will help reduce this risk. To effectively minimize risk, however, you need to continuously analyze usage patterns for anomalies including when specific users are online, where they re working from, what files they are accessing and what application features they are using. Monitoring data ingress/ egress patterns as a whole will speed the detection of malicious insider activity. Optimizing Protection and Performance Companies need speed in the data center to maximize customer satisfaction, revenue creation and workforce productivity. Therefore, it s extremely important to use security appliances optimized for these environments to ensure that performance doesn t degrade. Customizing security policies for the data center will also help eliminate latency as you strengthen protection in these environments. Protecting Distributed Data Centers and Hybrid Environments Data centers, workload management and applications access strategies are evolving quickly. Companies today are embracing virtualization to optimize resource allocation and cut costs. They re distributing data centers across the globe to improve performance regionally and to ensure disaster recovery protection. They re using cloud solutions to scale operations and to simplify access to critical business applications and storage resources. Each of these moves has security implications. Protecting the connections between public and private networks, users and applications, web servers and customers, cloud and storage, LANs and WANs and wired and wireless networks requires highly specialized technology and controls. Without a proper mapping of security solutions to infrastructure vulnerabilities, companies leave themselves open to attack. NWN for Data Center Security: Cisco FirePOWER: Firewall appliances that deliver integrated threat defense across the entire attack continuum. Cisco Application Centric Infrastructure: A comprehensive SDN architecture with policy-based automation capabilities. Cisco InterCloud: A fabric for cloud solutions that uses cryptographically isolated and encrypted tunnel to securely communicate between private and public clouds. Cisco Adaptive Security Appliances: High performance solutions designed specifically for mission critical data center environments. Lancope StealthWATCH: Analyzes network flow records and application data to detect the stages of advanced attacks. Cisco Web Security Application: Combines advanced threat protection (AMP), application visibility and control (AVC), policy control and secure mobility in a single platform. Cisco Email Security Application: Defends email systems from spam, malware and other threats while providing contextual analysis to protect against phishing attacks. 8

Endpoint Security The expanding attack surface created by the proliferation of personal and mobile devices connected to wired and wireless networks presents unique challenges for enterprise security teams. Managing BYOD Workforce mobility has changed traditional employee-network access patterns. More and more employees are using their favorite smartphones, tablets and laptops to access corporate networks, applications and files to be productive from the office, home, road or nearest coffee house. Bad actors are increasingly targeting these devices to steal credentials or directly infiltrate corporate systems. Securing these endpoints means protecting against man-inthe-middle and other hijacking attacks. At the same time, they need to guard against malware and attacks created to introduce exploitable vulnerabilities directly into the infrastructure. Strong authentication, VPNs, advanced malware protection and mobility management solutions will help reduce the risk that these attack vectors will succeed. The key is to quickly detect devices with files exhibiting malicious behavior and quarantine them by changing their access policies until they are remediated. Meeting the IoT Challenge Today more companies are looking to deploy smart appliances, such as printers or sensors, and transform operational networks used in robotics, utilities and manufacturing by bringing them online. This move from closed, serial communications to the Internet of Things has created a completely new set of vulnerabilities as these networks and the applications running on them become exposed via public Internet connections. Because these systems are mission critical, they must be secured. Ransoming or tampering with electrical grids or pharmaceutical manufacturing systems for example, could be disastrous. The key is first ensuring that the networks remain inaccessible and then addressing the vulnerabilities in programmable logic controllers (PLC) and sensor operating systems, software that was designed before companies had to worry about hardening software against hackers. NWN for Endpoint Security Cisco FirePOWER: Firewall appliances that deliver integrated threat defense across the entire attack continuum. Cisco AMP for Endpoints: Protects devices against the largest set of sophisticated and targeted advanced malware attacks. Cisco Application Centric Infrastructure: A comprehensive SDN architecture with policy-based automation capabilities. Cisco AnyConnect: More than a VPN, it increases visibility and control across extended networks and prevents compromised endpoints from gaining access to critical resources. Lancope StealthWATCH: Analyzes network flow records and application data to detect the stages of advanced attacks. Cisco Web Security Application: Combines advanced malware protection (AMP), application visibility and control (AVC), policy control and secure mobility into a single platform. Cisco Email Security Application: Defends email systems from spam, malware and other threats while providing contextual analysis to protect against phishing attacks. 9

Protection Starts with Assessment While little can be done by enterprise companies to stop cyber criminals from attempting an attack, there is much that can be done to safeguard enterprise assets. Taking a proactive approach to enterprise security isn t just a good idea it s a mandated requirement and part of the due diligence of doing business in today s digital age. Designing a more effective security program starts with an assessment of your current security posture you need to know where your strengths and weaknesses lie before you can mount your defense. With a complete understanding of your current and desired states, you can create a strategic map for bridging the gap and prioritize the work based on your current risk profile. As part of the process, you will need: Perimeter Assessment Wireless Assessment Device Security Assessment Data Center Assessment Penetration Tests & Vulnerability Assessments About NWN NWN is an IT solutions provider that helps customers solve business problems through technology. We design and deliver security solutions that protect your critical infrastructure, IT, communications and corporate assets. Our team of credentialed engineers has the expertise you need to decrypt the complexities of today s threat landscape so you can reduce risk across your organization and end-user ecosystem. As a Cisco Gold Partner, we can show you exactly which technologies will best protect your organization and its key assets. Our NPro Professional Services provide remote managed IT security expertise and IT staffing to fill in any gaps you may have in your enterprise security skill sets. Contact us for a free evaluation and start building a more effective security program today at 866.343.7668. 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback