THE RISE OF GLOBAL THREAT INTELLIGENCE

Similar documents
The SANS Institute Top 20 Critical Security Controls. Compliance Guide

THE ACCENTURE CYBER DEFENSE SOLUTION

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ANATOMY OF AN ATTACK!

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

10 FOCUS AREAS FOR BREACH PREVENTION

the SWIFT Customer Security

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

Securing Digital Transformation

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Security in India: Enabling a New Connected Era

Symantec Security Monitoring Services

Security by Default: Enabling Transformation Through Cyber Resilience

AT&T Endpoint Security

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Building Resilience in a Digital Enterprise

MITIGATE CYBER ATTACK RISK

Security

QuickBooks Online Security White Paper July 2017

RSA INCIDENT RESPONSE SERVICES

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

CA Security Management

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

ForeScout Extended Module for Splunk

Best Practices in Securing a Multicloud World

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

ConnectWise Automate. What is ConnectWise Automate?

Reducing the Cost of Incident Response

Integrated Access Management Solutions. Access Televentures

Changing face of endpoint security

9 Steps to Protect Against Ransomware

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Angela McKay Director, Government Security Policy and Strategy Microsoft

HP Fortify Software Security Center

RSA INCIDENT RESPONSE SERVICES

ACM Retreat - Today s Topics:

Carbon Black PCI Compliance Mapping Checklist

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Microsoft Finland. Microsoft in Finland is a strong millennial, born ,000+ partners generating 8 $ revenue per each $ by MSFT

TREND MICRO SMART PROTECTION SUITES

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

2017 Annual Meeting of Members and Board of Directors Meeting

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Emerging Issues: Cybersecurity. Directors College 2015

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

CCISO Blueprint v1. EC-Council

Overview. Priorities for Immediate Action with Adaptive Response The top priorities for Adaptive Response are:

Data Privacy in Your Own Backyard

Cybersecurity The Evolving Landscape

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

SIEMLESS THREAT MANAGEMENT

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Information Security Controls Policy

TREND MICRO SMART PROTECTION SUITES

Sage Data Security Services Directory

Gujarat Forensic Sciences University

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

Maximum Security with Minimum Impact : Going Beyond Next Gen

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

Service Provider View of Cyber Security. July 2017

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Cloud for Government: A Transformative Digital Tool to Better Serve Communities

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Cyber Hygiene: A Baseline Set of Practices

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Cybersecurity for Health Care Providers

Seqrite Endpoint Security

Securing Your Digital Transformation

AKAMAI CLOUD SECURITY SOLUTIONS

Cyber security tips and self-assessment for business

Kaspersky Security Network

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Securing Today s Mobile Workforce

DIGITAL TRUST Making digital work by making digital secure

locuz.com SOC Services

Microsoft Security Management

Crash course in Azure Active Directory

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

2018 Edition. Security and Compliance for Office 365

Transcription:

THE RISE OF GLOBAL THREAT INTELLIGENCE 1

THE RISE OF GLOBAL THREAT INTELLIGENCE IN THE DIGITAL BUSINESS WORLD In developing the Global Threat Intelligence Report (GTIR), the NTT Group security team used extensive data gathering tools and technologies, including managed security services across the NTT Infrastructure, professional service engagements, customer incidents and NTT s new Global Threat Intelligence Platform (GTIP). This includes data and analysis from Dimension Data, NTT DATA, NTT Com Security, Solutionary and NTT Innovation Institute (NTT i3). The Challenge for IT NTT Group cast a wide data collection net to capture the diversity of attacks which are normal in the modern security landscape. For this report, NTT Group used that broad dataset to analyze the attacks. In reality, this same challenge is faced by IT departments on a daily basis, and these groups must respond to these same types of attacks. Organizational IT exists in a hybrid model which combines on premise as well as cloud and SaaS-based services which diversify the attack landscape. At the same time, IT departments in compliance- and regulation-dominated industries need to maintain high levels of security for their existing mission-critical systems, thereby establishing a bi-modal world. This infrastructure diversity creates a dramatic increase in the complexity of managing security operations and requires analysis which is not just confined to the local infrastructure. Cybercriminals are globally organized, well funded, skilled, and easily outnumber security staffers at most organizations. 2

The challenge is multi-faceted because of: The burden of learning new technologies Increasing costs with hard-to-factor ROI A world-wide shortage of skilled security engineers and professionals Inconsistent user experiences across the variety of products needed Incompatible or poor integration between the hierarchy of products Typical conventional frameworks were designed to fight a very different battle. They require a number of different products, from a variety of vendors, to control and protect a variety of network access points, processes and products. Security control is accomplished using the hierarchy of networks and products to create a wall around a network to protect endpoints and servers as well as valuable data and information. The Broader View with Threat Intelligence With threat intelligence, corporations can address customers security challenges with verified, live, and actionable supporting data based on the larger world context. Thanks to close collaboration with global security communities, customers, vendors, industry forums and governments, the quality of available security information is improving. What is most needed is a framework which effectively consumes the available security information, then converts it to genuine intelligence through the application of context-aware analysis. This new framework will improve the industry s ability to deliver security controls using an integrated hierarchy of products, services and intelligence. Organizations will be able to consider intelligence which is meaningful to them, and when combined with awareness of their own environments, will enable better management of risk and application of appropriate controls. An ultimate intrusion resilient framework will deliver the latest in elastic security specifically designed to meet pressures from today s digital world cybercrime, statesponsored attacks and hacktivism. 3

The best threat intelligence establishes security flexibility and integration for: Proactive protection Threat mitigation before attacks even begin Minimal damage even if attacked Faster recovery from the damage Continuously improved security operations Threat Intelligence is an evolving capability in security, and there are many vendors entering the marketplace. Vendors utilize data from their respective installed bases or through customer service engagements. Threat intelligence in the marketplace is constrained by delivery technologies, the nature of the information sources, trustworthiness of the data and the geographical coverage. The NTT Global Threat Intelligence Platform (GTIP) Within the threat intelligence world, NTT GTIP gathers, analyzes, exchanges, and uses threat information from across NTT s global infrastructure, threat sensor networks, and partners on a global scale. GTIP enables NTT security experts to provide actionable insight which can minimize cybersecurity threats, mitigate damages, and quickly recover to effectively reduce business disruption. This threat intelligence enables NTT Group to provide new and enhanced proactive security services, including threat watch for clouds and applications hosted on NTT cloud servers. Read more at the Global Threat Intelligence Report Online at: https://nttgroupsecurity.com/ 4

THE USER IS THE PERIMETER: THE USER IS VULNERABLE 1

THE USER IS VULNERABLE During 2014, NTT Group observed millions 7 of the top 10 vulnerabilities of vulnerabilities on client systems. Looking were on end-user systems. at the details of some of these vulnerabilities reveals some interesting information, including that 7 of the top 10 vulnerabilities were on end-user systems, as opposed to servers. To read about the impact this has on actual attacks, read more in the article on Weekend Trends. TOP 10 VULNERABILITIES Outdated Java Runtime Environment Oracle Java SE Critical Patch Update Multiple Vulnerabilities In Java Web Start Missing MS Windows Security Updates Outdated Flash Player Version Outdated Adobe Reader And Acrobat Outdated Internet Explorer Multiple Oracle Vulnerabilities Outdated/Missing Patches Oracle DB Outdated OpenSSH Version Caption: Top 10 most common vulnerabilities in 2014. 2

The ultimate impact is that the end-user becomes a liability because their systems are often full of unpatched vulnerabilities. At the time this report was written there were patches available which would mitigate the impact of all 10 of the top vulnerabilities seen in 2014. Patching and keeping systems updated is tedious and can be very difficult, especially in a geographically distributed organization with a highly mobile, heterogeneous hardware and software environment. VULNERABILITIES BY YEAR OF RELEASE 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 0% 2% 4% 6% 8% 10% 12% 14% Caption: Detected vulnerabilities by year of release, 2014. During 2014, 76 percent of identified During 2014, 76 percent of vulnerabilities throughout all systems in the identified vulnerabilities were enterprise were from 2012 or earlier, making more than 2 years old, and them more than 2 years old, and almost almost 9% of them were over 9 percent of them were over 10 years old. 10 years old. Many are also rapidly incorporated into common and simple-to-use exploit kits so that attackers can more readily use them as part of their attack suite (read more in the Exploit Chapter). 3

Caption: A page from a website on the Dark Web selling an encryption tool. It includes support and security. Fortunately, there is a single best step organizations can take to reduce their exposure due to client-based vulnerabilities. Organizations should improve their vulnerability management programs. More specifically, ensure that all end-user client systems are included in their patch management process. Admittedly, this is much more complicated than it sounds, and can include a variety of related recommendations: 4

Define a set of approved configurations to harden and operate end-user machines. This should include approved operating systems, applications and utilities, and even which browser is supported for organizational use. The smaller and more consistent the organization can make its gold standard, the easier it is to maintain systems using that standard. Clearly inform users what those standards are, and make it clear that unapproved software is not just unapproved, but unauthorized. Ensure that it is clear to all users that the use of unauthorized software can result in disciplinary action. Minimize the use of admin or other accounts which are allowed to change system configurations, including installation of new, potentially unauthorized software. Actively patch end-user systems on a regular basis, and confirm that patches are installed. Conduct regular internal and external authenticated vulnerability scans to help identify systems which are out of policy, then patch those systems. Actively manage an exception process which tracks special software as well as users with elevated permissions. Read more at the Global Threat Intelligence Report Online at: https://nttgroupsecurity.com/ 5

THE USER IS THE PERIMETER: WEEKEND TRENDS 1

WEEKEND TRENDS The article The User is Vulnerable discusses how significant vulnerabilities are related to end-user machines instead of servers. But do vulnerabilities on enduser systems have anything to do with which systems are being attacked? The graph below shows the number of Flash/Java/Adobe (Acrobat and Acrobat Reader) exploit attempts detected by NTT Group in 2014. The chart shows regular activity spread across the year, with shorter periods of higher attack detection. The large spikes show a combination of events which often overlap, occurring where alerts were triggered by new vendor signatures on old vulnerabilities, unproven signatures which tended to produce false-positive alerts, and some genuine new vulnerabilities and campaigns. If you look closely at the data, however, you can see another interesting trend. The regular drops in detected attacks coincides perfectly with weekends. DAILY FLASH/JAVA/ADOBE, 2014 600 Adobe Java Flash 500 400 300 200 100 0 01/02/14 04/02/14 08/02/14 10/31/14 Caption: The dips in the chart are on weekends when users are not typically on a corporate network. 2

The weekend trend is not just limited to Flash/Java/Adobe exploitation. The next chart shows the volume of all Internet-based attacks through 2014. Much like the detection of Flash/Java/Adobe attacks, the chart of all Internet-based attacks shows a certain amount of regularity throughout the year. The chart also shows the same regular trends: steady weeklong detection, with drops in the attack line coinciding with weekends. Does that mean there are fewer attacks on weekends? DAILY ATTACKS, 2014 600 550 500 450 400 350 300 250 200 150 100 Average Events 01/02/14 03/25/14 06/02/14 9/15/14 12/31/14 Caption: Yearly view of the internet based attacks during 2014. We wouldn t expect the days of the week to matter for attacks against websites, e-commerce sites, applications and systems historically targeted by cybercriminals. In fact, we might expect an increase on weekends, when staffing and monitoring levels might be lower. However, the organizational security infrastructures monitored by NTT Security during 2014 consistently detected considerably fewer attacks on weekends and holidays. On weekends and holidays, the workers are not in the office and corporate end-user systems are either turned off, or not being used. This major 3

drop in weekend attacks demonstrates that organizational controls are detecting security events related to end users. This involvement of end users has become a major component of all attacks seen. Targeting end users has become a major component of all attacks seen. Organizations can take actions to help mitigate the effectiveness of attacks on end-user systems. Maintain an active and current anti-virus/anti-malware solution on all enduser devices which have access to organizational networks or data. Although this is a simple control, properly maintained anti-virus does detect 40-50 percent of malware. Consider extended endpoint protection including file integrity monitoring, endpoint encryption and event monitoring. Minimize the use of admin accounts. Require the user to log on with a user-level password which has the minimum level of permissions required to perform their job. Browsing while using admin access increases risk. Require all work computers to access the Internet through the organizational VPN whether they are at work or not. Enforce safe browsing habits through the VPN connection, including blacklisting websites, and actively monitoring security on portable laptops at all times so that the organization is more likely to detect an attack and compromise. Provide an active security awareness and training program which includes training on attacks designed for end-user systems. Include social engineering and phishing in the organizational training program. Maintain offline backups of end-user data to help minimize the impact of localized system compromises, malware and ransomware. Implement and monitor proxies and content-filtering capabilities. Read more at the Global Threat Intelligence Report Online at: https://nttgroupsecurity.com/ 4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback