Transcription
Security ReimaginedFireEye – Qualifying Cyber-Security RisksStefano Lamonato - Systems Engineer, Italystefano.lamonato@fireeye.com1
Current State of Cyber SecurityInnovation CreatesPerfect Platform ofEvilCyber Threats MoreAdvanced & Complexthan EverCurrent SecurityModels IneffectiveNew ModelsRequiredNEW THREAT LANDSCAPECopyright 2014, FireEye, Inc. All rights reserved.2
Why, Who & How?Source: M-Trends Report 20143
Cyber Defense or Resilience? 71.5% thought their security was between good to excellent 51% either “unsure” or said “NO” when asked if the technologythey use would block a modern day attackPonemon Research: UK data 2103Cyber Security in the TrenchesHow frequently does a cyber breach occur in DailyWeeklyMonthlyDon't know%4
Real-world Assessment of Top Industry Vertical%Had APT%Compromised100%50%0%Cybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth .html5
Malware: The Favorite Attacker’s Tool208,184Malware Download124,289Unique Malware75%of all the unique malwaredetectedwas seen ONCE93,755Malware Seen ONCECybersecurity's Maginot Line: A Real-world Assessment of the Defense-in-Depth .html6
So what is an acceptable incident?“Recognizing that 100% risk mitigation is notpossible in any complex system, the overarchinggoal of a risk-based approach to cyber security issystem resilience to survive and quickly recoverfrom attacks and accidents”from report: Partnering for Cyber Resiliance (World Economic Forum)www3.weforum.org/docs/WEF IT PartneringCyberResilience Guidelines 2012.pdf7
How are you measuring the success of security?8
Qualifying risk (BSI27001, NIST, IA, etc )BusinessImpact LevelXThreat levelXLikelihood ofattackXLongevity ofattackXResponsecapability9
SECURITYNeeds To BeTo AddressThe New ThreatLandscapeVirtualMachine-BasedModel of DetectionPurpose-Built for SecurityHardened HypervisorScalablePortableFINDS KNOWN/ UNKNOWNCYBER-ATTACKS IN REAL TIME ACROSS ALL VECTORS10
FireEye’s Technology: State of the Art DetectionANALYZEDETONATECORRELATE(500,000 lbackMobileLateralTransferFilesExfiltrationWithin VMsAcross VMsCross-enterprise11
FireEye Product PortfolioThreatAnalyticsPlatformMobile ThreatPreventionEmail ThreatPreventionEmail ThreatPreventionMVXDynamic ThreatIntelligenceSEGHostNetworkThreatIPS i-virusThreatPreventionMobileHost ThreatAnti-virusPreventionMDM12
The Objective: “Continuous Threat Protection”Time to DetectTime to FixREALTIMEPreventTHEFT OFASSETS & IPCOST OFRESPONSEDISRUPTION TOBUSINESSREPUTATION RISK13
FireEye - 10 steps to Cyber Resilience1. Stop every attack is impossible, focus on key for your business.2. Must have business risk based approach.3. Recognise that the most critical assets are information, not systems4. Refocus on marginalizing the impact of an attack rather than preventing it.5. Less is More - The single, targeted attack is typically the one with the greatest business impact6. Become your own first and last line of defence – most security tools work on the premise of being ableto block attacks that have been seen previously in other organizations.7. Forensics & attribution - If we accept that some attacks will be successful, the business requires us tounderstand what the impact of these incidents will have on the business profitability. Both regulationand business will drive this need.8. Response plans should also be well thought out and regularly tested.9. Security is more than just your own IT - The more connected we become the more likely we are toensure our partners and supply chain are also secure.10. We should not block business innovation. However, if we take a business risk approach we can helpmake business relevant decisions on the value of leveraging new technology versus the risks.14
Thank YouSecurity Reimagined15
FireEye - Qualifying Cyber-Security Risks Stefano Lamonato - Systems Engineer, Italy stefano.lamonato@fireeye.com Security Reimagined. 2 . Analytics Platform Mobile Threat Email Threat Prevention Prevention Dynamic Threat Intelligence Network Threat Prevention Content Threat Prevention Mobile Threat Prevention
