Transcription
The cloud security leaderTrust in our Digital WorldProviding Assurance in our Mobile, Cloud-First World.Christopher Hodson, Sr. Director, ZscalerApril 2017IT’S TIME TO BREAK FREE FROMTHE OLD WORLD OF IT1 2017 Zscaler, Inc. All rights reserved.
A bit about meChristopher Hodson M.Inst.ISP, CISSPChodson@zscaler.com@ChrisHInfosecRBS WorldPay: Security Architect5/14/2009Lloyds Banking Group: Solutions Architect Security10/22/2009Tesco PLC: Security Architect4/6/2011Lloyds Banking Group: Lead SecurityArchitect11/25/2011Visa Europe: Cyber Security SeniorManagerCyberview Technology: IT Consultant12/1/20043/15/2012Simmons & Simmons: Technical ArchitectIPC Media: IT EngineerDeutsche Bank: Information SecurityOfficerCentrica Energy: Information SecurityArchitectWaitrose: Head ofInformation SecurityStrategy 2/15/2005200222002 2017 Zscaler, Inc. All rights reserved.2004200620082010201220142016
3 2017 Zscaler, Inc. All rights reserved.
4 2017 Zscaler, Inc. All rights reserved.
How do we build trust? We’re authentic We do what we say we’ll do We establish long-term relationships5 2017 Zscaler, Inc. All rights reserved.
Validating Trust6 2017 Zscaler, Inc. All rights reserved.
Trust in adigital world7 2017 Zscaler, Inc. All rights reserved.
Damage of AttacksCyber-espionage andCybercrimeAdvancedPersistent ThreatsRansomwareTargeted 2005201020168
Spotting the bad guys
What about n-system/
Let’s Encrypt Everything!15,270SSL certificates that contained the word "PayPal" in the domain nameor the certificate identity.14,766were issued for domains that hosted phishing -paypal/
Trusting the ome-secure/
Can you trust a reputable web site?Total object requests: 167Personalized content deliveredfrom multiple sourcesTraffic: SSLCDN: AkamaiPage objects loaded:JavaScript, CSS, imagesPotential threats: 16713 2017 Zscaler, Inc. All rights reserved.
Trusting Vendor RationaleCostBranchUsers
If we know what to look for but what happens when we don’t?
99%of malwarehashes are onlyseen for 58seconds2016 data breach investigation, Verizonhttps://www.sky.com/watch/the-blacklist
Trustingusers notto clickstuff isCRAZY!
Trusting the Supply ChainFilesharesRemote userIntranet, MSFT Exchange, FilesRemoteusersHVAC PartnerFacilities management18Partners andContractorsFileshares
Trusting Clouds!“Cloud computing is amodelforenablingubiquitous, convenient, ondemand network access toasharedpoolofconfigurablecomputingresources (e.g., .”
Trusting Yesterday’s ApproachTop Sites Delivering Malicious Android digitaldownloads.edgesuite.net CDNs are often positive reputationsand bypassed for content iyun.com Can be a challenge for IP/URL filteringas content is often not delivered froma static 29%d11kdtiohse1a9.cloudfront.net0.00%20 2017 Zscaler, Inc. All rights reserved.2.00%4.00%6.00%8.00%10.00%12.00%14.00%
55%of security professionals use at least 6 security vendors[1] Cisco ACR Report 2017 2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION.[1]
Trusting the Criminals: To pay or not to pay? 2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION.
Trust in the Perimeter?Users are leavingthe corporate network?HeadquartersHub and Spoke Architecture?Connections are followingthe path of least resistanceIf you don’t control the network (Internet), how can you secure it?The traditional network security stack is irrelevant. 2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION.
Trusting our Network-Based, Appliance Model?1Hacker infects a trusted domain2User visits compromised site and the PCgets infected – establishing a beachhead3The infected machine can then sniff for othermachines and exploit vulnerabilities4Sensitive data gets exfiltratedwww.nbc.com/lenoOutbound & Inbound GatewayAllowed: HTTP(S)FW / IPSGlobal LBAllowed: Trusted domainURL FilterDDoSAllowed: No signature matchAntivirusFW/IPSAllowed: No Intercept (encrypted)DLPRAS (VPN)Allowed: No InterceptSSLInternal FWAllowed: Detected, not blockedSandboxAppliances weren’t designed tokeep up with sophisticated threats“45% of enterprises havesuffered a ransomware attack.”“5% of enterprises PCs areinfected with bots.”-Zscaler researchInternal LBAttacks are targeting the weakest link– the user. They need to beprotected – on and off network24 2017 Zscaler, Inc. All rights reserved.WHAT’S YOUR RISK SCORE – FIND OUT AT SECURITYPREVIEW.ZSCALER.COM
IntelligenceTrustCredentialsVisibilityBlacklists
Breaking the Kill Chain with ZscalerFull SSL InspectionDestination Based BlockingInline Content ControlComplete Packet ByteScanBrowser ControlRisk Based ScoringSandboxingRecon andCreationSurvey defensesPlanning attackCreate Payload26Full SSL InspectionMalicious Hosts, Sites, BotnetsPhishing, GEO, Protocol & ACLsFile, User, Group and QoS Control,Signature-based AV and IPSDNSSecurityWeb content scanning, Risk basedanalysis, App ControlBotnet andCallbackDetectionDynamic & BehavioralAnalysis of User ContentDeliveryExploitationInstallationVia trusted/untrustedsites and web contentPayload exploitsunpatchedvulnerabilityInstalling malwareonto asset 2016 Zscaler, Inc. All rights reservedDLPSecurityCommand &Control (C2)Action onObjectivesRemote Control.Additional malwaredownloadsLateral movement,data exfiltration,disruption, etc.
Trust in a Digital World.@chrishinfosec28 2017 Zscaler, Inc. All rights reserved. Zscaler , SHIFT , Direct-to-Cloud and ZPA are trademarks or registered trademarks of Zscaler, Inc. 2017Zscaler,Inc. Allrightsotherreserved.in the UnitedStatesand/orcountries. All other trademarks are the property of their respective owners.
RBS WorldPay: Security Architect 5/14/2009 Lloyds Banking Group: Solutions Architect - Security 10/22/2009 Tesco PLC: Security Architect 4/6/2011 Centrica Energy: Information Security Architect 8/18/2011 Lloyds Banking Group: Lead Security Architect 11/25/2011 Visa Europe: Cyber Security Senior Manager 3/15/2012 Waitrose: Head of Information .
