Finding needles in needle stacks  - or  Future aspects of cyber security
Upcoming SlideShare
Loading in...5
×
 

Finding needles in needle stacks - or Future aspects of cyber security

on

  • 1,085 views

The big challenge facing cyber security professionals is to think like the enemy, anticipate their next move, and enact measures to combat the exponentially growing number of attacks. Passively ...

The big challenge facing cyber security professionals is to think like the enemy, anticipate their next move, and enact measures to combat the exponentially growing number of attacks. Passively monitoring defences in the hope of detecting probes and breaches is insufficient as it is likely that threats are already on the inside in human, machine, or some malware form. And these may be continually active, sporadic, dormant, sleeping, dumb, smart, intelligent, broad or highly focused, and located anywhere in an organisation, machine, device or network. Fortunately, Cloud Technologies and new working practices mitigate agains all this, but only if we leverage new technologies and nurture new behaviours and operating strategies.

We are no longer looking for a ‘needle in a haystack’ but bent needles, or even needles prone to bending, in a ‘needle stack’. Layered defences such as multiple firewalls, virus protection, malware scanners, people screening and sporadic checks are insufficient. We have to be more sophisticated and consider the activity traits and sociology of people, machines, networks and malware. Perhaps most importantly this has to be achieved without degrading the performance of systems, networks, individuals and organisations.

To achieve effective cyber security solutions we have to migrate to a more organic, globally cooperative, and fully networked model that sees a new detection, reaction and solution sharing regime between companies and countries. And as the technology (good and bad) continues to accelerate and spread the end point will most likely be the realisation of a ‘living cyber immune system’ devoid of human intervention.

Statistics

Views

Total Views
1,085
Views on SlideShare
1,083
Embed Views
2

Actions

Likes
0
Downloads
22
Comments
0

1 Embed 2

http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Finding needles in needle stacks  - or  Future aspects of cyber security Finding needles in needle stacks - or Future aspects of cyber security Presentation Transcript

    • Finding Needles in Needle Stacks or Future aspects of Cyber Security Peter Cochrane cochrane.org.uk ca-global.biz COCHRANE a s s o c i a t e s Thursday, 21 November 13
    • le s p n im t i o s o lu n o re r s a a re g u l e h in T s r o Cyber Security - Attacks are growing and are increasingly sophisticated - We need to up our game & become more anticipatory Thursday, 21 November 13
    • Finding the Bent Needles or Needles about to bend The good majority The evil minority The potentially evil Thursday, 21 November 13
    • Cyber INSecurity What we know for sure - There is always a threat - The threat never sleeps - The threat evolves rapidly People are by far the biggest risk factor The perceived threat ⧣ the actual threat The biggest threat is always on the inside Security people are never their own customer The best defenders have been the best attackers Cracking systems is far more fun than defending them The biggest threat is in the direction you are not looking Resources are generally deployed inversely proportional to actual risk Thursday, 21 November 13
    • Breaking into most companies and institutions really isn’t all that difficult! Thursday, 21 November 13
    • big are ges t Th e th rea ts ins ide Equipment Networks Chips Code Ports People Lax: th e W Fi re all Thursday, 21 November 13 Rogue: People Visitors Security Operations
    • No single solution can deal with all forms of attack.... Thursday, 21 November 13
    • Fire Walls and malware protection are certainly not enough... Thursday, 21 November 13
    • Cyber Attacks Major Country Nodes Reproduced Courtesy of Akamai 2013 Thursday, 21 November 13
    • Cyber Attacks M a j o r Tra f fi c Po r t s Reproduced Courtesy of Akamai 2013 Thursday, 21 November 13
    • P r i m a r y C y b e r T a r g e t s Q4 2012 Government 1.0% Auctions 2.07% Classifieds 0.3% Retail 5.12% Social Nets 6.0% Financial 34.4% Other 6.78% ISP 9.5% Gaming 14.7% Payment Services 32.1% Thursday, 21 November 13
    • CyberCrime >> CYBER-SECURITY Not clear which side is spending more on software $Bn >200Bn The cost of cyber crime 200 150 Cyber Defence expenditure 100 50 100Bn 17Bn 0 2004 2005 21Bn 2006 2007 2008 2009 2009 2011 2012 Data Courtesy of Detica 2011 Thursday, 21 November 13
    • Cyber Security Improvements for free ? What will we benefit from if we don nothing ? Thursday, 21 November 13
    • Increasingly transient people & machine behaviour A multi-device, multi-screen, mobile world, of rapidly renewed and replaced devices, new and updated apps With built-in security features automatically updated Connecting on the move via wifi, 3G, 4G, LTE, BlueTooth Any Net Any where BYOD = Fewer corporate constrains and greater variabilities BMOB = Be My Own Boss - shorter assignment periods Thursday, 21 November 13
    • Many networks to attack not just one 3,4,5G, LTE, WiFi WiFi WiMax BlueTooth ++ Thursday, 21 November 13
    • Many OS types to attack not just one Thursday, 21 November 13
    • Many applications to attack not just one Thursday, 21 November 13
    • Huge device variance Interface Boards Chips Config Firmware Thursday, 21 November 13
    • Huge hardware and circuit variance Circuitry Layout Antennas Analogue Design Facilities Thursday, 21 November 13
    • Far more variable human and device connection behaviours O rid nG On & Off Grid Off Thursday, 21 November 13 Grid
    • A fast spreading realisation that this really isn’t good enough! Thursday, 21 November 13
    • No One security technique is sufficient Thursday, 21 November 13 The concatenation of multiple low cost methods rapidly delivers a very high level of protection Habits Personal Locations Networks Biometrics Knowledge ++++++++
    • SOMETHINGS What you: are were know drove work on wear own use eat do + Thursday, 21 November 13 Unique to you alone Why you: Who you: work with live with manage mentor dislike +++ How you: talk type stand appear write walk ++ like dislike prefer thought imagined migrated assumed helped failed won ++
    • But what about the cloud ? Thursday, 21 November 13
    • FUTURE NETWORKING The Internet will not Scale ç or economically functionally But Clouds/Cloud working will ! <5Bn People on (and off) line 2013 Thursday, 21 November 13 2025 9Bn People and >> 50Bn Things on line
    • Thursday, 21 November 13
    • RECENT HEADLINE Data courtesy of Cisco. Thursday, 21 November 13
    • Mobile networks but a minor player ! Thursday, 21 November 13
    • Cyber Security ç Clouds change everything More degrees of freedom to exploit that make it all inherently more secure than anything we have seen before Thursday, 21 November 13
    • Axiom.. 1,000,000s of Clouds and not 1 Thursday, 21 November 13
    • And they come in many forms - Corporate Government Private Personal Long term Sporadic Thursday, 21 November 13 - Visible Invisible Dynamic Fixed Mobile Wireless Wired - Open Closed Secure Insecure Regular Unknown Unquantified Experimental
    • Cyber Security ç Hidden by multi-hop depth Corporate/Private /Government Cloud Invisible Cloud Invisible Cloud Invisible Cloud Invisible Cloud Public /Open Cloud Corporate/Private /Government Cloud Diverse routing and increasingly hidden and disguised data storage in depth Thursday, 21 November 13
    • Cyber Security ç In Cloud Gating/Encryption Every Cloud demands a key and all routings are hidden - data parsed/coded Thursday, 21 November 13
    • The Biggest Risk Service providers do not guarantee your data! Thursday, 21 November 13
    • we need SCAlable network Solutions Thursday, 21 November 13
    • This isn’t tenable... Thursday, 21 November 13
    • This is... Thursday, 21 November 13
    • Smart car... Smart gas... Smart net... Thursday, 21 November 13
    • Clouds connect dynamically, driven by need, location, work, groups and associations... Thursday, 21 November 13
    • THE Security Problem Even deeper protection required Thursday, 21 November 13
    • DETECTION BUILT INTO EVERY ELEMENT OF A DEVICE Thursday, 21 November 13
    • On Server On Device In Network In Individual Apps In Hardware Thursday, 21 November 13
    • Honey pot, and malware traps, distributed across the cloud spectrum Thursday, 21 November 13
    • Data decimation and distribution with individual encryption Thursday, 21 November 13
    • ing ss re ing d p d A ic rl m u a n Thursday, 21 November 13 y D p ho
    • Have an alias, be invisible, don’t be what you appear, be there but absent... Ghost Cloud Ghost Device Thursday, 21 November 13
    • Distributed Attacks demand a Distributed Defence Dynamic Attackers necessitate Dynamic Defenders We c a n a c t a l o n e or we can unite and act together Thursday, 21 November 13
    • MORE CYBER-BENEFITS Going for free in the default future Thursday, 21 November 13
    • Fewer full time people and less predictable corporate/ network/ device/ behavior Thursday, 21 November 13
    • People job and location Half Life getting shorter Thursday, 21 November 13
    • Mean Time to Destruction unknown! Data Half Life getting shorter and shorter Thursday, 21 November 13
    • The Ace in the Hole Global Cooperation Device, App, Network Thursday, 21 November 13
    • Finding Those Needles The sociology and habits of Applications Networks Machines Software Malware People Bugs ++ Thursday, 21 November 13
    • Things cooperate inter and extra community to defeat attacks We all own multiple clouds Thursday, 21 November 13 THE END GAME AI systems monitor activities and identify trends to then anticipate and fend off all attacks Auto-immune response systems emerge as part of the overall evolving behaviours
    • “Speed is the essence of war. Take advantage of the enemy's u n p re p a re d n e s s ; t r ave l b y unexpected routes and strike him where he has taken no precautions” The Art of War by Sun Tzu, 600 BC Thursday, 21 November 13
    • Thank You cochrane.org.uk ca-global.org COCHRANE a s s o c i a t e s Thursday, 21 November 13