2015 security trends so far. Information Security is undergoing huge growth and changes. The general public is now more than ever painfully aware of IT Security. Technology is changing at an accelerated rate, threats are evolving almost at the same pace.
2. About Terra Verde
Terra Verde provides customized risk
management services and solutions to your
business.
Our mission is to provide value driven, high quality
cybersecurity services and solutions our clients will
recommend to their associates, partners and peers.
1
3. Trend Trend Trend Trend
Trends
2015 Top Security Trends
Information Security is undergoing huge growth and changes.
The general public is now more than ever painfully aware of IT
Security. Technology is changing at an accelerated rate, threats
are evolving almost at the same pace.
• Data from our Scottsdale Security Operations Center (SOC)
• Virtualization
• Monitoring, Defense, Testing, Intelligence
• Network, Cloud, Mobility
• Identity and Access Mgmt.
• PCI DSS Compliance
2
4. Data from our SOC (1/2)
At Terra Verde we operate a Security Operations Center
monitoring security related events for thousands of systems
nationwide. From January 2015 until yesterday these are the top
events flooding our Security Information and Event Management
systems:
• Outdated clients (including frameworks): flash, java, PHP.
• Automated attacks are targeting these outdated systems.
• Vulnerable clients susceptible to Heartbleed and POODLE are
being attacked.
• CHS systems was hacked due to this weakness
(https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-
exclusive-trustedsec/)
3
5. Data from our SOC (1/2)
• XSS "cross-site scripting“ attacks are on the rise.
• Combined phishing attacks with Stored XSS are making a comeback.
• Shellshock exploits are being attempted at an increased rate.
• BrowserStack was hacked vie ShellShock
(http://www.esecurityplanet.com/network-security/browserstack-
hacked-via-shellshock.html)
4
6. Data from our SOC (2/2)
• Attempted SQL injections are evolving.
• Reconnaissance scanning from high threat countries such
as China and Russia have increased in 2015 Q1.
• The use of exploit kits including angler, fiesta, magnitude
and nuclear are gaining popularity.
5
7. Virtualization (1/2)
• Security is being Virtualized
• Most solutions we grew accustomed to in data centers are
now readily available and deployable in the cloud. Anything
from routers and switched to specialized appliances.
• Security controls are now residing in the cloud.
• More and more organizations are migrating from data
centers to the cloud. With those migrations technical
security controls are now in the cloud as well. The
challenge is brokering the co-existence of these solutions.
6
8. Virtualization (2/2)
• Unified Threat Management
• SIEMs and other sophisticated monitoring solutions are evolving to
correlate live data to system’s events, potential threats, likelihood
and providing actionable data.
• Hybrid Environments
• Virtualization efforts are leaving behind hybrid environments. Full
migration is not possible every time. Deploying security controls
and administering in both the physical data center and the cloud
are posing a new set of challenges for organizations.
7
9. Monitoring, Defense, Testing, Intelligence (1/2)
• Threat detection and response
• Monitoring, Protection and Response are no longer
enough. The model is evolving to the realms of
avoidance. The new model is becoming: Detect,
Respond, Predict and Prevent.
• Big data security analytics
• Defenses against targeted attacks are now driven by
risk and justified by data analytics and
aggregation.
8
10. Monitoring, Defense, Testing, Intelligence (2/2)
• Security intelligence
• Security intelligence is improving significantly. It no
longer serves one audience (IT) it is now serving the
business too.
• Context-aware controls
• Next generation data loss prevention tools can be
adjusted to deal with multiple contexts: endpoint,
network, user, entity, channels, products and
analytics.
9
11. Network, Cloud, Mobility (1/3)
• UTM – Unified Threat Management is not quite integrated at
all levels and all devices. There are still some limitations in
terms of support and compatibility with all nodes that
generate security related events.
• Cloud Access Security brokerage services
• Contextual information from physical and virtual assets are leading to
policy decisions around:
• Operations: load balancing, access control, content delivery network
optimization, etc.
• Security: identity management, logging, monitoring, data loss prevention,
malware analysis, etc.
10
12. Network, Cloud, Mobility (2/3)
• Website protection
• Web application firewalls are being put to the test and they are
delivering exceptional services (not after some pain, you get what
you pay for and more importantly what you configured for)
• "Brobot" and "Kamikaze/Toxin“ botnets keep being used to launch
DDOS attacks toward financial institutions. Compromised high
bandwidth webservers with vulnerable content management
systems (CMS) are being used to upload attack scripts to the high
bandwidth servers.
11
13. Network, Cloud, Mobility (3/3)
• Endpoint breach shifting to mobile devices
• Increased number of threats are targeting mobile platforms.
• Researchers have demonstrated success rate of over 90%
(http://www.fiercewireless.com/tech/story/researchers-demo-92-
success-rate-hacking-smartphone-apps/2014-08-24)
• Smartphone-based POS applications attacks are on the rise.
• Mobile POS and app-based wallets are being targeted
• Most attacks on mobile devices still require human collaboration:
• Trojan, Trojan downloaders, Trojan-SMS, Trojan-spy,
backdoors, adware, etc.
12
14. PCI DSS Compliance
Payment Card Industry (PCI DSS)
• Version 3.0 introduced multiple challenges:
• Legal agreements 12.8.2
• Secure protocols (SSL)
• Card Data environments scope are increasingly challenged with
cloud solutions.
• Tokenization offers and solutions are not articulating vendor’s
responsibilities.
• EMV implementation deadlines are fast approaching.
• Requirement 9.9: Physical access and point of sale
13
16. About Terra Verde
About
• Established in 2008
• Headquartered in Scottsdale
• Payment Card Industry Qualified
Security Assessor – PCI QSA
• Pragmatic solutions to solve
problems
15
Key differentiators
• Objective and certified
• Experienced & dedicated
• Service team averages 18 years
experience
Primary markets served
• Health Care
• Financial Institutions
• Gaming/Hospitality
• Retail
• Technology
Background
• 40 FTEs
• Hundreds of engagements performed
worldwide
• Largest AZ headquartered security
company