Your SlideShare is downloading. ×

Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014

273

Published on

Dave Frymier's, Unisys Vice President and CISO, presentation at Interop 2014 in Las Vegas. …

Dave Frymier's, Unisys Vice President and CISO, presentation at Interop 2014 in Las Vegas.

Today’s media frenzy around consumerization of IT, APTs, Edward Snowden, retail hacks, and other security issues have board rooms buzzing. Hear why many security breaches simply don’t need to happen – and what you can do to protect your most sensitive assets.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
273
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Dave Frymier Vice President and CISO, Unisys Don’t sweat the small stuff – protect what matters the most.
  • 2. © 2014 Unisys Corporation. All rights reserved. 2 Two Big Drivers IT Environment Consumerization of IT • New devices are everywhere; employees will use them – Consumer devices are not generally MS domain aware • Not just about devices—new services on the Internet tunnel port 80 – gotomyPC, logmein – Dropbox • Organizational perimeter crumbling
  • 3. © 2014 Unisys Corporation. All rights reserved. 3 • Enters through spam e-mail, bad websites • “Beacons” back to command and control servers – Reports in – Obtains instructions/more malware • Evades anti-malware software • Low and slow • Looks laterally and vertically in network for high value targets • Can be found through beaconing activity Random spam Spear phishing Bad web site Departmental infrastructure Enterprise Administration (Active Directory) Corporate Jewels ThreatAdvanced Persistent Botnet C&C
  • 4. © 2014 Unisys Corporation. All rights reserved. 4 Who are the Adversaries?
  • 5. © 2014 Unisys Corporation. All rights reserved. 5 Normalization of Element-specific log file data Assets and Vulnerabilities Threat Pattern Database Event Database Asset Inventory and Vulnerability Scanning Scanner Response and Remediation Event Correlation Engine Portal Portal Portal Portal Portal Reporting IncidentsUnisys or Customer Ticketing System Dashboard & Reports Portal Portal Customer Managed Security Elements Element- specific Agents Element- specific Agents Element- specific Agents Security Infrastructure; Network Devices; OS, Application and Data Logs Threatand Vulnerability Alerting Unisys Monitored or Managed Security Elements Security Monitoring Model – SIEM Current countermeasures Intrusion Detection & Prevention Network Firewall & VPN Secure Remote Access Endpoint Security Security Event Monitoring Vulnerability Mgmt. Threat & Vulnerablity Alerting Email Scanning Web Content Security Web Application Security Security Incident Management Application Security Services Network Security Services
  • 6. © 2014 Unisys Corporation. All rights reserved. 6 • It’s mostly after-the-fact • Protects everything the same way • Getting more and more expensive—like big data – Software costs – Storage of all the log and traffic data/meta data – Processing – Network resources to move data from endpoint to SIEM For advanced adversaries, the traditional approach just isn’t working. SIEM The New York Times article retrieved from www.nytimes.com
  • 7. © 2014 Unisys Corporation. All rights reserved. 7 Howis this possible? • The real world follows the laws of physics— the cyber world follows manmade rules that govern the transfer of data • We forget how young the Internet is; it grew like a weed—without much change in the underlying protocols • There are fundamental design flaws – Anonymity and spoofing • Standardization cuts both ways • Software has bugs This is not going to be fixed quickly.
  • 8. © 2014 Unisys Corporation. All rights reserved. 8 Edward Snowden Interview with Guardian readers, June 2013 Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. “ ” SNOWDEN
  • 9. © 2014 Unisys Corporation. All rights reserved. 9 Perimeter – to compartment We’re going from this… … to this
  • 10. © 2014 Unisys Corporation. All rights reserved. 10 RiskAnalysis • Perhaps mankind’s oldest security technique • FIPS-199 – find it on the internet • Output – list of most important assets and who should have access • Build a compartmentalized security model based on need- to-know • Protect and enforce that security model by “hiding” your most important assets so the APT can’t find them
  • 11. © 2014 Unisys Corporation. All rights reserved. 11 Jewels Compartmentalized Corporate Jewels KMC Other BU Apps Business Unit Apps BUIP IAM Any PC, Mac, Linux Authentication Any device that can send a username, password and certificate Messaging Additional Authentication/Authorization as needed 11 Illustrative example only. Corporate Standard Hardened PC Voice Over IP Low Business Impact High Business Impact Medium Business Impact Web User Mobile Gateway Enterprise Architecture
  • 12. © 2014 Unisys Corporation. All rights reserved. 12 Traditional “buffer area” model • Used to separate corporate network from foreign networks • Defense-in-depth • Extending the concept internally is overkill
  • 13. © 2014 Unisys Corporation. All rights reserved. 13 Security zones No defense-in-depth, but much more manageable and less expensive
  • 14. © 2014 Unisys Corporation. All rights reserved. 14 Software defined communities • Systems and users running common software that implements communities of interest (COI) – Strong encryption – Endpoint protection – Trusted encryption key management • Manage users and identities, not IP addresses • Emerging class of products • Vormetric, Unisys, Koolspan
  • 15. © 2014 Unisys Corporation. All rights reserved. 15 Stealth Shim 7. Application 6. Presentation 5. Session 4. Transport 3. Network 1. Physical 2. Link NIC • Software, running on Windows and Linux computers • FIPS 140-2 AES-256 certified cryptography module • Provides compartmentalized security by implementing virtual communities of interest (COI) for predetermined endpoint users • Authenticates and authorizes users based on identity, not network topology • Because it executes between the network and link protocol layers, it has no effect on applications or existing networks • Makes systems undiscoverable by attackers • Supports “clear COI” to allow for incremental integration into existing environments Whatis Unisys Stealth™?
  • 16. © 2014 Unisys Corporation. All rights reserved. 16 Comparison Tiers Zones Software Defined Hides endpoints Yes Yes Yes Network/LAN changes Yes Yes No Application changes No No No Installation disruption High High Low Ongoing maintenance High High Low Staff skill High High Low Cost $$$ $$ $
  • 17. © 2014 Unisys Corporation. All rights reserved. 17 Unisys Stealth Solution Proactive. Scalable. Consistent. A Virtual Web Server B Virtual Web Server A Virtual App Server B Virtual App Server A Virtual DB Server B Virtual DB Server Stealth for Cloud “Safe” Site Corporate Site “Risky” Site Internet Stealth Regional Isolation Stealth Secure Remote Access Enterprise Amazon EC2 VM VM VM VM External Network Windows Client SSVT Protected App Server Protected Database Server Stealth Data Center Segmentation Protected App Server Email Server (unprotected) Internet Stealth for Mobile
  • 18. © 2014 Unisys Corporation. All rights reserved. 18 Summing it up • CoIT and APTs are a fact of life • Adversaries are extremely sophisticated and capable • Current tools aren’t working • The base problems won’t be fixed soon • Modern encryption, properly implemented, WORKS • Identify the most important information and who needs access • Hide this information using compartmentalized need-to- know communities of interest • Keep BYO and consumer devices away from the COIs
  • 19. Thank You David Frymier, Vice President and CISO, Unisys Corporation

×