• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SecureIT 2014 - Data Security Protecting Businesses and National Assets - Rajesh Kumar, Technical Consultant, Juniper Networks
 

SecureIT 2014 - Data Security Protecting Businesses and National Assets - Rajesh Kumar, Technical Consultant, Juniper Networks

on

  • 250 views

SecureIT 2014 - Data Security Protecting Businesses and National Assets - Rajesh Kumar, Technical Consultant, Juniper Networks

SecureIT 2014 - Data Security Protecting Businesses and National Assets - Rajesh Kumar, Technical Consultant, Juniper Networks

Statistics

Views

Total Views
250
Views on SlideShare
224
Embed Views
26

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 26

http://secureit.eletsonline.com 25
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • GOOD AFTERNOON ESTEEMED PANELISTS LADIES AND GENTLEMEN.TODAY WHEN WE THINK OF SECURITY , WE ALWAYS LOOK AT PROTECTING THE CRITICAL INFORMATION, ASSETS ETC… FROM BAD ACTORS OR UNKONOWN THREATS. The problem starts with traditional security approach , like fortifying the perimeter defenses, creating impervious walls, relying on signatures and attempting to passively keep attackers from stealing data thinking that relies on an outdated “Castle and Moat” strategy, that has largely failed at stopping hackers because of four fatal flaws: Realistically there will always be attackers seeking to gain advantage and the reality is hacking problem cannot be solved but it can be procatively managedTrditionallFirst, Web app firewall technology is signature-based, so it is vulnerable to zero-day attacks, and false positives, which keep them from serving as an IPS. ---Only logging known threats, is like providing someone pictures of their house after it burns down. --- What you need is a smoke alarm. ---- Too add insult to injury, web app firewalls require their customers to write their own signatures. Most customers don’t have the resources or expertise to write these rules, and are competing against a virtually infinite number of holes.2. Second, your attack surface is static, which makes it easy for attackers to understand your infrastructure and enables them to use automated tools to quickly find the holes.3. Third, they are vulnerability-centric versus attacker-centric, so they don’t understand the capabilities and intent of the attackers.4. Fourth, current solutions are reactive, forcing you to play defense as you wait for the next attack.
  • Fact92% of breaches come from the outside152% of breaches are due to hacking170% of all attacks are at the web application layer273% of organizations were hacked in the past two years through Web applications375% driven by financial motives66% of breaches took months or more to discover4ImpactAverage cost due to data breach: $8.9m4Average annual cost incurred from a DDoS attack: $3.5M3
  • But first, I want to you to think about something: When was the last time you were deceived? Taken? Hoodwinked? Cuckolded? Mislead? Cheated? As Sun Tzu once said, “all warfare is deception.”NEED GREAT IDEA HERE TO START WITH DECEPTION/EXCITEMENT!! (Mission Impossible-style mask tear off?)
  • In the single greatest battle fought during World War 2, not a single shot was fired.It was 1943, and the war was well under way as American, British and Canadian troops were amassing in the UK in preparation for an attack into Northern Europe.The Germans knew an attack was imminent and began to prepare troops to defend. The intelligence and troop buildups said the attack was likely going to happen at the narrowest point on the English Channel, the Port of Calais.Unfortunately, the English Channel was the site of many failed crossings in history including The Spanish Armada and Napoleon Bonaparte’s navy. The Allies were going to have to be perfect.On June 9th Hitler himself ordered his troops to stay at Calais, and even diverted troops heading for another potential site called Normandy to further reinforce Calais.Why did he send the troops to Calais?
  • They believed there were upwards of 50,000 soldiers on the other side of the Channel about to descend on Calais.What the Germans didn’t realize though, is that they were fighting against a very different enemy.The greatest deception in history.This an M4 Sherman tank, that weighs over 66,000 pounds being carried by four men across the battlefield. No, these are not supermen built in a lab somewhere, these are four artists carrying a 93 pound rubber inflatable tank to the next spot in the “battle”
  • Phase 1: Silent ReconnaissanceAttackers profile physical and virtual devices and applications Phase 2: Attack Vector EstablishmentWeaknesses in attack surface identified for attack Phase 3: Attack ImplementationAttacks launched to take control of device, application or VM. Can be used to begin further ReconnaissancePhase 4: Attack AutomationRepeat attack to increase effectiveness, increase Profit or extract more dataPhase 5: MaintenanceEvade patching and remediation measures to stop the attack
  • The secondstory I want to share with you is about the challenge of tracking and identifying.
  • When is the security industry going to stop building Bertillon’s?
  • When is the security industry going to stop building Bertillon’s?
  • My third story is about the power of being connected.
  • Los Angeles not only has the worst traffic imaginable, but also has 1.7 Million fingerprints on file. 1.7 million… imagine what it would take to sort through those cards manually trying to match a pair of fingerprints left at a crime scene. It would take roughly sixty seven years to find a single one.If you are looking for a serial killer, they’ll die of natural causes before you find them.
  • Joe98

SecureIT 2014 - Data Security Protecting Businesses and National Assets - Rajesh Kumar, Technical Consultant, Juniper Networks SecureIT 2014 - Data Security Protecting Businesses and National Assets - Rajesh Kumar, Technical Consultant, Juniper Networks Presentation Transcript

  • EVOLUTION OF THREATS: ATTACK STRATEGIES HAVE CHANGED of breaches come from the outside1 Source: 1 Verizon DBIR 2013 2 Gartner 3 Ponemon Institute, 2013 4 2012 Cost of Cyber Crime Study, Ponemon Institute, 2012 92% 52% 70% 73% 75% 66% of breaches took months or more to discover4 of breaches are due to hacking1 of all attacks are at the web application layer2 of organizations hacked in the past 2yr through WebApp3 driven by financial motives
  • SUN TZU More Sophisticated Attacks Complex Heterogeneous Infrastructure Explosion of Information Increased Cost of Incidents Security Threat Landscape
  • Cyber Attack Trends Time between initial attack and initial compromise Source: Data Breach Investigations Report: A study conducted by the Verizon RISK team “ For the vast majority of incidents (72%), attackers are able to compromise the victim very quickly (minutes or faster) “
  • Cyber Attack Trends Time between initial compromise and discovery Source: Data Breach Investigations Report: A study conducted by the Verizon RISK team “ In over half of the incidents investigated, it took months, sometimes even years—for this realization to dawn “
  • Have You Ever Been Deceived? As Sun Tzu once said, “all warfare is deception.”
  • As famed hacker Kevin Mitnick wrote a book called “ The art of Deception.” “ If deception can be used for attack can it be used for Cyber Defense.” CHANGING THE GAME?
  • Silent Recon Establish Attack Vector Implement Attack Automate Attack Maintenance Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 5 PHASES OF ATTACK Attackers profile physical and virtual devices and applications Weaknesses in attack surface identified for attack Attacks launched to take control of device, application or VM. Can be used to begin further Reconnaissance Repeat attack to increase effectiveness, increa se Profit or extract more data Evade patching and remediation measures to stop the attack
  • INTRUSION DECEPTION
  • App Server Client Server Configuration Network Perimeter DatabaseFirewall Query String Parameters Tar Traps Hidden Input Fields ATTACKER TRIPS A TAR TRAP Mary13 Attacker=
  • Track.
  • IP Address is the new Bertillon
  • IP Address is the new Bertillon
  • FINGERPRINT OF AN ATTACKER Browser version Fonts Browser add-ons Timezone IP Address attributes used to create the fingerprint. 200+ False Positives availability of fingerprints ~ Real Time nearly zero Specificity Who is Behind the IP ?
  • Share.
  • Fingerprints are Useless Until Shared
  • JWAS Customer A JWAS Customer B Spotlight Secure Mary13 UPDATING SPOTLIGHT
  • Mary13 JWAS Customer A JWAS Customer B SOPTLIGHT UPDATE Global Name Local Name JWAS Device Bob112 Mary13 4X12J8
  • ? Joe196 JWAS Customer A JWAS Customer B SPOTLIGHT LOOKUP Global Name Local Name JWAS Device Bob112 Mary13 4X12J8
  • DDoS SECURE – How does it work • Packet validated against pre-defined RFC filters • Malformed and mis-sequenced packets dropped • Individual IP addresses assigned CHARM value • Value assigned based on IP behaviours Low CHARM Value Medium CHARM Value High CHARM Value Mechanistic Traffic First Time Traffic Humanistic, Trusted Traffic
  • Watch Attackers on your Website in Real-Time • From the moment the attacker is first detected, they are monitored. Every attempt is visible in real time, giving you time to respond. Record the Attack • Records every incident triggered by the attacker. You can watch the attack live and review the incidents recorded afterwards. Understand How your Website is Attacked • Learn how various attackers attempt to exploit your site. Seeing the techniques used against your website helps you to be better prepared, and better defend yourself.
  • Security by Deception