Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats.
Some highlighted topics include:
- How the shift in attacker motivations has impacted today's threat landscape
- Why preventative techniques alone can no longer ensure a secure environment
- Which strategies need to be considered for a holistic approach to security
- What next steps you can take towards identifying your best strategy against attacks
2. Agenda
1
how the shift in
motivations has
impacted today’s
threat landscape
3
2
why preventative
techniques alone can no
longer ensure a secure
environment
which strategies need
to be considered for a
holistic approach
to security
4
next steps can you take
towards identifying your
best strategies against
cyber-attacks
2
7. Targeted Attacks are More Pervasive,
But Not Always Persistent
Exponential Threats
Every second…
9
1
new pieces
of malware
discovered
new threats
targeting
SMBs
Emboldened Attackers
NIST’s Definition of APT:
ü “It pursues its objectives repeatedly over an
extended period of time”
ü “It adapts to defenders’ efforts to resist it”
ü “It is determined to maintain the level of
interaction needed to execute its objectives”
7
Sources: National Institute of Standards and Technology | Trend Micro, June 2013 | Peter Singer and Allan Friedman of the Brookings Institution
8. Customers Are Not Staying Ahead
of The Attacks
39%
are effective in
preventing
APTs
44%
are effective in
containing
APTs
49%
are effective in
detecting
APTs
8
APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
9. Security Pros, Execs & The Board Know
There’s a Problem, Just Not How To Solve It
96%
security practitioners are
at least somewhat
familiar with APTs
53%
security practitioners do
not believe APTs differ
from traditional threats
AV & FW / IDS
13%
non-IT execs are
fully aware of APTs
and their impact
are the most used solutions to
address APTs according to recent
surveys by ICASA and Ponemon
9
APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
10. Exploits and Malware Evolve
and Evade Current Solutions
76%
evade
prevention
by AV
72%
evade
detection
by IDS
56%
evade detection or
containment by endpoint
-based sandboxes
“While these controls are proficient for defending against traditional
attacks, they are probably not as suited for preventing APTs” -- ICASA
10
State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
11. Let’s Stop The Insanity
Stop Reacting
So-called “best-of-breed”
solutions are failing to
stop sophisticated cyberattackers, and the latest
"magic box” is not going
to outsmart them
Start Thinking Deeply
& Acting Broadly
ü Analyze our risks:
who will attack us, why & where?
ü Assess our investments:
are we measuring their success?
ü Craft a multi-tiered strategy
11
12. Predictive Defense & Prevention
Reduce the risk of security breaches by:
ü Reducing the attack surface
ü Layering threat protection
12
13. Implement The “Least Privilege” Principle
But ultimately, what enables the breach is by
exploiting trust
Systems may be exploited via phishing user
credentials or software vulnerabilities
13
14. SMBs Become The New Trojan Horse
In A Supply Chain Attack
Why storm the castle walls,
when you can be invited in.
36%
of targeted attacks impact
SMBs as of 1H2012;
2x more than in 2011
14
Source: Symantec
15. Best Practices Aren’t Always Practical
and They’re Never Enough
75%
65%
hadn’t deployed
viable patches due
to the cost of
downtime
used apps with a
known vulnerability
but without a
viable patch
64%
31%
52%
used apps with a known
vulnerability and
hadn’t deployed a
viable patch
believed patching
effectively stopped
most opportunistic
attacks
believed patching
effectively stopped
most targeted
attacks
15
APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
16. Implement Security Enforcement
On and Off Network
52%
say you can’t solely
protect networks against
adv. malware, must also
protect endpoints
16
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
17. Implement Security Enforcement
On and Off Network
52%
51%
use endpointbased sandboxing
technologies
report that its
difficult to
manage
43%
report that it
negatively
affects UX
17
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
18. Implement Security Enforcement
On and Off Network
18
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
19. Quick Detection & Containment
65%
believe you can’t prevent
adv. malware from infecting
networks & devices; focus
more on detection vs.
prevention
Reduce the impact of security breaches by:
ü Obtaining coverage and visibility
ü Monitoring network activity
ü Sharing security intelligence
Sources: APT survey by ICASA, Feb 2013 | State of Advanced Persistent Threats survey by Ponemon Institute, Dec 2013
19
20. Obtain Coverage & Visibility
Get an eye in the sky
to see everything that
accesses your data
and infrastructure
20
26. Realign Your Security Investments
1. Given the nature of your organization,
why would you be attacked?
7. Have you taken measures to
reduce your overall attack surface?
2. Which of your assets align to attacker motives?
8. Have you applied consistently high security
standards throughout your organization?
3. Where are the vulnerabilities among your
assets, supply chain vendors, partners,
services providers and customers?
9. Do you have visibility into cloud and DNS activity that
could affect your network, your system, your data?
4. How secure are your assets in the cloud
or on the devices your employees use?
10. Have you made sufficient investments in education and
training among your employees and partners?
5. How might these vulnerabilities be exploited?
11. Based on your assessments of the above,
which tactics/techniques would be most likely to
minimize and/or mitigate the impact of an attack?
6. What preventive tactics are currently
in place and how effective are they?
“Before we know about any new virus, somebody has to be a sacrificial
lamb and die and tell us about it. It's an awful way of doing things.”
-- CTO of McAfee’s Endpoint Solution Division
26
28. The World’s Leader for Cloud-Delivered Network Security
Threat Protection Beyond DNS
July 2013
Data Analytics Predict Threats
February 2013
Customers
10,000+ Businesses
Fully-Staffed Security Research Team
December 2012
Network Security Beyond the Perimeter
November 2012
Secures Over 50M Daily-Active Users
May 2012
Partners with Threat Feed Providers
September 2009
First Anti-Phishing Clearinghouse
October 2006
we're
World’s Largest Internet Security Network
July 2006
Employees
Investors
160+ Across
San Francisco
& Vancouver
Greylock
Sequoia
Sutter Hill
28
29. Acquires data from
2%
of the Internet
AMERICAS
1M+ events per second
50M+ daily-active users
160+ countries
22 data centers
EUROPE, MIDDLE
EAST & AFRICA
ASIA-PACIFIC
(and more coming)
29
30. Connect with confidence.
Anywhere. Anytime. On any device.
Every day, we block
80M+
security events over
• any
port
• any protocol
• any app
30
31. Predictive security. Panoramic visibility.
Enforcement everywhere.
Service
Security Graph
Umbrella
Platform
intelligence
enforcement
Purpose
predict threats
before they happen
using big data analytics
prevents infections
or contains breaches
on or beyond the network
Manageability
0: net new latency
100%: global network uptime
<30min: to complete provisioning
<1min: to update actionable intelligence
0: maintenance required to keep up to date
31
32. Them: Catch up.
Us: Evolve.
Them
Us
network-centric
cloud-centric
ponderous
nimble
reactive
proactive
need evidence
see patterns
fragmented
holistic
32
33. • Leverage
the World’s largest Internet security
network to block threats no other vendor covers.
• Set
up our free, instant trial in under 30 minutes.
OpenDNS
Connect with confidence.
33