SlideShare a Scribd company logo

Gartner technologies for Infosec 2014-2015

Download as PPTX, PDF
Samuel Kamuli
Samuel Kamuli
1 of 105
Presentation to Internal Audit & Compliance department by Samuel Kamuli
GARTNER | TOP TEN TECHNOLOGIES FOR INFORMATION SECURITY 2014-2015
PRESENTATION OUTLINE 1. OBJECTIVES OF THE PRESENTATION 2. WHAT IS INFORMATION SECURITY ? 2. WHAT IS THE GARTNER INSTITUTE ? 3.LIST OF THE TOP TEN INFOSEC TECHNOLOGIES 2014-2015 4.CONCEPTS I) ENCRYPTION II) VIRTUALIZATION 5.INFOSEC TECHNOLOGIES FROM 1 TO 10 6. CAVEATS
OBJECTIVES OF THE PRESENTATION 1.The IAC total auditor Initiative. 2.Explore the 2014-2015 top ten technologies for Information security
DEFINITION | INFORMATION SECURITY Information Security refers to the methodologies processes and which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. process es methodologi es unauthorized access, use, misuse, disclosuredestruction, modification, or disruption
GARTNER INSTITUTE | Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. It delivers the technology-related insight necessary for its various clients in over 9,000 distinct enterprises worldwide to make the right decisions, every day. Its clients include CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms and technology investors. www.gartner.c om
| THE MAGIC QUADRANT www.gartner.c om
| THE MAGIC QUADRANT www.gartner.c om
TOP TEN TECHNOLOGIES FOR INFORMATION SECURITY • Endpoint Detection and Response Solutions • Big Data Security Analytics at the Heart of Next-generation Security Platforms • Cloud Access Security Brokers • Adaptive Access Control • Pervasive Sandboxing (Content Detonation) and IOC Confirmation • Machine-readable Threat Intelligence, Including Reputation Services • Containment and Isolation as a Foundational Security Strategy • Software-defined Security • Interactive Application Security Testing • Security Gateways, Brokers and Firewalls to Deal with the Internet of Things
#2 ENCRYPTION | THE NYAKASURA - KYEBAMBE STORY Bo b Alic e Alice’s teacher Hello Alice I want to be with you longer than Fortportal has existed!
#2 ENCRYPTION | THE NYAKASURA - KYEBAMBE STORY Bo b Alic e Alice’s teacher Hello Alice I love the history you Mentioned about Toro = I love you
ENCRYPTION Bob Security admin URA Alice Security admin BoU
VIRTUALIZATION |THE DT SECTION ANALOGY More than 500,000 customers — including 100% of the Fortune 100 — trust VMware as their virtualization infrastructure platform.
VIRTUALIZATION |THE DT SECTION ANALOGY The IAC I DT mgt (RiK and supervisors DT AUDIT Officers DT AUDITS } DT Section
TRIVIA MOMENT: BRAIN VS SUPERCOMPUTER The Tianhe-2 has been developed by the National University of Defense Technology in central China's Changsha city and is capable of 33,860 quadrillion floating-point operations per second (33.86 petaflops). By comparison, IBM researchers have determined that the human brain is capable of36.8 petaflops of data. A calculator needs 10 flops only. vs
# 1 | ENDPOINT DETECTION AND RESPONSE SOLUTIONS The endpoint detection and response (EDR) market is an emerging market created to satisfy the need for continuous protection from advanced threats at endpoints (desktops, servers, tablets and laptops) — most notably significantly improved security monitoring, threat detection and incident response capabilities. These tools record numerous endpoint and network events and store this information in a centralized database. Analytics tools are then used to continually search the database to identify tasks that can improve the security state to deflect common attacks, to provide early identification of ongoing attacks (including insider threats), and to rapidly continuous protection from advanced threats atendpoints (desktops, servers, tablets and laptops) Analytics tools are then used to provide early identification ofongoing attacks (including insider threats), provide remediation
# 1 | ENDPOINT DETECTION AND RESPONSE SOLUTIONS End point Solutio
Nexpose and Metasploit # 1 | ENDPOINT DETECTION AND RESPONSE SOLUTIONS
Market stats http://www.checkpoint.com/testimonials/ Kitabo kya mu 94% of Fortune 100
Market stats http://www.checkpoint.com/testimonials/ Kitabo kya mu 87% of Fortune 500
en.wikipedia.org/wiki/Five_Eyes INFO SEC MOMENT | THE FIVE EYES SIGINT Signal Intelligenc
# 2 | SOFTWARE-DEFINED SECURITY Software defined security is about the capabilities enabled as we decouple and abstract infrastructure elements that were previously tightly coupled in our data centers: servers, storage, networking, security and so on. Like networking, compute and storage, the impact on security will be transformational. Software-defined security doesn’t mean that some dedicated security hardware isn’t still needed — it is. However, like software-defined networking, the value and intelligence moves into software. capabilities enableddecouple and abstract infrastructure elements value and intelligence moves into software.
# 2 | SOFTWARE-DEFINED SECURITY DECOUPLING ANALOGY | Tightly coupled system ELECTRI C COOKE R + POWER = COOKED FOOD UN
# 2 | SOFTWARE-DEFINED SECURITY DECOUPLING ANALOGY | Loosely coupled system GAS / ELECTRI C COOKE R + POWER = COOKED FOOD
# 2 | SOFTWARE-DEFINED SECURITY Unified threat management 1.Firewall 2.VPN. 3.Intrusion Prevention System Etc…
# 2 | SOFTWARE-DEFINED SECURITY
# 2 | SOFTWARE-DEFINED SECURITY Cost is $2 per hourPer day 2 * 24 = $48 Per year $48 * 365 = $17,520 Ush 52.5 Value proposition $1 = Ushs 3,000 USD 1,460 or UGX 4,380,000 per month
# 2 | SOFTWARE-DEFINED SECURITY $181,548 Ushs 544,644,000Save 90.3% !!!!!!!!!!!!!!!!!!!!!!!
# 2 | SOFTWARE-DEFINED SECURITY Network Orchestration
Step 1: Create Linux server from template # 2 | SOFTWARE-DEFINED SECURITY
Step 2: Run Upgrade to install latest updates # 2 | SOFTWARE-DEFINED SECURITY
Step 3 Register it with the network and start serving it traffic # 2 | SOFTWARE-DEFINED SECURITY
Info sec moment |The $I bn Cyber heist www.bbc.com/news/business-31482985 http://www.dailymail.co.uk/news/article-2955277/Computer-hacking-gang-ordered-ATM-machines-dispense-money- stole-tens-millions-UK-banks-largest-cyber-crime-detected.html#ixzz3UXLA0hGG • Up to 100 banks and financial institutions worldwide have been attacked. • Kaspersky Lab estimates $1bn (£648m) has been stolen in the attacks, which it says started in 2013 and are still ongoing. • Attacks have taken place in 30 countries including financial firms in Russia, US, Germany, China, Ukraine and Canada. • They steal money directly from banks and avoid targeting end users.
Info sec moment |The $I bn Cyber heist www.bbc.com/news/business-31482985 http://www.dailymail.co.uk/news/article-2955277/Computer-hacking-gang-ordered-ATM-machines-dispense-money- stole-tens-millions-UK-banks-largest-cyber-crime-detected.html#ixzz3UXLA0hGG How they did it • They did this by sending authentic-looking emails that unsuspecting recipients then clicked on 'spear phishing’ infecting the bank's machines with Carbanak malware • Hackers were then able to infiltrate the internal network and track down administrators computers for video surveillance • Ukrainian ATM was found to be giving out
# 3 | ADAPTIVE ACCESS CONTROL Adaptive access control is a form of context-aware access control that acts to balance the level of trust against risk at the moment of access using some combination of trust elevation and other dynamic risk mitigation techniques. Context awareness means that access decisions reflect current condition, and dynamic risk mitigation means that access can be safely allowed where otherwise it would have been blocked. Use of an adaptive access management architecture enables an enterprise to allow access context-aware access control access decisions reflect current condition enables an enterprise to allow accessfrom any device, anywhererange of corporate assets with mixed risk
# 3 | ADAPTIVE ACCESS CONTROL URA CUSTOMS ANALOGY 1.TAX PAYER WHO DECLARES GOODS AT CUSTOMS – SUPPLICANT 2.TAX PAYER WHO DOESN’T KNOW THEY HAVE/HIDES TAXABLE GOODS- DEVICE WITH OUTDATED ANTI VIRUS 3.TAX PAYER WHO IS AN AEO – IP-PHONE PRIVILEDGES
Cisco Identity Services Engine (ISE) # 3 | ADAPTIVE ACCESS CONTROL ISE ISE BABY!!!
# 3 | ADAPTIVE ACCESS CONTROL - POLICY
# 3 | ADAPTIVE ACCESS CONTROL - PERMISSIONS
# 3 | ADAPTIVE ACCESS CONTROL
#4 | SECURITY GATEWAYS, BROKERS AND FIREWALLS TO DEAL WITH THE INTERNET OF THINGS Enterprises, especially those in asset-intensive industries like manufacturing or utilities, have operational technology (OT) systems provided by equipment manufacturers that are moving from proprietary communications and networks to standards- based, IP-based technologies. More enterprise assets are being automated by OT systems based on commercial software products. The end result is that these embedded software assets need to be managed, secured and provisioned appropriately for enterprise-class use. OT is considered to be the industrial subset of the "Internet of Things," which will include billions of interconnected sensors, devices and systems, industries like manufacturingutiliti es More enterprise assets are beingautomat ed these embedded software assets need to be managed, secured for enterprise- class use"Internet of Things,"
TURKISH PIPELINE BURSTS DUE TO CYBER ATTACK http://arstechnica.com/security/2014/12/hack-said-to-cause-fiery-pipeline-blast-could-rewrite-history-of-cyberwar/ “Attackers gained access to the pipeline's computerized operational controls and increased the pressure of the crude oil flowing inside. By hacking the video and sensors that closely monitored the 1,099-mile Baku-Tbilisi-Ceyhan pipeline, the attackers were able to prevent operators from learning of the blast until 40 minutes after it happened” As investigators followed the trail of the failed alarm system, they found the hackers’ point of entry was an unexpected one: the surveillance cameras themselves. The cameras’ communication software had vulnerabilities the hackers used to gain entry and move deep into the internal network, according to the people briefed on the matter. Once inside, the attackers found a computer running on a Windows operating system that was in charge of the alarm-management network, and placed a malicious program on it. That gave them the ability to sneak back in whenever they wanted.
TURKISH PIPELINE BURSTS DUE TO CYBER ATTACK http://arstechnica.com/security/2014/12/hack-said-to-cause-fiery-pipeline-blast-could-rewrite-history-of-cyberwar/ Having performed extensive reconnaissance on the computer network, the infiltrators tampered with the units used to send alerts about malfunctions and leaks back to the control room. The back-up satellite signals failed, which suggested to the investigators that the attackers used sophisticated jamming equipment,
The 2014 Infiniti Q50
• The 2014 Infiniti Q50 would be the easiest of all to hack because its telematics, Bluetooth, and radio functions all run on the same network as the car's engine and braking systems, for instance, making it easier for an attacker to gain control of the car's computerized physical operations. • The researchers say the 2014 Dodge Viper, the 2014 Audi A8, and the 2014 Honda Accord are the least hackable vehicles. They ranked the Audi A8 as the least hackable overall because its network-accessible potential attack surfaces are separated from the car's physical components such as steering, notes Miller. "Each feature of the car is separated on a different network and connected by a gateway," he says. "The wirelessly connected computers are on a separate network than the steering, which #4 | SECURITY GATEWAYS, BROKERS AND FIREWALLS TO DEAL WITH THE INTERNET OF THINGS
http://www.conlog.co.za/ #4 | SECURITY GATEWAYS, BROKERS AND FIREWALLS TO DEAL WITH THE INTERNET OF THINGS
Tools https://www.paloaltonetworks.com/solutions/industry/scada-and- industrial-control.html SCADA/ICS-specific signatures for Modbus, DNP3, CIP Ethernet/IP, IEC 60870-5-104, OPC http://www.iconlabs.com/prod/products/device-protection/floodgate- defender-appliance #4 | SECURITY GATEWAYS, BROKERS AND FIREWALLS TO DEAL WITH THE INTERNET OF THINGS
INFOSEC MOMENT | THE EQUATION GROUP • Discovered by Kaspersky on February 16, 2015 • The group earned its name through its use of complex cryptographic algorithms to compromise targets. • They have been operating in the shadows for over a decade. • They compromised Seagate, Western Digital, Maxtor, Samsung hard drives and Toshiba Hard drives http://www.digitaltrends.com/computing/decrypt-this-the-equation-groups-scalpel-proves-the-sledgehammer-is- unneeded/#ixzz3UXFza65G http://en.wikipedia.org/wiki/Equation_Group
INFOSEC MOMENT | THE EQUATION GROUP • They developed malware which embeds itself in the firmware that runs the disk and gives command and control servers access to the disk and later computers • It can transfer data from an air-gapped system through USB flash drives • One of their biggest exploits is said to be the stuxnet virus that affected Iran’s nuclear power plants. • Timestamps in the malware seem to indicate that the programmers worked overwhelmingly Monday-Friday in what would correspond to a 08:00-17:00 workday in an Eastern United States time zone http://www.digitaltrends.com/computing/decrypt-this-the-equation-groups-scalpel-proves-the-sledgehammer-is- unneeded/#ixzz3UXFza65G http://en.wikipedia.org/wiki/Equation_Group
#5 | APPLICATION SECURITY TESTING Interactive application security testing (IAST): combines static application security testing (SAST) and dynamic application security testing (DAST) techniques. This aims to provide increased accuracy of application security testing through the interaction of the SAST and DAST techniques. IAST brings the best of SAST and DAST into a single solution. This approach makes it possible to confirm or disprove the exploitability of the detected vulnerability and determine its point of origin in the application code. Static application security Testing (SAST): is a set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. SAST solutions analyze an application from the “inside out” in a non running state. running state. non running state Both running and non-running state
• Higher Confidence Results: Combine the detection of a potential vulnerability found through SAST, with verification through a real- time exploit attempt provided by DAST. IAST determines whether the vulnerability is real and where in the code is located. • Comprehensive Analysis: Tune the DAST analysis based on Coverity’s deep understanding of the application’s entry points and parameters. • Improved Efficiency: Address proven vulnerabilities more quickly and easily from within a unified workflow. http://www.coverity.com/ Kitabo kya mu
•8 of the 10 top global brands •7 of the 10 top aerospace and defense companies •9 of the 10 top technology hardware companies •9 of the 10 top software companies Kitabo kya mu
http://googleprojectzero.blogspot.com/ http://money.cnn.com/2014/07/17/technology/security/google-cyberattacks/ Google project zero
# 6 | MACHINE-READABLE THREAT INTELLIGENCE (MRTI), INCLUDING REPUTATION SERVICES The ability to integrate with external context and intelligence feeds is a critical differentiator for next- generation security platforms. Third-party sources for machine-readable threat intelligence are growing in number and include a number of reputation feed alternatives. Reputation services offer a form of dynamic, real-time “trustability” rating that can be factored into security decisions. For example, user and device reputation as well as URL and IP address reputation scoring can be used in end-user access external context and intelligence feeds “trustability” rating that can be factored into security decisions.user and device reputation as well as URL and IP address end-user access decisions.
http://www.norse-corp.com/darkviking.html
SONY HACK http://www.geek.com/news/sony-just-got-hacked-doxxed-and-shut-down-1610274/ http://money.cnn.com/2015/02/05/media/amy-pascal-resigns-sony/ Repercussions 1.Movies such as Annie leaked. 2.Emails released 3.Sony Co-chair Amy Pascal resigned after 15 years at Sony 4.Financial loss by lost movie revenue and reputation
#6 | DATA LOSS/LEAKAGE PREVENTION Data Leakage Prevention identifies, monitors, and protects data transfer through deep content inspection and analysis of transaction parameters (such as source, destination, data object, and protocol), with a centralized management framework.
1. The Data Loss Prevention Software Blade is enabled on a Security Gateway 3. Security mgt server to install the DLP Policy on the DLP gateway. 4. Proxy server through which data leaves organization 5. Mail server through which information can leave the organization. 6. Active directory to identify internal organization 7. Logging analysis through smartview tracker and Smart event #6 | DATA LOSS/LEAKAGE PREVENTION
1.Create a policy that blocks transfer of videos off the network and to other servers 2. Send the policy out to the monitoring device. #6 | DATA LOSS/LEAKAGE PREVENTION
#7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS Going forward, all effective security protection platforms will include domain-specific embedded analytics as a core capability. An enterprise's continuous monitoring of all computing entities and layers will generate a greater volume, velocity and variety of data than traditional SIEM systems can effectively analyze. Gartner predicts that by 2020, 40 percent of enterprises will have established a "security data warehouse" for the storage of this monitoring data to support retrospective analysis. By storing and analyzing the data over time, and by incorporating context and including outside threat and community intelligence, patterns of "normal" can be established and data analytics continuous monitoring "security data warehouse"support retrospective analysis. patterns of "normal" can be established and data analytics can be used deviations from normal have occurred. including outside threat and community intelligence
#7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
ANALOGY : NETFLIX’S HOUSE OF CARDS #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
Analysis done The same subscribers who loved the original BBC production of House of cards also; • Watched movies starring Kevin Spacey or • Watched movies directed by David Fincher #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT- GENERATION SECURITY PLATFORMS ANALOGY : NETFLIX’S HOUSE OF CARDS
Reaction by Netflix 1. Hired Kevin Spacy as actor and director David Fincher for the new Series 2. Spent $100 million for two 13- episode seasons. #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT- GENERATION SECURITY PLATFORMS ANALOGY : NETFLIX’S HOUSE OF CARDS
Results; 1. Netflix has already earned its $100 million back with profit 2. Added more than 2 million U.S. subscribers that quarter 3. Added another 1 million elsewhere in the world and surpassed HBO. 4. Netflix has since risen to 50 million subscribers globally #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT- GENERATION SECURITY PLATFORMS ANALOGY : NETFLIX’S HOUSE OF CARDS
SCENARIOS 1.User cjuuko logged on to E-tax from separate machines at the same URA campus Reaction: Store as alert #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
SCENARIOS 2. User jkiiza logged on to E-tax from separate machines at the same URA campus Reaction: Send SMS and email to members in security and log as high risk alert for follow up investigation #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
SCENARIOS 3. User ebichetero logged on to Etax from machine at Nakawa HQ and Asyworld from machine at Bunagana. Reaction: Send SMS and email to members in security and log as high risk alert for follow up investigation #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
TOOLS OF TRADE http://www8.hp.com/us/en/software-solutions/siem-security-information-event-management/ #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
TRIVIA MOMENT : SOURCE OF ATTACKS
MURDER IN THE CLOUD Code Spaces was a company that offered developers source code repositories and project management services using Git or Subversion, among other options. It had been going for seven years, and it had no shortage of customers. But it's all over now -- the company was essentially murdered by an attacker. Code Spaces was built mostly on AWS, using storage and server instances to provide its services. Those server instances weren't hacked, nor was Code Spaces' database compromised or stolen. According to the message on the Code Spaces' website, an attacker gained access to the company's AWS control panel and demanded money in exchange for releasing control back to Code Spaces. When Code Spaces didn't comply and tried to take back control over its own services, the attacker began deleting resources. As the message on the website reads: "We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMIs, some EBS instances, and several machine instances." http://www.infoworld.com/article/2608076/data-center/murder- in-the-amazon-cloud.html
#8 | CLOUD ACCESS SECURITY BROKERS Cloud access security brokers are on-premises or cloud-based security policy enforcement points placed between cloud services consumers and cloud services providers to interject enterprise security policies as the cloud-based resources are accessed. In many cases, initial adoption of cloud-based services has occurred outside the control of IT, and cloud access security brokers offer enterprises to gain
#8 | CLOUD ACCESS SECURITY BROKERS
• Spend Optimization • Cost allocation • Resource reporting • Security policy management • Continuous monitoring #8 | CLOUD ACCESS SECURITY BROKERS
http://www.safenet-inc.com/
Netflix simian army #8 | CLOUD ACCESS SECURITY BROKERS
en.wikipedia.org/wiki/Chaos_Monkey #8 | CLOUD ACCESS SECURITY BROKERS
Info Sec moment |Tailored Access Operations (TAO) http://en.wikipedia.org/wiki/Tailored_Access_Operations https://www.schneier.com/blog/archives/2013/12/more_about_the.html https://www.eff.org/deeplinks/2014/03/new-nsa-slides-reveal-tailored- Cyber-warfare intelligence-gathering unit of the National Security Agency (NSA) • They are a last resort for use when other methods of surveillance fail • Largest and arguably the most important component of the NSA's huge Signal Intelligence (SIGINT) Directorate, consisting [more than] 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers
Info Sec moment |Tailored Access Operations (TAO) Operations • Their major tool is called “QUANTUMTHEORY” • It targets Internet service providers including Facebook, Yahoo, Twitter and YouTube. • They have software templates allowing them to break into commonly used hardware, including “routers, switches, and firewalls from multiple product vendor lines • They redirect traffic from these sites to fake servers which have malware that automatically exploits weaknesses on end-user machines e.g. the Belgacom and Huawei incidents. http://en.wikipedia.org/wiki/Tailored_Access_Operations https://www.schneier.com/blog/archives/2013/12/more_about_the.html https://www.eff.org/deeplinks/2014/03/new-nsa-slides-reveal-tailored-
#9 | PERVASIVE SANDBOXING (CONTENT DETONATION) AND INVERSION OF CONTROL (IOC) CONFIRMATION Some attacks will inevitably bypass traditional blocking and prevention security protection mechanisms, in which case it is key to detect the intrusion in as short a time as possible to minimize the hacker's ability to inflict damage or exfiltrate sensitive information. Many security platforms now included embedded capabilities to run ("detonate") executables and content in virtual machines (VMs) and observe the VMs for indications of compromise. This capability is rapidly becoming a feature of a more-capable platform, not a stand-alone product or market. Once a potential incident has been detected, it needs to be confirmed by correlating indicators of compromise across different entities — for example, comparing what a network-based threat detection system sees in a sandboxed environment to what is being observed on actual endpoints in terms of processes, behaviors, registry attacks will inevitably bypass traditional blocking and prevention security minimize the hacker's ability to inflict damage ("detonate") executables and content in virtual machines (VMs) and observe the VMs forindications of compromise.
#9 | PERVASIVE SANDBOXING (CONTENT DETONATION) AND INVERSION OF CONTROL (IOC) CONFIRMATION
Info Sec moment | Hijacking a bank account
#9 | PERVASIVE SANDBOXING (CONTENT DETONATION) AND INVERSION OF CONTROL (IOC) CONFIRMATION 1. Receive an email from enaturinda@ucc.go.ug 2.Email is scanned for viruses and malware using known signature threats, none is discovered but unknown program seen in attachment so email put in vm with 3. Once configuration of the virtual machines changes, email not sent to intended recipient but to threatcloud for analysis. A signature is then developed for it as well as anti-virus signatures developed
#10 | CONTAINMENT AND ISOLATION AS A FOUNDATIONAL SECURITY STRATEGY In a world where signatures are increasingly ineffective in stopping attacks, an alternative strategy is to treat everything that is unknown as untrusted and isolate its handling and as a vector for attacks on other enterprise systems. Virtualization, isolate execution so that it cannot cause permanent damage to the system it is running on and cannot be used action, abstraction and remote presentation techniques can be used to create this containment so that, ideally, the end result is similar to using a separate "air- gapped" system to handle untrusted content and applications. Virtualization and containment strategies will become a common element of a defense-in-depth protection strategy for enterprise systems, reaching 20 percent adoption by 2016 from nearly no signatures are increasingly ineffective in stopping attacks,treat everything that is unknown as untrusted and isolate isolate execution so that it cannot cause permanent damage to the system Virtualization and containment strategies 20 percent adoption by 2016
SaltChiliOilPotassiu m Water en.wikipedia.org/wiki/Matryoshka_doll Analogy | Russian / Matryoshka Doll
CHECKPOINT CAPSULE Check Point Capsule enables organizations to extend their corporate security policy to mobile devices, providing real-time protection against web threats for mobile users outside of the enterprise security perimeter. Check Point Capsule offers the protection of the Check Point Software Blades as a cloud-based service, and ensures that corporate policy is always enforced and corporate data and devices are protected.http://www.checkpoint.com/capsule/
Enterprise trust zone Personal trust zone
Caveat | The Advanced Persistent Threat “There is no such thing as cybersecurity. No system can be 100% secure. There is no uncrackable code.” “The only thing you can do is build the fence higher and higher so that eventually it's not worth it to climb over” Joshua Shaul, Chief technology officer Application Security | Mc Afee
Gartner technologies for Infosec 2014-2015

Recommended

The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?IBM Security
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
Extending QRadar’s reach and simplifying incident response with BigFix
Extending QRadar’s reach and simplifying incident response with BigFixExtending QRadar’s reach and simplifying incident response with BigFix
Extending QRadar’s reach and simplifying incident response with BigFixLuigi Delgrosso
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
Cutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsCutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Cyber threats
Cyber threatsCyber threats
Cyber threatsSonia Baratas Alves
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 

Recommended

The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?IBM Security
 
MDM is not Enough - Parmelee
MDM is not Enough - Parmelee MDM is not Enough - Parmelee
MDM is not Enough - Parmelee Prolifics
 
Extending QRadar’s reach and simplifying incident response with BigFix
Extending QRadar’s reach and simplifying incident response with BigFixExtending QRadar’s reach and simplifying incident response with BigFix
Extending QRadar’s reach and simplifying incident response with BigFixLuigi Delgrosso
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart ThemIBM Security
 
Cutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsCutting Through the Software License Jungle: Stay Safe and Control Costs
Cutting Through the Software License Jungle: Stay Safe and Control CostsIBM Security
 
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarDon’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadarIBM Security
 
Cyber threats
Cyber threatsCyber threats
Cyber threatsSonia Baratas Alves
 
IBM Security Services Overview
IBM Security Services OverviewIBM Security Services Overview
IBM Security Services OverviewCasey Lucas
 
Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
IBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideIBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideFrancisco González Jiménez
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to CyberthreatsIBM Security
 
BigFix White Paper
BigFix White PaperBigFix White Paper
BigFix White PaperContent Rules, Inc.
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"IBM Security
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationSymantec
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Thailand Co Ltd
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerThierry Matusiak
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Security kpi examples
Security kpi examplesSecurity kpi examples
Security kpi examplesbichuklejones
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 

More Related Content

What's hot

Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolioPatrick Bouillaud
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to CyberthreatsIBM Security
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"IBM Security
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructureIntel IT Center
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watsonPrime Infoserv
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataIBM Security
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should KnowIBM Security
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationSymantec
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentIBM Security
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerThierry Matusiak
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?IBM Security
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 

What's hot (20)

Ibm security products portfolio
Ibm security products portfolioIbm security products portfolio
Ibm security products portfolio
 
IBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References GuideIBM Security - 2015 - Client References Guide
IBM Security - 2015 - Client References Guide
 
4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats4 Ways to Build your Immunity to Cyberthreats
4 Ways to Build your Immunity to Cyberthreats
 
BigFix White Paper
BigFix White PaperBigFix White Paper
BigFix White Paper
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"
 
Cloud computing security infrastructure
Cloud computing security infrastructureCloud computing security infrastructure
Cloud computing security infrastructure
 
IBM MaaS360 with watson
IBM MaaS360 with watsonIBM MaaS360 with watson
IBM MaaS360 with watson
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security SimulationPRESENTATION▶ Cyber Security Services (CSS): Security Simulation
PRESENTATION▶ Cyber Security Services (CSS): Security Simulation
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Services
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
QRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the MouseQRadar & XGS: Stopping Attacks with a Click of the Mouse
QRadar & XGS: Stopping Attacks with a Click of the Mouse
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & InvestmentThe ROI on Intrusion Prevention: Protecting Both Your Network & Investment
The ROI on Intrusion Prevention: Protecting Both Your Network & Investment
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itCloud security enforcer - Quick steps to avoid the blind spots of shadow it
Cloud security enforcer - Quick steps to avoid the blind spots of shadow it
 
IBM Security Software Solutions - One Pager
IBM Security Software Solutions - One PagerIBM Security Software Solutions - One Pager
IBM Security Software Solutions - One Pager
 
Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?Are Cloud Apps the Invisible Man?
Are Cloud Apps the Invisible Man?
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 

Viewers also liked

Security kpi examples
Security kpi examplesSecurity kpi examples
Security kpi examplesbichuklejones
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudScientia Groups
 
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM Security
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Robotic Process Automation: A Cohesive View
Robotic Process Automation: A Cohesive ViewRobotic Process Automation: A Cohesive View
Robotic Process Automation: A Cohesive ViewChristopher Manfredi
 

Viewers also liked (9)

Security kpi examples
Security kpi examplesSecurity kpi examples
Security kpi examples
 
Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360Panda Security - Adaptive Defense 360
Panda Security - Adaptive Defense 360
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
Projecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the CloudProjecting Enterprise Security Requirements on the Cloud
Projecting Enterprise Security Requirements on the Cloud
 
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and SecurityIBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
IBM BigFix: Closing the Endpoint Gap Between IT Ops and Security
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
The Rise of Cloud Service Brokerage featuring Gartner and BCBS
The Rise of Cloud Service Brokerage featuring Gartner and BCBSThe Rise of Cloud Service Brokerage featuring Gartner and BCBS
The Rise of Cloud Service Brokerage featuring Gartner and BCBS
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 
Robotic Process Automation: A Cohesive View
Robotic Process Automation: A Cohesive ViewRobotic Process Automation: A Cohesive View
Robotic Process Automation: A Cohesive View
 

Similar to Gartner technologies for Infosec 2014-2015

[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich TopCyberNewsMAGAZINE
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...Shah Sheikh
 
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?Utah Tech Labs
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3
 
TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017Riaan Bellingan
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2FitCEO, Inc. (FCI)
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...GlobalSign
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor DamianITCamp
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupCohesive Networks
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsIRJET Journal
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart buildingDuncan Purves
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud SecurityTudor Damian
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 

Similar to Gartner technologies for Infosec 2014-2015 (20)

[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich Top Cyber News Magazine Daniel Ehrenreich
Top Cyber News Magazine Daniel Ehrenreich
 
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
DTS Solution - ISACA UAE Chapter - ISAFE 2014 - RU PWNED - Living a Life as a...
 
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
 
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxDomain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx
 
TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017TSCM - Technical Surveillance Counter Measures July 2017
TSCM - Technical Surveillance Counter Measures July 2017
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
A History of IIoT Cyber-Attacks & Checklist for Implementing Security [Infogr...
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian2016, A New Era of OS and Cloud Security - Tudor Damian
2016, A New Era of OS and Cloud Security - Tudor Damian
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
Security and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of thingsSecurity and Privacy Big Challenges in Internet of things
Security and Privacy Big Challenges in Internet of things
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart building
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 

Gartner technologies for Infosec 2014-2015

  • 1. Presentation to Internal Audit & Compliance department by Samuel Kamuli
  • 2. GARTNER | TOP TEN TECHNOLOGIES FOR INFORMATION SECURITY 2014-2015
  • 3. PRESENTATION OUTLINE 1. OBJECTIVES OF THE PRESENTATION 2. WHAT IS INFORMATION SECURITY ? 2. WHAT IS THE GARTNER INSTITUTE ? 3.LIST OF THE TOP TEN INFOSEC TECHNOLOGIES 2014-2015 4.CONCEPTS I) ENCRYPTION II) VIRTUALIZATION 5.INFOSEC TECHNOLOGIES FROM 1 TO 10 6. CAVEATS
  • 4. OBJECTIVES OF THE PRESENTATION 1.The IAC total auditor Initiative. 2.Explore the 2014-2015 top ten technologies for Information security
  • 5. DEFINITION | INFORMATION SECURITY Information Security refers to the methodologies processes and which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. process es methodologi es unauthorized access, use, misuse, disclosuredestruction, modification, or disruption
  • 6. GARTNER INSTITUTE | Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. It delivers the technology-related insight necessary for its various clients in over 9,000 distinct enterprises worldwide to make the right decisions, every day. Its clients include CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms and technology investors. www.gartner.c om
  • 9. TOP TEN TECHNOLOGIES FOR INFORMATION SECURITY • Endpoint Detection and Response Solutions • Big Data Security Analytics at the Heart of Next-generation Security Platforms • Cloud Access Security Brokers • Adaptive Access Control • Pervasive Sandboxing (Content Detonation) and IOC Confirmation • Machine-readable Threat Intelligence, Including Reputation Services • Containment and Isolation as a Foundational Security Strategy • Software-defined Security • Interactive Application Security Testing • Security Gateways, Brokers and Firewalls to Deal with the Internet of Things
  • 10. #2 ENCRYPTION | THE NYAKASURA - KYEBAMBE STORY Bo b Alic e Alice’s teacher Hello Alice I want to be with you longer than Fortportal has existed!
  • 11. #2 ENCRYPTION | THE NYAKASURA - KYEBAMBE STORY Bo b Alic e Alice’s teacher Hello Alice I love the history you Mentioned about Toro = I love you
  • 13. VIRTUALIZATION |THE DT SECTION ANALOGY More than 500,000 customers — including 100% of the Fortune 100 — trust VMware as their virtualization infrastructure platform.
  • 14. VIRTUALIZATION |THE DT SECTION ANALOGY The IAC I DT mgt (RiK and supervisors DT AUDIT Officers DT AUDITS } DT Section
  • 15. TRIVIA MOMENT: BRAIN VS SUPERCOMPUTER The Tianhe-2 has been developed by the National University of Defense Technology in central China's Changsha city and is capable of 33,860 quadrillion floating-point operations per second (33.86 petaflops). By comparison, IBM researchers have determined that the human brain is capable of36.8 petaflops of data. A calculator needs 10 flops only. vs
  • 16. # 1 | ENDPOINT DETECTION AND RESPONSE SOLUTIONS The endpoint detection and response (EDR) market is an emerging market created to satisfy the need for continuous protection from advanced threats at endpoints (desktops, servers, tablets and laptops) — most notably significantly improved security monitoring, threat detection and incident response capabilities. These tools record numerous endpoint and network events and store this information in a centralized database. Analytics tools are then used to continually search the database to identify tasks that can improve the security state to deflect common attacks, to provide early identification of ongoing attacks (including insider threats), and to rapidly continuous protection from advanced threats atendpoints (desktops, servers, tablets and laptops) Analytics tools are then used to provide early identification ofongoing attacks (including insider threats), provide remediation
  • 17. # 1 | ENDPOINT DETECTION AND RESPONSE SOLUTIONS End point Solutio
  • 18. Nexpose and Metasploit # 1 | ENDPOINT DETECTION AND RESPONSE SOLUTIONS
  • 19.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. en.wikipedia.org/wiki/Five_Eyes INFO SEC MOMENT | THE FIVE EYES SIGINT Signal Intelligenc
  • 27. # 2 | SOFTWARE-DEFINED SECURITY Software defined security is about the capabilities enabled as we decouple and abstract infrastructure elements that were previously tightly coupled in our data centers: servers, storage, networking, security and so on. Like networking, compute and storage, the impact on security will be transformational. Software-defined security doesn’t mean that some dedicated security hardware isn’t still needed — it is. However, like software-defined networking, the value and intelligence moves into software. capabilities enableddecouple and abstract infrastructure elements value and intelligence moves into software.
  • 28. # 2 | SOFTWARE-DEFINED SECURITY DECOUPLING ANALOGY | Tightly coupled system ELECTRI C COOKE R + POWER = COOKED FOOD UN
  • 29. # 2 | SOFTWARE-DEFINED SECURITY DECOUPLING ANALOGY | Loosely coupled system GAS / ELECTRI C COOKE R + POWER = COOKED FOOD
  • 30. # 2 | SOFTWARE-DEFINED SECURITY Unified threat management 1.Firewall 2.VPN. 3.Intrusion Prevention System Etc…
  • 31. # 2 | SOFTWARE-DEFINED SECURITY
  • 32. # 2 | SOFTWARE-DEFINED SECURITY Cost is $2 per hourPer day 2 * 24 = $48 Per year $48 * 365 = $17,520 Ush 52.5 Value proposition $1 = Ushs 3,000 USD 1,460 or UGX 4,380,000 per month
  • 33. # 2 | SOFTWARE-DEFINED SECURITY $181,548 Ushs 544,644,000Save 90.3% !!!!!!!!!!!!!!!!!!!!!!!
  • 34. # 2 | SOFTWARE-DEFINED SECURITY Network Orchestration
  • 35. Step 1: Create Linux server from template # 2 | SOFTWARE-DEFINED SECURITY
  • 36. Step 2: Run Upgrade to install latest updates # 2 | SOFTWARE-DEFINED SECURITY
  • 37. Step 3 Register it with the network and start serving it traffic # 2 | SOFTWARE-DEFINED SECURITY
  • 38. Info sec moment |The $I bn Cyber heist www.bbc.com/news/business-31482985 http://www.dailymail.co.uk/news/article-2955277/Computer-hacking-gang-ordered-ATM-machines-dispense-money- stole-tens-millions-UK-banks-largest-cyber-crime-detected.html#ixzz3UXLA0hGG • Up to 100 banks and financial institutions worldwide have been attacked. • Kaspersky Lab estimates $1bn (£648m) has been stolen in the attacks, which it says started in 2013 and are still ongoing. • Attacks have taken place in 30 countries including financial firms in Russia, US, Germany, China, Ukraine and Canada. • They steal money directly from banks and avoid targeting end users.
  • 39. Info sec moment |The $I bn Cyber heist www.bbc.com/news/business-31482985 http://www.dailymail.co.uk/news/article-2955277/Computer-hacking-gang-ordered-ATM-machines-dispense-money- stole-tens-millions-UK-banks-largest-cyber-crime-detected.html#ixzz3UXLA0hGG How they did it • They did this by sending authentic-looking emails that unsuspecting recipients then clicked on 'spear phishing’ infecting the bank's machines with Carbanak malware • Hackers were then able to infiltrate the internal network and track down administrators computers for video surveillance • Ukrainian ATM was found to be giving out
  • 40. # 3 | ADAPTIVE ACCESS CONTROL Adaptive access control is a form of context-aware access control that acts to balance the level of trust against risk at the moment of access using some combination of trust elevation and other dynamic risk mitigation techniques. Context awareness means that access decisions reflect current condition, and dynamic risk mitigation means that access can be safely allowed where otherwise it would have been blocked. Use of an adaptive access management architecture enables an enterprise to allow access context-aware access control access decisions reflect current condition enables an enterprise to allow accessfrom any device, anywhererange of corporate assets with mixed risk
  • 41.
  • 42. # 3 | ADAPTIVE ACCESS CONTROL URA CUSTOMS ANALOGY 1.TAX PAYER WHO DECLARES GOODS AT CUSTOMS – SUPPLICANT 2.TAX PAYER WHO DOESN’T KNOW THEY HAVE/HIDES TAXABLE GOODS- DEVICE WITH OUTDATED ANTI VIRUS 3.TAX PAYER WHO IS AN AEO – IP-PHONE PRIVILEDGES
  • 43. Cisco Identity Services Engine (ISE) # 3 | ADAPTIVE ACCESS CONTROL ISE ISE BABY!!!
  • 44. # 3 | ADAPTIVE ACCESS CONTROL - POLICY
  • 45. # 3 | ADAPTIVE ACCESS CONTROL - PERMISSIONS
  • 46. # 3 | ADAPTIVE ACCESS CONTROL
  • 47. #4 | SECURITY GATEWAYS, BROKERS AND FIREWALLS TO DEAL WITH THE INTERNET OF THINGS Enterprises, especially those in asset-intensive industries like manufacturing or utilities, have operational technology (OT) systems provided by equipment manufacturers that are moving from proprietary communications and networks to standards- based, IP-based technologies. More enterprise assets are being automated by OT systems based on commercial software products. The end result is that these embedded software assets need to be managed, secured and provisioned appropriately for enterprise-class use. OT is considered to be the industrial subset of the "Internet of Things," which will include billions of interconnected sensors, devices and systems, industries like manufacturingutiliti es More enterprise assets are beingautomat ed these embedded software assets need to be managed, secured for enterprise- class use"Internet of Things,"
  • 48. TURKISH PIPELINE BURSTS DUE TO CYBER ATTACK http://arstechnica.com/security/2014/12/hack-said-to-cause-fiery-pipeline-blast-could-rewrite-history-of-cyberwar/ “Attackers gained access to the pipeline's computerized operational controls and increased the pressure of the crude oil flowing inside. By hacking the video and sensors that closely monitored the 1,099-mile Baku-Tbilisi-Ceyhan pipeline, the attackers were able to prevent operators from learning of the blast until 40 minutes after it happened” As investigators followed the trail of the failed alarm system, they found the hackers’ point of entry was an unexpected one: the surveillance cameras themselves. The cameras’ communication software had vulnerabilities the hackers used to gain entry and move deep into the internal network, according to the people briefed on the matter. Once inside, the attackers found a computer running on a Windows operating system that was in charge of the alarm-management network, and placed a malicious program on it. That gave them the ability to sneak back in whenever they wanted.
  • 49. TURKISH PIPELINE BURSTS DUE TO CYBER ATTACK http://arstechnica.com/security/2014/12/hack-said-to-cause-fiery-pipeline-blast-could-rewrite-history-of-cyberwar/ Having performed extensive reconnaissance on the computer network, the infiltrators tampered with the units used to send alerts about malfunctions and leaks back to the control room. The back-up satellite signals failed, which suggested to the investigators that the attackers used sophisticated jamming equipment,
  • 51. • The 2014 Infiniti Q50 would be the easiest of all to hack because its telematics, Bluetooth, and radio functions all run on the same network as the car's engine and braking systems, for instance, making it easier for an attacker to gain control of the car's computerized physical operations. • The researchers say the 2014 Dodge Viper, the 2014 Audi A8, and the 2014 Honda Accord are the least hackable vehicles. They ranked the Audi A8 as the least hackable overall because its network-accessible potential attack surfaces are separated from the car's physical components such as steering, notes Miller. "Each feature of the car is separated on a different network and connected by a gateway," he says. "The wirelessly connected computers are on a separate network than the steering, which #4 | SECURITY GATEWAYS, BROKERS AND FIREWALLS TO DEAL WITH THE INTERNET OF THINGS
  • 52. http://www.conlog.co.za/ #4 | SECURITY GATEWAYS, BROKERS AND FIREWALLS TO DEAL WITH THE INTERNET OF THINGS
  • 53. Tools https://www.paloaltonetworks.com/solutions/industry/scada-and- industrial-control.html SCADA/ICS-specific signatures for Modbus, DNP3, CIP Ethernet/IP, IEC 60870-5-104, OPC http://www.iconlabs.com/prod/products/device-protection/floodgate- defender-appliance #4 | SECURITY GATEWAYS, BROKERS AND FIREWALLS TO DEAL WITH THE INTERNET OF THINGS
  • 54. INFOSEC MOMENT | THE EQUATION GROUP • Discovered by Kaspersky on February 16, 2015 • The group earned its name through its use of complex cryptographic algorithms to compromise targets. • They have been operating in the shadows for over a decade. • They compromised Seagate, Western Digital, Maxtor, Samsung hard drives and Toshiba Hard drives http://www.digitaltrends.com/computing/decrypt-this-the-equation-groups-scalpel-proves-the-sledgehammer-is- unneeded/#ixzz3UXFza65G http://en.wikipedia.org/wiki/Equation_Group
  • 55. INFOSEC MOMENT | THE EQUATION GROUP • They developed malware which embeds itself in the firmware that runs the disk and gives command and control servers access to the disk and later computers • It can transfer data from an air-gapped system through USB flash drives • One of their biggest exploits is said to be the stuxnet virus that affected Iran’s nuclear power plants. • Timestamps in the malware seem to indicate that the programmers worked overwhelmingly Monday-Friday in what would correspond to a 08:00-17:00 workday in an Eastern United States time zone http://www.digitaltrends.com/computing/decrypt-this-the-equation-groups-scalpel-proves-the-sledgehammer-is- unneeded/#ixzz3UXFza65G http://en.wikipedia.org/wiki/Equation_Group
  • 56. #5 | APPLICATION SECURITY TESTING Interactive application security testing (IAST): combines static application security testing (SAST) and dynamic application security testing (DAST) techniques. This aims to provide increased accuracy of application security testing through the interaction of the SAST and DAST techniques. IAST brings the best of SAST and DAST into a single solution. This approach makes it possible to confirm or disprove the exploitability of the detected vulnerability and determine its point of origin in the application code. Static application security Testing (SAST): is a set of technologies designed to analyze application source code, byte code and binaries for coding and design conditions that are indicative of security vulnerabilities. SAST solutions analyze an application from the “inside out” in a non running state. running state. non running state Both running and non-running state
  • 57. • Higher Confidence Results: Combine the detection of a potential vulnerability found through SAST, with verification through a real- time exploit attempt provided by DAST. IAST determines whether the vulnerability is real and where in the code is located. • Comprehensive Analysis: Tune the DAST analysis based on Coverity’s deep understanding of the application’s entry points and parameters. • Improved Efficiency: Address proven vulnerabilities more quickly and easily from within a unified workflow. http://www.coverity.com/ Kitabo kya mu
  • 58. •8 of the 10 top global brands •7 of the 10 top aerospace and defense companies •9 of the 10 top technology hardware companies •9 of the 10 top software companies Kitabo kya mu
  • 60.
  • 61. # 6 | MACHINE-READABLE THREAT INTELLIGENCE (MRTI), INCLUDING REPUTATION SERVICES The ability to integrate with external context and intelligence feeds is a critical differentiator for next- generation security platforms. Third-party sources for machine-readable threat intelligence are growing in number and include a number of reputation feed alternatives. Reputation services offer a form of dynamic, real-time “trustability” rating that can be factored into security decisions. For example, user and device reputation as well as URL and IP address reputation scoring can be used in end-user access external context and intelligence feeds “trustability” rating that can be factored into security decisions.user and device reputation as well as URL and IP address end-user access decisions.
  • 62.
  • 64.
  • 65.
  • 66.
  • 67. SONY HACK http://www.geek.com/news/sony-just-got-hacked-doxxed-and-shut-down-1610274/ http://money.cnn.com/2015/02/05/media/amy-pascal-resigns-sony/ Repercussions 1.Movies such as Annie leaked. 2.Emails released 3.Sony Co-chair Amy Pascal resigned after 15 years at Sony 4.Financial loss by lost movie revenue and reputation
  • 68. #6 | DATA LOSS/LEAKAGE PREVENTION Data Leakage Prevention identifies, monitors, and protects data transfer through deep content inspection and analysis of transaction parameters (such as source, destination, data object, and protocol), with a centralized management framework.
  • 69. 1. The Data Loss Prevention Software Blade is enabled on a Security Gateway 3. Security mgt server to install the DLP Policy on the DLP gateway. 4. Proxy server through which data leaves organization 5. Mail server through which information can leave the organization. 6. Active directory to identify internal organization 7. Logging analysis through smartview tracker and Smart event #6 | DATA LOSS/LEAKAGE PREVENTION
  • 70. 1.Create a policy that blocks transfer of videos off the network and to other servers 2. Send the policy out to the monitoring device. #6 | DATA LOSS/LEAKAGE PREVENTION
  • 71. #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS Going forward, all effective security protection platforms will include domain-specific embedded analytics as a core capability. An enterprise's continuous monitoring of all computing entities and layers will generate a greater volume, velocity and variety of data than traditional SIEM systems can effectively analyze. Gartner predicts that by 2020, 40 percent of enterprises will have established a "security data warehouse" for the storage of this monitoring data to support retrospective analysis. By storing and analyzing the data over time, and by incorporating context and including outside threat and community intelligence, patterns of "normal" can be established and data analytics continuous monitoring "security data warehouse"support retrospective analysis. patterns of "normal" can be established and data analytics can be used deviations from normal have occurred. including outside threat and community intelligence
  • 72.
  • 73. #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
  • 74. ANALOGY : NETFLIX’S HOUSE OF CARDS #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
  • 75. Analysis done The same subscribers who loved the original BBC production of House of cards also; • Watched movies starring Kevin Spacey or • Watched movies directed by David Fincher #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT- GENERATION SECURITY PLATFORMS ANALOGY : NETFLIX’S HOUSE OF CARDS
  • 76. Reaction by Netflix 1. Hired Kevin Spacy as actor and director David Fincher for the new Series 2. Spent $100 million for two 13- episode seasons. #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT- GENERATION SECURITY PLATFORMS ANALOGY : NETFLIX’S HOUSE OF CARDS
  • 77. Results; 1. Netflix has already earned its $100 million back with profit 2. Added more than 2 million U.S. subscribers that quarter 3. Added another 1 million elsewhere in the world and surpassed HBO. 4. Netflix has since risen to 50 million subscribers globally #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT- GENERATION SECURITY PLATFORMS ANALOGY : NETFLIX’S HOUSE OF CARDS
  • 78. SCENARIOS 1.User cjuuko logged on to E-tax from separate machines at the same URA campus Reaction: Store as alert #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
  • 79. SCENARIOS 2. User jkiiza logged on to E-tax from separate machines at the same URA campus Reaction: Send SMS and email to members in security and log as high risk alert for follow up investigation #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
  • 80. SCENARIOS 3. User ebichetero logged on to Etax from machine at Nakawa HQ and Asyworld from machine at Bunagana. Reaction: Send SMS and email to members in security and log as high risk alert for follow up investigation #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
  • 81. TOOLS OF TRADE http://www8.hp.com/us/en/software-solutions/siem-security-information-event-management/ #7 | BIG DATA SECURITY ANALYTICS AT THE HEART OF NEXT-GENERATION SECURITY PLATFORMS
  • 82. TRIVIA MOMENT : SOURCE OF ATTACKS
  • 83. MURDER IN THE CLOUD Code Spaces was a company that offered developers source code repositories and project management services using Git or Subversion, among other options. It had been going for seven years, and it had no shortage of customers. But it's all over now -- the company was essentially murdered by an attacker. Code Spaces was built mostly on AWS, using storage and server instances to provide its services. Those server instances weren't hacked, nor was Code Spaces' database compromised or stolen. According to the message on the Code Spaces' website, an attacker gained access to the company's AWS control panel and demanded money in exchange for releasing control back to Code Spaces. When Code Spaces didn't comply and tried to take back control over its own services, the attacker began deleting resources. As the message on the website reads: "We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMIs, some EBS instances, and several machine instances." http://www.infoworld.com/article/2608076/data-center/murder- in-the-amazon-cloud.html
  • 84. #8 | CLOUD ACCESS SECURITY BROKERS Cloud access security brokers are on-premises or cloud-based security policy enforcement points placed between cloud services consumers and cloud services providers to interject enterprise security policies as the cloud-based resources are accessed. In many cases, initial adoption of cloud-based services has occurred outside the control of IT, and cloud access security brokers offer enterprises to gain
  • 85. #8 | CLOUD ACCESS SECURITY BROKERS
  • 86. • Spend Optimization • Cost allocation • Resource reporting • Security policy management • Continuous monitoring #8 | CLOUD ACCESS SECURITY BROKERS
  • 87.
  • 89. Netflix simian army #8 | CLOUD ACCESS SECURITY BROKERS
  • 91. Info Sec moment |Tailored Access Operations (TAO) http://en.wikipedia.org/wiki/Tailored_Access_Operations https://www.schneier.com/blog/archives/2013/12/more_about_the.html https://www.eff.org/deeplinks/2014/03/new-nsa-slides-reveal-tailored- Cyber-warfare intelligence-gathering unit of the National Security Agency (NSA) • They are a last resort for use when other methods of surveillance fail • Largest and arguably the most important component of the NSA's huge Signal Intelligence (SIGINT) Directorate, consisting [more than] 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers
  • 92. Info Sec moment |Tailored Access Operations (TAO) Operations • Their major tool is called “QUANTUMTHEORY” • It targets Internet service providers including Facebook, Yahoo, Twitter and YouTube. • They have software templates allowing them to break into commonly used hardware, including “routers, switches, and firewalls from multiple product vendor lines • They redirect traffic from these sites to fake servers which have malware that automatically exploits weaknesses on end-user machines e.g. the Belgacom and Huawei incidents. http://en.wikipedia.org/wiki/Tailored_Access_Operations https://www.schneier.com/blog/archives/2013/12/more_about_the.html https://www.eff.org/deeplinks/2014/03/new-nsa-slides-reveal-tailored-
  • 93. #9 | PERVASIVE SANDBOXING (CONTENT DETONATION) AND INVERSION OF CONTROL (IOC) CONFIRMATION Some attacks will inevitably bypass traditional blocking and prevention security protection mechanisms, in which case it is key to detect the intrusion in as short a time as possible to minimize the hacker's ability to inflict damage or exfiltrate sensitive information. Many security platforms now included embedded capabilities to run ("detonate") executables and content in virtual machines (VMs) and observe the VMs for indications of compromise. This capability is rapidly becoming a feature of a more-capable platform, not a stand-alone product or market. Once a potential incident has been detected, it needs to be confirmed by correlating indicators of compromise across different entities — for example, comparing what a network-based threat detection system sees in a sandboxed environment to what is being observed on actual endpoints in terms of processes, behaviors, registry attacks will inevitably bypass traditional blocking and prevention security minimize the hacker's ability to inflict damage ("detonate") executables and content in virtual machines (VMs) and observe the VMs forindications of compromise.
  • 94. #9 | PERVASIVE SANDBOXING (CONTENT DETONATION) AND INVERSION OF CONTROL (IOC) CONFIRMATION
  • 95. Info Sec moment | Hijacking a bank account
  • 96.
  • 97. #9 | PERVASIVE SANDBOXING (CONTENT DETONATION) AND INVERSION OF CONTROL (IOC) CONFIRMATION 1. Receive an email from enaturinda@ucc.go.ug 2.Email is scanned for viruses and malware using known signature threats, none is discovered but unknown program seen in attachment so email put in vm with 3. Once configuration of the virtual machines changes, email not sent to intended recipient but to threatcloud for analysis. A signature is then developed for it as well as anti-virus signatures developed
  • 98. #10 | CONTAINMENT AND ISOLATION AS A FOUNDATIONAL SECURITY STRATEGY In a world where signatures are increasingly ineffective in stopping attacks, an alternative strategy is to treat everything that is unknown as untrusted and isolate its handling and as a vector for attacks on other enterprise systems. Virtualization, isolate execution so that it cannot cause permanent damage to the system it is running on and cannot be used action, abstraction and remote presentation techniques can be used to create this containment so that, ideally, the end result is similar to using a separate "air- gapped" system to handle untrusted content and applications. Virtualization and containment strategies will become a common element of a defense-in-depth protection strategy for enterprise systems, reaching 20 percent adoption by 2016 from nearly no signatures are increasingly ineffective in stopping attacks,treat everything that is unknown as untrusted and isolate isolate execution so that it cannot cause permanent damage to the system Virtualization and containment strategies 20 percent adoption by 2016
  • 100. CHECKPOINT CAPSULE Check Point Capsule enables organizations to extend their corporate security policy to mobile devices, providing real-time protection against web threats for mobile users outside of the enterprise security perimeter. Check Point Capsule offers the protection of the Check Point Software Blades as a cloud-based service, and ensures that corporate policy is always enforced and corporate data and devices are protected.http://www.checkpoint.com/capsule/
  • 101.
  • 103.
  • 104. Caveat | The Advanced Persistent Threat “There is no such thing as cybersecurity. No system can be 100% secure. There is no uncrackable code.” “The only thing you can do is build the fence higher and higher so that eventually it's not worth it to climb over” Joshua Shaul, Chief technology officer Application Security | Mc Afee