Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Michael Crosno (Security Landscape) Geekfest


Published on

Changing the security landscape

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Michael Crosno (Security Landscape) Geekfest

  1. 1. Changing Security Landscape
  2. 2. CNET, 2013 Cyber Crime Market Page 2Click Security Confidential Criminal Action Estimated Costs Global Cyber Activity $300 billion – $1 trillion Drug Trafficking $600 billion Piracy $1 billion – $16 billion Globally, we spend $70 billion per year to stop the bad guys The bad guys are making $300+ billion a year
  3. 3. Why Security Systems are Failing Page 3Click Security Confidential  Attack Surfaces  Adversaries  Enterprise Defenses
  4. 4. Expanding Attack Surfaces Page 4Click Security Confidential Humans 78% of IT professionals consider employees as the biggest security threat 508 is the average number of applications in an enterprise Networks 5.2 is the average number of devices per knowledge worker connecting to a network Software Citrix, 2013 Forbes, 2014 Ponemon Institute, 2015
  5. 5., 2015. Evolution of Adversaries Page 5Click Security Confidential $1,300 is the average attacker payment for a banking Trojan 400,000 hackers estimated in China alone & growing daily Malware Explosion # Skilled Hackers Black Market 383,000 new malware variants every day US Intelligence,,, 2015
  6. 6. Overwhelmed Defenses Page 6Click Security Confidential 1-3 is the average number of headcount devoted to IT security 64% of US companies face 10,000+ alerts per month Point Products Insufficient Workloads Increasing Budgets Underfunded 8% of incidents are detected by endpoint, firewall & network solutions FireEye, 2015 FireEye, 2015Verizon DBIR, 2013
  7. 7. Impact on your Enterprise Page 7Click Security Confidential 32 is the average number of days to resolve & lockdown an attack 173 is the average number of days from infiltration to discovery $8.9m is the cost of the average enterprise breach Escalating Costs Slow to Discover Long to Resolve Verizon 2012 DBIR Ponemon Institute,, 2012
  8. 8. Stuxnet – Iran’s Nuclear Power Plants Page 8Click Security Confidential
  9. 9. Dave & Buster’s Restaurant Page 9Click Security Confidential
  10. 10. D&B – Slow and Methodical Page 10Click Security Confidential Event Date Time Kill Chain Description of Actor’s Activities Dave & Busters Feb. 1 0 1 Estonian and Ukrainian intruders scan /evaluate restaurant internet-facing connections Dave & Busters Mar. 1 28 2 Estonian and Ukrainian intruders breached network security controls at a restaurant Dave & Busters Mar. 2 1 4 Intruders breach a poorly secured retail system with internal network access, explore network Dave & Busters Mar. 15 13 3 Yastremskiy and Suvorov contract Albert Gonzalez to customize sniffer for DB network Dave & Busters Apr. 1 17 4 Intruders used network access to install packet sniffer designed to capture track 2 credit card data Dave & Busters Apr. 15 14 5 The initial tests of the sniffer failed by crashing or failing to record data Dave & Busters Apr. 15 0 5 Revised packet sniffer often failed to capture the intended information Dave & Busters Sept. 1 139 5 Over 6 months intruders improved, tested and monitored their tools Dave & Busters Sept. 22 1 6 Intruders establishing reliable and persistent control of the restaurant environments Dave & Busters Sept. 3 1 6 Intruders prepare for breaching the corporate network in Dallas Dave & Busters Sept. 15 12 5 Corporate servers breached, and admin passwords allow access to network devices Dave & Busters Sept. 16 1 7 Intruders install the refined tools at 11 locations without detection Dave & Busters Sept. 17 1 8 Packet capture tools return over 130,000 credit cards' full track data Dave & Busters Sept. 30 13 10 The intruders were eventually blocked and identified by financial records
  11. 11. New Model for Security Page 11Click Security Confidential The bad guys are going to get in – how do you find them before they do damage?
  12. 12. Transformational Changes Page 12Click Security Confidential Current Security Practices • Blocking & preventing attacks will work • Big data produces better results • Monitoring events will find bad actors • Canned rules in SIEM’s are enough Future Solutions Focus • Detection, profiling & lockdown • Adversary monitoring & investigation • Actor kill-chain visualization & analysis • User created analytics & sharing Focus on what they do, not what they use…
  13. 13. Page 13Click Security Confidential