Security at the Breaking Point: Rethink Security in 2013

702 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
702
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security at the Breaking Point: Rethink Security in 2013

  1. 1. Security at the Breaking Point: Rethink Security in 2013 presented by Gidi Cohen CEO and Founder Skybox Security November 2, 2012 www.skyboxsecurity.com © 2012 Skybox Security 1
  2. 2. Why can’t we curbsecurity threats? © 2012 Skybox Security 2
  3. 3. The Threat Landscape is Changing Fast“…The threat landscape is not evolvingbut rapidly mutating as attackers findever-more devious ways of bypassingsecurity controls.This will challenge security managers todevise new and creative ways to rethinksecurity…”Source: Forrester Research report “Updated Q4 2011: The NewThreat Landscape — Proceed With Caution” © 2012 Skybox Security 3
  4. 4. Old Gen Tech Is Not Effective • Network Security– Firewalls, IPS only effective if maintained constantly • Vulnerability scanners – Often disruptive, not suitable for daily use • SIEM – Reactive, too much irrelevant data • Pen Test – Not cost effective at large scale © 2012 Skybox Security 4
  5. 5. Maintaining Security Controls is aDifficult Challenge • 500 network devices • 25,000 FW rules • 1,000 IPS signatures • 55,000 nodes • 65 daily network changes • Infrastructure spanning three continents © 2012 Skybox Security 5
  6. 6. Vulnerability Scans – Too Little, Too Late 350 300 To keep pace with threats? Daily updates 250Frequency x/year 90%+ hosts 200 150 Partner/External networks Critical systems, DMZ 100 Avg. scan: 30 days Avg. scan: 60-90 days <50% of hosts 50-75% of hosts 50 0 10% 20% 30% 40% 50% 60% 70% 80% 90% % of Network Scanned © 2012 Skybox Security 6
  7. 7. SIEM – Monitoring, not Prevention• (Regarding SIEM) "If the question is, Does it stop hackers? then the answer is no. Its not supposed to stop anything.“ • Dr. Anton Chuvakin, Gartner Cyber Attack! Pre-attack Post-attack Proactive Security SIEM Anticipate risks Monitor events Prevent damage Respond to incidents © 2012 Skybox Security 7
  8. 8. Time to Rethink Security © 2012 Skybox Security 8
  9. 9. Security is a Strategic GameWhat’s our objective? Where are we at risk? What is the next move? What does the playing field look like? © 2012 Skybox Security 9
  10. 10. Your Opponents are Formidable © 2012 Skybox Security 10
  11. 11. There are Many Attack Vectors buffer overflow attack blocked rulesMisconfigured firewall USBs Misconfigured firewall policy violation missing IPS signature social networks Mobile apps blocked rules Network vulnerabilities default password threat origins Misconfigured firewall blocked rules social networks access violation blocked rules Mobile devices buffer attack violation default password access policy violations default password Misconfigured access firewall USBs USBs Zero day vulnerability social networksUnused rulesRisky access rules access violation social networks missing IPS signature social networks USBs missing IPS signature policy violationthreat origins access violation social networks buffer attack Misconfigured firewall buffer overflows social engineering social networks blocked rules blocked rules missing IPS signature access policy violation Cross-site scripting © 2012 Skybox Security 11
  12. 12. More Security Controls ≠ Better SecurityThey allspeak differentlanguages. © 2012 Skybox Security 12
  13. 13. And You Don’t Have Full Visibility © 2012 Skybox Security 13
  14. 14. It’s going to get a lot worse (Mobile, Virtualization, Clouds) © 2012 Skybox Security 14
  15. 15. New Challenges Changethe Attack Surface 2011 growth Mobile data +133% Mobile threats More virtualized +400% It’s still early …. servers deployed in 2011 than in 2001 to 2009 combined BYOC (Cloud) Where is your data? © 2012 Skybox Security 15
  16. 16. The Security Management Gap isWidening Fast Can you achieve an 8X How? improvement in 2 years? © 2012 Skybox Security 16
  17. 17. Your Mission – Win the GameWhere are weat risk? What are our best options? What do we do now? © 2012 Skybox Security 17
  18. 18. Solution? ProactiveSecurity Risk Management © 2012 Skybox Security 18
  19. 19. The Solution IngredientsRisk-driven approach for proactive protection Continuous, non-disruptive process Serves both Security and IT Ops teams Scalable to any size heterogeneous networkAdvanced predictive analytics © 2012 Skybox Security - Confidential 19
  20. 20. Predictive Analytics - Modeling & Attack Simulation Vulnerabilities • CVE 2009-203 • CVE 2006-722 • CVE 2006-490 Rogue AdminInternetHacker Attack Compromised Simulations Partner © 2012 Skybox Security - Confidential 20
  21. 21. Proactive Intelligence to Prevent AttackConnectivity Path Probable attack vector to Finance servers asset group This attack is a “multi-step” attack, crossing several network zones Business Impact Attack Vector How to Block Potential Attack? © 2012 Skybox Security 21
  22. 22. Visibility to State of Security Most Critical ActionsVulnerabilities Threats © 2012 Skybox Security 22
  23. 23. The Future of Security Operations Center (SOC) IT GRC/Security Dashboard – consolidated reporting Security Risk Security Information &Management (SRM) Event Management (SIEM) Proactive, pre-attack Post-attack incidentexposure management management © 2012 Skybox Security - Confidential 23
  24. 24. RecommendationsAim high• Unbelievable scale• Adapt to new architecturesReinvent security management• Integrated, holistic approach• Proactive, not reactiveUse the Force, Luke• It’s your infrastructure! Take Advantage• Smart analytics © 2012 Skybox Security 24
  25. 25. Automate daily security tasksMaintain compliance, prevent attacksVisit www.skyboxsecurity.comThank you! © 2012 Skybox Security 25

×