Traditional Security Is Not Working.
Presentation by Kal Kurm / Intel.
Series of presentations from the MantraVision 2015 Event held on October 21st by Mantralogix Inc.
http://insights.mantralogix.com/mantravision-2015-event
2. .
McAfee ConfidentialIntel Security Confidential
A matter of national interest.
Under Attack
DEC13JAN14FEB14MAR14APR14MAY14JUN14JUL14AUG14SEP14OCT14NOV14DEC14JAN15FEB15MAR15APR15MAY15JUN15JUL1
We’ve reached
a tipping point
3. .
McAfee Confidential
Traditional Security Is Not Working
Source: Verizon 2014 Data Breach Investigations Report
99% of breaches led to
compromise within “days” or less
with 85% leading to data
exfiltration in the same time
85% of breaches took
“weeks” or more to
discover
4. .
Intel Security Confidential
Marriott, Starwood,
Radisson,
InterContinental
‘…learned that an unauthorized party gained access to our systems compromising the payment
card information of certain customers who made purchases at a ‘wichcraft location in New York
or San Francisco using a payment card from approximately 11 Aug to 2 Oct, 2013.’
‘The attack was similar to attacks reported by other national
retailers. In response, we immediately engaged a leading cyber-
security company to investigate and notices were posted in every
store and on our website.’
Easton, Bell, Riddell, Giro, Blackburn
Seven Specific Retail Breaches
NYT 27 Feb 14 (re:Target): “…the company said earnings were down 46 percent from the same period a year earlier,
including an expenditure of 61M USD for the breach itself. Earnings per share were 81 cents, down from $1.47 the year
before. Target executives repeatedly called 2013 a ‘challenging’ year on Wednesday.”
Three Major Things in Common
7. .
Intel Security Confidential
…Fed Chair Janet Yellen: “…important
to understand that this is a payment
innovation…Governments do not have
the authority to regulate Bitcoin in any
way.”
Eastern District of Texas Federal
Court: “…can be used to purchase
goods or services… exchanged for
conventional currencies… Bitcoin is a
currency or form of money…”
Ransomware
Payment with Bitcoins
BTC converter 5 Mar 15 preev.com, (Yellen) Fortune 27 Feb 14, (Court) Forbes 07 Aug 14, (Ransomware) McAfee Labs, 2015
9. .
Intel Security Confidential
9
McAfee Labs Threat Report, August 2014
Phishing Quiz
Still the most effective means of delivering malware
95% of enterprise breaches are
the result of successful spear
phishing – Alan Paller, SANS
https://phishingquiz.mcafee.com/
11. .
McAfee Confidential
Security’s Perfect Storm
Fragmented Security
Market
Industrialization of Cybercrime
Exponential Attack
Surface Growth
By 2020 there will be 26 smart
objects for every living person and
5000x more stored bytes than
grains of sand on Earth
Intel forecast / IDC
Up to 50 offerings to assess and
secure an environment
Linear Budgets
Skillset Shortages
Compliancy & regulatory
Competitive Pressures
Breaches up 55% year over year
30% of attacks are targeted
Verizon DBIR 2015 / Intel Security Golden Hour Survey 2015
Business
Realities
11
13. .
McAfee Confidential
Sophistication of attacks leads to increased emphasis on detect and correct.
Attack-Driven View
Shifting emphasis given large
volume and complexity
of attacks
DETECT
An iterative process of finding attacks that were not prevented
Involves a cycle of hunting, assessing scope and impact, and
prioritizing
PROTECT
The prevention of attacks, either by reducing exposure or by
detecting and blocking via deployed countermeasures
The attack does not become a formal breach
CORRECT
The process of remediating an attack, restoring to normal operations,
and reporting impact
Also involves adapting countermeasures to protect against similar
attacks in the future
14. .
McAfee Confidential
Apply the power of knowledge
Intelligence Orchestration
Organizational
Threat Intelligence
Global Threat
Intelligence
Intel Security
Countermeasures 3rd Party Solutions
McAfee Global
Threat Intelligence
Virus Total
3rd Party Feeds
Administrator
Knowledge
Organization
Prevalence &
Forensics
Security Innovation
Alliance
STIX/TAXII
Analytics & response
Payload inspection
& detonation
Cloud assisted
protection
Evolution of endpoints
14
15. .
McAfee Confidential
Efficient, thorough, automated communications between disparate sensors
Connected Architecture
3rd PartyNetwork DataIdentityEndpoint
Real-Time Messaging Standardized Content Adaptive Workflows
Efficiency in Communication
15