SlideShare a Scribd company logo

LMTE Cyber Security Sping Summit 20 May 2015 - Presenters' slides

Roger Oldham, profile picture
Roger Oldham

The document outlines a Cyber Security Special Spring Summit aimed at addressing the current and future challenges in cyber security across various sectors, including healthcare, retail, and education. It highlights trends in data breaches, the importance of cyber hardening, and the integration of technology in industries such as transportation and utilities. Additionally, the document discusses the evolving landscape of cyber attacks and the necessity for enhanced understanding and strategies in managing cyber threats.

Business
Related topics:
Risk-Management
1 of 96
Downloaded 68 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
LMTE%&%Cyber%Security%Special%Spring%Summit% Fact,%fic:on,%foe%or%fortune?% May%20th,%2015%at%3.30pm%–%5.30pm% followed%by%networking%drinks% % WELCOME% %
% % •  LMTE%–%Who%are%we?% •  Membership%is%free% •  Our%aim%is%to%help%educate,%inform%and%allow%for%the%exchange%of%concepts%and%prac:ces% •  Experience%new%ideas%and%products%from%leading%suppliers%and%professional%services%firms% from%across%the%globe% •  New%membership%cards% •  They%are%yours%to%take%away%–%bring%them%to%future%events% •  Keep%them%safe% •  They%can%be%replaced,%for%a%small%admin%charge% •  We’re%delighted%to%see%you%–%tell%your%colleagues%–%spread%the%word% % %
Today’s%running%order% %
London%Insurance%Market% Threat%vs%Opportunity%
Cyber Security Summit Foreword Adrian Rands CEO, QuanTemplate For data-driven decisions
Bank Muscat 2013 ATM Loss Data Theft Sony customers 2011 $39m 77m
2010/Stuxnet
Internet of Things
LSW983/Lloyd’s Electronic and Computer Crime policy
2015/Autopilot systems
2018/First self-driving cars
Professor Roy Isbell Principal Fellow of the University of Warwick, WMG Cyber Security Centre Rashmi Knowles Chief Security Architect at RSA, The Security Division on EMC Daniel Beazer Senior Consulting Analyst, Peer1 Hosting
For data-driven decisions Adrian Rands CEO, QuanTemplate adrian.rands@quantemplate.com @quantemplate quantemplate.com/insights
“Cyber Hardening & the Future Enterprise” (Exploring the Current & Future Limits of the Cyber Environment) Roy Isbell (Prof.) FIET FBCS CITP LMTE Cyber Security Special Spring Summit
Current'Trends' (Symantec'Internet'Security'Threat'Report'–'2015)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment) Targeted Attacks Increasing Across All Sectors
Industry'Sectors'Breached' (Guide'to'Who'is'Under'Threat)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment) •  Healthcare, retail, and education were ranked highest for the number of data breach incidents in 2014; the top three accounted for 58 percent of all data breaches. •  The retail, computer software, and financial sectors accounted for 92 percent of all the identities exposed in 2014. •  This highlights that sectors involved in the majority of data breaches don’t necessarily result in the largest caches of stolen identities, with the exception of retail.
Beyond'the'InformaBon'System' (New'AFack'Vectors'–'Vectors'of'the'Future)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
TerBary' • The'Service'Sector'or'Service'Industry' Secondary' • Manufacturing'or'Goods'ProducBon' Primary' • Raw'Materials'–'Agriculture,'Fishing'&' ExtracBon'(Mining)' T R A N S P O R T C O M M U N I C A T I O N S COMMUNICATIONS BUSINESS DRIVERS: •  Cost Reduction •  Improved Performance / Productivity •  Increased Safety Product Lifecycle Human'Control' SemiU Autonomous' Autonomous' Source: Wikipedia Source: Roy Isbell Business'Sectors'GeVng'Smarter' (Business'Drivers)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Primary'Sector' (Raw'Materials'–'Agriculture,'Fishing'&'ExtracBon'Mining)' Water Mining Raw Materials Oil & Gas Drilling/CollectionAquaculture Agriculture Livestock Farming Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Unusual'Cyber' (Modulated'Water)' 140Bps - 100Gbs - 1Mbs - 1Mbs - 100Gbs (Data Rates 35bps to 140bps) PROCESS •  Modulated Water •  Electrical Pulses •  Data •  Network Data •  Processing •  Satellite Communications •  Network Data •  Processing Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Secondary'Sector' (Manufacturing'or'Goods'ProducBon)' Food Supply & Demand Chain Automated Manufacturing Water Management Utility Supply Management Automated Food Processing/Production Retail Management Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
TerBary'Sector' (The'Service'Sector'or'Service'Industry)' Integrated'Health' Integrated' Emergency'Services' Integrated'Waste' Management' Source: unknown Source: unknown Source: unknown Integrated'Transport' Source: ETSI SPECTRUM) Source: Lumeta Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Source: Beecham Research The'Internet'of'Things' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
What)is)needed?) • Human:) • Understanding'how'cyber'influences/impacts'the' human'or'how'the'human'influences/impacts'cyber.' • SituaBonal'Awareness:) • Understand'and'Awareness'of'how'all'aspects'of' Cyber'are'related.'' • Informa>on/Data:) • IdenBficaBon'of'all'sources'of'data'&'informaBon' used,'the'data'flows'and'interUdependencies.' • Spectrum:) • MulBple'use'of'the'spectrum'from'DC'to'Light'and' beyond,'mobility.' • Systems:) • IdenBfy'all'the'connected'cyber'systems,'their' relaBonships'and'the'relaBve'importance'to'the' overall'operaBon.' • Infrastructure:) • Knowledge'of'the'Physical'Infrastructure'as'well'as' data'and'informaBon'infrastructure.' • Environment:) • Understanding'the'impact'of'the'external' environment'–'PESTEL.' CONTEXT The set of circumstances or facts that surround a particular event or situation. Source: Roy Isbell Source: Dictionary.Com Cyberspace'&'Context' (CyberSpace'Through'a'Context'PRISM)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Environment' Human' Awareness/Understanding' InformaBon/Data' Systems' Spectrum' Infrastructure' Internet +++ WorldWideWeb The Internet A Communications Channel that we connect to in order to pass information The World Wide Web A Trading Platform Where Information Is Exchanged Source: Roy Isbell Understanding'Where'We'Are' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Source: Unknown Cyber–Physical Engineered Systems Cyber–Physical'Engineered'Systems' (Adding'Sensing'&'ActuaBon)' Cyber–Physical Engineered Systems 1.  Effectively command and control systems that are networked or distributed (i.e. employ networking and/or communications). 2.  Incorporate a degree of intelligence (adaptive or predictive). 3.  Work in real time to influence or actuate outcomes in the physical world. Cyber–Physical Engineered Systems 4.  Found in transportation, utilities, buildings, infrastructure & health care. 5.  Use sensors to detect and measure physical parameters and actuators to control physical processes. 6.  Utilise feedback loops for monitoring allowing degrees of autonomy. Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Integrated'Transport' (Autonomous'Vehicles)' Source: Rolls Royce Holdings Autonomous Shipping Autonomous Road Trains Source: Volvo Autonomous Planes Source: Northrop Grumman Transport for London is considering plans to roll out driverless tube trains across the Underground network by 2020 Source: Transport For London Autonomous Trains The first commercially available semi autonomous cars will be available in 2014 (E&Y Report) Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Complex'System'of'Systems' (WHAT?'–'Complex'Cyber'Physical'Engineered'System)' List of Technologies to Create a Self-driving Vehicle: •  Collision Avoidance (Steering) •  Vehicle-to-Vehicle Communication •  Vehicle-to-Infrastructure Communication •  Steer-by-Wire •  Lane Keeping •  Forward Collision Avoidance (Braking) •  Driver Performance Monitor •  Lane Sensing/Warning •  Active Roll Control •  Forward Collision Warning •  Adaptive Cruise Control •  Vision Enhancement •  Near Obstacle Detection •  Electronic Stability Control •  Adaptive Variable-Effort Steering •  Semi-Active Suspension •  Traction Control •  Anti-Lock Braking Systems Source: Byron Shaw, GM MD of Advanced Technology Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Sensor Systems Connecting Systems Complex'System'of'Systems' (HOW?'–'External'Remote'Access)' Sensor Systems – Constantly monitor the external environment to build a 360 o picture that provides information to the command and control environment of the vehicle. (Influence, Jamming & Spoofing) Infotainment – a combination of information and entertainment. (Access to vehicle subsystems for information, disruption, modification & control). Telematics – the integrated use of telecommunications and informatics for control of vehicles on the move. (Access for information, disruption, modification & control). Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Network'Based'ConnecBvity' (HOW?'–'Expansion'of'the'AFack'Vectors)' Mobile Phone App – Sync with Head Unit. Head Unit OS – Windows, Android or Linux Variants Laptop Access – Through Vehicle WiFi Hotspot 4G Access – Via Mobile Device New Vehicle Apps – Access via Head Unit & Mobile Device 5G Access – Via Mobile Device The Cloud – Dedicated Cloud Services or Generic Web Access All the Security Issues Associated With Information Systems, Now Apply to Connected Vehicles Bluetooth – Device Connect Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Design'&' Manufacture' Sales'&' DistribuBon' Consumer'/' Owner' Disposal' Maintenance'–'(Maintainer'/'Valet)' Fuel'–'(Fossil'/'Gas'/'Bio'/'Electrical)' Vehicle Lifecycle Analysis of the vehicle lifecycle provides for identification of those who are permitted to come into contact with the vehicle and the level of access. These individuals provide identification of the ‘Insiders’ for consideration of the ‘Insider Threat’ Vehicle'Lifecycle' (HOW?'–'The'Insider'Threat)' Maintainers – Have physical access to the vehicle via technical equipment. Both the equipment and the personnel maybe an attack vector In addition the vehicle software updating process needs to be considered as an attack vector. The use of Power Line Carrier technology to communicate between the vehicle, off-board charger, and smart grid. Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment) Access Control: (As a function of) •  Role – Role based access control is not enough. •  Function – Consider adding function as an additional factor. •  Time – Consider using time to achieve removal of legacy access.
Integrated'Transport' (The'Movement'of'Goods'and/or'People)' Air' MariBme' Road'Rail' Metro/' Under' Ground' People'Goods' Source: Hitachi.com Source: Digital Age Transportation – The Future of Urban Mobility - Tiffany Dovey Fishman – Deloitte University Press. Source: Roy Isbell DFM Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
1950 – 2050 Rise in Urban Population Source: WHO Statistics 1.  60% World population urbanised by 2030 2.  Urban population in developing countries will more than double 3.  New development often on coastal plains, increasing risk from severe weather & global warming. Challenges 1.  Developed countries existing infrastructures already stretched. 2.  Proactive management required for costly and scarce resources. 3.  Technological advances allowing development of SMARTer cities. 4.  Evolving systems of systems of systems(n) with complex and/or cascading failure. 5.  Greater automation and system autonomy for cost reduction and improved productivity. Research: •  The City as a Platform •  Understanding Cyber–Physical Engineered Systems •  Data & Systems Context •  Resilience of Systems & Services •  Deriving Cyber Security Needs Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment) UrbanisaBon' (The'Move'to'the'City)'
SMART'Buildings' (Where'we'Live,'Work'&'Play)' Source: Hasibat Information Technologies Source: Arup Foresight & Innovation Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Future'SMART(er)'CiBes' (A'Complex'Interconnected'Environment)' Source: Unknown Built Environment •  Commercial Buildings •  Living Accommodation •  Industrial Complex •  Utility Provision Infrastructure & Services: •  Medical •  Transport •  Refuse Collection •  Utility Delivery •  Food Supply Chain •  Emergency Services Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Access) Informa>on) CIA'Cyber' AFack' Triangle' Capability) CIA – Cyber Attack Triangle Access – In order for any attack to even be contemplated some form of access to the target is required. Access may be physical or remote. Capability – To effect a successful attack the attacker requires the correct tools and techniques to interact with the target and influence or affect the changes required to achieve the desired outcome. Information – Before either access or capability may be achieved or determined, information (intelligence) on the target is required. The level of detailed information will determine the risk associated with any attack scenario being considered. Like any three legged stool, absence of any leg renders the stool useless. AEack)Anatomy) AEack)Anatomy)–'Each'aFack'follows'a'sequence' of'acBviBes'with'each'acBvity,'once'completed' providing'either'informaBon,'access'or'a'capability' related'to'the'target'system.' Cyber)AEack)Triangle) The'Cyber'AFack'Triangle' (WHEN?'–'Understanding'the'PreUrequisites'for'an'AFack)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
AFack' MoBvators' CRIME' (Including' Financial)' (H)AckBvism' Warfare' Terrorism' (Including' Corporate' Blackmail)' Espionage' (Including' Industrial' Espionage)' Espionage – seeking unauthorised access to sensitive information (intellectual property, commercial information, corporate strategies, personal data, pattern of life) or using the vehicle as a reconnaissance tool: •  State •  Commercial (H)Acktivism – seeking publicity or creating pressure on behalf of a specific objective or cause: •  Disruption of specific businesses/organisations (supplier or end user) •  Disruption of specific geographic areas (cities, routes) Criminal – largely driven by financial gain, but may include gang related violence: •  Theft of a vehicle •  Theft from a vehicle •  Hijack of a vehicle •  Kidnap of a vehicle’s occupant(s) •  Criminal damage Terrorism: •  Use of vehicle as a weapon •  Attacks on vehicle and/or vehicle’s occupants •  Disruption of transport systems/infrastructure Warfare – conflict between nation states •  Disruption of transport systems/infrastructure to deny operational use •  Disable specific modes of transport or vehicle types •  Destruction of vehicles AFack'MoBvators' (Examples'Related'to'Autonomous/Connected'Vehicles)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
New'Models'for'EvaluaBng'Cyber' Security'&'Safety' Possession)/)Control) Integrity)Availability) U>lity) Authen>city) Confiden>ality) Parker DB; 2002 Parkerian Hexad ConfidenBality' Integrity'Availability' Bishop M. 2004 CIA Triad ConfidenBality' Possession/ Control' Integrity' AuthenBcity'Availability' UBlity' Safety' Boyes H. 2014 Cyber Security for Autonomous Systems Element) Relevance)to)CPES) ConfidenBality' ProtecBon'of'personal'&'other'sensiBve'data' Possession/Control' Prevent'unauthorised'manipulaBon'or'control'of'systems' Integrity' Prevent'unauthorised'changes'to'or'deleBon'of'data'&' maintenance'of'system'configuraBon' AuthenBcity' PrevenBon'of'fraud'or'tampering'with'data' Availability' Autonomous'Infrastructure'able'to'operate'without'disrupBon'or' impairment' UBlity' Maintaining'data'&'systems'in'a'useful'state'throughout'their' lifecycle' Safety' PrevenBon'of'harm'to'individuals,'assets'and'the'environment' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Autonomous'Systems'Defence'Capability' Strategies' Prevent – the prevention of unauthorised users gaining access to subsystems, prevention of unauthorised modifications or changes to a systems configuration, prevention of a system going into an unsafe and unsecure mode of operation. Protect – the protection of any data or information at rest, in transit or in operation using strong cryptographic and hashing techniques, the protection of the access portals from unauthorised connection through strong authentication . Detect – the detection of hardware, software modification outside of operating parameters, the detection of unauthorised activity within the system, the detection of anomalous activity within operating parameters. Deny – the denial of access either physical or remote, the denial of code or hardware modification without approval, the denial of an attack using active defence measures. Respond – the ability to respond (automatically or otherwise) to events before safety or security countermeasures are activated, the ability to respond after safety or security countermeasures have been activated. Prevent' Protect' Detect'Deny' Respond' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Managing'Enterprise'Cyberspace' (Cyber'OperaBons)' Source: Roy Isbell DFM Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
The'Edge'Connected'Human' (Thoughts'for'ConsideraBon)' Wearable Technology Prosthetics & Implants Senses As Sensors I n t e r a c t i o n Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: ETSI Source: ETSI Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
Thank You for Listening Questions? LMTE Cyber Security Special Spring Summit
Where every interaction matters. Risks and new technology Presented by Daniel Beazer Senior Consulting Analyst 20th May 2015
Today’s Agenda !  Introduction to Peer1 !  Changing face of risk in IT !  Traditional IT vs Agile !  A closer look at risk in two areas, one over exaggerated the other under exaggerated !  Conclusions for the market !  A takeaway slide and Q&A 2Where every interaction matters. 15 30 45
We are not good at assessing risk 3 “If you both own a gun and a swimming pool in your backyard, the swimming pool is about 100 times more likely to kill a child than the gun is.”
Us in a nutshell We are a global web infrastructure and cloud hosting company specializing in customized solutions for eCommerce, SaaS applications and content publishing. We use innovative technology to deliver exceptionally responsive, reliable and secure hosting experiences – we are obsessed with customer experience. Most importantly, we care. 4Where every interaction matters.
Our Services Managed Hosting Services 5Where every interaction matters. Secure Datacenters Scalable Infrastructure Cloud Hosting Services
Massive disruption in IT creates new risk 6Where every interaction matters.
7Where every interaction matters. The state of IT
8 A threatened species
IT spend is no longer exclusively with IT 9Where every interaction matters. ▪  21% of spend is now outside IT (Gartner CIO Survey Feb 2015) ▪  Mostly in marketing, where predictive analytics and other digital tools can give enterprises competitive advantage ▪  All C-levels now make IT decisions (eg to buy iPads for sales) ▪  IT struggles to meet this demand ▪  AWS’s Stephen Schmidt ‘we don’t talk to IT’ ▪  Many private (and public) clouds have been built and are unused
10Where every interaction matters. Traditional IT •  Top down command and control, everyone has to live with their decisions •  Black box: no one outside the function can understand (even less criticise) what they do •  Not aligned with any +ve business objectives, only negative (keeping the lights on, stopping security breaches) •  The customers, ie groups within the business have no choice but to use what IT offers •  Uses monolithic proprietary applications hosted in house with strategic vendor, lead times, SLA, all below market
11Where every interaction matters. Traditional IT project •  Instructions received from another department •  Scope and specifications issued via RFP to vendors •  Plans are for maximum capacity •  Lengthy procurement process •  Monolithic hardware and software •  Long contract periods •  Testing staging and then live •  Up to a year for a new project
An agile IT project Lead times < 1hour, no procurement Usage based, automated, no contracts Open source software (no time to negotiate) No longer in house, distributed Continuous live development Tied to business outcomes 12Where every interaction matters. On Demand
13 Use cases… from a cost of $20mn to $5m and a lead time of a year to three months
Security and risk 14Where every interaction matters.
Quis custodiet ipsos custodies? 15
The security industry 16 •  Generate most of the data in the industry and create most of the noise •  True 3rd party advice hard to find: industry analysts and consultants have no incentive to doubt the prevailing ethos •  Traditional ‘cleverest man in the room’ and FUD sales tactics •  MO consists of finding more problems and defects so customers have to spend more •  $76bn industry (Gartner 2015 estimate) vs Microsoft $86bn, IBM $92bn
A security vendor slide and a layer cake 17
The security group in enterprise 18 Perverse incentives •  Rain dance argument •  The group in the business where failure is rewarded •  More breaches = more budget if politics are handled correctly •  Infosec/CISO group has little influence •  Buying a wall and a guard is enough
From the Annual Fraud Indicator 19Where every interaction matters. ▪  67% of fraud is insider fraud ▪  Of the companies polled not one was able to recover the funds ▪  Online banking fraud £40mn ▪  Plastic card fraud £338mn ▪  Identity fraud £3.3bn ▪  Private sector fraud £15.5bn (40% of total)
Risks in the cloud 20Where every interaction matters.
Where we think the risks lie 21Where every interaction matters. ▪  27% lack of visibility into who can access data ▪  18% lack of confidence in the cloud providers security abilities ▪  12% unclear liability if there is an attack/loss of data Source Gartner Survey December 2014
Where the risks really lie 22Where every interaction matters. ▪  Cloud collapse -  Brittle business often go bust (Nirvanix) -  Outages common -  No cover for outages/business risk in contracts ▪  But.. many back/up security advantages (see next slide) ▪  Complacency Security incidents mostly caused by customer usage, eg sloppy code, old OSS, allowing ghost accounts from ex-employees to profilerate ▪  Regulatory breaches Rogue cloud usage, uncontrolled SaaS is universal Source Gartner Survey December 2014
‘Cloud may secure than client server’ !  Ability to reimage/remove software and transfer it to another makes it harder to carry out attacks !  Organisations can secure end to end using encryption !  IT depts find it hard to compete with cloud providers scale !  Thousands of customers versus one,100Gbps vs 100Mbps of traffic !  Benefits of pooled resources, scaled security, DDOS !  The more physical the more insecure, paper, USBs (60% are lost containing corporate data) !  Poorly maintained legacy equipment proliferates in enterprise 23Where every interaction matters. Gus Hunt CTO, CIA
Conclusion 24Where every interaction matters. ▪  Opportunity for the market to drive best practices through genuine third party advice / consulting ▪  Lower premiums for organisations with lower risk ▪  Test and monitor! … and use the cloud to analyse all that big data
Ten questions your cloud provider doesn’t want you to ask 25Where every interaction matters. ▪  Can you give us your three year availability history? ▪  Can you prove to us you will be in business in three years time? ▪  Can we audit your data centre? Can our auditors? ▪  If your cloud node goes down just before Xmas how much will you pay me? ▪  Can you guarantee performance? How? ▪  Can you walk me through what happens if I suffer a security breach? ▪  Or I decide to leave? ▪  Can you guarantee my data will not remain on your platform once I am gone?
Q&A 26Where every interaction matters.
Early Warning Systems For Advanced Threat Rashmi Knowles CISSP Chief Security Architect EMEA
2 © Copyright 2015 EMC Corporation. All rights reserved. CYBER THREAT LANDSCAPE SOURCE M-TRENDS 2015
3 © Copyright 2015 EMC Corporation. All rights reserved. more advanced more mobile diStrUcTive
2007 Today METHODS Worms/ Viruses Simple DDoS Phishing Pharming APTs Multi-Stage Hacker Collaboration Disruptive Attacks 2020 Destructive Attacks Intrusive Attacks Advanced DDoS Sophisticated Mobile Attacks The Unknown?? 2001
5 © Copyright 2015 EMC Corporation. All rights reserved. The RSA Research & Threat Intelligence Outputs RSA Research & Threat Intelligence Threat Intelligence Feeds via Live Public Releases and Blogs via Speaking of Security Portal Reports & White Papers via Community Forums Features and Functionality Built Into RSA Products & Services Formal Threat Intel Exchange Groups
6 © Copyright 2015 EMC Corporation. All rights reserved. RSA RESEARCH AND THREAT INTELLIGENCE •  150 Analysts, 100+ languages •  16,000 ISPs and hosting authorities •  6,000,000,000 URLs/day •  800,000 attacks shutdown •  5hrs time to shut down !  50-150K samples per week !  Static and dynamic analysis !  Credential recovery !  Mule accounts !  Military-trained intel agents !  Tap fraud communication channels !  Passive & proactive monitoring !  Report on emerging threats and attack vectors AFCC RESEARCH LAB INTEL TEAM
7 © Copyright 2015 EMC Corporation. All rights reserved. AS THE WORLS GOES MOBILE CYBERCRIME WILL FOLLOW
8 © Copyright 2015 EMC Corporation. All rights reserved. AS THE WORLD GOES MOBILE – SO DOES FRAUD
9 © Copyright 2015 EMC Corporation. All rights reserved. 40% of all fraudulent transactions came from Mobile Device Source: RSA Adaptive Authentication
10 © Copyright 2015 EMC Corporation. All rights reserved. CYBERCRIME AS A SERVICE Cybercriminals increase effectiveness of attacks even leverage big data principles
11 © Copyright 2015 EMC Corporation. All rights reserved. •  Exploit Kits •  Botnet Infrastructures •  Call Centre service •  Facebook accounts/Ads •  Bitcoin stealer •  DDos attacks CYBERCRIME AS A SERVICE
12 © Copyright 2015 EMC Corporation. All rights reserved. DARKNET PRICE LIST Infec&ons) $11)p/1000) There)are)"mul&7tenancy")(mul&ple)variants)on)1)machine))plans)that)reduce)cost) Hos&ng) $507$100) Bullet)proof;)server)only) Exploit)kit)hos&ng) ~$100) per)week,)~12%)gauranteed)infec&on)rate) Malware)development) $2,500)) The)average)cost)of)commercial)malware) Exploits) $10007$300,000) Varies)greatly)based)on)the)exploit…)) Turnkey)banking)trojan)service) $700)7)$1000) Credit)card)data) $0.25)7)$60) Depending)on)the)amount)of)data)being)sold)(front7of7plas&c)vs)full)track)data);) exo&c)geo's,)such)as)China,)can)fetch)up)to)$300)per)card.) Phishing)kit) $07$50) Spam) $50)) to)~500,000)emails) DDOS)As)a)service) ~$7)p/hour) Proxy/RDP/SOCKS/VPN)access) $57$12) Price)per)IP)or)for)period)of)access) Call)service) $107$15) Depending)on)the)required)language/accent)
13 © Copyright 2015 EMC Corporation. All rights reserved. Source: http://malware.dontneedcoffee.com/2014/05/police-locker-available-for-your.html Ransomware – customized for legitimacy
14 © Copyright 2015 EMC Corporation. All rights reserved. •  Malware variants – RAM scraping •  70-90% malware unique to an organisation •  70% attacks were trusted third-party •  Phishing associated with 95% of state sponsored attacks •  50% open emails and click on link within an hour •  99.9% of exploited vulnerabilities compromised more than a year after CVE published THREAT LANDSCAPE SOURCE VERIZON DBIR2014
15 © Copyright 2015 EMC Corporation. All rights reserved. DEFENDER-DETECTION DEFICIT Source Verizon DBIR2014
16 © Copyright 2015 EMC Corporation. All rights reserved. COUNT OF MALWARE EVENTS SOURCE VERIZON DBIR2014
Responding to Cyber Threats
18 © Copyright 2015 EMC Corporation. All rights reserved. Speed Response Time2Decrease Dwell Time1 TIME Attack Identified Response System Intrusion Attack Begins Cover-Up Complete Advanced Threats Are Different Cover-Up Discovery Leap Frog Attacks 3STEALTHY LOW AND SLOW1TARGETED SPECIFIC OBJECTIVE 2INTERACTIVE HUMAN INVOLVEMENT Dwell Time Response Time
19 © Copyright 2015 EMC Corporation. All rights reserved. 205 days – Average number of days threat groups were on a victims network without detection. The longest presence was 2,982 days. Source M-Trends 2015
20 © Copyright 2015 EMC Corporation. All rights reserved. It Will Become Increasingly Difficult To Secure Infrastructure SECURITY MUST EVOLVE We must focus on people, transactions, and the flow of data Static, Perimeter-Centric & Compliance Oriented Risk-based, Agile, & Contextual Visibility
21 © Copyright 2015 EMC Corporation. All rights reserved. ORGANIZATIONS MUST GET CREATIVE TO DETECT AND DISRUPT ATTACKS !  Focus on early detection of breaches to minimize your window of vulnerability. !  Move backward in the ‘Kill chain’ !  The key is actively preserving, aggregating and reviewing data to detect a potential intrusion but also for post-event forensics. Recon Weaponise Deliver Exploit Install C2 Action
22 © Copyright 2015 EMC Corporation. All rights reserved. STRATEGIC SECURITY INVESTMENT SHIFT NEEDED NOW! Today’s Priorities Prevention 80% Monitoring 15% Response 5% Prevention 80% Monitoring 15% Response 5% Prevention 33% Intelligence-Driven Security Monitoring 33% Response 33%
BUILDING BLOCKS OF INTELLIGENCE DRIVEN SECURITY
24 © Copyright 2015 EMC Corporation. All rights reserved. Cloud On Prem ANALYTICS IDENTITY & ACCESS DATA Threat Fraud Compliance Identity GOVERNANCE, RISK, & COMPLIANCE INTELLIGENCE DRIVEN SECURITY IN ACTION LOGS, PACKETS, NETFLOW, ENDPOINT, ID, VULNS, THREAT (INT & EXT)
25 © Copyright 2015 EMC Corporation. All rights reserved. •  Risk-driven –  Prioritize activity and resources appropriately •  Incremental and achievable –  New capabilities improve your maturity over time •  Future proof –  Enables response to changes in landscape not based on adding new products •  Agile –  Enables the business to take advantage of new technology and IT-driven opportunities BENEFITS OF THIS APPROACH
26 © Copyright 2015 EMC Corporation. All rights reserved. CUSTOMER MATURITY MODEL Advanced Threats Become the Major Spend Driver as Customers Mature Security Level 4 Business risk-driven Security fully embedded in enterprise processes Assess business risks to drive security implementation Security tools integrated with business tools e.g. eGRC Security breaches; customer demand Security Level 1 Naïve/Cost-based Security is “necessary evil” Reactive and de- centralized monitoring Tactical threat defenses Security Level 3 IT risk-driven Proactive and assessment-based Assess risks and detect threats for organization Security tools integrated with common data and mgmt platform New leadership Security Level 2 Compliance-driven Check-box mentality Implement security to be compliant Tactical threat defenses with tracking and reporting tools Regulatory EnvironmentCatalyst Approach Scope Technology
27 © Copyright 2015 EMC Corporation. All rights reserved. CHARACTERISTICS OF SECURITY MATURITY Step 1: Threat Defense Step 2: Compliance and Defense-in-Depth Step 3: Risk-Based Security Step 4: Business-Oriented VISIBILITY COLLABORATION RISK
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.

More Related Content

PPT
Introduction to Cyber Security
Stephen Lahanas
 
PPTX
Cyber security
Siblu28
 
PPT
The Future of Cyber Security
Stephen Lahanas
 
PPTX
Cyber crime and security ppt
Lipsita Behera
 
PPTX
EiTESAL IOT DAY 26-10-2016
EITESANGO
 
PPTX
The Industrial Internet of Things
ON Semiconductor
 
PPT
Growing cyber crime
Aman Kumar
 
PPT
Cyber security
mody10
 
Introduction to Cyber Security
Stephen Lahanas
 
Cyber security
Siblu28
 
The Future of Cyber Security
Stephen Lahanas
 
Cyber crime and security ppt
Lipsita Behera
 
EiTESAL IOT DAY 26-10-2016
EITESANGO
 
The Industrial Internet of Things
ON Semiconductor
 
Growing cyber crime
Aman Kumar
 
Cyber security
mody10
 

Viewers also liked (16)

PPT
IT Security Strategy
United Nations Development Program
 
PDF
Cyber Security Workshop @SPIT- 3rd October 2015
Nilesh Sapariya
 
PDF
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
 
PDF
Cyber Security: The Strategic View
Cisco Canada
 
PPSX
Conference Presenation Cyber security and big data , Prof. Lili Saghafi
Professor Lili Saghafi
 
PDF
2017 K12 Educators Security Briefing - Matthew Rosenquist
Matthew Rosenquist
 
PDF
Information Security Benchmarking 2015
Capgemini
 
PPT
Cyber Security
Neha Gupta
 
PPT
اساسيات الاحصاء
Ibrahim Alhariri
 
ODP
Cyber security awareness
Jason Murray
 
PPT
General Awareness On Cyber Security
Dominic Rajesh
 
PDF
ISACA State of Cyber Security 2017
ISACA
 
PPTX
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
PDF
Cyber security threats for 2017
Ramiro Cid
 
PDF
Cyber Security 2017 Challenges
Leandro Bennaton
 
PDF
2017 Cybersecurity Predictions
PaloAltoNetworks
 
IT Security Strategy
United Nations Development Program
 
Cyber Security Workshop @SPIT- 3rd October 2015
Nilesh Sapariya
 
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
 
Cyber Security: The Strategic View
Cisco Canada
 
Conference Presenation Cyber security and big data , Prof. Lili Saghafi
Professor Lili Saghafi
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
Matthew Rosenquist
 
Information Security Benchmarking 2015
Capgemini
 
Cyber Security
Neha Gupta
 
اساسيات الاحصاء
Ibrahim Alhariri
 
Cyber security awareness
Jason Murray
 
General Awareness On Cyber Security
Dominic Rajesh
 
ISACA State of Cyber Security 2017
ISACA
 
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Cyber security threats for 2017
Ramiro Cid
 
Cyber Security 2017 Challenges
Leandro Bennaton
 
2017 Cybersecurity Predictions
PaloAltoNetworks
 
Ad

Similar to LMTE Cyber Security Sping Summit 20 May 2015 - Presenters' slides (20)

PDF
Namic 2015 - Consumer and Technology Trends
Phil Reynolds
 
PDF
Internet of Things Stack
Postscapes
 
PDF
Barga ACM DEBS 2013 Keynote
Roger Barga
 
PDF
CloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago
 
PDF
Attobahn_Presentation_redesigned_final
Darryl Gray
 
PPTX
Digital Apps At the Speed of Thought - Confluence of Agile & DevOps
VSR *
 
PDF
Internet of Things - We Are at the Tip of an Iceberg
Dr. Mazlan Abbas
 
PPTX
BII The Internet Of Everything 2015
BI Intelligence
 
PPTX
Hari Krishnan Ramachandran - Assuring Performance for the Connected World
Neotys_Partner
 
PPTX
Digital Disruption Discussion - Hackers Founders Tampa / St. Petersburg (Augu...
Chris Cervellera
 
PPTX
MESA- Cyber & Smart Cities - Updated
Gary Hayslip CISSP, CISA, CRISC, CCSK
 
PPTX
internet Of Things Presentation For Engineering
PriyanshuSrivastav18
 
PDF
Internet of Things - Benefits for the Ummah
Dr. Mazlan Abbas
 
PPTX
Safety check IoT Automobile
Akshank Shah
 
PDF
Brighttalk what should we be monitoring - final
Andrew White
 
PPTX
Internet of things cisco
moldovaictsummit2016
 
PPTX
Webinar on 4th Industrial Revolution, IoT and RPA
Redwan Ferdous
 
PDF
What Flow Metrics Teaches Us About Designing Resilient Systems by Mourjo Sen
ScyllaDB
 
PDF
Gartner: Top 10 Technology Trends 2015
Den Reymer
 
PPTX
Analytics in IOT
Mitesh Gupta
 
Namic 2015 - Consumer and Technology Trends
Phil Reynolds
 
Internet of Things Stack
Postscapes
 
Barga ACM DEBS 2013 Keynote
Roger Barga
 
CloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago
 
Attobahn_Presentation_redesigned_final
Darryl Gray
 
Digital Apps At the Speed of Thought - Confluence of Agile & DevOps
VSR *
 
Internet of Things - We Are at the Tip of an Iceberg
Dr. Mazlan Abbas
 
BII The Internet Of Everything 2015
BI Intelligence
 
Hari Krishnan Ramachandran - Assuring Performance for the Connected World
Neotys_Partner
 
Digital Disruption Discussion - Hackers Founders Tampa / St. Petersburg (Augu...
Chris Cervellera
 
MESA- Cyber & Smart Cities - Updated
Gary Hayslip CISSP, CISA, CRISC, CCSK
 
internet Of Things Presentation For Engineering
PriyanshuSrivastav18
 
Internet of Things - Benefits for the Ummah
Dr. Mazlan Abbas
 
Safety check IoT Automobile
Akshank Shah
 
Brighttalk what should we be monitoring - final
Andrew White
 
Internet of things cisco
moldovaictsummit2016
 
Webinar on 4th Industrial Revolution, IoT and RPA
Redwan Ferdous
 
What Flow Metrics Teaches Us About Designing Resilient Systems by Mourjo Sen
ScyllaDB
 
Gartner: Top 10 Technology Trends 2015
Den Reymer
 
Analytics in IOT
Mitesh Gupta
 
Ad

Recently uploaded (20)

PPTX
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
PPTX
Amazon (Business Studies) management studies
AbhirupVerma
 
PPTX
The Marketing Journey - Tracey Phillips - Marketing Matters 7-2025.pptx
shannonzipoy2
 
PPTX
5 Stages of group development guide.pptx
keerthanashanmugam201
 
PDF
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
PPTX
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
PPTX
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
PDF
Training And Development of Employee .pdf
nivethavm864
 
PDF
IFRS Notes in your pocket for study all the time
jjj81507
 
PDF
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
DOCX
unit 1 COST ACCOUNTING AND COST SHEET
MANJU N
 
PDF
Roadmap Map-digital Banking feature MB,IB,AB
Alemayehu
 
PDF
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PPTX
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
kaniece
 
PPTX
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
PDF
Laughter Yoga Basic Learning Workshop Manual
yeechensee
 
PDF
How to Get Funding for Your Trucking Business
Jake Thornhill
 
PPTX
Business Ethics - An introduction and its overview.pptx
Keerthana Chinnathambi
 
PPTX
Belch_12e_PPT_Ch18_Accessible_university.pptx
Haitham327103
 
DOCX
unit 2 cost accounting- Tender and Quotation & Reconciliation Statement
MANJU N
 
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
Amazon (Business Studies) management studies
AbhirupVerma
 
The Marketing Journey - Tracey Phillips - Marketing Matters 7-2025.pptx
shannonzipoy2
 
5 Stages of group development guide.pptx
keerthanashanmugam201
 
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
Training And Development of Employee .pdf
nivethavm864
 
IFRS Notes in your pocket for study all the time
jjj81507
 
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
unit 1 COST ACCOUNTING AND COST SHEET
MANJU N
 
Roadmap Map-digital Banking feature MB,IB,AB
Alemayehu
 
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
kaniece
 
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
Laughter Yoga Basic Learning Workshop Manual
yeechensee
 
How to Get Funding for Your Trucking Business
Jake Thornhill
 
Business Ethics - An introduction and its overview.pptx
Keerthana Chinnathambi
 
Belch_12e_PPT_Ch18_Accessible_university.pptx
Haitham327103
 
unit 2 cost accounting- Tender and Quotation & Reconciliation Statement
MANJU N
 

LMTE Cyber Security Sping Summit 20 May 2015 - Presenters' slides

  • 2. % % •  LMTE%–%Who%are%we?% •  Membership%is%free% •  Our%aim%is%to%help%educate,%inform%and%allow%for%the%exchange%of%concepts%and%prac:ces% •  Experience%new%ideas%and%products%from%leading%suppliers%and%professional%services%firms% from%across%the%globe% •  New%membership%cards% •  They%are%yours%to%take%away%–%bring%them%to%future%events% •  Keep%them%safe% •  They%can%be%replaced,%for%a%small%admin%charge% •  We’re%delighted%to%see%you%–%tell%your%colleagues%–%spread%the%word% % %
  • 5. Cyber Security Summit Foreword Adrian Rands CEO, QuanTemplate For data-driven decisions
  • 6. Bank Muscat 2013 ATM Loss Data Theft Sony customers 2011 $39m 77m
  • 9. LSW983/Lloyd’s Electronic and Computer Crime policy
  • 12. Professor Roy Isbell Principal Fellow of the University of Warwick, WMG Cyber Security Centre Rashmi Knowles Chief Security Architect at RSA, The Security Division on EMC Daniel Beazer Senior Consulting Analyst, Peer1 Hosting
  • 13. For data-driven decisions Adrian Rands CEO, QuanTemplate adrian.rands@quantemplate.com @quantemplate quantemplate.com/insights
  • 14. “Cyber Hardening & the Future Enterprise” (Exploring the Current & Future Limits of the Cyber Environment) Roy Isbell (Prof.) FIET FBCS CITP LMTE Cyber Security Special Spring Summit
  • 15. Current'Trends' (Symantec'Internet'Security'Threat'Report'–'2015)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment) Targeted Attacks Increasing Across All Sectors
  • 16. Industry'Sectors'Breached' (Guide'to'Who'is'Under'Threat)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment) •  Healthcare, retail, and education were ranked highest for the number of data breach incidents in 2014; the top three accounted for 58 percent of all data breaches. •  The retail, computer software, and financial sectors accounted for 92 percent of all the identities exposed in 2014. •  This highlights that sectors involved in the majority of data breaches don’t necessarily result in the largest caches of stolen identities, with the exception of retail.
  • 17. Beyond'the'InformaBon'System' (New'AFack'Vectors'–'Vectors'of'the'Future)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 18. TerBary' • The'Service'Sector'or'Service'Industry' Secondary' • Manufacturing'or'Goods'ProducBon' Primary' • Raw'Materials'–'Agriculture,'Fishing'&' ExtracBon'(Mining)' T R A N S P O R T C O M M U N I C A T I O N S COMMUNICATIONS BUSINESS DRIVERS: •  Cost Reduction •  Improved Performance / Productivity •  Increased Safety Product Lifecycle Human'Control' SemiU Autonomous' Autonomous' Source: Wikipedia Source: Roy Isbell Business'Sectors'GeVng'Smarter' (Business'Drivers)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 19. Primary'Sector' (Raw'Materials'–'Agriculture,'Fishing'&'ExtracBon'Mining)' Water Mining Raw Materials Oil & Gas Drilling/CollectionAquaculture Agriculture Livestock Farming Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 20. Unusual'Cyber' (Modulated'Water)' 140Bps - 100Gbs - 1Mbs - 1Mbs - 100Gbs (Data Rates 35bps to 140bps) PROCESS •  Modulated Water •  Electrical Pulses •  Data •  Network Data •  Processing •  Satellite Communications •  Network Data •  Processing Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 21. Secondary'Sector' (Manufacturing'or'Goods'ProducBon)' Food Supply & Demand Chain Automated Manufacturing Water Management Utility Supply Management Automated Food Processing/Production Retail Management Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 22. TerBary'Sector' (The'Service'Sector'or'Service'Industry)' Integrated'Health' Integrated' Emergency'Services' Integrated'Waste' Management' Source: unknown Source: unknown Source: unknown Integrated'Transport' Source: ETSI SPECTRUM) Source: Lumeta Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 23. Source: Beecham Research The'Internet'of'Things' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 24. What)is)needed?) • Human:) • Understanding'how'cyber'influences/impacts'the' human'or'how'the'human'influences/impacts'cyber.' • SituaBonal'Awareness:) • Understand'and'Awareness'of'how'all'aspects'of' Cyber'are'related.'' • Informa>on/Data:) • IdenBficaBon'of'all'sources'of'data'&'informaBon' used,'the'data'flows'and'interUdependencies.' • Spectrum:) • MulBple'use'of'the'spectrum'from'DC'to'Light'and' beyond,'mobility.' • Systems:) • IdenBfy'all'the'connected'cyber'systems,'their' relaBonships'and'the'relaBve'importance'to'the' overall'operaBon.' • Infrastructure:) • Knowledge'of'the'Physical'Infrastructure'as'well'as' data'and'informaBon'infrastructure.' • Environment:) • Understanding'the'impact'of'the'external' environment'–'PESTEL.' CONTEXT The set of circumstances or facts that surround a particular event or situation. Source: Roy Isbell Source: Dictionary.Com Cyberspace'&'Context' (CyberSpace'Through'a'Context'PRISM)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 25. Environment' Human' Awareness/Understanding' InformaBon/Data' Systems' Spectrum' Infrastructure' Internet +++ WorldWideWeb The Internet A Communications Channel that we connect to in order to pass information The World Wide Web A Trading Platform Where Information Is Exchanged Source: Roy Isbell Understanding'Where'We'Are' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 26. Source: Unknown Cyber–Physical Engineered Systems Cyber–Physical'Engineered'Systems' (Adding'Sensing'&'ActuaBon)' Cyber–Physical Engineered Systems 1.  Effectively command and control systems that are networked or distributed (i.e. employ networking and/or communications). 2.  Incorporate a degree of intelligence (adaptive or predictive). 3.  Work in real time to influence or actuate outcomes in the physical world. Cyber–Physical Engineered Systems 4.  Found in transportation, utilities, buildings, infrastructure & health care. 5.  Use sensors to detect and measure physical parameters and actuators to control physical processes. 6.  Utilise feedback loops for monitoring allowing degrees of autonomy. Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 27. Integrated'Transport' (Autonomous'Vehicles)' Source: Rolls Royce Holdings Autonomous Shipping Autonomous Road Trains Source: Volvo Autonomous Planes Source: Northrop Grumman Transport for London is considering plans to roll out driverless tube trains across the Underground network by 2020 Source: Transport For London Autonomous Trains The first commercially available semi autonomous cars will be available in 2014 (E&Y Report) Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 28. Complex'System'of'Systems' (WHAT?'–'Complex'Cyber'Physical'Engineered'System)' List of Technologies to Create a Self-driving Vehicle: •  Collision Avoidance (Steering) •  Vehicle-to-Vehicle Communication •  Vehicle-to-Infrastructure Communication •  Steer-by-Wire •  Lane Keeping •  Forward Collision Avoidance (Braking) •  Driver Performance Monitor •  Lane Sensing/Warning •  Active Roll Control •  Forward Collision Warning •  Adaptive Cruise Control •  Vision Enhancement •  Near Obstacle Detection •  Electronic Stability Control •  Adaptive Variable-Effort Steering •  Semi-Active Suspension •  Traction Control •  Anti-Lock Braking Systems Source: Byron Shaw, GM MD of Advanced Technology Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 29. Sensor Systems Connecting Systems Complex'System'of'Systems' (HOW?'–'External'Remote'Access)' Sensor Systems – Constantly monitor the external environment to build a 360 o picture that provides information to the command and control environment of the vehicle. (Influence, Jamming & Spoofing) Infotainment – a combination of information and entertainment. (Access to vehicle subsystems for information, disruption, modification & control). Telematics – the integrated use of telecommunications and informatics for control of vehicles on the move. (Access for information, disruption, modification & control). Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 30. Network'Based'ConnecBvity' (HOW?'–'Expansion'of'the'AFack'Vectors)' Mobile Phone App – Sync with Head Unit. Head Unit OS – Windows, Android or Linux Variants Laptop Access – Through Vehicle WiFi Hotspot 4G Access – Via Mobile Device New Vehicle Apps – Access via Head Unit & Mobile Device 5G Access – Via Mobile Device The Cloud – Dedicated Cloud Services or Generic Web Access All the Security Issues Associated With Information Systems, Now Apply to Connected Vehicles Bluetooth – Device Connect Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 31. Design'&' Manufacture' Sales'&' DistribuBon' Consumer'/' Owner' Disposal' Maintenance'–'(Maintainer'/'Valet)' Fuel'–'(Fossil'/'Gas'/'Bio'/'Electrical)' Vehicle Lifecycle Analysis of the vehicle lifecycle provides for identification of those who are permitted to come into contact with the vehicle and the level of access. These individuals provide identification of the ‘Insiders’ for consideration of the ‘Insider Threat’ Vehicle'Lifecycle' (HOW?'–'The'Insider'Threat)' Maintainers – Have physical access to the vehicle via technical equipment. Both the equipment and the personnel maybe an attack vector In addition the vehicle software updating process needs to be considered as an attack vector. The use of Power Line Carrier technology to communicate between the vehicle, off-board charger, and smart grid. Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment) Access Control: (As a function of) •  Role – Role based access control is not enough. •  Function – Consider adding function as an additional factor. •  Time – Consider using time to achieve removal of legacy access.
  • 32. Integrated'Transport' (The'Movement'of'Goods'and/or'People)' Air' MariBme' Road'Rail' Metro/' Under' Ground' People'Goods' Source: Hitachi.com Source: Digital Age Transportation – The Future of Urban Mobility - Tiffany Dovey Fishman – Deloitte University Press. Source: Roy Isbell DFM Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 33. 1950 – 2050 Rise in Urban Population Source: WHO Statistics 1.  60% World population urbanised by 2030 2.  Urban population in developing countries will more than double 3.  New development often on coastal plains, increasing risk from severe weather & global warming. Challenges 1.  Developed countries existing infrastructures already stretched. 2.  Proactive management required for costly and scarce resources. 3.  Technological advances allowing development of SMARTer cities. 4.  Evolving systems of systems of systems(n) with complex and/or cascading failure. 5.  Greater automation and system autonomy for cost reduction and improved productivity. Research: •  The City as a Platform •  Understanding Cyber–Physical Engineered Systems •  Data & Systems Context •  Resilience of Systems & Services •  Deriving Cyber Security Needs Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment) UrbanisaBon' (The'Move'to'the'City)'
  • 34. SMART'Buildings' (Where'we'Live,'Work'&'Play)' Source: Hasibat Information Technologies Source: Arup Foresight & Innovation Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 35. Future'SMART(er)'CiBes' (A'Complex'Interconnected'Environment)' Source: Unknown Built Environment •  Commercial Buildings •  Living Accommodation •  Industrial Complex •  Utility Provision Infrastructure & Services: •  Medical •  Transport •  Refuse Collection •  Utility Delivery •  Food Supply Chain •  Emergency Services Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 36. Access) Informa>on) CIA'Cyber' AFack' Triangle' Capability) CIA – Cyber Attack Triangle Access – In order for any attack to even be contemplated some form of access to the target is required. Access may be physical or remote. Capability – To effect a successful attack the attacker requires the correct tools and techniques to interact with the target and influence or affect the changes required to achieve the desired outcome. Information – Before either access or capability may be achieved or determined, information (intelligence) on the target is required. The level of detailed information will determine the risk associated with any attack scenario being considered. Like any three legged stool, absence of any leg renders the stool useless. AEack)Anatomy) AEack)Anatomy)–'Each'aFack'follows'a'sequence' of'acBviBes'with'each'acBvity,'once'completed' providing'either'informaBon,'access'or'a'capability' related'to'the'target'system.' Cyber)AEack)Triangle) The'Cyber'AFack'Triangle' (WHEN?'–'Understanding'the'PreUrequisites'for'an'AFack)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 37. AFack' MoBvators' CRIME' (Including' Financial)' (H)AckBvism' Warfare' Terrorism' (Including' Corporate' Blackmail)' Espionage' (Including' Industrial' Espionage)' Espionage – seeking unauthorised access to sensitive information (intellectual property, commercial information, corporate strategies, personal data, pattern of life) or using the vehicle as a reconnaissance tool: •  State •  Commercial (H)Acktivism – seeking publicity or creating pressure on behalf of a specific objective or cause: •  Disruption of specific businesses/organisations (supplier or end user) •  Disruption of specific geographic areas (cities, routes) Criminal – largely driven by financial gain, but may include gang related violence: •  Theft of a vehicle •  Theft from a vehicle •  Hijack of a vehicle •  Kidnap of a vehicle’s occupant(s) •  Criminal damage Terrorism: •  Use of vehicle as a weapon •  Attacks on vehicle and/or vehicle’s occupants •  Disruption of transport systems/infrastructure Warfare – conflict between nation states •  Disruption of transport systems/infrastructure to deny operational use •  Disable specific modes of transport or vehicle types •  Destruction of vehicles AFack'MoBvators' (Examples'Related'to'Autonomous/Connected'Vehicles)' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 38. New'Models'for'EvaluaBng'Cyber' Security'&'Safety' Possession)/)Control) Integrity)Availability) U>lity) Authen>city) Confiden>ality) Parker DB; 2002 Parkerian Hexad ConfidenBality' Integrity'Availability' Bishop M. 2004 CIA Triad ConfidenBality' Possession/ Control' Integrity' AuthenBcity'Availability' UBlity' Safety' Boyes H. 2014 Cyber Security for Autonomous Systems Element) Relevance)to)CPES) ConfidenBality' ProtecBon'of'personal'&'other'sensiBve'data' Possession/Control' Prevent'unauthorised'manipulaBon'or'control'of'systems' Integrity' Prevent'unauthorised'changes'to'or'deleBon'of'data'&' maintenance'of'system'configuraBon' AuthenBcity' PrevenBon'of'fraud'or'tampering'with'data' Availability' Autonomous'Infrastructure'able'to'operate'without'disrupBon'or' impairment' UBlity' Maintaining'data'&'systems'in'a'useful'state'throughout'their' lifecycle' Safety' PrevenBon'of'harm'to'individuals,'assets'and'the'environment' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 39. Autonomous'Systems'Defence'Capability' Strategies' Prevent – the prevention of unauthorised users gaining access to subsystems, prevention of unauthorised modifications or changes to a systems configuration, prevention of a system going into an unsafe and unsecure mode of operation. Protect – the protection of any data or information at rest, in transit or in operation using strong cryptographic and hashing techniques, the protection of the access portals from unauthorised connection through strong authentication . Detect – the detection of hardware, software modification outside of operating parameters, the detection of unauthorised activity within the system, the detection of anomalous activity within operating parameters. Deny – the denial of access either physical or remote, the denial of code or hardware modification without approval, the denial of an attack using active defence measures. Respond – the ability to respond (automatically or otherwise) to events before safety or security countermeasures are activated, the ability to respond after safety or security countermeasures have been activated. Prevent' Protect' Detect'Deny' Respond' Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 40. Managing'Enterprise'Cyberspace' (Cyber'OperaBons)' Source: Roy Isbell DFM Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 41. The'Edge'Connected'Human' (Thoughts'for'ConsideraBon)' Wearable Technology Prosthetics & Implants Senses As Sensors I n t e r a c t i o n Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: unknown Source: ETSI Source: ETSI Cyber Hardening & the Future Enterprise (Exploring the Current & Future Limits of the Cyber Environment)
  • 42. Thank You for Listening Questions? LMTE Cyber Security Special Spring Summit
  • 43. Where every interaction matters. Risks and new technology Presented by Daniel Beazer Senior Consulting Analyst 20th May 2015
  • 44. Today’s Agenda !  Introduction to Peer1 !  Changing face of risk in IT !  Traditional IT vs Agile !  A closer look at risk in two areas, one over exaggerated the other under exaggerated !  Conclusions for the market !  A takeaway slide and Q&A 2Where every interaction matters. 15 30 45
  • 45. We are not good at assessing risk 3 “If you both own a gun and a swimming pool in your backyard, the swimming pool is about 100 times more likely to kill a child than the gun is.”
  • 46. Us in a nutshell We are a global web infrastructure and cloud hosting company specializing in customized solutions for eCommerce, SaaS applications and content publishing. We use innovative technology to deliver exceptionally responsive, reliable and secure hosting experiences – we are obsessed with customer experience. Most importantly, we care. 4Where every interaction matters.
  • 47. Our Services Managed Hosting Services 5Where every interaction matters. Secure Datacenters Scalable Infrastructure Cloud Hosting Services
  • 48. Massive disruption in IT creates new risk 6Where every interaction matters.
  • 49. 7Where every interaction matters. The state of IT
  • 51. IT spend is no longer exclusively with IT 9Where every interaction matters. ▪  21% of spend is now outside IT (Gartner CIO Survey Feb 2015) ▪  Mostly in marketing, where predictive analytics and other digital tools can give enterprises competitive advantage ▪  All C-levels now make IT decisions (eg to buy iPads for sales) ▪  IT struggles to meet this demand ▪  AWS’s Stephen Schmidt ‘we don’t talk to IT’ ▪  Many private (and public) clouds have been built and are unused
  • 52. 10Where every interaction matters. Traditional IT •  Top down command and control, everyone has to live with their decisions •  Black box: no one outside the function can understand (even less criticise) what they do •  Not aligned with any +ve business objectives, only negative (keeping the lights on, stopping security breaches) •  The customers, ie groups within the business have no choice but to use what IT offers •  Uses monolithic proprietary applications hosted in house with strategic vendor, lead times, SLA, all below market
  • 53. 11Where every interaction matters. Traditional IT project •  Instructions received from another department •  Scope and specifications issued via RFP to vendors •  Plans are for maximum capacity •  Lengthy procurement process •  Monolithic hardware and software •  Long contract periods •  Testing staging and then live •  Up to a year for a new project
  • 54. An agile IT project Lead times < 1hour, no procurement Usage based, automated, no contracts Open source software (no time to negotiate) No longer in house, distributed Continuous live development Tied to business outcomes 12Where every interaction matters. On Demand
  • 55. 13 Use cases… from a cost of $20mn to $5m and a lead time of a year to three months
  • 56. Security and risk 14Where every interaction matters.
  • 57. Quis custodiet ipsos custodies? 15
  • 58. The security industry 16 •  Generate most of the data in the industry and create most of the noise •  True 3rd party advice hard to find: industry analysts and consultants have no incentive to doubt the prevailing ethos •  Traditional ‘cleverest man in the room’ and FUD sales tactics •  MO consists of finding more problems and defects so customers have to spend more •  $76bn industry (Gartner 2015 estimate) vs Microsoft $86bn, IBM $92bn
  • 59. A security vendor slide and a layer cake 17
  • 60. The security group in enterprise 18 Perverse incentives •  Rain dance argument •  The group in the business where failure is rewarded •  More breaches = more budget if politics are handled correctly •  Infosec/CISO group has little influence •  Buying a wall and a guard is enough
  • 61. From the Annual Fraud Indicator 19Where every interaction matters. ▪  67% of fraud is insider fraud ▪  Of the companies polled not one was able to recover the funds ▪  Online banking fraud £40mn ▪  Plastic card fraud £338mn ▪  Identity fraud £3.3bn ▪  Private sector fraud £15.5bn (40% of total)
  • 62. Risks in the cloud 20Where every interaction matters.
  • 63. Where we think the risks lie 21Where every interaction matters. ▪  27% lack of visibility into who can access data ▪  18% lack of confidence in the cloud providers security abilities ▪  12% unclear liability if there is an attack/loss of data Source Gartner Survey December 2014
  • 64. Where the risks really lie 22Where every interaction matters. ▪  Cloud collapse -  Brittle business often go bust (Nirvanix) -  Outages common -  No cover for outages/business risk in contracts ▪  But.. many back/up security advantages (see next slide) ▪  Complacency Security incidents mostly caused by customer usage, eg sloppy code, old OSS, allowing ghost accounts from ex-employees to profilerate ▪  Regulatory breaches Rogue cloud usage, uncontrolled SaaS is universal Source Gartner Survey December 2014
  • 65. ‘Cloud may secure than client server’ !  Ability to reimage/remove software and transfer it to another makes it harder to carry out attacks !  Organisations can secure end to end using encryption !  IT depts find it hard to compete with cloud providers scale !  Thousands of customers versus one,100Gbps vs 100Mbps of traffic !  Benefits of pooled resources, scaled security, DDOS !  The more physical the more insecure, paper, USBs (60% are lost containing corporate data) !  Poorly maintained legacy equipment proliferates in enterprise 23Where every interaction matters. Gus Hunt CTO, CIA
  • 66. Conclusion 24Where every interaction matters. ▪  Opportunity for the market to drive best practices through genuine third party advice / consulting ▪  Lower premiums for organisations with lower risk ▪  Test and monitor! … and use the cloud to analyse all that big data
  • 67. Ten questions your cloud provider doesn’t want you to ask 25Where every interaction matters. ▪  Can you give us your three year availability history? ▪  Can you prove to us you will be in business in three years time? ▪  Can we audit your data centre? Can our auditors? ▪  If your cloud node goes down just before Xmas how much will you pay me? ▪  Can you guarantee performance? How? ▪  Can you walk me through what happens if I suffer a security breach? ▪  Or I decide to leave? ▪  Can you guarantee my data will not remain on your platform once I am gone?
  • 69. Early Warning Systems For Advanced Threat Rashmi Knowles CISSP Chief Security Architect EMEA
  • 70. 2 © Copyright 2015 EMC Corporation. All rights reserved. CYBER THREAT LANDSCAPE SOURCE M-TRENDS 2015
  • 71. 3 © Copyright 2015 EMC Corporation. All rights reserved. more advanced more mobile diStrUcTive
  • 73. 5 © Copyright 2015 EMC Corporation. All rights reserved. The RSA Research & Threat Intelligence Outputs RSA Research & Threat Intelligence Threat Intelligence Feeds via Live Public Releases and Blogs via Speaking of Security Portal Reports & White Papers via Community Forums Features and Functionality Built Into RSA Products & Services Formal Threat Intel Exchange Groups
  • 74. 6 © Copyright 2015 EMC Corporation. All rights reserved. RSA RESEARCH AND THREAT INTELLIGENCE •  150 Analysts, 100+ languages •  16,000 ISPs and hosting authorities •  6,000,000,000 URLs/day •  800,000 attacks shutdown •  5hrs time to shut down !  50-150K samples per week !  Static and dynamic analysis !  Credential recovery !  Mule accounts !  Military-trained intel agents !  Tap fraud communication channels !  Passive & proactive monitoring !  Report on emerging threats and attack vectors AFCC RESEARCH LAB INTEL TEAM
  • 75. 7 © Copyright 2015 EMC Corporation. All rights reserved. AS THE WORLS GOES MOBILE CYBERCRIME WILL FOLLOW
  • 76. 8 © Copyright 2015 EMC Corporation. All rights reserved. AS THE WORLD GOES MOBILE – SO DOES FRAUD
  • 77. 9 © Copyright 2015 EMC Corporation. All rights reserved. 40% of all fraudulent transactions came from Mobile Device Source: RSA Adaptive Authentication
  • 78. 10 © Copyright 2015 EMC Corporation. All rights reserved. CYBERCRIME AS A SERVICE Cybercriminals increase effectiveness of attacks even leverage big data principles
  • 79. 11 © Copyright 2015 EMC Corporation. All rights reserved. •  Exploit Kits •  Botnet Infrastructures •  Call Centre service •  Facebook accounts/Ads •  Bitcoin stealer •  DDos attacks CYBERCRIME AS A SERVICE
  • 80. 12 © Copyright 2015 EMC Corporation. All rights reserved. DARKNET PRICE LIST Infec&ons) $11)p/1000) There)are)"mul&7tenancy")(mul&ple)variants)on)1)machine))plans)that)reduce)cost) Hos&ng) $507$100) Bullet)proof;)server)only) Exploit)kit)hos&ng) ~$100) per)week,)~12%)gauranteed)infec&on)rate) Malware)development) $2,500)) The)average)cost)of)commercial)malware) Exploits) $10007$300,000) Varies)greatly)based)on)the)exploit…)) Turnkey)banking)trojan)service) $700)7)$1000) Credit)card)data) $0.25)7)$60) Depending)on)the)amount)of)data)being)sold)(front7of7plas&c)vs)full)track)data);) exo&c)geo's,)such)as)China,)can)fetch)up)to)$300)per)card.) Phishing)kit) $07$50) Spam) $50)) to)~500,000)emails) DDOS)As)a)service) ~$7)p/hour) Proxy/RDP/SOCKS/VPN)access) $57$12) Price)per)IP)or)for)period)of)access) Call)service) $107$15) Depending)on)the)required)language/accent)
  • 81. 13 © Copyright 2015 EMC Corporation. All rights reserved. Source: http://malware.dontneedcoffee.com/2014/05/police-locker-available-for-your.html Ransomware – customized for legitimacy
  • 82. 14 © Copyright 2015 EMC Corporation. All rights reserved. •  Malware variants – RAM scraping •  70-90% malware unique to an organisation •  70% attacks were trusted third-party •  Phishing associated with 95% of state sponsored attacks •  50% open emails and click on link within an hour •  99.9% of exploited vulnerabilities compromised more than a year after CVE published THREAT LANDSCAPE SOURCE VERIZON DBIR2014
  • 83. 15 © Copyright 2015 EMC Corporation. All rights reserved. DEFENDER-DETECTION DEFICIT Source Verizon DBIR2014
  • 84. 16 © Copyright 2015 EMC Corporation. All rights reserved. COUNT OF MALWARE EVENTS SOURCE VERIZON DBIR2014
  • 86. 18 © Copyright 2015 EMC Corporation. All rights reserved. Speed Response Time2Decrease Dwell Time1 TIME Attack Identified Response System Intrusion Attack Begins Cover-Up Complete Advanced Threats Are Different Cover-Up Discovery Leap Frog Attacks 3STEALTHY LOW AND SLOW1TARGETED SPECIFIC OBJECTIVE 2INTERACTIVE HUMAN INVOLVEMENT Dwell Time Response Time
  • 87. 19 © Copyright 2015 EMC Corporation. All rights reserved. 205 days – Average number of days threat groups were on a victims network without detection. The longest presence was 2,982 days. Source M-Trends 2015
  • 88. 20 © Copyright 2015 EMC Corporation. All rights reserved. It Will Become Increasingly Difficult To Secure Infrastructure SECURITY MUST EVOLVE We must focus on people, transactions, and the flow of data Static, Perimeter-Centric & Compliance Oriented Risk-based, Agile, & Contextual Visibility
  • 89. 21 © Copyright 2015 EMC Corporation. All rights reserved. ORGANIZATIONS MUST GET CREATIVE TO DETECT AND DISRUPT ATTACKS !  Focus on early detection of breaches to minimize your window of vulnerability. !  Move backward in the ‘Kill chain’ !  The key is actively preserving, aggregating and reviewing data to detect a potential intrusion but also for post-event forensics. Recon Weaponise Deliver Exploit Install C2 Action
  • 90. 22 © Copyright 2015 EMC Corporation. All rights reserved. STRATEGIC SECURITY INVESTMENT SHIFT NEEDED NOW! Today’s Priorities Prevention 80% Monitoring 15% Response 5% Prevention 80% Monitoring 15% Response 5% Prevention 33% Intelligence-Driven Security Monitoring 33% Response 33%
  • 91. BUILDING BLOCKS OF INTELLIGENCE DRIVEN SECURITY
  • 92. 24 © Copyright 2015 EMC Corporation. All rights reserved. Cloud On Prem ANALYTICS IDENTITY & ACCESS DATA Threat Fraud Compliance Identity GOVERNANCE, RISK, & COMPLIANCE INTELLIGENCE DRIVEN SECURITY IN ACTION LOGS, PACKETS, NETFLOW, ENDPOINT, ID, VULNS, THREAT (INT & EXT)
  • 93. 25 © Copyright 2015 EMC Corporation. All rights reserved. •  Risk-driven –  Prioritize activity and resources appropriately •  Incremental and achievable –  New capabilities improve your maturity over time •  Future proof –  Enables response to changes in landscape not based on adding new products •  Agile –  Enables the business to take advantage of new technology and IT-driven opportunities BENEFITS OF THIS APPROACH
  • 94. 26 © Copyright 2015 EMC Corporation. All rights reserved. CUSTOMER MATURITY MODEL Advanced Threats Become the Major Spend Driver as Customers Mature Security Level 4 Business risk-driven Security fully embedded in enterprise processes Assess business risks to drive security implementation Security tools integrated with business tools e.g. eGRC Security breaches; customer demand Security Level 1 Naïve/Cost-based Security is “necessary evil” Reactive and de- centralized monitoring Tactical threat defenses Security Level 3 IT risk-driven Proactive and assessment-based Assess risks and detect threats for organization Security tools integrated with common data and mgmt platform New leadership Security Level 2 Compliance-driven Check-box mentality Implement security to be compliant Tactical threat defenses with tracking and reporting tools Regulatory EnvironmentCatalyst Approach Scope Technology
  • 95. 27 © Copyright 2015 EMC Corporation. All rights reserved. CHARACTERISTICS OF SECURITY MATURITY Step 1: Threat Defense Step 2: Compliance and Defense-in-Depth Step 3: Risk-Based Security Step 4: Business-Oriented VISIBILITY COLLABORATION RISK
  • 96. EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.