The Why - Keith Graham, CTO – SecureAuth+Core Security
0 likes286 views
The document discusses the rising threat of credential misuse leading to security breaches, emphasizing the inadequacy of current security measures. It highlights the need for a new approach focused on identity security, adaptive access, and a blended strategy that integrates network and endpoint security. Key statistics are provided to underline the severity of the issue and the importance of evolving security practices to address these threats.
The Why - Keith Graham, CTO – SecureAuth+Core Security
- 1. The Why Keith Graham Chief Technology Officer
- 2. ‘Prevent the misuse of stolen credentials’ SecureAuth’s Mission:
- 4. 81% of breaches leverage stolen and/or weak credentials Which can’t be stopped by network or endpoint security alone
- 5. Of the $80 billion spent, only $5 billion was in identity based security ENDPOINT & NETWORK SECURITY IDENTITY SECURITY • Credential misuse up nearly 20% from 2015 to 2016 • Breaches are on the rise, up 40% from 2015 to 2016
- 6. Rebasing our belief system(s)… • Its happenedddiiing… • We’re now measured differently • Prevention will always fail
- 8. The need for a new approach NETWORK ENDPOINT IDENTITY PRESENCE IOCs PRESENCE & EXECUTION IOCs INFILTRATION IOCs
- 9. Applying the new approach ATTACKER COMPLETE MISSION Phishing malware/credentials – purchased credentials PENETRATE Gain credentials and access to systems ESTABLISH FOOTHOLD No longer using malware – create new/valid escalated privileged credentials ESCALATE PRIVILEGES Often maintain presence in the network MOVE LATERALLY Focusing on identity usage throughout the attack lifecycle
- 10. Vision for Adaptive Access 1. Broad coverage 2. Methods and techniques
- 11. The Adaptive Access vision Part 1: broad coverage Endpoint Legacy IAMVPN VPN PAM API API MobileSSO
- 12. The Adaptive Access vision Part 2: methods and techniques Location Identity Store Device Recognition Unusual Events Threat* Profile Change Phone Fraud Unusual Activity
- 13. Applications and Data Exposure of enterprise applications and data • VPN • Web Applications • Office 365 • On-‐prem and home grown applications
- 14. B2C and B2B portals Exposure of consumer and partner data • Significant data exposure risk • Consumer revenue impact • Competitive driven influencers • Balancing end user experience and security Agree to use 2FA Use the same password Had online account compromised 46% 81% 36%
- 15. Where is the proof? Looking back over the last 12 months We processed 617.3 million authentications That’s 4.1 million unique users 548.2 million authentications were successful 69.1 million were denied or stepped up
- 16. Where is the proof? What were the reasons? • 60.3 million times a bad password was used • Which resulted in 119,000 account lockouts • 524,000 times a bad OTP was entered • 79,000 of those exceeded the bad OTP user limit
- 17. Where is the proof? What were the reasons? • 77,000 times the IP address was malicious and denied • 2.1 million times we stepped up due to the IP address being suspicious • 252,000 were stepped up and subsequantly passed • 25,000 were stepped up and denied • The remaining attempts were abandoned
- 18. Where is the proof? What were the reasons? • 830,000 times we didn’t recognize the device • 639,000 times we denied enrollment of an OTP method • 200,000 times we denied changing the users password • The remainder were due to incorrect username or token being presented
- 19. Where is the proof? Looping back on Office 365 • 71.4% of Office 365 customers have had an account compromised • In last 180 days we’ve stopped 85.2 million bad things for our Office 365 customers
- 20. Don’t forget about the blended approach… • Identity still only solves part of todays problem. • Network and Endpoint investments are still very important!
- 21. Back to the Attack Lifecycle What coverage, where? ATTACKER COMPLETE MISSION PENETRATE ESTABLISH FOOTHOLD ESCALATE PRIVILEGES MOVE LATERALLY Network-‐based security | Endpoint-‐based security | Identity-‐based security
- 22. A real-‐world example A major retail store… Foothold achieved Password stealing Malware is used Phishing attack Employees at a supplier are targeted Malware in play Credit Card details compiled in real-‐time Theft occurs Data exits via FTP to drop locations Another foothold achieved Stolen VPN credentials used Moving laterally Credentials and vulnerabilities exploited
- 23. A real-‐world example A major health insurer… Foothold achieved RAT (remote access trojan deployed) Phishing attack Employees are targeted Member Database exploited Select * from everywhere Theft occurs Member data staged and ultimately stolen Credentials are stolen Escalation of privilege up to admin and DB admins Moving laterally Credentials and other hacking tools used
- 24. Combination of SecureAuth + Core Security
- 25. Let’s Recap • Breaches continue to rise • We need to think differently about identity • We have proof! • A blended approach is key
- 26. THANK YOU