Stroke Gintaras Senfeldas Gintaras Senfeldas01/03/2013 1 st Period.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field...
-
Upload
denise-hornby -
Category
Documents
-
view
219 -
download
0
Transcript of 1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field...
1© Copyright 2014 EMC Corporation. All rights reserved.
Securing the Cloud
Gintaras PelenisField TechnologistRSA, the Security Division of EMC
2© Copyright 2014 EMC Corporation. All rights reserved.
No Shortage of Hard Security Challenges!
Infrastructure Transformation
Mobile Cloud
Less control over access device and back-end
infrastructure
Threat LandscapeTransformation
APTs
SophisticatedFraud
Fundamentallydifferent tactics, more formidable than ever
BusinessTransformation
More hyper-extended, more digital
ExtendedWorkforce
NetworkedValueChains
BigData
3© Copyright 2014 EMC Corporation. All rights reserved.
Mainframe, Mini Computer
Terminals
LAN/Internet Client/Server
PC
Mobile Cloud Big Data Social
Mobile Devices
1ST PLATFORM
2ND PLATFORM
3RD PLATFORM
MILLIONS OF USERS
THOUSANDSOF APPS
HUNDREDS OF MILLIONS OF USERS
TENS OF THOUSANDSOF APPS
BILLIONSOF USERS
MILLIONSOF APPS
Source: IDC, 2012
2010
1990
1970
Emergence of the Third Platform
4© Copyright 2014 EMC Corporation. All rights reserved.
Emergence of New Attackers
Nation state
actors
PII, government, defense industrial base, IP rich organizations
Criminals
Petty criminals Organized crime
Organized, sophisticated supply chains (PII, financial services, retail)
Unsophisticated
Non-state actors
Terrorists Anti-establishment vigilantes
“Hacktivists”Targets of opportunity
PII, Government, critical infrastructure
5© Copyright 2014 EMC Corporation. All rights reserved.
TIME 2007 2013
Evolving Attack Goals and Methods
Worms/Viruses
SimpleDDoS
PhishingPharming
APTs
Multi-Stage
HackerCollaboration
DisruptiveAttacks
2020
DestructiveAttacks
IntrusiveAttacks
AdvancedDDoS
SophisticatedMobileAttacks
The Unknown??
6© Copyright 2014 EMC Corporation. All rights reserved.
As the worldgoes mobile cyber crime will follow
1TREND1 INTH3WILD
http://www.emc.com/collateral/fraud-report/current-state-cybercrime-2013.pdf
7© Copyright 2014 EMC Corporation. All rights reserved.
World wideTrojans are going deeper underground
2TREND2 INTH3WILD
8© Copyright 2014 EMC Corporation. All rights reserved.
Hacktivismand the ever targeted enterprise
3TREND3 INTH3WILD
9© Copyright 2014 EMC Corporation. All rights reserved.
Account takeoverand increasing use of manual assistedcyber attacks
4TREND4 INTH3WILD
10© Copyright 2014 EMC Corporation. All rights reserved.
Fraud-as-a-ServiceCybercriminals increase effectiveness of
attacks - even leverage big data principles
5TREND5 INTH3WILD
11© Copyright 2014 EMC Corporation. All rights reserved.
Traditional Security Is Not Working
Source: Verizon 2013 Data Breach Investigations Report
97% of breaches led to compromise within “days” or less with 72% leading to data exfiltration in the same time
78% of breaches took “weeks” or more to
discover66% took “months or
more”
12© Copyright 2014 EMC Corporation. All rights reserved.
“…prevention and preventative security controls will fail. Prevention fails on a daily basis at many organizations; it will suffice to look at antivirus tools and contrast their 99%-plus deployment rates with widespread ongoing malware infection rates.”
Security Incident Response in the Age of APT, Dr. Anton Chuvakin, Gartner, September 25, 2013
13© Copyright 2014 EMC Corporation. All rights reserved.
Intelligence is the Game Changer
14© Copyright 2014 EMC Corporation. All rights reserved.
A New Security Approach Is Required
IT CONTROLLEDPERIMETER-BOUND
PREVENTIONSIGNATURE-BASED
3RD PLATFORM2ND PLATFORMMobile Cloud Big Data Social
Mobile DevicesLAN/Internet Client/Server
PC
USER-CENTRICBORDERLESS
DETECTIONINTELLIGENCE-DRIVEN
15© Copyright 2014 EMC Corporation. All rights reserved.
Perimeter-based
Static Controls
Siloed Management System
Historical
Reactive Intelligence Driven
Risk-based
Dynamic/Agile Controls
Contextual/Interactive Management System
Shift in Security Models
New
16© Copyright 2014 EMC Corporation. All rights reserved.
SOC Manager
Tier 2 Analyst
Analysis & Tools Support Analyst
Tier 1 Analyst
Threat Intelligence Analyst
Achieving Intelligence-Driven Security Critical Incident Response – process, people and technology
17© Copyright 2014 EMC Corporation. All rights reserved.
Planning Your Journey
Compliance OpportunityRisk
Siloedcompliance focus,
disconnected risk, basic reporting
Managedautomated compliance,
expanded risk focus, improved analysis/metrics
Advantagedfully risk aware, exploit
opportunity
Reducecompliance cost
Gainresource & risk visibility
Manageknown & unknown risks
Identifynew business opportunities
18© Copyright 2014 EMC Corporation. All rights reserved.
Thank you