Enterprise Views of Advanced Persistent Threats...“Nothing specific to APTs, just protecting...
Transcript of Enterprise Views of Advanced Persistent Threats...“Nothing specific to APTs, just protecting...
© 2013 451 Research, LLC. www.451research.com
Enterprise Views of Advanced
Persistent Threats
Daniel Kennedy
© 2013 451 Research, LLC. www.451research.com
Presenters
Daniel Kennedy – Research Director, Information Security & Networking Daniel is Research Director for Information Security and Networking at TheInfoPro, a division of 451 Research, where he is responsible for managing all phases of the TIP research process for those two coverage areas. Prior to TheInfoPro he was a Partner in the information security consultancy Praetorian Security, LLC where he directed strategy on risk assessment and security certification. Before that he was Global Head of Information Security for D.B. Zwirn & Co. as well as Vice President of Application Security and Development Manager at Pershing LLC, a division of the Bank of New York.
© 2013 451 Research, LLC. www.451research.com
< 100 1%
100-999 7%
1,000-4,999 20%
5,000-10,000 17%
> 10,000 55%
< $500K 19%
$500K-$999K 9%
$1M-$1.9M 13%
$2M-$3.9M 18%
$4M-$6.9M 14%
$7M-$9.9M 4%
$10M-$19.9M 13%
$20M-$30M 4%
> $30M 6%
< $499.99M 16%
$500M-$999.99M 7%
$1B-$4.99B 29%
$5B-$9.99B 15%
$10B-$19.99B 13%
$20B-$29.99B 7%
$30B-$40B 4%
> $40B 9%
Financial Services 24%
Healthcare/Pharmaceuticals 11%
Consumer Goods/Retail
11% Industrial/Manufacturi
ng 9%
Other 8%
Services: Business/Accounting/E
ngineerin 8%
Education 7%
Telecom/Technology 7%
Materials/Chemicals 6%
Energy/Utilities 5%
Transportation 3% Public Sector
1%
Demographics
Top Left Chart: n=207; Top Right Chart, n=207; Bottom Left Chart, n=207; Bottom Right Chart, n=141.
Employee Size
Industry Verticals Enterprise Revenue
Information Security Budget Level
Source: Information Security – Wave 16 |
© 2013 451 Research, LLC. www.451research.com
APT’s are:
• Adversaries. This is not a piece of arbitrary malware or an arbitrary exploit; it’s
a thinking, sentient individual or group.
• Goal-oriented. They have chosen you as their quarry. They will have generic
or specific objectives such as intellectual property, and they are results-
focused.
• Deliberate. Having chosen their target and objectives, they will often do
research and advanced reconnaissance – e.g., identifying which security
products you use so they can pre-test to assure non-detection.
• Patient. Once (of rather if) discovered, the adversary is commonly found to
have been present for more than six months, unnoticed or undetected.
• Adaptive. They are playing chess, and will use 1..n tools and techniques.
• Persistent. There is a level of target stickiness.
© 2013 451 Research, LLC. www.451research.com
• APTs – more sophisticated attackers. I hate to use these buzzwords because every time you do, a kitten dies.
• External threats, any cyber related, APT related. But APT is a term we don't use, the 'A' part, nobody believes methods they're using are advanced, like phishing. We see it as trendy. But we respect what's behind it [the threat].
• The threat landscape. Advanced persistent threats and getting the right technologies in place to deal with these APTs.
• Evaluating the security infrastructure in light of APT – what additional next-gen technologies would provide the greatest coverage without much overlap.
• Mandiant – they have made strides in APTs. • FireEye for APT; we're exploring this now.
© 2013 451 Research, LLC. www.451research.com
APT Targeting
Distinctiveness of Threat
No 55%
Yes 45%
Likeliness to Target
Yes 63%
No 37%
Left Chart, Q. Do you believe that advanced represent a unique external threat to enterprise security? n=38. Right Chart, Q. Do you believe that your organization has ever been the target of an advanced, persistent adversary? n=30. Source: Information Security – Wave 16 |
© 2013 451 Research, LLC. www.451research.com
Thoughts on ‘APT’
5%
5%
5%
5%
5%
5%
5%
9%
9%
9%
9%
9%
23%
Advanced Attackers
Attacker Type
Cloud-based Security
Cyberwar
Ongoing Malicious Access
State Sponsored
Stealth
Advanced Malware
Critical Industry
Mobile Device Security
Overused
Persistent Attackers
Marketing
What are your general thoughts on the term ‘APT’? (2012)
n=22.
Information Security Wave 15
© 2013 451 Research, LLC. www.451research.com
“Nothing specific to APTs, just protecting against techniques such as social engineering that would be used in non-APT attacks.”
“I don’t think the term APT is a buzzword and doesn’t really describe anything in particular, but the whole idea of advanced malware is truthfully becoming a problem. It’s very targeted and runs at a low level where it is hard to detect.”
“The human firewall – human behavior – how to moderate and address it. Also, which technologies are hype? I want to know what NOT to waste my time on. APT and DLP come to mind – are they real?”
© 2013 451 Research, LLC. www.451research.com
Adaptive Persistent Threats (APTs)
3%
5%
5%
5%
8%
11%
13%
24%
26%
Constant Threat
Adaptive Attackers
Marketing
Uses Zero Day Vulnerabilities
State Sponsored
Stealthy
Targeted
Advanced Attackers
Persistent Attackers
Q. How would you define the term ‘APT’? n=38.
Source: Information Security – Wave 16 |
© 2013 451 Research, LLC. www.451research.com
APT Motivations and Antagonists
Adversary Likeliness
3%
3%
5%
26%
63%
Cyber Crime
Individual Hackers
Hacktivist Groups
Organized Crime
Nation States
Motivations
3%
3%
5%
34%
37%
45%
50%
71%
Intellectual Property
Terrorism
IP Theft
Hacktivism
Sabotage
Cyber-warfare
Espionage
Financial Theft
Left Chart, Q. Which adversaries do you believe are most likely to be APTs? n=38. Right Chart, Q. What motivations do you associate with APTs? n=38. Source: Information Security – Wave 16 |
© 2013 451 Research, LLC. www.451research.com
APT Action and Evolution
Response Tactics Budget Alterations
Left Chart, Q. What is your organization doing to detect and respond to APTs? n=38. Top Right Chart, Q. Do you believe that the discussion of APTs in the media has resulted in greater focus from senior management on security? Bottom Right Chart, Q. Has it resulted in greater budget allocation to security? n=38. Source: Information Security – Wave 16 |
Yes 34%
No 66%
Yes 42%
No 58%
Media Propagation
3%
3%
5%
5%
5%
5%
5%
8%
8%
11%
11%
16%
26%
Nothing
Web Content Filtering
Continuous Monitoring
Enterprise Log Management
Homegrown Solution
Managed Security ServiceProvider
Mandiant
Security Awareness Training
SIEM
Everything
Firewall
Standard Security Practices
Incident Response
© 2013 451 Research, LLC. www.451research.com
Internal vs. External Threats Q. Are you more concerned with internal or external threats? n=196.
Source: Information Security – Wave 16 |
External 63%
Internal 37%
© 2013 451 Research, LLC. www.451research.com
Threat Rankings – Personnel Type
1%
1%
1%
1%
1%
1%
1%
1%
1%
1%
2%
7%
17%
18%
22%
23%
27%
39%
51%
BYOD
Departing Employees
Engineers
Field Workers
High Ranked Officials
Hosting Partners
Overeager
Programmers
The Uninformed
Visitors
Students
Technical Staff Without Elevated Privilege
Business Partners
Remote Employees
Outsourced Service Provider Personnel
Management/Executive Team
Business Unit Staff (Non-IT Technical)
Technical Staff Elevated Privilege (Including IT Systems Administrators)
Contractors and Temporary Staff
Q. Which of the personnel types below do you consider to be the greatest internal IT security risk to your organization? n=197.
Source: Information Security – Wave 16 |
For access to TheInfoPro’s reports and services, please contact [email protected]. Methodology questions may be addressed to [email protected].
451 Research, a division of The 451 Group, is focused on the business of enterprise IT innovation. The company’s analysts provide critical and timely insight into the competitive dynamics of innovation in emerging technology segments. Business value is delivered via daily concise and insightful published research, periodic deeper-dive reports, data tools, market-sizing research, analyst advisory, and conferences and events. Clients of the company – at vendor, investor, service-provider and end-user organizations – rely on 451 Research’s insight to support both strategic and tactical decision-making.
TheInfoPro, a service of 451 Research, is widely regarded as ‘The Voice of the Customer’, providing independent, ‘real world’ intelligence on key IT sectors including Cloud Computing, Information Security, Networking, Servers and Virtualization, and Storage. Using one-on-one interviews conducted within a proprietary network composed of the world’s largest buyers and users of IT, TheInfoPro provides data and insights that are used for strategic planning, technology benchmarking, competitive analysis, and vendor selection and negotiation.
Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not provide legal advice or
services and their research should not be construed or used as such. 451 Research shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended
results. The opinions expressed herein are subject to change without notice.
TheInfoPro™ and logo are registered trademarks and property of 451 Research, LLC. © 2013 451 Research, LLC and/or its Affiliates. All Rights Reserved.
WWW.451RESEARCH.COM 20 West 37th Street, 3rd Floor, New York, NY 10018 P 212.672.0010 F 212.688.6598