Online security (Daniel Beazer)
-
Upload
screen-pages -
Category
Internet
-
view
157 -
download
0
Transcript of Online security (Daniel Beazer)
![Page 1: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/1.jpg)
Restricted & Confidential
Daniel Beazer
26th September 2016Chief Analyst
COMMON SENSE SECURITY ECOMMERCE FORUM
1Restricted & Confidential
![Page 2: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/2.jpg)
2Restricted & Confidential
Who we are
BUSINESS PLATFORMSCloud
Solutions
Managed Services
Connectivity Solutions
Security Solutions
HostingSolutions
ColocationSolutions
![Page 3: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/3.jpg)
3Restricted & Confidential
We need to talk about the security industry
Single threaded, deeply conflicted Too expensive and complex Doesn’t solve the problem
![Page 4: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/4.jpg)
4Restricted & Confidential
How the Security industry sells pt1
Nation State
![Page 5: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/5.jpg)
5Restricted & Confidential
How the security industry sells pt 2
![Page 6: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/6.jpg)
6Restricted & Confidential
And here’s your expensive solution …try understanding this
![Page 7: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/7.jpg)
7Restricted & Confidential
In fact… it’s not as bad as all that
OWASP list mostly unchanged in ten years
Ecommerce vastly more secure than offline
Attacks increase as does ecommerce Roadmap technologies like Blockchain
have massive security potential
![Page 8: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/8.jpg)
8Restricted & Confidential
The result of traditional security sales tactics
The industry remains small at $76bn a year, with low growth, and in a growing threat landscape
Customers unconvinced deeply sceptical, will only spend money on security if forced to or if under attack
Compliance widely avoided with major retailers ignoring compliance regulations
Fines are so small as to be a cost of business (£250k for Sony after breach involving millions of UK gamers)
Most ICO punishments are for the public sector pointlessly robbing Peter to pay Paul
Meanwhile IT is being shaken up from top to bottom
![Page 9: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/9.jpg)
9Restricted & Confidential
Customer data is now the most valuable prize for hackers Most security products defend the perimeter What is the target in 2016? Customer data has emerged as the hackers’ trophy CMS, databases are often poorly defended
– TalkTalk Social engineering using Facebook profiles … and the traditional IT model is being upended
‘Fixed fortifications are monuments to man’s stupidity’ General Paton
![Page 10: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/10.jpg)
10Restricted & Confidential
What we want: common sense security
Don’t want to be patronized or scared We don’t to drown in data We want something easy to use, easy to
set up and easy to set up It needs to be affordable
![Page 11: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/11.jpg)
11Restricted & Confidential
Common sense security
Passwords People Patches
![Page 12: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/12.jpg)
12Restricted & Confidential
Security industry in summary
![Page 13: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/13.jpg)
13Restricted & Confidential
A closer look at DDOS
![Page 14: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/14.jpg)
14Restricted & Confidential
Data breaches come from attacks on Web Apps
Web app attacks are the most successful attack campaigns (in number of breaches)
Verizon DBIR 2016: Incidents
![Page 15: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/15.jpg)
15Restricted & Confidential
Undetected cyber attacks
days taken to detect advanced cyberthreats in Financial Services
days taken to detect advanced cyber threats in Retail
98
197Source: Ponemon Institure 2015
![Page 16: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/16.jpg)
16Restricted & Confidential
Criminals are the main culprits
Source: Ponemon Institure 2015
Source: Hackmageddon 2015
![Page 17: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/17.jpg)
17Restricted & Confidential
![Page 18: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/18.jpg)
18Restricted & Confidential
DDOS trends
Source: Hackmageddon 2015
Most attacks are diversions – Real prize is customer data– Often poorly protected in CMS
Application layer attacks increasing– Hard to detect and mitigate– Layer 7
Botnets as a service Regulatory burden is growing
– Financial institutions in the US– Proactive breach notification GDPR
![Page 19: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/19.jpg)
19Restricted & Confidential
The solution: JS challenges
Source: Hackmageddon 2015
![Page 20: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/20.jpg)
20Restricted & Confidential
Current solutions
APPLIANCES CLOUD HYBRID
![Page 21: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/21.jpg)
21Restricted & Confidential
Appliance challenges
Large up-front capital investment, need 2 units for HA Months to acquire, install, test & tune before operational Difficult to learn, expensive skillsets to bring in-house Completely ineffective when network bandwidth is
saturated Incomplete without a Cloud-based mitigation component No sharing of threat intelligence
![Page 22: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/22.jpg)
22Restricted & Confidential
Why do we need hardware at all?
![Page 23: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/23.jpg)
23Restricted & Confidential
Cloud challenges
• Traversing public networks to and from cleansing POP drastically slows down
page loads
• Basic shared rule set, vulnerable to many types of attacks
• Better than basic is expensive
• The same bowl (IP space) with other customers
• The same low security posture and aggregated risk
![Page 24: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/24.jpg)
24Restricted & Confidential
Normal traffic flow
![Page 25: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/25.jpg)
25Restricted & Confidential
On net DDOS protection
![Page 26: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/26.jpg)
26Restricted & Confidential
Common sense security
Passwords People Patches
![Page 27: Online security (Daniel Beazer)](https://reader035.fdocuments.in/reader035/viewer/2022062412/587dd9761a28ab5b5b8b6db5/html5/thumbnails/27.jpg)
THANK YOU
27Restricted & Confidential
COGECOPEER1.COM