Security at the Breaking Point: Rethink Security in 2013
-
Upload
skybox-security -
Category
Technology
-
view
332 -
download
3
description
Transcript of Security at the Breaking Point: Rethink Security in 2013
![Page 1: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/1.jpg)
Security at the Breaking Point:
Rethink Security in 2013 presented by
Gidi Cohen
CEO and Founder
Skybox Security
November 2, 2012
www.skyboxsecurity.com © 2012 Skybox Security 1
![Page 2: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/2.jpg)
Why can’t we curb
security threats?
© 2012 Skybox Security 2
![Page 3: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/3.jpg)
The Threat Landscape is
Changing Fast
“…The threat landscape is not evolving but rapidly mutating as attackers find ever-more devious ways of bypassing security controls.
This will challenge security managers to devise new and creative ways to rethink security…”
Source: Forrester Research report “Updated Q4 2011: The New Threat Landscape — Proceed With Caution”
© 2012 Skybox Security 3
![Page 4: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/4.jpg)
Old Gen Tech Is Not Effective
• Network Security–Firewalls, IPS only effective if maintained constantly
• Vulnerability scanners – Often disruptive, not suitable for daily use
• SIEM – Reactive, too much irrelevant data
• Pen Test – Not cost effective at large scale
© 2012 Skybox Security 4
![Page 5: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/5.jpg)
Maintaining Security Controls is a
Difficult Challenge
• 500 network devices
• 25,000 FW rules
• 1,000 IPS signatures
• 55,000 nodes
• 65 daily network
changes
• Infrastructure spanning
three continents
© 2012 Skybox Security 5
![Page 6: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/6.jpg)
Vulnerability Scans –
Too Little, Too Late
0
50
100
150
200
250
300
350
10% 20% 30% 40% 50% 60% 70% 80% 90%
Fre
quency x
/year
% of Network Scanned
To keep pace with threats?
Daily updates
90%+ hosts
Partner/External networks
Avg. scan: 60-90 days
<50% of hosts
Critical systems, DMZ
Avg. scan: 30 days
50-75% of hosts
© 2012 Skybox Security 6
![Page 7: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/7.jpg)
SIEM – Monitoring, not Prevention
• (Regarding SIEM) "If the question is, 'Does it stop
hackers?' then the answer is no. It's not supposed to
stop anything.“ • Dr. Anton Chuvakin, Gartner
© 2012 Skybox Security 7
SIEM
Monitor events
Respond to incidents
Proactive Security
Anticipate risks
Prevent damage
Pre-attack Post-attack
Cyber
Attack!
![Page 8: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/8.jpg)
Time to Rethink Security
© 2012 Skybox Security 8
![Page 9: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/9.jpg)
Security is a Strategic Game
© 2012 Skybox Security 9
Where are we
at risk?
What does the playing
field look like?
What’s our objective?
What is the
next move?
![Page 10: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/10.jpg)
Your Opponents are Formidable
© 2012 Skybox Security 10
![Page 11: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/11.jpg)
There are Many Attack Vectors
© 2012 Skybox Security 11
Mobile devices
Misconfigured firewall
Network vulnerabilities default password
USBs
missing IPS signature Unused rules
Mobile apps
access violation
buffer attack
social networks
social networks
social networks
social networks
access violation
access violation
Cross-site scripting
default password
blocked rules access violation
social networks
social networks
access policy violations
default password
blocked rules
access policy violation
social engineering social networks
Misconfigured firewall
policy violation
blocked rules
Misconfigured firewall
missing IPS signature
blocked rules
Misconfigured firewall
missing IPS signature
blocked rules Misconfigured firewall
missing IPS signature
blocked rules
buffer overflows
Risky access rules
buffer attack Zero day vulnerability
buffer overflow attack policy violation
USBs
USBs
USBs
threat origins
threat origins
![Page 12: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/12.jpg)
More Security Controls ≠
Better Security
They all
speak different
languages.
© 2012 Skybox Security 12
![Page 13: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/13.jpg)
And You Don’t Have Full Visibility
© 2012 Skybox Security 13
![Page 14: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/14.jpg)
It’s going to get a lot worse
(Mobile, Virtualization, Clouds)
© 2012 Skybox Security 14
![Page 15: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/15.jpg)
New Challenges Change
the Attack Surface
2011 growth
Mobile data +133%
Mobile threats
+400%
It’s still early ….
More virtualized
servers deployed in
2011 than in 2001 to
2009 combined BYOC (Cloud)
Where is your data?
© 2012 Skybox Security 15
![Page 16: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/16.jpg)
Can you achieve
an 8X
improvement in
2 years?
How?
The Security Management Gap is
Widening Fast
© 2012 Skybox Security 16
![Page 17: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/17.jpg)
Your Mission – Win the Game
Where are we
at risk?
What do we do now?
What are our
best options?
© 2012 Skybox Security 17
![Page 18: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/18.jpg)
© 2012 Skybox Security 18
Proactive
Security Risk Management
Solution?
![Page 19: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/19.jpg)
The Solution Ingredients
© 2012 Skybox Security - Confidential 19
Risk-driven approach for proactive protection
Continuous, non-disruptive process
Serves both Security and IT Ops teams
Scalable to any size heterogeneous network
Advanced predictive analytics
![Page 20: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/20.jpg)
Predictive Analytics -
Modeling & Attack Simulation
Compromised
Partner
Attack
Simulations
Rogue Admin
Vulnerabilities • CVE 2009-203
• CVE 2006-722
• CVE 2006-490
Internet
Hacker
© 2012 Skybox Security - Confidential 20
![Page 21: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/21.jpg)
Proactive Intelligence to
Prevent Attack
Probable attack vector to Finance servers asset group This attack is a “multi-step”
attack, crossing several network zones
Connectivity Path
Business Impact Attack Vector
How to Block
Potential
Attack?
© 2012 Skybox Security 21
![Page 22: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/22.jpg)
Visibility to State of Security
© 2012 Skybox Security 22
Most Critical
Actions
Vulnerabilities
Threats
![Page 23: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/23.jpg)
The Future of
Security Operations Center (SOC)
IT GRC/Security Dashboard – consolidated reporting
Security Risk
Management (SRM)
Proactive, pre-attack
exposure management
Security Information &
Event Management
(SIEM)
Post-attack incident
management
© 2012 Skybox Security - Confidential 23
![Page 24: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/24.jpg)
Recommendations
Aim high
• Unbelievable scale
• Adapt to new architectures
Reinvent security management
• Integrated, holistic approach
• Proactive, not reactive
Use the Force, Luke
• It’s your infrastructure! Take Advantage
• Smart analytics
© 2012 Skybox Security 24
![Page 25: Security at the Breaking Point: Rethink Security in 2013](https://reader034.fdocuments.in/reader034/viewer/2022051818/54b6b3804a795935358b4569/html5/thumbnails/25.jpg)
Automate daily security tasks
Maintain compliance, prevent attacks
Visit www.skyboxsecurity.com
Thank you!
© 2012 Skybox Security 25