MENA Information Security Conference 2017 On the Verge : Combating - - PowerPoint PPT Presentation

mena information security
SMART_READER_LITE
LIVE PREVIEW

MENA Information Security Conference 2017 On the Verge : Combating - - PowerPoint PPT Presentation

Sep 04, 2022 360 likes •684 views

MENA Information Security Conference 2017 On the Verge : Combating Cyber Threats leveraging Threat Intelligence, Faster Detection & Automated Response Adaptive Security Strategy for SOC Ramy AlDamati Principle CyberSecurity Solution

slide-1
SLIDE 1

Sponsor Logo

MENA Information Security Conference 2017

On the Verge :

Combating Cyber Threats leveraging Threat Intelligence, Faster Detection & Automated Response

Adaptive Security Strategy for SOC

Ramy AlDamati

Principle CyberSecurity Solution Architect Kaspersky Lab Middle East Africa and Turkey

slide-2
SLIDE 2

Sponsor Logo

Global CyberThreats Landscape

slide-3
SLIDE 3

Sponsor Logo

MALWARE EVOLUTION

Looking back at 25 years of malware development

1

NEW VIRUS EVERY HOUR

1994

1

NEW VIRUS EVERY MINUTE

2006

1

NEW VIRUS EVERY SECOND

2011

323,000

NEW SAMPLES EVERY DAY 2017

slide-4
SLIDE 4

Sponsor Logo

THREAT EVOLUTION

Actors/Targets Attacks/Defenses

Significant Nuisance

slide-5
SLIDE 5

Sponsor Logo

Trends and Threats

Main GOAL: to understand global IT Trends and the Threats they bring

Consumerization & mobility

Increasing

  • nline commerce

Critical infrastructure at risk

Big data

Internet of Things

Cloud & virtualization

Privacy & data protection challenge

Fragmentation of the Internet

Cars become smarter

Connected Cities

Mobile threats

banking at risk

Massive data leaks

Decreasing cost of APTs

Commercialization of APTs

Supply chain attacks

Cyber-mercenaries Wipers & cyber-sabotage

T argeted attacks

Financial phishing attacks

Ransomware

Malware for ATMs Attacks on PoS terminals

Merger of cybercrime and APTs Targeting hotel networks Internet of Things

Hacktivism

Vulnerable connected cars Ransomware in Targeted Attacks

Online

Threats to Smart Cities

Attacks on Smart Cities

IoT botnets

slide-6
SLIDE 6

Sponsor Logo

THE MODERN CYBERTHREAT LANDSCAPE

EXPANDING ATTACK SURFACE MOTIVATED AND WELL- FUNDED THREAT ACTORS

SOPHISITCATED ATTACKS

ENDPOINTS NETWORK CLOUD AND SAAS USERS MOBILE DEVICES IoT MALICIOUS INSIDERS TERRORISTS ORGANIZED CRIME HACKTIVISTS NATION STATES SPEAR-PHISHING CUSTOM MALWARE ZERO-DAY EXPLOITS SOCIAL ENGINEERING PHYSICAL COMPROMISE

slide-7
SLIDE 7

Sponsor Logo

Cybersecurity challenges of «nearest future»

Compliance Endpoints Essential Skills Demand Malware focus Manual Work Multiple solutions issue Advanced Security Complexity Lack of integration

slide-8
SLIDE 8

Sponsor Logo

Security Expert Yesterday – Today – Tomorrow

5 - 10 years ago

Role: Security Engineer Responsibility: building protection Goal: Prevent the external threats

Today

Role: Security Analyst Responsibility: monitor and react Goal: Unify the processes and automate routine

Tomorrow???

Role: Threat Hunter Responsibility: discover threats and manage advanced engines Goal: Protect the business

slide-9
SLIDE 9

Sponsor Logo

Enterprise Security Trends

slide-10
SLIDE 10

Sponsor Logo

THE AVERAGE FINANCIAL IMPACT OF A BREACH

$126K $116K $106K $92K $91K $86K $119K $79K $77K

Additional Internal Staff Wages Damage to Credit Rating/Insurance Premiums Lost Business Compensation Extra PR (to repair brand damage) Employing External Professionals Improving Software & Infrastructure Training New Staff

$14K $13K $11K $9K $8K $8K $10K $7K $7K

Additional Internal Staff Wages Lost Business Employing External Professionals Damage to Credit Rating/Insurance Premiums Extra PR (to repair brand damage) Compensation Improving Software & Infrastructure Training New Staff

SMB

Enterprise

The reallocation of IT staff time represents the single largest source of additional cost for both SMBs and Enterprises

Average Total Impact: $86.5k Average Total Impact: $891k

$891K

AVERAGE COST OF A SINGLE BREACH OCCURRED

Results fro Kaspersky La’s Corporate IT Seurity Risks. Survey 6, conducted worldwide by Kaspersky Lab

Base: 926 SMBs/ 590 Enterprises Suffering At Least One Data Breach

slide-11
SLIDE 11

Sponsor Logo

Financial impact of security incident

200%

$392 984 $555 274 $864 214 $897 055 $1092 303 $300 000 $400 000 $500 000 $600 000 $700 000 $800 000 $900 000 $1000 000 $1100 000

Almost instant (Detection System In Place)

*Cost of recovery vs. time needed to discover a security breach for enterprises

Within a few hours Within a day Several days Over a week

growth of the recovery cost during the first week

  • f discovering a security breach for Enterprises
slide-12
SLIDE 12

Sponsor Logo

Enterprise Security Trends: External Factors

Most advanced threats using basic vulnerabilities and human factor Availability and lowering prices leading to Cybercrime-as-a-Service Attacks on third-party: SMBs can become a part

  • f an attack chain
slide-13
SLIDE 13

Sponsor Logo

Enterprise Security Trends: Internal Factors

Perimeter security is overestimated An average targeted attack stays undetected for more than 214 days Growing IT sophistication results in visibility gap and lack of operational information

slide-14
SLIDE 14

Sponsor Logo

The smallest percentage of threats creates the highest risk

90%

9.9%

0.1%

Signature and rule- based protection Heuristics and behavior analysis, cloud reputation Machine learning, threat intelligence, advanced sandboxing

Generic malware Targeted attacks: sophisticated malware APT: unique malware, 0-days

slide-15
SLIDE 15

Sponsor Logo

TARGETED ATTACK KILL CHAIN: THEORY VS REALITY

  • In theory… pretty straightforward:

Recon & Testing Penetration Propagation Execution Incident

slide-16
SLIDE 16

Sponsor Logo

TARGETED ATTACK KILL CHAIN: THEORY VS REALITY

  • I reality… sophistiated ad oliear 

Incident

Propagation 1 – E-mail

Penetration 2 – Watering hole Propagation 2 – Network Penetration 1 – Attached exploit Execution – Local Execution – Remote Recon & Testing

slide-17
SLIDE 17

Sponsor Logo

Targeted Attack Groups rapidly increased

Darkhotel

  • part 2

MsnMM Campaigns Satellite Turla Wild Neutron Blue Termite Spring Dragon 201 2011 201 2010 201 2013 Stuxnet Duqu 201 2012 Gauss Flame miniFlame NetTraveler Miniduke RedOctober Icefog Winnti Kimsuky TeamSpy 201 2014 Epic Turla CosmicDuke Regin Careto / The Mask Energetic Bear / Crouching Yeti Darkhotel 201 2015 Desert Falcons Hellsing Sofacy Carbanak Equation Naikon Animal Farm Duqu 2.0 ProjectSauron Saguaro StrongPity Ghoul Fruity Armor ScarCruft 201 2016 Poseidon Lazarus Lurk GCMan Danti Adwind Dropping Elephant Metel

slide-18
SLIDE 18

Sponsor Logo

The New Era of SOC

slide-19
SLIDE 19

Sponsor Logo

TRADITIONAL SOC – Functionality

SECURITY DEVICE MANAGEMENT AND PERIMETER MAINTENANCE INCIDENT FORENSICS AND REMEDIATION SECURITY EVENT MONITORING THROUGH SIEM INTERNAL OR REGULATORY COMPLIANCE SUPPORT (e.g. PCI-DSS)

Proxy Firewall IPS/IDS

Perimeter logs

SIEM

slide-20
SLIDE 20

Sponsor Logo

TRADITIONAL SOC – RISK

Proxy Firewall IPS/IDS

Perimeter logs

SIEM

LACK OF A COMPREHENSIVE THREAT OVERVIEW, IMPEDING EFFICIENT SECURITY PROGRAM DEVELOPMENT UNDISCOVERED THREATS STILL ACTIVE WITHIN THE ORGANIZATION POOR PRIORITIZATION OF DETECTED THREATS LACK OF IN-HOUSE EXPERTISE AND SHORTAGE OF SKILLED PROFESSIONALS ON THE MARKET INEFFICIENT INCIDENT RESPONSE PROCEDURES LEADING TO HIGH RECOVERY COSTS

slide-21
SLIDE 21

Sponsor Logo

Traditional SOC Required REDISIGN

CONVENTIONAL

REACTIVE APPROACH NO STRATEGIC OVERWIEW INEFFICIENT INCIDENT PRIORIZATION LACK OF EXPERTISE Log collection Aggregation & Correlation Ticketing Reporting

SECURITY OPERATIONS CENTER

Unstructured processes

slide-22
SLIDE 22

Sponsor Logo

Ice-climbing requires trusted teamwork and agility to continually detect and respond to hidden dangers in a challenging and ever changing landscape, by utilizing the proper tools in same harmony. so does your SOC ?!

slide-23
SLIDE 23

Sponsor Logo

MAIN FOUR KEY ELEMENTS FOR INTELLIGENCE-DRIVEN APPROACH

Threat Intelligence and Threat Hunting

Knowledge Management Incident Response Framework Predict Prevent Respond Detect CSOC/SIC

THREAT INTELLIGENCE FROM MANY DIFFERENT SOURCES IS ESSENTIAL TO THE TIMELY DETECTION OF EMERGED THREATS KNOWLEDGE MANAGEMENT PREVENTS AND RESPONDS TO INCREASINGLY SOPHISTICATED ATTACKS THREAT HUNTING PROACTIVELY SEARCHES FOR THREATS REMAINING UNDETECTED BY TRADITIONAL SECURITY SYSTEMS INCIDENT RESPONSE FRAMEWORK LIMITS DAMAGE AND REDUCES REMEDIATION COSTS

slide-24
SLIDE 24

Sponsor Logo

The role of an Adaptive Security Strategy

 Cybersecurity training  Targeted Enterprise Solutions  Endpoint security  Datacenter Security  Embedded security  …  Security Awareness  Industrial Cybersecurity

PREVENT DETECT

 Global APT reports  Threat data feeds  Threat Hunting Service  Advanced Threat Defense platform  Endpoint Detection & Response

RESPOND

 Premium support  Dedicated Security Advisor  Incident response service  Digital Forensics  Malware Analysis  Endpoint Detection & Response

PREDICT

 Penetration testing service  Application security assessment  Targeted Attack Discovery Service  Threat Intelligence Portal  Customized APT reports

slide-25
SLIDE 25

Sponsor Logo

Security Operations framework rely on Three key functions

People Technology Process

Formal Training Preparation Identification Containment Eradication Recovery Lessons Learned Endpoint Netflow Network Monitoring Threat Intel Incident Detection/ Management Forensics

[ SOC ]

Internal Training On-the-Job Experience Vendor-Specific Training

slide-26
SLIDE 26

Sponsor Logo

Kaspersky Adaptive Security Framework

Security Assessment Penetration Testing Custom Reports

Threat Intelligence sharing Defense Strengthening

PREDICT PREVENT

Expert Analysts

Embedded Security Cybersecurity Awareness Professional Services

Big Data / Threat Intelligence Machine Learning APT Reports Threat Intelligence Portal NG Endpoint Security Cloud Security

THREAT INTELLIGENCE RISK MITIGATION

HuMachine™

DETECT

Multi-Vector Discovery

Threat Data Feeds Targeted Attack Discovery APT Reports Endpoint Detection & Response

Managed Protection Anti Targeted Attack

CONTINUOUS MONITORING

RESPOND

Effective Countermeasures

Malware Analysis Digital Forensics Incident Response Premium Support

Endpoint Detection & Response

SECURITY INCIDENT MANAGEMENT

slide-27
SLIDE 27

Sponsor Logo

Advanced Detection with Machine Learning

Customer-supplied and 3rd party TI Anti-malware engine Standard signatures YARA engine Advanced Sandboxing Reputation Global Threat Intelligence Targeted Attack Analyzer (Machine Learning)

slide-28
SLIDE 28

Sponsor Logo

Adaptive Threat Response - Automation

Visibility & Monitoring Incident Response Threat Hunting Advanced Detection Prevention Collect Forensic Data Quarantine/Recover Prevent Run a script/program Kill process Delete object

slide-29
SLIDE 29

Sponsor Logo

EMPOWERING THE PROCESS : FROM DETECTION AUTOMATION TO RESPONSE

Forensic Data Discover Qualify Investigate Neutralize Recover

APT & Custom Reports Threat Data Feeds Threat Hunting Threat Intelligence Portal Forensics Training Incident Response Service

Network Traffic Analysis Endpoint Detection and Response

DRIVEN BY INTELLIGENCE EMPOWERED BY TECHNOLOGIES

slide-30
SLIDE 30

Sponsor Logo

IT IS THE RIGHT TIME FOR: INTELLIGENCE DRIVEN SOC

ADVANCED ANALYTICS COUNTERMEASURE CAPABILITIES CONSTANT ADAPTATION OPERATIONS AUTOMATION Log collection Aggregation & Correlation Ticketing Reporting

SECURITY OPERATIONS CENTER

INTELLIGENCE-DRIVEN

Threat Intelligence Threat Hunting Knowledge Management Research and development Predict Prevent Detect Respond

slide-31
SLIDE 31

Sponsor Logo

WE PROTECT WHAT MATTERS MOST THANK YOU

SAVING THE WORLD FOR 20 YEARS