Postcards from the edge cyber security risk management in an escalating threat environment
Download
1 / 22

Postcards from the edge cyber-security risk management in an escalating threat environment - PowerPoint PPT Presentation


  • 155 Views
  • Uploaded on

Postcards from the edge cyber-security risk management in an escalating threat environment. threats are escalating at a near exponential rates. Nothing short of game-change innovation can stem this rising tide Seems everything changes, everyday. Pharming > 50% of all PCs compromised

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Postcards from the edge cyber-security risk management in an escalating threat environment' - deo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Postcards from the edge cyber security risk management in an escalating threat environment

Postcards from the edge cyber-security risk management in an escalating threat environment


Threats are escalating at a near exponential rates
threats are escalating at a near exponential rates

  • Nothing short of game-change innovation can stem this rising tide

  • Seems everything changes, everyday

  • Pharming

  • > 50% of all PCs compromised

  • Application Attacks

  • BotArmies/DDOS2

  • Organized Cyber-crime Ecosystem

  • Hacktivism

  • Cyber Terrorism

  • Phishing

  • Identity Theft

  • OS Hacking

  • BotNets/DDOS

  • Cyber Criminals

  • Script Kiddies


The us reaction has been weak without a civilian cyber czar named at present
the US reaction has been weak without a civilian “cyber-czar” named at present


The new cyber command is still very young and does not yet have a base of operations
the new Cyber Command is still very young and does not yet have a base of operations

Needs a good home


Public awareness is largely absence driven by unconnected and one-off dramatic events. Many in the media lack a thorough understanding of the issues

“Estonia Sending Cyber Defense Experts to Georgia”

Network World


most security technology providers have a narrow perspective of the cyber-security landscape



Summarizing the context
summarizing the context somewhat larger

  • Threats are escalating at an alarming rate

  • Public policy has generally failed us

  • Government action has been inadequate

  • Media/public is at best confused about cyber threats

  • Technology has provided little more than a band-aid

  • Many believe cyber-criminals have almost mystical powers


Most Cyber-security somewhat largerconventional wisdom attempts to model our cyber defenses based on traditional defense in depth implementations

CalstenFortress c. 1600’s, Marstrand, Sweden


Changing the game

T somewhat largerhe digital warrior

Changing the game

A fundamental change in tactics

Principles of a Resilient cyber defense


1 it s too easy too be hard
1. It’s too easy too be hard! somewhat larger

Where:

  • 80%+ of all successful cyber-attacks exploit vulnerabilities in four categories; none require rocket science to fix

    • Input validation, poor coding technique – business logic, authentication and access control, device hardening – patching, secure baselines

  • Building in security is 60 times less expensive that bolting-on later

    • Up-level security in SDLC

      We must develop:

  • Strong vulnerability management program

  • Assessment and remediation of legacy code used in operating systems and applications

  • Assessment and remediation of web site vulnerabilities

    • This will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code.

  • Assessment and remediation third party code and widgets

    • An attractive attack vector

      • Demonstrated by the “Secret Crush” malware that posed as a Facebook widget to install itself on about 1 million PCs in late 2007 and early 2008


2 be a really good first responder
2. Be a really good somewhat largerfirst responder

Where:

  • Complex systems fail complexly, it is not possible to anticipate all the failure modes

  • Complexity provides both opportunity and hiding places for attackers

  • Damping out complexity is impossible when coupled with change, growth and innovation

  • Security failures are inevitable

    We Must Develop:

  • Robust incident management integrating all aspects of business (e.g. communications, development, legal)

  • Security SME throughout the SDLC

  • Deploy analytical tools to continually assess the security of development and the infrastructure

  • Provide security training to development and infrastructure teams


3 gracefully degrade
3. Gracefully somewhat largerdegrade

If:

  • A successful attack is inevitable

    Then we must develop:

  • A thorough understanding of the business, key business assets and critical functionality

  • Define defensible perimeters

  • Expanded firewall and IPS footprint

  • Develop/understanding network choke-points

  • Bandwidth allocation

  • Dynamic re-configuration


3a diversity diversity diversity
3a. Diversity…Diversity…Diversity somewhat larger

Where:

  • You can’t live without it!

    • “Run from monoculture in the name of survivability” – Dan Geer

      We must develop:

  • Multiple tools for detection and analysis

  • Multiple mitigation methods

  • Segmentation for everything

  • New thinking – situational awareness – attack simulation…


4 treat the inside like the outside
4. Treat the inside like the outside somewhat larger

Where:

  • Every cyber criminal is our next door neighbor

  • We can never retreat to a safe neighborhood

    We must develop:

  • The ability to defend knowing the current threat profile, generally and specifically to us.

  • Encryption for everything moving in our networks

  • Defensive applications coding

    • More important than ever with 3rd party software


5 it s the data and the transactions
5. It’s the data somewhat largerand the transactions

Where:

  • Cyber criminals are attacking transaction streams

  • Transaction attacks are extremely difficult to detect

    We must develop:

  • Protect data

  • Protect the transactions

  • Employee exfiltration blocking


6 defense is guaranteed to be a losing strategy play offense whenever possible
6. Defense is guaranteed to be somewhat largera losing strategy, play offense whenever possible

  • May be averting a crises, but not getting in front of the problem


7 innovate innovate innovate
7. Innovate…innovate…innovate somewhat larger

  • Innovating for impact

  • Incremental

  • Sustaining core and context

  • Radical


8 know what is happening know what happened
8. Know what is happening, somewhat largerknow what happened

Where:

  • Attacks are becoming much more subtle

  • Attacks are using multiple channels


9 continuously adapt the strategy be agile

9. Continuously Adapt the strategy – Be agile somewhat larger

If you are not moving forward you are falling behind…status quo is unacceptable

Nothing is stable

Surprise is constant

We work at a permanent, structural disadvantage compared to our attackers


Success now and in the future we are vigilant and mindful to the potential perils

Success Now and in the Future: somewhat largerWe Are Vigilant and Mindful to the Potential Perils



ad