Postcards from the edge cyber security risk management in an escalating threat environment
Sponsored Links
This presentation is the property of its rightful owner.
1 / 22

Postcards from the edge cyber-security risk management in an escalating threat environment PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Postcards from the edge cyber-security risk management in an escalating threat environment. threats are escalating at a near exponential rates. Nothing short of game-change innovation can stem this rising tide Seems everything changes, everyday. Pharming > 50% of all PCs compromised

Download Presentation

Postcards from the edge cyber-security risk management in an escalating threat environment

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Postcards from the edge cyber-security risk management in an escalating threat environment

threats are escalating at a near exponential rates

  • Nothing short of game-change innovation can stem this rising tide

  • Seems everything changes, everyday

  • Pharming

  • > 50% of all PCs compromised

  • Application Attacks

  • BotArmies/DDOS2

  • Organized Cyber-crime Ecosystem

  • Hacktivism

  • Cyber Terrorism

  • Phishing

  • Identity Theft

  • OS Hacking

  • BotNets/DDOS

  • Cyber Criminals

  • Script Kiddies

the US reaction has been weak without a civilian “cyber-czar” named at present

the new Cyber Command is still very young and does not yet have a base of operations

Needs a good home

Public awareness is largely absence driven by unconnected and one-off dramatic events. Many in the media lack a thorough understanding of the issues

“Estonia Sending Cyber Defense Experts to Georgia”

Network World

most security technology providers have a narrow perspective of the cyber-security landscape

Unfortunately the Reality of the cyber security landscape is somewhat larger

summarizing the context

  • Threats are escalating at an alarming rate

  • Public policy has generally failed us

  • Government action has been inadequate

  • Media/public is at best confused about cyber threats

  • Technology has provided little more than a band-aid

  • Many believe cyber-criminals have almost mystical powers

Most Cyber-security conventional wisdom attempts to model our cyber defenses based on traditional defense in depth implementations

CalstenFortress c. 1600’s, Marstrand, Sweden

The digital warrior

Changing the game

A fundamental change in tactics

Principles of a Resilient cyber defense

1. It’s too easy too be hard!


  • 80%+ of all successful cyber-attacks exploit vulnerabilities in four categories; none require rocket science to fix

    • Input validation, poor coding technique – business logic, authentication and access control, device hardening – patching, secure baselines

  • Building in security is 60 times less expensive that bolting-on later

    • Up-level security in SDLC

      We must develop:

  • Strong vulnerability management program

  • Assessment and remediation of legacy code used in operating systems and applications

  • Assessment and remediation of web site vulnerabilities

    • This will continue to be the most sought-after attack vectors by criminals to host links to phishing and identity theft code.

  • Assessment and remediation third party code and widgets

    • An attractive attack vector

      • Demonstrated by the “Secret Crush” malware that posed as a Facebook widget to install itself on about 1 million PCs in late 2007 and early 2008

2. Be a really good first responder


  • Complex systems fail complexly, it is not possible to anticipate all the failure modes

  • Complexity provides both opportunity and hiding places for attackers

  • Damping out complexity is impossible when coupled with change, growth and innovation

  • Security failures are inevitable

    We Must Develop:

  • Robust incident management integrating all aspects of business (e.g. communications, development, legal)

  • Security SME throughout the SDLC

  • Deploy analytical tools to continually assess the security of development and the infrastructure

  • Provide security training to development and infrastructure teams

3. Gracefully degrade


  • A successful attack is inevitable

    Then we must develop:

  • A thorough understanding of the business, key business assets and critical functionality

  • Define defensible perimeters

  • Expanded firewall and IPS footprint

  • Develop/understanding network choke-points

  • Bandwidth allocation

  • Dynamic re-configuration

3a. Diversity…Diversity…Diversity


  • You can’t live without it!

    • “Run from monoculture in the name of survivability” – Dan Geer

      We must develop:

  • Multiple tools for detection and analysis

  • Multiple mitigation methods

  • Segmentation for everything

  • New thinking – situational awareness – attack simulation…

4. Treat the inside like the outside


  • Every cyber criminal is our next door neighbor

  • We can never retreat to a safe neighborhood

    We must develop:

  • The ability to defend knowing the current threat profile, generally and specifically to us.

  • Encryption for everything moving in our networks

  • Defensive applications coding

    • More important than ever with 3rd party software

5. It’s the data and the transactions


  • Cyber criminals are attacking transaction streams

  • Transaction attacks are extremely difficult to detect

    We must develop:

  • Protect data

  • Protect the transactions

  • Employee exfiltration blocking

6. Defense is guaranteed to be a losing strategy, play offense whenever possible

  • May be averting a crises, but not getting in front of the problem

7. Innovate…innovate…innovate

  • Innovating for impact

  • Incremental

  • Sustaining core and context

  • Radical

8. Know what is happening, know what happened


  • Attacks are becoming much more subtle

  • Attacks are using multiple channels

9. Continuously Adapt the strategy – Be agile

If you are not moving forward you are falling behind…status quo is unacceptable

Nothing is stable

Surprise is constant

We work at a permanent, structural disadvantage compared to our attackers

Success Now and in the Future:We Are Vigilant and Mindful to the Potential Perils

Remember – 90% of the putts that are short don’t go in.

Yogi Berra

  • Login