1 / 49

Conventional Defenses + Unconventional Adversaries ???

Conventional Defenses + Unconventional Adversaries ???. Joshua Corman Director of Security Intelligence Akamai Technologies @ joshcorman. Joshua Corman. Director of Security Intelligence Akamai Technologies @ joshcorman. About Joshua Corman.

gasha
Download Presentation

Conventional Defenses + Unconventional Adversaries ???

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Conventional Defenses+Unconventional Adversaries??? Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman

  2. Joshua Corman Director of Security Intelligence Akamai Technologies @joshcorman

  3. About Joshua Corman • Director of Security Intelligence for Akamai Technologies • Former Research Director, Enterprise Security [The 451 Group] • Former Principal Security Strategist [IBM ISS] • Industry Experience: • Expert Faculty: The Institute for Applied Network Security (IANS) • 2009 NetworkWorldTop 10 Tech People to Know • Co-Founder of “Rugged Software” www.ruggedsoftware.org • Things I’ve been researching: • Compliance vs Security • Disruptive Security for Disruptive Innovations • Chaotic Actors • Espionage • Security Metrics

  4. Relative Risk Replaceability IrreplaceableHighly Replaceable Human Life Intellectual PropertyPHI Credit Cards

  5. 2011 VZ DBIR Mission Accomplished (no, not really)

  6. Key Points from 2011 VZ DBIR • All-Time High # of Incidents • All-Time Low # of Breached Records • Higher Value Records • All but one thing got worse • MOST cases SMB

  7. Non-CCN Asset Type Breakdown

  8. 2010 Unholy Trinity: • Google.cn and Operation Aurora • Stuxnet • Bradley Manning/WikiLeaks (and Operation Payback) • 2011: • Anonymous • EMC/RSA SecurID • Sony’s Punishment Campaign • LulzSec • Lockheed • IMF

  9. 20 Slides x 20 Seconds (6 min 40 sec) Joshua Corman @joshcorman Research Director Enterprise Security RSA 2011 PechaKuchaHappy Hour

  10. Why Zombies Love PCI: or “No Zombie Left Behind Act” SPEAKER: Joshua Corman Research Director Enterprise Security The 451 Group PechaKucha Happy Hour

  11. Why Zombies?

  12. RSA Conference 2011 Zombies ++

  13. Is PCI The No Child Left Behind Act for Information Security? • Early Adopters • Mainstream • Laggards

  14. When “good enough”… isn’t

  15. It’s all about Zombies

  16. It’s all about Zombies

  17. Disruptive Changes Evolving Threat Evolving Compliance Evolving Technology Cost Complexity Risk Evolving Economics Evolving Business

  18. Evolving Threat:Adaptive Persistent Adversaries

  19. Fear the auditor more than the attacker

  20. We broke the Information Security Market Evolving Threat HIPAA HITECH SOX GLB Evolving Compliance Evolving Technology Cost Complexity Risk Evolving Economics Evolving Business

  21. Thriller

  22. 94% 89% 0%

  23. Survival Guide/Pyramid www.ruggedsoftware.org Defensible Infrastructure

  24. Survival Guide/Pyramid Operational Discipline Defensible Infrastructure

  25. Survival Guide/Pyramid Situational Awareness Operational Discipline Defensible Infrastructure

  26. Survival Guide/Pyramid Countermeasures Situational Awareness Operational Discipline Defensible Infrastructure

  27. Surviving The Zombie Apocalypse

  28. Evolving Threat: Adaptive Persistent Adversaries

  29. Anonymous

  30. An Alignment Chart

  31. Anon Unmasked? (Alleged Participants)

  32. APT

  33. You must be *this* tall to ride…

  34. Moore’s Law • Moore’s Law: • Compute power doubles every 18 months • HDMoore’sLaw: • Casual Attacker Strength grows at the rate of MetaSploit

  35. Attacker Drop-Offs: Casual HDMoore’s Law

  36. Attacker Drop-Offs : QSAs

  37. Attacker Drop-Offs: APTs/APAs

  38. Attacker Drop-Offs: Chaotic Actors

  39. Does it matter? Was #18 in overall DBIR Top Threat Action Types used to steal INTELLECTUAL PROPERTY AND CLASSIFIED INFORMATION by number of breaches - (excludes breaches only involving payment card data, bank account information, personal information, etc)

  40. Compare and contrast

  41. Case Study: Zombie Killer of the Week? • Early Adopters • Mainstream • Laggards You Are Here

  42. Case Study: Zombie Killer Countermeasures • LanCope • BigFix (IBM) • NetWitness (RSA) • Fidelis XPS • HBGary • FireEye • ArcSight (HP) Situational Awareness Operational Discipline Defensible Infrastructure A real use case of 'better security' in the face of adaptive adversarieshttp://www.the451group.com/report_view/report_view.php?entity_id=66991

  43. Which classes of adversaries are we likely to face? • Which assets are most at risk as a consequence? • How tall do we need to be? • Table Top Exercises • An ounce of prevention? • Recovery may not be technical… • Failing Well

  44. Q&A Joshua Corman Director of Security Intelligence, Akamai Technologies @joshcorman @RuggedSoftware jcorman@akamai.com

More Related