Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1 Rohan Kotian | Author, NSA IAM,

Similar presentations

Presentation on theme: "©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1 Rohan Kotian | Author, NSA IAM,"— Presentation transcript:

1 ©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1 Rohan Kotian | Author, NSA IAM, CEH Product Line Manager | Next Generation Security Platforms Next Generation Cyber Threats Shining the Light on the Industries' Best Kept Secret “Achieving victory in Cyber Security is not going to be won at the traditional point product” -JP

2 2 Footer Goes Here 2 –Next Generation Cyber Threats –Advanced Persistent Threats –Question and Answer Agenda

3 3 Footer Goes Here Next Generation Cyber Threats "The wonderful thing about the Internet is that you're connected to everyone else. The terrible thing about the Internet is that you're connected to everyone else." Vint Cerf (Vice President and Chief Internet Evangelist Google)

4 4 Footer Goes Here 4 Risks are Real & More Visible Sophisticated worm attacks Iran’s Siemen’s SCADA & MS Windows industry control systems Stuxnet Worm The website of U.S Postal Service serving up malware Blackhole Exploit Injected into USPS Website 77 million accounts at risk of data theft Sony PlayStation Network Down Applications and information are the business The servers of RSA have been breached and sensitive information from more than 40 million employees may have been compromised. RSA Hit By Advanced Persistent Threat Confirmed that its computer network had been broken into NASDAQ Stock Market

5 5 Footer Goes Here 5 If it Isn’t Secure, it is for Sale

6 6 Footer Goes Here 6 If it Isn’t Secure, it is for Sale

7 7 Footer Goes Here 7 Understanding data breaches Significant spike in 2011 for the number of data breaches Breaches are evolving from stolen laptops to more sophisticated techniques *Data pulled from looking at incidents over time

8 8 Footer Goes Here 8 Vulnerabilities Decreasing Vulnerabilities in commercial applications down 20 percent from 2010 Spike in 2006, for most part steady decline But is not a good indicator or risk *Vulnerabilities measured by OSVDB, 2000 - 2011

9 9 Footer Goes Here 9 Vulnerability Severity Increasing Mid level Severity (CVSS 5-7) Low level Severity (CVSS 1-4) High level Severity (CVSS 8-10) HS Vulnerabilities can cause remote code execution Percentage of HS vulnerabilities has increased by 17 percent in 5 years *Data pulled from OSVDB, 2000 - 2011

10 10 Footer Goes Here 10 Web applications – the “new” frontier 4 of the 6 most popular OSVDB vulnerabilities are exploitable via the Web Web application vulnerabilities (categorically) account for 36 percent of all vulnerabilities Further complicated by customization and add-ons – increased vulnerabilities *Data pulled from OSVDB, 2000 - 2011

11 11 Footer Goes Here 11 The number and costs of breaches continue to rise Web Applications Remain a Leading Issue –80% of successful attacks target the application layer (Gartner) –86% of applications are in trouble Web App Security Consortium studied security tests across 12,186 applications 13% of applications could be compromised completely automatically 86% had vulnerabilities of medium or higher severity found by completely automated scanning X ~ ~ Total average cost of a data breach per compromised record* $202 Average # of compromised records per breach^ 30,000 Average Total Cost per breach* $6.65 M * Ponemon Institute, 2008 Annual Study: $U.S. Cost of a Data Breach ^Source: The Open Security Foundation

12 The Cost of a Compromised Web Application/Server Sony Play Station Network (PSN) Breach LulzSec claimed it only took a single SQL Injection What was compromised: – Usernames – Passwords – Credit card details – Security answers – Purchase history – Address information Estimated Damages – $177 Million (USD) Sony’s official earning forecast and we quote:

13 13 Footer Goes Here 13 –Your Adversaries Count On Your Subscription and Resistance Toward Change –Traditional security is a suckers bet as well! ACLs AV / AS FW SMTP / Web Gateways HIPS Encryption IDS / IDS Logging / SIEM / SEM THEY COUNT ON YOUR ORGANIZATION BEING COMPLIANT AND THEY DON’T CARE!!!! Complacency Is a Suckers Bet

14 14 Footer Goes Here 14 –You have to think beyond tradition –Abandon those ideas which may be promoted by analysts and / or cleverly crafted reports –You must get outside the norms –Embrace ulterior technology and philosophy –Cannot fight a symmetrically wwhen the war requires asymmetric approaches be embraced, employed and acted out n Traditional Security Is a Suckers Bet

15 15 Footer Goes Here None (Normal End-User) Classifying the Cyber Actor (The technical threat telemetry is endless) Fame Destruction Motivation Expertise Result Moral Agenda Money Notoriety Theft Espionage Corporate/Government Fun Unwitting Compromise of an Asset/Policy and/or Intellectual Property Novice (Script Kiddie) Intermediate (Hacker for Hire) Expert (Foreign Intel Service, Terrorist Organization and/or Organized Crime) Intentional Act Non-Intentional Act Attack Vector IM,IRC,P2P Open Ports Web Browsers Email and Attachments Vulnerable Operating System + +=

16 16 Footer Goes Here 16 –Non-traditional intelligence acquisition and digestion –Aggressive, pro-active forensic analytic analysis –Baseline establishment and monitoring –Cyber Reputation Management ® techniques –Advanced & aggressive adoption and deployment of new, innovative, purpose built solutions Embracing Asymmetry

17 17 Footer Goes Here 17 –What’s in a name and MS Tuesday –Hacking as a Service –Botnetting as a Service –Spamming as a Service –DDoSing as a Service –Opportunistic Targets (Retail -> Critical Infrastructure) Next Generation Cyber Threats (Here Today, Gone Tomorrow)

18 18 Footer Goes Here 18 –People Underestimate threat  introduce risk Lack InfoSec knowledge and experience Often not empowered by stake holders due to lack of alignment with business –Process What Gets Measured Is Supposed To Get Results − Horrible IT metrics at best Focus on compliance vs. security –Technology Deep holes in network visibility that must be addressed Threats Have Advanced

19 19 Footer Goes Here 19 Focus on Compliance Versus Security Compliance Security

20 20 Footer Goes Here 20 Network Visibility and Situational Awareness (Gaps Are Critical) Firewalls Intrusion Detection/Prevention Content Monitoring Anomaly Detection End-Point Protection SIEM Defense in Depth Expecting different results using the same technology Massive Gaps Without insight/visibility…what you don’t know will hurt you.

21 21 Footer Goes Here Advanced Persistent Threat’s

22 22 Footer Goes Here 22 –Slow, silent and deadly –What’s in not having a name: Encryption, Beacon’s, Custom, Blended… –Recent Examples Advanced Persistent Threat (Selective, Sophisticated and Silent)

23 23 Footer Goes Here 23 Historic Overview: Solar Sunrise Eligible Receiver Moonlight Maze Titan Rain Byzantine Foothold US Power Grid Operation Shockwave The Classics The Subversives Aurora Exxon The Subversives 1997199819992004200720092010 Ghostnet Stuxnet 2011 “The cyber criminal sector in particular has displayed remarkable technical innovation with an agility presently exceeding the response capability of network defenders. Criminals are developing new, difficult-to-counter tools.“ "Criminals are collaborating globally and exchanging tools and expertise to circumvent defensive efforts, which makes it increasingly difficult for network defenders and law enforcement to detect and disrupt malicious activities."

24 24 Footer Goes Here 24 Advanced Persistent Threat Lifecycle

25 25 Footer Goes Here Lifecycle Similarities & Differences ThreatAPTBotnet Initial EntryRecon & social engineering perhaps via e-mail (phishing, link, or attachment) Spam, phishing, malicious links (all perhaps leveraging social engineering) IntrusionVulnerability, obfuscation, exploitationVulnerability, obfuscation, exploitation, InfectionMalware – custom, off the shelf, DIY RepeatLateral movement, data extrusion, persistence Zombie used to send more spam or drive by web application attacks

26 26 Footer Goes Here 26 –What Happened Verified in 103 countries ▫ Over 1,295 infected hosts identified ▫ Impacts + / - a dozen computers on a weekly basis Commonly Used Tools (Not Too Sophisticated): ▫ Remote access tool called gh0st RAT (Remote Access Tool) ▫ Data harvest ▫ Email siphoning ▫ Listening / Recording of Conversations via microphone and / or webcams Public APT Activity (Ghost Net) aka Byzantine Foothold

27 27 Footer Goes Here 27 Known Current Solutions Not Good Enough Regulatory Compliance != Security Advanced Persistent Threat Will Become Pervasive What are you doing to tackle the problem? Key Point’s

28 28 Footer Goes Here Outcomes that matter.

Download ppt "©2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 1 Rohan Kotian | Author, NSA IAM,"

Similar presentations

Ads by Google