security at the breaking point: rethink security in 2013
DESCRIPTION
TRANSCRIPT
Security at the Breaking Point:
Rethink Security in 2013 presented by
Gidi Cohen
CEO and Founder
Skybox Security
November 2, 2012
www.skyboxsecurity.com © 2012 Skybox Security 1
Why can’t we curb
security threats?
© 2012 Skybox Security 2
The Threat Landscape is
Changing Fast
“…The threat landscape is not evolving but rapidly mutating as attackers find ever-more devious ways of bypassing security controls.
This will challenge security managers to devise new and creative ways to rethink security…”
Source: Forrester Research report “Updated Q4 2011: The New Threat Landscape — Proceed With Caution”
© 2012 Skybox Security 3
Old Gen Tech Is Not Effective
• Network Security–Firewalls, IPS only effective if maintained constantly
• Vulnerability scanners – Often disruptive, not suitable for daily use
• SIEM – Reactive, too much irrelevant data
• Pen Test – Not cost effective at large scale
© 2012 Skybox Security 4
Maintaining Security Controls is a
Difficult Challenge
• 500 network devices
• 25,000 FW rules
• 1,000 IPS signatures
• 55,000 nodes
• 65 daily network
changes
• Infrastructure spanning
three continents
© 2012 Skybox Security 5
Vulnerability Scans –
Too Little, Too Late
0
50
100
150
200
250
300
350
10% 20% 30% 40% 50% 60% 70% 80% 90%
Fre
quency x
/year
% of Network Scanned
To keep pace with threats?
Daily updates
90%+ hosts
Partner/External networks
Avg. scan: 60-90 days
<50% of hosts
Critical systems, DMZ
Avg. scan: 30 days
50-75% of hosts
© 2012 Skybox Security 6
SIEM – Monitoring, not Prevention
• (Regarding SIEM) "If the question is, 'Does it stop
hackers?' then the answer is no. It's not supposed to
stop anything.“ • Dr. Anton Chuvakin, Gartner
© 2012 Skybox Security 7
SIEM
Monitor events
Respond to incidents
Proactive Security
Anticipate risks
Prevent damage
Pre-attack Post-attack
Cyber
Attack!
Time to Rethink Security
© 2012 Skybox Security 8
Security is a Strategic Game
© 2012 Skybox Security 9
Where are we
at risk?
What does the playing
field look like?
What’s our objective?
What is the
next move?
Your Opponents are Formidable
© 2012 Skybox Security 10
There are Many Attack Vectors
© 2012 Skybox Security 11
Mobile devices
Misconfigured firewall
Network vulnerabilities default password
USBs
missing IPS signature Unused rules
Mobile apps
access violation
buffer attack
social networks
social networks
social networks
social networks
access violation
access violation
Cross-site scripting
default password
blocked rules access violation
social networks
social networks
access policy violations
default password
blocked rules
access policy violation
social engineering social networks
Misconfigured firewall
policy violation
blocked rules
Misconfigured firewall
missing IPS signature
blocked rules
Misconfigured firewall
missing IPS signature
blocked rules Misconfigured firewall
missing IPS signature
blocked rules
buffer overflows
Risky access rules
buffer attack Zero day vulnerability
buffer overflow attack policy violation
USBs
USBs
USBs
threat origins
threat origins
More Security Controls ≠
Better Security
They all
speak different
languages.
© 2012 Skybox Security 12
And You Don’t Have Full Visibility
© 2012 Skybox Security 13
It’s going to get a lot worse
(Mobile, Virtualization, Clouds)
© 2012 Skybox Security 14
New Challenges Change
the Attack Surface
2011 growth
Mobile data +133%
Mobile threats
+400%
It’s still early ….
More virtualized
servers deployed in
2011 than in 2001 to
2009 combined BYOC (Cloud)
Where is your data?
© 2012 Skybox Security 15
Can you achieve
an 8X
improvement in
2 years?
How?
The Security Management Gap is
Widening Fast
© 2012 Skybox Security 16
Your Mission – Win the Game
Where are we
at risk?
What do we do now?
What are our
best options?
© 2012 Skybox Security 17
© 2012 Skybox Security 18
Proactive
Security Risk Management
Solution?
The Solution Ingredients
© 2012 Skybox Security - Confidential 19
Risk-driven approach for proactive protection
Continuous, non-disruptive process
Serves both Security and IT Ops teams
Scalable to any size heterogeneous network
Advanced predictive analytics
Predictive Analytics -
Modeling & Attack Simulation
Compromised
Partner
Attack
Simulations
Rogue Admin
Vulnerabilities • CVE 2009-203
• CVE 2006-722
• CVE 2006-490
Internet
Hacker
© 2012 Skybox Security - Confidential 20
Proactive Intelligence to
Prevent Attack
Probable attack vector to Finance servers asset group This attack is a “multi-step”
attack, crossing several network zones
Connectivity Path
Business Impact Attack Vector
How to Block
Potential
Attack?
© 2012 Skybox Security 21
Visibility to State of Security
© 2012 Skybox Security 22
Most Critical
Actions
Vulnerabilities
Threats
The Future of
Security Operations Center (SOC)
IT GRC/Security Dashboard – consolidated reporting
Security Risk
Management (SRM)
Proactive, pre-attack
exposure management
Security Information &
Event Management
(SIEM)
Post-attack incident
management
© 2012 Skybox Security - Confidential 23
Recommendations
Aim high
• Unbelievable scale
• Adapt to new architectures
Reinvent security management
• Integrated, holistic approach
• Proactive, not reactive
Use the Force, Luke
• It’s your infrastructure! Take Advantage
• Smart analytics
© 2012 Skybox Security 24
Automate daily security tasks
Maintain compliance, prevent attacks
Visit www.skyboxsecurity.com
Thank you!
© 2012 Skybox Security 25