Post on 28-Sep-2020
transcript
Enterprise security challenges
Amir KanaanManaging Director – Kaspersky Lab META
1
We believe that everyone – from home computer users through to large corporations and governments – should be able to protect what matters to them most. Whether it’s privacy, family, finances, customers, business success or critical infrastructure, we’ve made it our mission to secure it all.
Eugene Kaspersky,
chairman and CEO, Kaspersky Lab
90%
9.9%
0.1%
Anatomy of an Attack
Signature and rule-
based protection
Heuristics and behavior
analysis, cloud reputation
Machine learning, threat intelligence,
advanced sandboxing
Generic malware
Targeted attacks: sophisticated
malware
APT: unique
malware, 0-days
3
Targeted Attacks – less than 1% of all attacks brings 90% of damage
Direct damage Reactive spending
Downtime
Lost opportunities
Remediation
Training
Staffing
Systems
+
+
+
+
IT consulting
Auditors
PR activity
Lawyers
Revenue lost
during time period
Lost deals
etc
Closing vulnerabilities
Buying security solutions
(DB protection, Endpoint,
PIM, SIEM.)Changing
systems to increase security
Hiring experts
(manual detect)
Hardening processes
(new roles)
Employee security
awareness
Security department
training
To prevent further
breaches
ERROR
+
4
THE AVERAGE FINANCIAL IMPACT OF A BREACH
$126K
$116K
$106K
$92K
$91K
$86K
$119K
$79K
$77K
Additional Internal Staff Wages
Damage to Credit Rating/Insurance Premiums
Lost Business
Compensation
Extra PR (to repair brand damage)
Employing External Professionals
Improving Software & Infrastructure
Training
New Staff
The reallocation of IT staff time represents the single largest
source of additional cost
Base: 926 SMBs/ 590 Enterprises
Suffering At Least One Data Breach
Average
Total Impact:
$891k
Results from Kaspersky Lab’s Corporate IT Security Risks Survey 2016, conducted worldwide by Kaspersky Lab
5
Enterprise security challenges
6
Most «modern» targeted attacks founded on common threats and social engineering
Ability to Detect and Response gives more value than Blocking and Prevention
«Reaction to correlated incidents" providing false sense of safety
Mitigation of targeted attacks should be complex and structured not siloed and product focused
Continuous data monitoring and security analytics are main parts of any «next-gen» security
solution against advanced threats
Automated approach – brings wrong mindset of fighting against manual controlled multistage attacks
Adaptive Enterprise Strategy should be in place
Security Challenges in 2018-2019
7
8
In theory… pretty straightforward:
TARGETED ATTACK KILL CHAIN:
THEORY VS REALITY
Recon & Testing Penetration Propagation Execution Incident
9
TARGETED ATTACK KILL CHAIN:
THEORY VS REALITY
Recon & Testing Incident
Propagation 1 – E-mail
Penetration 2 – Watering hole
In reality… sophisticated and nonlinear:
Propagation 2 – Network
Penetration 1 – Attached exploit Execution – Local
Execution – Remote
10
TO VALIDATE THE KILL CHAIN YOU NEED TO MAKE
YOUR ‘MILLION ALERTS’ JOURNEY
Alert
Alert
Alert
Event
Event
Alert
Alert
Alert
Alert
Alert
AlertAlert
Alert
Alert
Alert
Alert
Alert
AlertAlert
Event
Event
Event
EventEvent
Event
Event
Event
Event
Event
Event
Event
Event
Event
Event
11
CONVENTIONAL SOC REQUIRED REDISIGN
CONVENTIONAL
REACTIVE
APPROACH
NO STRATEGIC
OVERWIEW
INEFFICIENT INCIDENT
PRIORIZATION
LACK
OF EXPERTISE
Log collection Aggregation & Correlation Ticketing Reporting
SECURITY OPERATIONS CENTER
Unstructured processes
The meaning behind «Detection» is your ability to react
Security
Solution Threat Hunting Investigation
External Threat Intelligence Additional Data to Analyze
Risk level?Incident ReactionActionable
Intelligence
HIGH
LOW
Security Policies
Improvement
Fast Recovery
Full Incident
Response
RemediationForensics
12
Kaspersky strategy to empower security processes and improving SOC capabilities
13
14
IT IS THE RIGHT TIME FOR:
INTELLIGENCE DRIVEN SECURITY OPERATIONS CENTER
INTELLIGENCE-DRIVEN
ADVANCED
ANALYTICS
COUNTERMEASURE
CAPABILITIES
CONSTANT
ADAPTATION
OPERATIONS
AUTOMATION
Threat Intelligence
Aggregation & Correlation Ticketing Reporting
SECURITY OPERATIONS CENTER
Predict
Threat Hunting Knowledge Management Research and development
Log collection
Prevent Detect Respond
15
Cybersecurity experts: yesterday and tomorrow
5 - 10 years ago
Role: security engineer
Responsibility: building protection
Goal: Prevent the external threats
Today
Tomorrow???
Role: threat hunter
Responsibility: discover threats and
manage advanced engines
Goal: Protect the businessRole: security analyst
Responsibility: monitor and react
Goal: Unify the processes and
automate routine
16
Enterprise customers challenges with modern endpoint security
Compliance
Advanced
Security
Complexity
Lack of
integration
Manual
Work
Endpoints
Essential
Skills
DemandMalware
focus
Multiple agents
issue
Multi-dimensional, comprehensive approach
Application Security
assessment
Penetration testing
Customer specific
reports
Security
awareness
Practical
training
Threat Intelligence Portal
Kaspersky Endpoint Security, Kaspersky Security for Virtualization,
Kaspersky Embedded Systems Security etc.
Kaspersky Anti Targeted Attack platform
Kaspersky Endpoint Detect & Respond
Data collection
APT Reports
Threat Data Feeds
Kaspersky Managed Protection
Targeted Attack Discovery
Proactive — Predict & Prevent
Reactive — Detect & Respond
Delivery C&C Install Expand Action Leave silent
17
Kaspersky Adaptive Security Strategy
•Cybersecurity training•Targeted Enterprise Solutions
•Endpoint security•Datacenter Security•Embedded security•…
•Security Awareness• Industrial Cybersecurity
PREVENT
DETECT
•APT & customer specific reports
•Threat data feeds
•Kaspersky Threat Deception
•Kaspersky Managed Protection
•Kaspersky Anti Targeted Attack
(KATA) platform
•Endpoint Security
RESPOND
•Maintenance Security Agreement
•Security Account Manager
• Incident response service
•Digital Forensics
•Malware Analysis
•Endpoint Detection & Response
PREDICT
• Penetration testing service
• Application security assessment
• Targeted Attack Discovery Service
• Kaspersky Threat Lookup
• APT portal
18
19
Are you ready for
#TrueCybersecurity?