Enterprise security challenges

Amir KanaanManaging Director – Kaspersky Lab META

1

We believe that everyone – from home computer users through to large corporations and governments – should be able to protect what matters to them most. Whether it’s privacy, family, finances, customers, business success or critical infrastructure, we’ve made it our mission to secure it all.

Eugene Kaspersky,

chairman and CEO, Kaspersky Lab

90%

9.9%

0.1%

Anatomy of an Attack

Signature and rule-

based protection

Heuristics and behavior

analysis, cloud reputation

Machine learning, threat intelligence,

advanced sandboxing

Generic malware

Targeted attacks: sophisticated

malware

APT: unique

malware, 0-days

3

Targeted Attacks – less than 1% of all attacks brings 90% of damage

Direct damage Reactive spending

Downtime

Lost opportunities

Remediation

Training

Staffing

Systems

+

+

+

+

IT consulting

Auditors

PR activity

Lawyers

Revenue lost

during time period

Lost deals

etc

Closing vulnerabilities

Buying security solutions

(DB protection, Endpoint,

PIM, SIEM.)Changing

systems to increase security

Hiring experts

(manual detect)

Hardening processes

(new roles)

Employee security

awareness

Security department

training

To prevent further

breaches

ERROR

+

4

THE AVERAGE FINANCIAL IMPACT OF A BREACH

$126K

$116K

$106K

$92K

$91K

$86K

$119K

$79K

$77K

Additional Internal Staff Wages

Damage to Credit Rating/Insurance Premiums

Lost Business

Compensation

Extra PR (to repair brand damage)

Employing External Professionals

Improving Software & Infrastructure

Training

New Staff

The reallocation of IT staff time represents the single largest

source of additional cost

Base: 926 SMBs/ 590 Enterprises

Suffering At Least One Data Breach

Average

Total Impact:

$891k

Results from Kaspersky Lab’s Corporate IT Security Risks Survey 2016, conducted worldwide by Kaspersky Lab

5

Enterprise security challenges

6

Most «modern» targeted attacks founded on common threats and social engineering

Ability to Detect and Response gives more value than Blocking and Prevention

«Reaction to correlated incidents" providing false sense of safety

Mitigation of targeted attacks should be complex and structured not siloed and product focused

Continuous data monitoring and security analytics are main parts of any «next-gen» security

solution against advanced threats

Automated approach – brings wrong mindset of fighting against manual controlled multistage attacks

Adaptive Enterprise Strategy should be in place

Security Challenges in 2018-2019

7

8

In theory… pretty straightforward:

TARGETED ATTACK KILL CHAIN:

THEORY VS REALITY

Recon & Testing Penetration Propagation Execution Incident

9

TARGETED ATTACK KILL CHAIN:

THEORY VS REALITY

Recon & Testing Incident

Propagation 1 – E-mail

Penetration 2 – Watering hole

In reality… sophisticated and nonlinear:

Propagation 2 – Network

Penetration 1 – Attached exploit Execution – Local

Execution – Remote

10

TO VALIDATE THE KILL CHAIN YOU NEED TO MAKE

YOUR ‘MILLION ALERTS’ JOURNEY

Alert

Alert

Alert

Event

Event

Alert

Alert

Alert

Alert

Alert

AlertAlert

Alert

Alert

Alert

Alert

Alert

AlertAlert

Event

Event

Event

EventEvent

Event

Event

Event

Event

Event

Event

Event

Event

Event

Event

11

CONVENTIONAL SOC REQUIRED REDISIGN

CONVENTIONAL

REACTIVE

APPROACH

NO STRATEGIC

OVERWIEW

INEFFICIENT INCIDENT

PRIORIZATION

LACK

OF EXPERTISE

Log collection Aggregation & Correlation Ticketing Reporting

SECURITY OPERATIONS CENTER

Unstructured processes

The meaning behind «Detection» is your ability to react

Security

Solution Threat Hunting Investigation

External Threat Intelligence Additional Data to Analyze

Risk level?Incident ReactionActionable

Intelligence

HIGH

LOW

Security Policies

Improvement

Fast Recovery

Full Incident

Response

RemediationForensics

12

Kaspersky strategy to empower security processes and improving SOC capabilities

13

14

IT IS THE RIGHT TIME FOR:

INTELLIGENCE DRIVEN SECURITY OPERATIONS CENTER

INTELLIGENCE-DRIVEN

ADVANCED

ANALYTICS

COUNTERMEASURE

CAPABILITIES

CONSTANT

ADAPTATION

OPERATIONS

AUTOMATION

Threat Intelligence

Aggregation & Correlation Ticketing Reporting

SECURITY OPERATIONS CENTER

Predict

Threat Hunting Knowledge Management Research and development

Log collection

Prevent Detect Respond

15

Cybersecurity experts: yesterday and tomorrow

5 - 10 years ago

Role: security engineer

Responsibility: building protection

Goal: Prevent the external threats

Today

Tomorrow???

Role: threat hunter

Responsibility: discover threats and

manage advanced engines

Goal: Protect the businessRole: security analyst

Responsibility: monitor and react

Goal: Unify the processes and

automate routine

16

Enterprise customers challenges with modern endpoint security

Compliance

Advanced

Security

Complexity

Lack of

integration

Manual

Work

Endpoints

Essential

Skills

DemandMalware

focus

Multiple agents

issue

Multi-dimensional, comprehensive approach

Application Security

assessment

Penetration testing

Customer specific

reports

Security

awareness

Practical

training

Threat Intelligence Portal

Kaspersky Endpoint Security, Kaspersky Security for Virtualization,

Kaspersky Embedded Systems Security etc.

Kaspersky Anti Targeted Attack platform

Kaspersky Endpoint Detect & Respond

Data collection

APT Reports

Threat Data Feeds

Kaspersky Managed Protection

Targeted Attack Discovery

Proactive — Predict & Prevent

Reactive — Detect & Respond

Delivery C&C Install Expand Action Leave silent

17

Kaspersky Adaptive Security Strategy

•Cybersecurity training•Targeted Enterprise Solutions

•Endpoint security•Datacenter Security•Embedded security•…

•Security Awareness• Industrial Cybersecurity

PREVENT

DETECT

•APT & customer specific reports

•Threat data feeds

•Kaspersky Threat Deception

•Kaspersky Managed Protection

•Kaspersky Anti Targeted Attack

(KATA) platform

•Endpoint Security

RESPOND

•Maintenance Security Agreement

•Security Account Manager

• Incident response service

•Digital Forensics

•Malware Analysis

•Endpoint Detection & Response

PREDICT

• Penetration testing service

• Application security assessment

• Targeted Attack Discovery Service

• Kaspersky Threat Lookup

• APT portal

18

19

Are you ready for

#TrueCybersecurity?