OMEGA SECURITY SERVICES
Yevgen Nechytaylo, CEOEmail: [email protected].: +380 67 464 0218
www.uasoc.com.ua4 Vatslav Havel Blvd.Kyiv, 02000, Ukraine
Security in hybrid cloud enviromentPrepared for: DC 2018 “Business in clouds” conference
OMEGA SECURITY SERVICES -2-
Challenges you are facing
Nature and motivation of attacks1Research
Infiltration Discovery
CaptureExfiltration
Transformation of enterprise IT(Delivery and consumption changes)
2Consumption
Traditional DC Private cloud Managed cloud Public cloud
Virtual desktops Notebooks Tablets Smart phones
Delivery
Regulatory pressures(Increasing cost and complexity)
3 Basel III
OMEGA SECURITY SERVICES -3-
Some facts
229 days – average time to detect breach
Since 2009, time to resolve an attack has grown to 130%
20% year to year increase in number of breaches
30% year to year increase in cost of single breach
$46 billion Global spend on Cyber Security
New Threat Actors: National Governments, Terrorists, Industrial Spies, Organized Crime, Hacktivists, Hackers, Script Kiddies
New Threat Vectors: IOT, APTs, Industrial control systems, Mobile devices, Facebook…
OMEGA SECURITY SERVICES -4-
Modified kill chain
OMEGA SECURITY SERVICES -5-
Threat Profile for core business
Creating a Threat Profile • provides Organization with a clear illustration of the threats that it faces, and enables its to implement a proactive incident management program that focuses on the threat component of risk
• expands existing risk management models to better illustrate APTs
Can be used by an organization’s risk management team, IT team incident management team, compliance team
Can be used for recording information about threat actors, scenarios, and countermeasures
analyzing individual threat scenarios or threat scenario campaigns
enabling to anticipate and mitigate future attacks based on this detailed knowledge about the threats
OMEGA SECURITY SERVICES -6-
Threat Modelling - outcomes
Asset Categorization
Threat Gathering
Threat Actor Classification
Threat Analysis
Creation of Threat Profile
Assets are assessed to determine the impact from a compromise that affects confidentiality, integrity, and availability
There are many sources of threat information that can be used by the organization. There are also tools and standards that should be considered
It is important to understand the characteristics of threat actors. Providing threat actor characteristics that have been gathered and synthesized from industry sources
A number of threat actions are presented to help classify threat scenarios in a consistent manner. Capturing threat trends that exist in today’s fight against cyber-attacks
An organization’s threat profile will include multiple threat scenario campaigns, which will be tailored to be applicable to the organization
ISO A.8.2.1.ISO 27005:2011 8.2.1.2
CObIT APO03.03, APO03.04, BAI09.02NIST CP-2, RA-2, SA-14
ISO A.12.6.1, A.18.2.3ISO 27005:2011 8.2.1.3
CObIT APO12.01, APO12.02, APO12.03, APO12.04NIST CA-2, CA-7-8, RA-3, RA-5, SA-5, SA-11, SI-2, SI-4-5
ISO A.12.4.1ISO 27005:2011 8.2.1.3
ISO A.12.6.1ISO 27005:2011 8.2.1.3
CObIT APO12.02NIST RA-2, RA-3
ISO A.17.1.1, A.17.1.2ISO 27005:2011 8.2.2.2, 8.2.2.3
CObIT DSS04.03NIST CP-2, IR-8
GM
PA
nn
ex 1
1, c
l. 1
; An
nex
15
, cl.1
,7; 1
1.4
NIST AC-2, AU-12-13, CA-7, CM-10-11
OMEGA SECURITY SERVICES -7-
• First party loss recipient:
Merck (2017) Notpetya attack caused temporary production shutdowns and cut sales by at least $135M in Q3. Insurers may pay $275M to cover the insured portion of Merck loss stemming from the attack
• Third party loss recipient for property damage, business interruption, etc.
Cyber Risks Insurance
OMEGA SECURITY SERVICES -8-
Security awareness is the process of teaching your entire
team the basic lessons about security. You must level set
each person’s ability to judge threats before asking them
to understand the depth of the threats
Use security awareness to build security community.
Security community is the backbone of sustainable security
culture. Community provides the connections between
people across the organization. Security community assists
in bringing everyone together against the common problem,
and eliminates an "us versus them" mentality
An effective security awareness program is a force multiplier
Awareness is the cheapest way to prevent costly problems
NIST SP 800-50 Building an Information Technology Security Awareness and Training Program
NERC CIP Cyber Security Awareness Program
SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program
OMEGA SECURITY SERVICES -9-
Breach Detection
▪ Multiple detection methods
covers all types of threats
▪ Dynamic deception
immediately traps attackers
▪ High quality, in context
security incidents
Micro-segmentation
▪ Define segmentation policies
in minutes
▪ Automatic policy
recommendations
▪ Consistent policy expression
across any environment
Application Visibility
▪ Automatically discover
applications and flows
▪ Quickly understand
application behavior
▪ Granular visibility down to the
process level
Incident Response
▪ Automated analysis IDs
actor’s methods and tools
▪ Deep insights speeds incident
prioritization
▪ Mitigation recommendations
speed incident response
Reduce security management complexity and risk with a solution built for today’s IT environment
Key advantages of the Deception Technology
OMEGA SECURITY SERVICES -10-
Threat Intelligence Platform
IT collects threat intelligence from all relevant sources, normalizes and optimizes the data, making it
usable inside your network. Then it integrates intelligence with your internal infrastructure (SIEM,
firewall, endpoint system, etc.) where they can monitor or enforce policies against intel data
Threat Intelligence Platform
• Aggregate all intel feeds
• Optimize and enrich data
• Integrate w/ internal systems
• Analyze, investigate incidents
• De-duplicates data across feeds
• Removes false positives
OMEGA SECURITY SERVICES -11-
Security Operations is only as good as its people, and upfront planning for the unique people
management aspects of a 24x7 security centric organization will provide significant long term returns.
The staff who monitors and respond to incidents:
• Manager
• security analysts L1
• security analysts L2
• SIEM content author or engineer
• Incident handlers
• Security engineers
• Forensic investigator
• Hunt analyst
Points of Consideration:
• Lack of staff with required knowledge and experience
• Expensive continuous training program
• Ongoing process for security analyst L1/L2 hiring due to staff burn-out
• Beyond analysts for 24x7 coverage, other supporting functions must be considered:
System admins, Intelligence resources, Escalation resources, Compliance officers, Management / Supervision
MSSP – Reducing total cost of ownership
Omega Security ServicesMake your business secure