OMEGA SECURITY SERVICES

Yevgen Nechytaylo, CEOEmail: yn@uasoc.com.uaTel.: +380 67 464 0218

www.uasoc.com.ua4 Vatslav Havel Blvd.Kyiv, 02000, Ukraine

Security in hybrid cloud enviromentPrepared for: DC 2018 “Business in clouds” conference

OMEGA SECURITY SERVICES -2-

Challenges you are facing

Nature and motivation of attacks1Research

Infiltration Discovery

CaptureExfiltration

Transformation of enterprise IT(Delivery and consumption changes)

2Consumption

Traditional DC Private cloud Managed cloud Public cloud

Virtual desktops Notebooks Tablets Smart phones

Delivery

Regulatory pressures(Increasing cost and complexity)

3 Basel III

OMEGA SECURITY SERVICES -3-

Some facts

229 days – average time to detect breach

Since 2009, time to resolve an attack has grown to 130%

20% year to year increase in number of breaches

30% year to year increase in cost of single breach

$46 billion Global spend on Cyber Security

New Threat Actors: National Governments, Terrorists, Industrial Spies, Organized Crime, Hacktivists, Hackers, Script Kiddies

New Threat Vectors: IOT, APTs, Industrial control systems, Mobile devices, Facebook…

OMEGA SECURITY SERVICES -4-

Modified kill chain

OMEGA SECURITY SERVICES -5-

Threat Profile for core business

Creating a Threat Profile • provides Organization with a clear illustration of the threats that it faces, and enables its to implement a proactive incident management program that focuses on the threat component of risk

• expands existing risk management models to better illustrate APTs

Can be used by an organization’s risk management team, IT team incident management team, compliance team

Can be used for recording information about threat actors, scenarios, and countermeasures

analyzing individual threat scenarios or threat scenario campaigns

enabling to anticipate and mitigate future attacks based on this detailed knowledge about the threats

OMEGA SECURITY SERVICES -6-

Threat Modelling - outcomes

Asset Categorization

Threat Gathering

Threat Actor Classification

Threat Analysis

Creation of Threat Profile

Assets are assessed to determine the impact from a compromise that affects confidentiality, integrity, and availability

There are many sources of threat information that can be used by the organization. There are also tools and standards that should be considered

It is important to understand the characteristics of threat actors. Providing threat actor characteristics that have been gathered and synthesized from industry sources

A number of threat actions are presented to help classify threat scenarios in a consistent manner. Capturing threat trends that exist in today’s fight against cyber-attacks

An organization’s threat profile will include multiple threat scenario campaigns, which will be tailored to be applicable to the organization

ISO A.8.2.1.ISO 27005:2011 8.2.1.2

CObIT APO03.03, APO03.04, BAI09.02NIST CP-2, RA-2, SA-14

ISO A.12.6.1, A.18.2.3ISO 27005:2011 8.2.1.3

CObIT APO12.01, APO12.02, APO12.03, APO12.04NIST CA-2, CA-7-8, RA-3, RA-5, SA-5, SA-11, SI-2, SI-4-5

ISO A.12.4.1ISO 27005:2011 8.2.1.3

ISO A.12.6.1ISO 27005:2011 8.2.1.3

CObIT APO12.02NIST RA-2, RA-3

ISO A.17.1.1, A.17.1.2ISO 27005:2011 8.2.2.2, 8.2.2.3

CObIT DSS04.03NIST CP-2, IR-8

GM

PA

nn

ex 1

1, c

l. 1

; An

nex

15

, cl.1

,7; 1

1.4

NIST AC-2, AU-12-13, CA-7, CM-10-11

OMEGA SECURITY SERVICES -7-

• First party loss recipient:

Merck (2017) Notpetya attack caused temporary production shutdowns and cut sales by at least $135M in Q3. Insurers may pay $275M to cover the insured portion of Merck loss stemming from the attack

• Third party loss recipient for property damage, business interruption, etc.

Cyber Risks Insurance

OMEGA SECURITY SERVICES -8-

Security awareness is the process of teaching your entire

team the basic lessons about security. You must level set

each person’s ability to judge threats before asking them

to understand the depth of the threats

Use security awareness to build security community.

Security community is the backbone of sustainable security

culture. Community provides the connections between

people across the organization. Security community assists

in bringing everyone together against the common problem,

and eliminates an "us versus them" mentality

An effective security awareness program is a force multiplier

Awareness is the cheapest way to prevent costly problems

NIST SP 800-50 Building an Information Technology Security Awareness and Training Program

NERC CIP Cyber Security Awareness Program

SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program

OMEGA SECURITY SERVICES -9-

Breach Detection

▪ Multiple detection methods

covers all types of threats

▪ Dynamic deception

immediately traps attackers

▪ High quality, in context

security incidents

Micro-segmentation

▪ Define segmentation policies

in minutes

▪ Automatic policy

recommendations

▪ Consistent policy expression

across any environment

Application Visibility

▪ Automatically discover

applications and flows

▪ Quickly understand

application behavior

▪ Granular visibility down to the

process level

Incident Response

▪ Automated analysis IDs

actor’s methods and tools

▪ Deep insights speeds incident

prioritization

▪ Mitigation recommendations

speed incident response

Reduce security management complexity and risk with a solution built for today’s IT environment

Key advantages of the Deception Technology

OMEGA SECURITY SERVICES -10-

Threat Intelligence Platform

IT collects threat intelligence from all relevant sources, normalizes and optimizes the data, making it

usable inside your network. Then it integrates intelligence with your internal infrastructure (SIEM,

firewall, endpoint system, etc.) where they can monitor or enforce policies against intel data

Threat Intelligence Platform

• Aggregate all intel feeds

• Optimize and enrich data

• Integrate w/ internal systems

• Analyze, investigate incidents

• De-duplicates data across feeds

• Removes false positives

OMEGA SECURITY SERVICES -11-

Security Operations is only as good as its people, and upfront planning for the unique people

management aspects of a 24x7 security centric organization will provide significant long term returns.

The staff who monitors and respond to incidents:

• Manager

• security analysts L1

• security analysts L2

• SIEM content author or engineer

• Incident handlers

• Security engineers

• Forensic investigator

• Hunt analyst

Points of Consideration:

• Lack of staff with required knowledge and experience

• Expensive continuous training program

• Ongoing process for security analyst L1/L2 hiring due to staff burn-out

• Beyond analysts for 24x7 coverage, other supporting functions must be considered:

System admins, Intelligence resources, Escalation resources, Compliance officers, Management / Supervision

MSSP – Reducing total cost of ownership

Omega Security ServicesMake your business secure