Strengthening the cyber-security resiliencyMartin Zich, CISSPHPE Pointnext
27th Sep, MS Ignite 2018
“An entity's ability to continuously deliver the intended outcome despite adverse cyber events…essentially brings the areas of information security, business continuity and (organizational) resilience together.” Wikipedia
2
3
• In a matter of minutes, an organization's entire IT and communications infrastructure can be compromised from a cyber attack
• The challenge for companies is to maintain critical functions in the face of these inevitable breaches.
• Resilience to cyber attacks requires technical, procedural, and policy changes
Are you prepared for cyber attacks?
notPetyaStory of a Disaster
4
2. Malware spreads over 2 main channels:– SMBv1 vulnerability, or– Hijacking credentials and open sessions
3. Malware gets executed:– Executes itself on all Windows nodes
where deployed over PSEXEC or WMI.– Special behavior on Domain controllers
(lists DHCP for clients identification).
4. Encrypts the machines and asks for ransom:– Trashes parts of MBR =
MasterBootRecord.– Schedules restart– Encrypts files (fake checkdisk) with one
128-bit AES key per drive (encrypted by 2048-bir RSA attacker‘s public key).
– Displays the message.
1. Initial attack vectors:– Client application updated by
malicious hacker (update to a “fat“ client which companies run in their environment).
– Tricks users/admins into click malicious email attachments (probably more rare).
– Taking advantage of SMBv1vulnerability discovered by NSA and leaked by Shadow Brokers.
Cyber-security resiliency frameworkbest practice
5
Protect Detect Recover
Setting the right mindset
1. Attach / built-in security into all designs
2. Adopt least-privilege and need-to-know principles as default
3. Keep narrowing down the attack surface
4. Never end the re-assessing and auditing
5. Assume breach
Effective cyber resiliencyFramework
7
Continuous Risk
Management
Secure and resilient
infrastructure
Predictive and proactive
defense
Efficient Recovery processes
Protect
DetectRecover
Simplify. Unify. Innovate.
Effective cyber resiliency
1‒ Enforce CMDB accuracy and management‒ Measure operational risk with infrastructure
KPI instrumentation‒ Revamp, retest, BC/DR plans ‒ Elevate risk lifecycle management, metrics
and governance model‒ Baseline risk and business impact analysis
8
Continuous Risk
Management
Framework
• Business-aligned• Measurable • Current and enforced • Outcome-based• Adaptive and pervasive• Scalable
Protect
Effective cyber resiliency
9
Continuous Risk
Management
Secure and resilient
infrastructure
2
‒ Baseline security controls (lock-down the env.)
‒ Advance network segregation/ isolation/traffic management
‒ Optimize recovery with multi-level backup infrastructure
‒ Strengthen OS lifecycle and patch management
‒ Strengthen active directory (identity and access management) security controls
Framework
• Risk-aligned controls• Defense-in-depth • Quick threat isolation• Infrastructure preparedness• Infrastructure
instrumentation• Structured and consistent
Protect
Effective cyber resiliency
10
Continuous Risk
Management
Secure and resilient
infrastructure
Predictive and proactive
defense
Detect
3‒ Enhance advanced threat detection and
threat analytics, including behavioral analytics
‒ Strengthen vulnerability management program with red teaming and application vulnerability testing
‒ Reinforce application integrity management including vendor application software
‒ Reinforce platform integrity management including hardening, application whitelisting and anomaly detection
Framework
• Risk mitigation• Proactive intelligence• Prepared• Operational effectiveness• Responsive• Cyber defense
Detect
Effective cyber resiliency
11
DetectRecover
Continuous Risk
Management
Secure and resilient
infrastructure
Predictive and proactive
defense
Efficient Recovery processes
4
‒ Optimize and scale backup and recovery processes
‒ Leverage persistent data center instant backups/snapshots for quick recovery
‒ Evolve backup and recovery operations with automation and out-tasking
‒ Strengthen incident and crisis management including communication channels and processes
‒ Refine application testing and verification as part of recovery process
Framework
• Meet SLAs, RTO and RPO • Effective, efficient, fast• Adaptive and scalable• Accessible critical data• Automated• Tested
Recover
Cyber resiliency frameworkRisk-driven, results focused, and continuous improvement
12
Continuous Risk
Management
Secure and resilient
infrastructure
Predictive and proactive
defense
Efficient Recovery processes
• Business-aligned• Measurable • Current and enforced • Outcome-based• Adaptive and pervasive• Scalable
• Meet SLAs, RTO and RPO • Effective, efficient, fast• Adaptive and scalable• Accessible critical data• Automated• Tested
• Risk-aligned controls• Defense-in-depth • Quick threat isolation• Infrastructure preparedness• Infrastructure
instrumentation• Structured and consistent
• Risk mitigation• Proactive intelligence• Prepared• Operational effectiveness• Responsive• Cyber defense
Outcomes you can achieveHPE Pointnext Security Portfolio
Hybrid IT security• Public & private cloud• Secure containers• Secure AzureStack• SAP security• DevSecOps• Platform protection
Intelligent edge security • Access Control • IoT security• Core network security• Digital workplace security
Data governance & management• Data lifecycle management• Data availability
Data security & privacy• Digital security • Digital transaction assurance• Storage & backup security• Data sanitization & retention
Unified security operations• Situational awareness• Security service
management• Security monitoring &
operations
Proactive threat & vulnerability management• Threat analytics & UEBA • Vulnerability detection &
remediation• Security hygiene for
endpoints
Risk & compliance• Risk & BIA analysis• Standards & compliance
readiness • Continuous security
improvement• Continuous compliance
monitoring
Continuity & resiliency• Business continuity
management• IT service continuity & DR• Cyber resiliency
Safeguard risk, compliance & continuity
Operationalize security & cyber defence
Ensure Data security & protection
Secure infrastructure, applications & access