Why Outsourcing Information Security Can Help You Avoid...

Why Outsourcing Information Security Can Help You Avoid Cyber-Attacks

NTT Security

Christopher CamejoDirector of Produce Management - Threat Intelligence

28 March, 2018

Christopher Camejo-Confidential-Draft-v0.2

Christopher CamejoWhy Outsourcing Information Security Can Help You Avoid Cyber-Attacks

© 2018 NTT Security

Common threats

Latest attack trends

Managed Security ServicesCosts and Benefits

28 March, 2018Christopher Camejo-Confidential-Draft-v0.2

Contents


Common Threats



Attack Profiles

Opportunists

• They’ll take whatever falls off the table

Targeted Attacks

• They’re coming for you and you have no idea until it’s too late

28 March, 2018


• Payment card/insurance fraud, blackmail

• Botnets, spam, DDoS, mining, ransomwareCriminal

• National level intelligence activities

• Political/media/industrial espionage/sabotageEspionage

• Politics and vigilante justice

• Maximum embarrassmentHacktivism


Attackers


• Contractors

• Remote support

Who has access to your network?

• Partners

• Cloud services

Where does data leave the network?


3rd parties

Almost 75% of respondents:Third party partners would play a highly important or critical role in their businesses, up from 60% the year before

Deloitte’s 2016 Third Party Governance and Risk Management (TPGRM)


Average Cost per incident to address and resolve correlates

with business size:

1,000-5,000 employees and contractors: ~$2 million per incident

>75,000 employees and contractors: ~$7.8

million

Insider breaches mostly unintentional

25% overtly hostile

75% accidental, negligent, or against

policy


Insider Threats


Attack Trends



•Research from specific threats

•Recent publicly-disclosed breaches and recommendations on how to mitigate and prevent similar attacks

•Malicious actor tactics, techniques and procedures (TTPs)

Findings:

•NTT Security researchers

•Open source intelligence tools

•NTT Honeypot network

•NTT Security’s Managed Security Services (MSS) platforms

Sources:


NTT Security Threat Intelligence Reports


Q2 -> Q3:

24% increase in events


Targeted industries

© 2018 NTT Security 28 March, 2018Christopher Camejo-Confidential-Draft-v0.2

Attack Trends

>40% increase in malware and phishing

• Reconnaissance in Q1/2, running in Q3/4

• Increased dependency on botnets, phishing, malicious attachments/links

Web app/application specific vulnerabilities: 80% targeted or affected vulnerabilities in Microsoft Edge


49% of vulnerabilities targeted in September related to Apache Struts

CVE-2017-5638 heavy in both reconnaissance and targeted attempts prior to the Equifax breach

Spike in attacks on CVE-2017-5638 4 days after Apache Struts announced involvement in Equifax breach

NTT Security detected attack attempts almost immediately after other high-risk vulnerabilities reported


Apache Struts Targeting


Attack Source Countries


US in a league of its own for final attack base (63%)


•Emotet

•Ursnif

Banking Trojans:

•Locky ‘lukitus’ 2

Ransomware:

•Trickbot

Dual Ransomware/Banking Trojan payload:


Finance Deep Dive

HTTP brute-forcing financial websites

Attempts to inject malicious iFrames

42% increase in phishing followed by malware


Outsourcing Information Security



Preparing for the next attackOverall security strategy and effectiveness.

Am I spending my security resources in the right way?


Tactical

Strategic

OperationalThreat actor motivations and campaigns.

Am I a target this week and what should I do about it?

Day to day network monitoring and incident response.

What’s happening on my network and is it bad?


Risk Assessment CompliancePolicy/Procedure

DevelopmentInitial and Ongoing

Training

Inventory, Configuration,

Patch Management

User Management SDLC management

Vulnerability Assessment and

Penetration Testing

Threat Intelligence Collection

Monitoring (SOC) Incident Response Forensics


Essential Functions


Monitoring

28 March, 2018


Options

Ignore it

Deal with it

Get help

28 March, 2018


The Human Element

28 March, 2018

Tuning and Response


Resources

24x73 shifts

Days offSick daysVacationTurnover

5 FTEs minimum

28 March, 2018

$495,950 per year

• 4x Security Operations Engineer $73,000

• Senior Security Operations Engineer $89,500

• +30% Benefits: $114,450


Talent

28 March, 2018

Hiring

Retaining

Skills


Options

Managed Detection and Response (MDR)

Managed Security Service (MSS)

Managed SIEM

Security Information and Event Management (SIEM)

28 March, 2018

Your Resources

3rd Party Resources


Economies of Scale

• Personnel

• Software licensing

• Infrastructure Maintenance

Side Benefits

• Shared Threat Intelligence

• 3rd Party Monitoring

• Real-time


MSS Perks


•What can MSS provide to reduce risk and liability?Current risk appetite and liability

limitations for a breach

•What can MSS provide by supplying additional metrics to increase the visibility?

Current metrics used to measure success of preventing a breach

•How can MSS provide reporting that will validate the effectiveness of the existing security controls?

What reporting is done on the effectiveness of the company’s security

controls

•How will MSS be able to address the limited resources available when trying to build an internal security organization?

Boards are concerned about the skill shortage and the ability to attract and

retain critical skills

•Can MSS provide a cost analysis identifying the delta between building the services internal versus outsourcing?

Is the Company spending increasingly higher amounts on resources and the tools

to mitigate their risks


Questions:


•How will MSS become an extension of the Company’s security department and integrate their expertise with the Company?

Should the company focus their resources on security commodity areas, or use those resources

to focus on what the business does best

•How can MSS assist a company in reducing the regulatory audit response burden? The Company and Boards have more regulatory

and audit requirements across multiple jurisdictions

•What can MSS provide to ensure that threat intelligence, threat management, attack vectors, and threat actor information is provided on a continual basis to help the company be proactive and reduce their risk?

How will the company stay current on changing threats and the threat landscape

•What will MSS provide to address 24 by 365 monitoring of assets?Does the Company have 24-hour monitoring of

their assets today and do they plan do have that function in the future

•How will MSS provide incident response as an integrating function with the company’s business process?

What incident response capability does the company have in place


Questions:


Thank you

https://www.nttsecurity.com/en-us/q3

Christopher [email protected]

Evaluation How-to:

▪ Your feedback drives

SIG Event content

▪ By signing and

submitting your

evaluation, you are

automatically entered

into a prize drawing

Why?

From the App

1. Select Sessions

2. Select Day

3. Select Session S17

4. Click on Clipboard Icon

How?

COMPLETE &

SUBMIT EVAL

Session # 17

Christopher Camejo

[email protected]

Tweet: #SIGspring18

Download the App: sig.org/app

Why Outsourcing Information Security Can

Help You Avoid Cyber-Attacks

https://twitter.com/hashtag/SIGSpring16?src=hash

http://bit.ly/SIGOrlando

Thoughtonomy

Have an idea or want to present?

If yes, please take a moment and submit your name and idea here:

www.sig.org/present

http://www.sig.org/present

Date post:	08-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Why Outsourcing Information Security Can Help You Avoid...

Documents