The big challenge facing cyber security professionals is to think like the enemy, anticipate their next move, and enact measures to combat the exponentially growing number of attacks. Passively monitoring defences in the hope of detecting probes and breaches is insufficient as it is likely that threats are already on the inside in human, machine, or some malware form. And these may be continually active, sporadic, dormant, sleeping, dumb, smart, intelligent, broad or highly focused, and located anywhere in an organisation, machine, device or network. Fortunately, Cloud Technologies and new working practices mitigate agains all this, but only if we leverage new technologies and nurture new behaviours and operating strategies.
We are no longer looking for a ‘needle in a haystack’ but bent needles, or even needles prone to bending, in a ‘needle stack’. Layered defences such as multiple firewalls, virus protection, malware scanners, people screening and sporadic checks are insufficient. We have to be more sophisticated and consider the activity traits and sociology of people, machines, networks and malware. Perhaps most importantly this has to be achieved without degrading the performance of systems, networks, individuals and organisations.
To achieve effective cyber security solutions we have to migrate to a more organic, globally cooperative, and fully networked model that sees a new detection, reaction and solution sharing regime between companies and countries. And as the technology (good and bad) continues to accelerate and spread the end point will most likely be the realisation of a ‘living cyber immune system’ devoid of human intervention.
2. le s
p n
im t i o
s
o lu
n o
re r s
a a
re g u l
e
h in
T s
r
o
Cyber Security
- Attacks are growing and are increasingly sophisticated
- We need to up our game & become more anticipatory
Thursday, 21 November 13
4. Cyber INSecurity
What we know for sure
- There is always a threat
- The threat never sleeps
- The threat evolves rapidly
People are by far the biggest risk factor
The perceived threat
⧣ the actual threat
The biggest threat is always on the inside
Security people are never their own customer
The best defenders have been the best attackers
Cracking systems is far more fun than defending them
The biggest threat is in the direction you are not looking
Resources are generally deployed inversely proportional to actual risk
Thursday, 21 November 13
10. Cyber Attacks
M a j o r Tra f fi c Po r t s
Reproduced Courtesy of Akamai 2013
Thursday, 21 November 13
11. P r i m a r y C y b e r T a r g e t s Q4 2012
Government 1.0%
Auctions 2.07%
Classifieds 0.3%
Retail 5.12%
Social Nets 6.0%
Financial 34.4%
Other 6.78%
ISP 9.5%
Gaming 14.7%
Payment Services 32.1%
Thursday, 21 November 13
12. CyberCrime >> CYBER-SECURITY
Not clear which side is spending more on software
$Bn
>200Bn
The cost of
cyber crime
200
150
Cyber
Defence
expenditure
100
50
100Bn
17Bn
0
2004
2005
21Bn
2006
2007
2008
2009
2009
2011
2012
Data Courtesy of Detica 2011
Thursday, 21 November 13
14. Increasingly
transient
people &
machine
behaviour
A multi-device, multi-screen,
mobile world, of rapidly
renewed and replaced devices,
new and updated apps
With built-in
security features
automatically
updated
Connecting
on the
move via
wifi, 3G,
4G, LTE,
BlueTooth
Any
Net
Any
where
BYOD = Fewer corporate constrains and greater variabilities
BMOB = Be My Own Boss - shorter assignment periods
Thursday, 21 November 13
15. Many networks
to attack not
just one
3,4,5G,
LTE, WiFi
WiFi WiMax
BlueTooth ++
Thursday, 21 November 13
22. No One
security
technique
is sufficient
Thursday, 21 November 13
The concatenation of multiple
low cost methods rapidly
delivers a very high
level of protection
Habits
Personal
Locations
Networks
Biometrics
Knowledge
++++++++
25. FUTURE NETWORKING
The Internet will not Scale
ç or economically
functionally
But Clouds/Cloud working will !
<5Bn People on
(and off) line
2013
Thursday, 21 November 13
2025
9Bn People and >>
50Bn Things on line
29. Cyber Security
ç
Clouds change everything
More degrees of freedom to exploit that make it all
inherently more secure than anything we have seen before
Thursday, 21 November 13
31. And they come
in many forms
-
Corporate
Government
Private
Personal
Long term
Sporadic
Thursday, 21 November 13
-
Visible
Invisible
Dynamic
Fixed
Mobile
Wireless
Wired
-
Open
Closed
Secure
Insecure
Regular
Unknown
Unquantified
Experimental
32. Cyber Security
ç
Hidden by multi-hop depth
Corporate/Private
/Government
Cloud
Invisible
Cloud
Invisible
Cloud
Invisible
Cloud
Invisible
Cloud
Public
/Open
Cloud
Corporate/Private
/Government
Cloud
Diverse routing and increasingly hidden
and disguised data storage in depth
Thursday, 21 November 13
33. Cyber Security
ç
In Cloud Gating/Encryption
Every Cloud demands a key and all
routings are hidden - data parsed/coded
Thursday, 21 November 13
46. Have an alias, be
invisible, don’t be
what you appear, be
there but absent...
Ghost Cloud
Ghost
Device
Thursday, 21 November 13
47. Distributed Attacks
demand a
Distributed Defence
Dynamic Attackers
necessitate
Dynamic Defenders
We c a n a c t a l o n e
or we can unite
and act together
Thursday, 21 November 13
53. Finding Those Needles
The sociology and habits of
Applications
Networks
Machines
Software
Malware
People
Bugs
++
Thursday, 21 November 13
54. Things cooperate
inter and extra
community to
defeat attacks
We all own
multiple
clouds
Thursday, 21 November 13
THE END
GAME
AI systems monitor
activities and identify
trends to then
anticipate and
fend off all
attacks
Auto-immune response
systems emerge as
part of the overall
evolving behaviours
55. “Speed is the essence of war.
Take advantage of the enemy's
u n p re p a re d n e s s ; t r ave l b y
unexpected routes and strike
him where he has taken no
precautions”
The Art of War by Sun Tzu, 600 BC
Thursday, 21 November 13