4. Source: MIT Museum, Wired
First username & passwords
First hack (stolen password file)
First breach (passwords disclosed)
1960s: MIT’s Compatible Time Sharing System
5. Threats Are Evolving
First Hack
Virus is
Born
For-Profit
Malware
Cyber Crime
Crime-as-a-serviceAPTs
Viruses &
Worms
6. Understanding Cyber Crime: Business Model
Attacker Mass-market
Attack
Any Target
$$$
✔ Personal information
✔ Financial information
✔ Credentials
✔ Botnet recruitment
✔ Vulnerabilities
7. Web Server Bot Activity
Account
Credentials
Financial
Credentials
Extortion
Social Attacks
Virtual Goods
DDoSPhishing
Fake
Auctions
Fraud
Ransomware
Spam /
Extortion
Game Items
Cyber Crime Model
8. Understanding Targeted Attack: Business Model
Attacker Specific Target Bespoke Attack
$$$
✔ Value
✔ Vulnerabilities
Credit card = $1
Heath care info = $10
10. Kill Chain: The Steps To Compromise A System
IDENTIFY
& RECON
INITIAL
ATTACK
COMMAND
& CONTROL
DISCOVER/
SPREAD
EXTRACT/
EXFILTRATE
Each step leaves traces.
11. Relative Threats: Cloud vs On Premise
Source: Alert Logic Cloud Security Report, 2015
Application Attack
Brute Force
Reconnaissance
Suspicious Activity
Trojan
12%
37%
16%
10%
25% 24%
6%
8%
17%
45%
842 711 incidents affecting 3026 customers, Dec 2014 – Jan 2015
13. Threat Research – Honeynet Stats Sept 2015
On average, post-
exposure, an SSH
attack occurs in less
than 2 hours.
On average, post-exposure, a
web attack (HTTP) occurs in
less than 7 hours.
On average, post-
exposure, an
email (SMTP)
attack occurs in
less than 9 hours.
EUROPE
Exposure to Email Attack
13 hours, 01 minutes
Exposure to SSH Attack
2 hours, 24 minutes
Exposure to web Attack
6 hours, 45 minutes
Exposure to RDP Attack
1 hours, 47 minutes
14. Environmental Awareness
Listen to your systems
1. Understand your system environments
2. Different threat exposures for different environments
3. Everything you need to know is in your data
4. Deploy appropriate detection for actual threats
5. Do you have the people to implement this?
15. Continuous, End-to-End Protection
Continuous
protection
from
threats and
exposures
Big Data
Analytics
Platform
Threat
Intelligence
& Security
Content
Alert Logic
ActiveAnalytics
Alert Logic
ActiveIntelligence
Alert Logic
ActiveWatch
24 x 7
Monitoring
&
Escalation
Data
Collection
Customer IT
Environment
Cloud, Hybrid
On-Premises
Web Application
Events
Network Events &
Vulnerability
Scanning
Log Data Alert Logic Web Security Manager
Alert Logic Threat Manager
Alert Logic Log Manager
Alert Logic
ActiveAnalytics
Alert Logic
ActiveIntelligenc
e
Alert Logic
ActiveWatc
h
16. A Shared Responsibility: Our Role
Foundation Services
(ISO 27001 compliant)
Hypervisor & OS
• Firewall & perimeter security services
• Segregation of Adapt & Customer Networks
• Regular Pen-tested network
• Accredited platform design & build
• Controlled access for customers
• Guest OS hardening
• Patch management
• Infrastructure updates
• Client access management
• Permission policies
• Security monitoring
• Log analysis
Apps
• Secure coding and best practices
• Software and virtual patching
• Configuration management
• Access management
• Application level attack monitoring
• Network threat
detection
• Security monitoring
• DDoS ProtectionNetworks
Compute Storage DB Network
17. Securing Your
Business in
the Digital
Age
Securing Your Business in the Digital Age
Cabinet War Rooms, 14th October 2015