O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Mapping the Territory of Cyber Threats - Prevent, Detect and Respond to Cyber Attacks

756 visualizações

Publicada em

Organizations need to face the fact that they have what cybercriminals want, whether it is personal and customer data, credit card data, valuable IPR or crucial information about markets and competitors. The overwhelming majority of large organizations already suffered breaches with severe financial impact and damages for the reputation. Organizations must be proactive and prepared and not simply wait for the inevitable to happen. When it comes to cyber-attacks, prevent, detect and respond are the most important actions. This session provides an overview how to ensure best preparation with a comprehensive portfolio of services, solutions and products to withstand in a world of cyber-security threats.
Richard Curran
Rob Norris
Bryan Campbell

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Mapping the Territory of Cyber Threats - Prevent, Detect and Respond to Cyber Attacks

  1. 1. 0 Copyright 2016 FUJITSU Fujitsu Forum 2016 #FujitsuForum
  2. 2. 1 Copyright 2016 FUJITSU Mapping the territory of Cyber threats. Prevent, detect and respond to Cyber attacks Rob Norris Head of Enterprise & Cyber Security EMEIA, Fujitsu Richard Curran Security Officer EMEA , Intel Bryan Campbell Senior Security Researcher , Fujitsu, @Bry_Campbell
  3. 3. 2 Copyright 2016 FUJITSU Delivering Intelligent Led Security - Agenda Threat Landscape Legislation – NIS & GDPR Security Predictions Intelligent Security Operations Centre (ISOC) Fujitsu Security Capabilities Summary & Q&A
  4. 4. 3 Copyright 2016 FUJITSU Threats Weak Supply chains Hacktivism Credit Card Data Customer Data IPR Theft Insider Threat Prevent Detect Respond The Landscape – Case of When not If
  5. 5. 4 Copyright 2016 FUJITSU By 2018 - New Legislation will drive Security Requirements Network & Information Security Directive (NIS) & General Data Protection Regulation (GDPR) New Legislation Main Customer Tasks Prepare Now! Network and Information Security Directive (NIS) • Harmonized requirements on each Member State’s legislation • Each member state must pass a national law based on the directive by 2018 General Data Protection Regulation (GDPR) • Regulation is valid as is in every country from 2018 on • Countries may add national extensions • Open issue: is relevant law that of consumer’s or provider’s jurisdiction? Information Systems and Data Governance • Evidence of policies and effective implementation, e.g. • Security Audit • Data Protection Impact Assessments • Data Protection Officer to be implemented Reporting • Records of Processing • Specific reporting of security incidents / data breaches without undue delay Severe Fines • GDPR: 20M€ or 4% of annual turnover Governance, Risk and Compliance • Security Consulting, e.g. Continuity & Resilience • Data Protection, e.g. IAM, encryption • MSS, e.g. vulnerability management, perimeter protection, content inspection Assessments & Audits • Security Audits • Privacy Impact Assessment Detect and Response • Cyber Threat Intelligence • SIEM enhanced by reporting according to NIS/GDPR
  6. 6. 5INTERNAL USE ONLYINTERNAL USE ONLY Copyright 2016 FUJITSU Major threats predictions for 2015 State sponsored cyber espionage POS Malware Major Software FlawsRansomware ATM Jackpotting Crimeware as a service Banking Trojans DDOS attacks Mobile platform threat IoT Attacks
  7. 7. 6 Copyright 2016 FUJITSU 2015 – The Year of banking Trojans  2015 – Fujitsu Cyber Threat Intelligence provided intelligence about banking Trojans  Further assisted Government & Law enforcement agencies by sharing information & key learnings  Our work has helped protect both Fujitsu existing & non Fujitsu Customers  2016 – Despite the above Banking Trojans still pose a significant threat
  8. 8. 7 Copyright 2016 FUJITSU Major Threat Predictions for 2016 Flash in the spotlight The Insider Threat Web Attacks under attack Data Remains King IoT growth equals DDoS Biometrics on the Rise Check the mail Things get Personal Companies need expert help
  9. 9. 8 Copyright 2016 FUJITSU The IoT of Distrbuted Denial of Service (DDoS) Attack
  10. 10. 9 Copyright 2016 FUJITSU Data Remains King
  11. 11. 10 Copyright 2016 FUJITSU Flash in the Spotlight
  12. 12. 11 Copyright 2016 FUJITSU Check The Mail
  13. 13. 12 Copyright 2016 FUJITSU Phishing
  14. 14. 13 Copyright 2016 FUJITSU How do we combat these - Intelligence led Security
  15. 15. 14 Copyright 2016 FUJITSU Title
  16. 16. 15 Copyright 2016 FUJITSU Our own Intelligence gathering…
  17. 17. 16 Copyright 2016 FUJITSU
  18. 18. 17 Copyright 2016 FUJITSU A Day in the life of a SOC Agent
  19. 19. 18 Copyright 2016 FUJITSU Security by Design : In the DNA of Your Organization Enable Your Business to go FAST, SAFELY BUSINESS OBJECTIVES Does your board recognize the opportunity in embracing security as an opportunity? How do you approach developing or enhancing a security-minded culture? What do you expect from your partners to deliver secure services?
  20. 20. 19 Copyright 2016 FUJITSU A Hardened Infrastructure is paramount? Hardware Applications Operating System Virtual Machine (Optional) Attacks disable security products OS infected with APTs:Threats are hidden from security products Traditional attacks: Focused primarily on the application layer Ultimate APTs: Compromise platform and devices below the OS, using rootkits as cloaks Compromise virtual machine New stealth attacks: Embed themselves below the OS and Virtual Machine, so they can evade current solutions VISIBILITY/ CONTROL Cloud Trusted Trusted UntrustedUnknown Identity Protection HW-based IT-policy managed, Multi- Factor Authentication Protecting authentication factors, IT policy decision and credentials
  21. 21. 20 Copyright 2016 FUJITSU 40+ Year History in design, delivery and Integration of large scale cyber security services Highest Strategic Technology Partner Accreditations Operating across Public and Private sector, and National Defence Businesses R&D Capability – developing/delivering Fujitsu security products, e.g. PalmSecure and SURIENT Security Operations Centres operating to highest National Government security levels 350+ Security professionals today moving to 1000+ in next 3 years PalmSecure SURIENTWeb & Email security Endpoint protection Firewalls and IDS/IPS Managed Security Services Cloud and DLP Security Assessments Continuity and Resilience Consultancy Technical Design and Integration Assessment Services Security Consultancy Data Loss Prevention Advanced Threat Protection SIEM and SIEMaaS Vulnerability Management Identity & Access Mgmt Consultancy and Advisory Cyber Threat Intelligence and Threat Response Products Fujitsu EMEIA Security Offerings
  22. 22. 21 Copyright 2016 FUJITSU Developing Fujitsu own Security Portfolio SURIENT as well as Artificial Intelligence Tools Managed Rack Sol. Sealed Rack Sol. Stealth Connect Sol. AI - Zinrai  New way of caging in data center for secured physical access (for housing and hosting services)  Server rack opens only for authorized people and logs all openings/closings for audits  Biometric Authentication via PalmSecure ID Match  Installation Services included  New to the world high end solution to protect from intrusion and manipulation with completely separated zones  Fujitsu stealth technologies implemented in control unit  Exceeds MRS security by far  High Secure blocking tool for external communication to a Data Center  Attackers see only closed ports (even behind the same NAT as a user signed in)  Secure strongly against elevation of rights, MitM, Zero Day Exploits, Untrusted Platform  Developed in Japan Zinrai meaning lightning fast in Japanese, is an AI platform that allows Predictive Analysis of Security attacks  Anomaly detection is a typical use case for machine learning systems  Anomaly detection is applied to network traffic information (IDS Logs) to detect cber attacks
  23. 23. 22 Copyright 2016 FUJITSU Biometric Technology - PalmSecure – Visit the Cyber area to see Portfolio & Typical User Cases
  24. 24. 23 Copyright 2016 FUJITSU Summary - People & Service Matter… Collaborative Strong Vendor Relationships Vendor & Technology Agnostic Deep Real World Experience Service Integration Background Co-located Technical Skills Pragmatic & Realistic Extension of our Customers’ Business Market Intelligence Service Flexibility Proven Services Sense & Respond Gen X & Gen Y Hybrid Delivery Model Service Culture Service Intimacy Extra Mile Proactive Customer Experience
  25. 25. 24 Copyright 2016 FUJITSU SECURITY Updates November 16: Nov 16, 13:00 - 13:30 New European Legislation - impact on Security requirements What is GDPR and how will it affect you ? Ralf Adebar Nov 16, 13:30 - 14:00 Top 10 Cyber Predictions Review & Predictions from our Fujitsu Security Operations Center Luke Smalley & Bryan Campbell Nov 16, 15:00 - 15:30 Cyber Threat Intelligence Why you cannot afford your organization to be without it Ryan Smith & Bryan Campbell Nov 16, 15:30 - 16:00 Next Generation SIEM With the growing requirement to be able to make alerts relevant, what is the future of SIEM Martin Cook from LogRhythm @ Ian Whittingham Nov 16, 16:00 - 16:30 Security Operation Centers (SOC) How should a SOC operate and how you can benefit Iain Slater & Ian Whittingham November 17 Nov 17, 10:00 - 10:30 E2E Security Challenges and solutions - demonstrated with innovative usage scenarios based on our SURIENT technology Dr. Heinz-Josef Claes Nov 17, 10:30 - 11:00 Intelligent Security Solutions - based on R&D Own developments, cooperation with partners and relationship with academia Thorsten Höhnke & Daniel Prince Nov 17, 15:00 - 15:30 Identity and Access Management Challenges and solutions - demonstrated with innovative usage scenarios based on PalmSecure technology Thomas Bengs Nov 17, 15:30 - 16:00 Advanced Threat Protection (ATP) Why Prevention alone isn’t enough and why organizations should shift focus to Detection and Response. Symantec
  26. 26. 25 Copyright 2016 FUJITSU