SourceFire IPS Overview
Seu SlideShare está sendo baixado.
×
Confira estes a seguir
Recomendadas
Mais Conteúdo rRelacionado
Diapositivos para si (19)
Semelhante a Future-proofing Supply Chain against emerging Cyber-physical Threats (20)
Mais recentes (20)
Future-proofing Supply Chain against emerging Cyber-physical Threats
- 1. Future-proofing Supply Chain against emerging Cyber-physical Threats Future-Proofing Supply Chain Against Emerging Cyber-Physical Threats Disclaimer: The views and opinions expressed in this presentation are those of the author and do not necessarily reflect the official policy or position of any organisation Steven Sim, VP, ISACA Singapore Chapter
- 2. What do they have in common? (1)
- 3. What do they have in common? (2)
- 4. Infosecurity Magazine Supply Chain Risk Closer to Home
- 5. • Threats are getting increasingly impactful and sophisticated • All organisations that have a cyber footprint can be breached • Not a matter of IF but WHEN incidents would happen • How can we then future-proof against the inevitable? New Cybersecurity Normal Area Characteristics of Advanced Persistent Threats (APTs) Adv. Persistent Threats (APTs) Wiperworm (NotPetya) Ransomworm (WannaCry ) Impact & Behavior Data leaked (Rest are Outage) Stays persistent not detected Intent hard to figure Sophistication Signatureless, legitimate tools, sites Exploits multiple vulnerabilities Fully patched systems vulnerable
- 6. Now what can we do? Know our SELF Know our ENEMIES A hundred BATTLES A hundred VICTORIES - Sun Tzu “While cyber defences will never be impregnable, the success of the attacker in achieving actions on objectives is not inevitable.” – SingHealth COI
- 7. Exposures, Attacks, Compromises Technical Equivalents Indicators of Exposure (IOE) Indicators of Attack (IOA) Indicators of Compromise (IOC) ISACAISACA Know our SELF Know our ENEMIES Tactics, Techniques, Procedures (TTP)
- 8. Now what can we do? Know our SELF
- 9. McKenzie Supply Chain 4.0 ISACA
- 10. Cyber-Physical Universe Automation is also the means to repeat human errors with rigor in a consistent manner. Cybersecurity and Safety are increasingly synonymous.
- 11. Star Tribune Matter of Life and Death RiskBasedSecurity
- 12. Perils of Patching • How complex is your system? • How fast can you test a patch? • How complete is your testing? • Can you afford to risk a self-inflicted Denial-of-Service? ZDNet TechRepublic LapTopMag
- 13. Key current pain-points 1. Weak computing power 2. Insecurity by design 3. Insecure industrial protocols 4. Slow certification of patches 5. Hard to retrofit Inherent Design Issues Belden Cyber-Physical Limitations
- 14. Inherent Accessibility Exposures Internet connectivity Watering Hole Attacks Cloud adoption, data lakes Leaky Cloud Buckets Internet connectivity Distributed Denial-of-Service Increased Accessibility
- 15. Now what can we do? Know our ENEMIES
- 16. Identifying and Prioritizing Threat Scenarios Threats against Supply Chain ISACA ISACA1. Defeat Device 2. Logic Bombs 3. Back Doors 4. Malware 5. Vulnerabilities
- 17. Threats towards Cyber-Physical Systems in Supply Chain 4.0 PWC
- 18. PWC
- 19. Tactics, Techniques and Procedures (TTPs) Who are our Enemies? (2) Prevent Action on Objectives
- 20. Low Barriers to Attacks (1)
- 21. Low Barriers to Attacks (2)
- 22. Low Barriers to Attacks (3)
- 23. Source: Resilient Navigation and Timing Foundation Physical-to-Cyber Threats (1) Resilient Navigation and Timing Foundation
- 24. Source: PC Magazine DreamsTime Physical-to-Cyber Threats (2)
- 25. Now what can we do? A Hundred Battles A Hundred Victories
- 26. Governance key to Future-proofing Perform threat modelling Adopt cybersecurity frameworkAdopt key principles IIOT Physical Security Change Mgmt Network Security Security Hardenin g Account Mgmt Vuln Mgmt Incident Mgmt Security Awarenes s Key Areas of IIOT Focus Adopt IT Risk Framework
- 27. • Business to operation to IT risk alignment paramount • Risk optimization is key to risk management • Risk Owner is Accountable • CISO cannot own Risk Adopt IT Risk Framework ISACA Risk IT Framework
- 28. 1. Tender Specs (Firewall, VPN, Common Criteria, etc) 2. Product allows Vulnerability to be Managed 3. Layered Defense Architecture 4. Architecture Security Review 1. Security Standards 2. Server Hardening i.e. Disable Unnecessary Services 3. Network-based Firewall 4. Pre-deployment Vulnerability Assessment & Penetration Testing 1. Regular Vulnerability Scan 2. Regular Vulnerability alert Monitoring 3. Timely Vulnerability Remediation/Patching 4. Continuous Audit and Monitoring 1. Security Training and Awareness 2. Security Advisories to Custodians 3. Phishing Simulation Exercise 4. Extension to Supply Chain Microsoft ISACA Adopt Key Principles
- 29. • Data as the new oil • Adopt a data- centric approach Privacy-by-Design (as part of SbD) ISACA
- 30. Patch-work is not ideal – addressing flaws in pre- existing systems architecture Security-by- design has to be done right from start ZDNet
- 31. Adopt Cyber Security Framework (1) ISACA COBIT Increased Focus on Detect, Response and Recover phases ISACA
- 32. Third-party Attestations • Multi-Tiered Cloud Services • Common Criteria • CREST • CoBIT/ISO270XX/SOC2 • ABS Guidelines • OSPA (Outsource Service Provider Assessment) • PTG (Penetration Testing Guideline) • RTAASEG (Red Team Adversarial Attack Simulation Exercises Guidelines) Adopt Cyber Security Framework (2)
- 33. Network Security Focus IIOT Physical Security Change Mgmt Network Security Security Hardening Account Mgmt Vuln Mgmt Incident Mgmt Security Awarenes s Standards • ISA/IEC-62443 • NIST SP800-82 Layered Defenses • by depth • by diversity Key Areas of Focus (1)
- 34. Vulnerability Management Focus IIOT Physical Security Change Mgmt Network Security Security Hardenin g Account Mgmt Vuln Mgmt Incident Mgmt Security Awarenes s Different ways of fixing a vulnerability • Disable unnecessary services • Network-based firewall • Host-based firewall • Hardening the configuration • Virtual Patching • Patching Systems / Services Vulnerability Severity Exploitable remotely from Internet / Building Exploitabl e remotely from Gateway / Clients Exploitable only locally on host Internet / Extranet- facing Critical / High Medium Low Intranet-facing Critical / High Medium Low Vulnerability Remediation Timeline • Risk-based • Peace Time vs Heightened Posture • Attack Surface Exposure • Exploit Public Availability Key Areas of Focus (2)
- 35. Optiv IR Org Model Incident Management Focus IIOT Physical Security Change Mgmt Network Security Security Hardenin g Account Mgmt Vuln Mgmt Incident Mgmt Security Awarenes s Key Areas of Focus (3) Key Areas of Consideration • Black Swans • Recovery Order • Alternate Comms • Crisis Management • Cyber-Physical SOC • Threat Hunting, Drills, Table-tops • BCM for full automation
- 36. IIOT Physical Security Change Mgmt Network Security Security Hardenin g Account Mgmt Vuln Mgmt Incident Mgmt Security Awarenes s
- 37. Governance key to Future-proofing Perform threat modelling Adopt cybersecurity frameworkAdopt key principles IIOT Physical Security Change Mgmt Network Security Security Hardenin g Account Mgmt Vuln Mgmt Incident Mgmt Security Awarenes s Key Areas of IIOT Focus Adopt IT Risk Framework
- 38. “… need for organizations to elevate cybersecurity as a priority to build the foundation of its cybersecurity culture, better secure their operations, and strengthen the global digital economic ecosystem. Partnerships and information sharing, like ISACA’s collaboration with Digital Manufacturing and Design Innovation Institute (DMDII) on this study, are becoming increasingly key to accomplishing these goals.” Frank Downs, Director of Cybersecurity Practices at ISACA Public Private Partnership
- 39. 1. Be Aware of Increasing Concerns with Cyber-Physical Threats • Emerging Cyber-Physical Threats are sophisticated. Cover all spaces. 2. Key Resilience Principles are still relevant against emerging threats • Adopt good risk, threat modelling, principles, cybersecurity frameworks. • Be pragmatic - Cyber Resiliency is key. 3. Good Risk Culture, Management and Governance is important • Optimize risk. Technology is inadequate. Support with people and processes. Connect with industry and community. Key Take-aways (1)
- 40. Key Take-aways (2) 4. Need for inventory of systems and services, asset classification, risk assessment 5. Need for architecture governance • Not allowing excessive diverse technologies to be used in • Having adequate diversity to mitigate supply chain concentration risk. 6. Buying technology to solve problems but with adequately trained people and processes
- 41. • Industrialization 4.0 is here to stay • Less human intervention • Heavy reliance on cyber-physical connectivity, analytics, cloud • Increased criticality on wireless networking • Transiting to the New Cybersecurity Normal • Better impact assessment and automated containment • Elevated cybersecurity requirements and mandate – Security & Privacy by Design • Increased commoditization of cyber insurance 41 All’s not doom and gloom
- 42. • Become better at your job • Support your profession • Increase your value to your employer by expanding your skill set • Expand your network of business contacts • Highlight your expertise by earning a professional credential • Position yourself to participate in a global marketplace • Support the future of your profession • Position yourself for management opportunities Why you should become an ISACA memb
- 43. 43 MANAGING RISK. EMBRACING UNCERTAINTY MAY 15, 2019 SINGAPORE PROGRAMME & SPEAKERS PROFILE Updated as of 22 Mar 2019 https://www.gtacs.sg
- 44. T h a n k y o u f o r a t t e n d i n g . S t a y i n t o u c h !
