Mais conteúdo relacionado

Apresentações para você(20)

Similar a Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?(20)


Mais de Raffael Marty(20)


Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?

  1. Raffael Marty VP Research and Intelligence Head of X-Labs, Forcepoint Cyber Security Beyond 2020 – Will We Learn From Our Mistakes? SIGS Kick-Off | January 2020 | Switzerland
  2. A Brief Summary We need a paradigm shift in security to escape the security cat and mouse game Integrated platforms - no more disjointed security tools Readiness for digital transformation challenges Human factors and behavioral intelligence play a key role in detecting and preventing cyber attacks and insider threat
  3. Raffael Marty Sophos PixlCloud Loggly Splunk ArcSight IBM Research Security Visualization Big Data ML & AI SIEM Corp Strategy Leadership Zen
  4. Beyond 2020 Cyber Security Today The Imminent Paradigm Shift Three Market Trends • Ever New Attack Surfaces • Integrated Platforms • Behavior and Risk Centricity
  5. Cyber Security Today
  6. Visibility Challenge – Devices and Users Disjointed security products Alert overload in the SOC Cyber Security Challenges Privacy and Regulations - a security inhibitor New technologies constantly exposing new threats Talent shortage Phishing (now with deepfakes) Discovering attacks too late (‘right of boom’) Ransomware
  7. $1 Trillion Has Been Spent Over The Past 7 Years On Cybersecurity, With 95% Success … For The Attackers 46% say they can’t prevent attackers from breaking into internal networks each time it is attempted. 100% of CIOs believe a breach will occur through a successful phishing attack in next 12 months. Enterprises have seen a 26% increase in security incidents despite increasing budgets by 9% YoY. Source: CyberArk Global Advanced Threat Landscape Report 2018 Sources: Verizon 2018 Data Breach Investigations Report.
  8. The Imminent Paradigm Shift?
  9. © 2020 Raffael Marty | 9 Centralized Data Lakes and Analytics Events Threat Intelligence (IOCs) Fixed rules External Attacker Infrastructure Security Paradigm Shift Decentralized Data and Analytics Entity Based Activities Behaviors and Context (IOBs) Risk Adaptive Compromised Accounts and Devices User and Data Security Escaping the Security Cat and Mouse Game
  10. Extending / Improving the Kill Chain Recon Weaponization Delivery Exploitation Installation Execution Most Security Tools • What if there is no exploitation? • Generally focused on external attackers • Focused on known attacks
  11. Understand the Execution Phase Recon Weaponization Delivery Exploitation Installation Execution Discover Explore Collect Exfiltrate, Modify, Destroy Dwell time can be months • Broaden focus from external attackers to compromised users and devices to include insiders (malicious and accidental) • Shift focus from latest attacks to what your users (and devices) are supposed to do • Think beyond whitelisting • Focus on the intersection of users and critical data
  12. Moving ‘Left of Boom’ Recon Weaponization Delivery Exploitation Installation Execution • Focus on behavior of humans and devices • Understand humans and intent to help flag suspicious entities before harm is caused • Move to a risk-based approachMonitor human factors Monitor for deviations from norm Assess peer group membership 89 John
  13. Three Market Trends
  15. NEW ATTACK SURFACES Artificial Intelligence IIoT Container Workloads 5G Digital transformation is driving ever new technologies, accelerating changes in attack surfaces Etc. Is your environment set up to deal with new security tools that can be integrated into your existing setup, processes and people? Do you need new tools for every new type of attack? Or does your existing tooling cover more than just one type of attack? November 2019 - VC Investments • Training 3 • NetSec 5 • Phishing 3 • Identity 4 • Fraud 2 • Data 4 • Scanning 4 • Testing 1 • MSP 1 • Others
  16. © 2020 Raffael Marty | 17 The Market is Creating Platforms Motivations - Coverage across endpoint and network with integration of analytics - Cover multiple product capabilities – (FW, DPI, IPS, VPN, Web, TI) - Landgrab and ”dominance” (MSFT -> ID, AWS) - Offering more services to existing customers - “Service selection” Challenges - Acquisitions are hard – people, technology, and sales approach integrations (GTM unification) - What Platform do you bet on? What about vendor lock in? Open standards? - Does your ‘other’ security tool survive? , AWS, Splunk, Google, Sophos, Proofpoint, BlackBerry, Broadcom, etc. The average SOC runs 30 security tools
  17. Third Market Trend – Behavior and Risk Centricity
  18. © 2020 Raffael Marty | 19 Revisiting Our Goals Escape the cat and mouse game Catch more than external attacks (including malicious insiders) Moving left of the boom Escape “event” overload
  19. © 2020 Raffael Marty | 20 The Solution Escape the cat and mouse game Catch more than external attacks (including malicious insiders) Moving left of the boom Escape “event” overload “The world's first dynamic 'non-factor’ based quantum AI encryption software, utilizing multi-dimensional encryption technology, including time, music's infinite variability, artificial intelligence, and most notably mathematical constancies to generate entangled key pairs." Revisiting Our Goals
  20. © 2020 Raffael Marty | 21
  21. Behavior and Risk Centricity Monitor Entities • Learn their normal behavior • Learn how they behave relative to their peers • Learn how they interact with critical data and IP • Based on deviations, compute an entity risk Understand Humans • Track and assess human factors Shift to a risk-based approach • An ‘event’ can both be good or bad, depending on the context of the entity 89 John
  22. © 2020 Raffael Marty | 23 “Critical Path to Insider Threat” • intelligence/csi-publications/csi-studies/studies/vol- 59-no-2/pdfs/Shaw-Critical%20Path-June-2015.pdf Sociotechnical and Organizational Factors for Insider Threat (SOFIT) • 20SOFIT%20Sociotechnical%20and%20Organizati onal%20Factors%20for%20Insider%20Threat.pdf How Do We Understand / Characterize Humans?
  23. © 2020 Raffael Marty | 24 Critical Path
  24. © 2020 Raffael Marty | 25 SOFIT Mapped Behaviors to Risk Scores Ontology reasoning through insider actions • Sabotage • Data Exfil • Fraud • Workplace Violence • Unintentional Threat Indicators driving outcomes • Boundary Violation • Job Performance • Life Narrative • Etc.
  25. Risk Today vs. Tomorrow – The Inclusion of Human Factors Concerning Behaviors ADVERSE OUTCOMES
  26. Concerning Behaviors Risk Adaptive Protection Risk Today vs. Tomorrow – The Inclusion of Human Factors Stressors Pre- disposition Human Context Attributes Intent … Device Type Mindset Device Context Exposure Activities Concerning Behaviors Business Activity Activities that, out of context would be benign, now flag an attack ”Detection Rules” that normally generate a lot of false positives are now weighed by the risk of the entities.
  27. Am I here to work for you, or for someone else? Regular Activities Activities Predisposition Stressors Concerning Behaviors • Seeking access or clearance levels beyond current need • Testing security boundaries • Multiple usernames & identities • Social and professional network • Unreported travel • Low communication, lack of social connections in office • None • Communication with competitors
  28. • Needs to be built with ‘privacy first’ • Nuances of regional regulations (GDPR, CCPA, etc.) • Avoid using human factors for psychological diagnoses • Securing collected data - Anonymization? • Verifyability and explainability of approaches • Where are the socio-ethical boundaries? Challenges and Dangers
  29. Shifting The Paradigm Left Of The Boom You need a future proof platform that provides complete visibility and insight You need sensors • For every possible point of contact • Understand user interactions with critical data • Cover cloud, on prem, hybrid, and IIoT You need a way to characterize what’s normal for your users and devices – and understands human factors ready
  30. Questions? @raffaelmarty