IT security wars show now sign of slowing down, or in any way, becoming less intense, quite the reverse. Rogue States, Criminal Gangs and Hackers are now trading information and sharing skills and developments on an industrial scale. Vast sums of money are being stolen and extorted by these groups, and their investment in software tools and malware is significant. As a growing cooperative they rival some of our big institutions and agencies in their abilities and knowledge, and in general completely outgun the SME sector. In their latest manifestation they hunt in packs, with individuals and individual groups assigned tasks according to their particular specialisms and skills. Insourcing, outsourcing, mobile and flexible working is the norm along with networked computing, clouds and dark nets.
In contrast the forces of good tend to more conservative and operate in isolation, evolve at a slower rate, and present a relatively static attack surface. In aggregate however, they possess the people and skills necessary to dominate the IT security spectrum, but only if they share what they know along with what they are experiencing, manpower and the key software tools and skills they have developed.
The extent to which the Good could outgun the Bad is estimated to be >> 3:1 and most likely beyond 30 >> 1, provided the Good share and begin to think and act differently. But as we edge toward the IoT (internet of Things and CoT (Clouds of Things) the Good look ever more exposed by old thinking and a less than pro-active mindset focused on remedial rather than anticipative action. Here we identify some of the key risks (present and future) and postulate workable solutions that could be engineered today including auto-immunity spanning every chip, card, shelf, rack, floor, building and all devices.
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Evolving it security Threats and Solutions
1. S e c u r i t y
E v o l v i n g I T
S e c u r i t y
T h r e a t s &
S o l u t i o n s
Peter Cochrane
www.cochrane.org.uk
2. t h e d a r k s i d e
I s n o t g o i n g a w a y a n y t i m e s o o n !
• Their numbers and strengths are growing
• They always seem to be on the front foot
• They always seem to be ahead of the game
• They appear to be getting more adaptable
• They appear to be getting more agile
• Threats are growing
• Attacks are continuous
• The types are more varied
• Damage costs are accelerating
3. h o w c o m e ?
• They are driven by the economics of criminal success
• They are not managed by a board or committee
• They are not bound by ethics, laws and rules
• They enjoy the advantage of surprise
• Attacking is more fun than defending
• They are distributed, highly flexible and adaptable
• The threat and penalties of failure are extremely low
• Adopting and trying new technologies on the fly is their norm
4. a n d m o r e !
B e yo n d t e c h n o l o g y a n d s k i l l
• They adopted open and sharing everything first
• They adopted mobility and mobile working first
• They started using clouds and dark nets first
• They employed distributed computing first
• They adopted and developed apps first
• They adopted Be My Own Boss first
• T h ey a d o p t e d BYO B f i r s t
• The are now federating resources and trading skills
• They are now employing outsourcing and insourcing
• Individuals and indiviual teams are selling specific skill sets
5. C o r r u p t i o n !
Human rel ationshi p s o p e n d o o r s
• In need of love
• In need of care
• In need of money
• Prone to bribery
• Needy of support
• In debt
• +++
Targeted individuals
and organisations
easy to influence
and infiltrate
with no easy
detection or
defence +++
6. i n f i l t r at i o n !
Te c h n o l o g y i s n o t t h e o n l y w a y i n
• External services people
• Visiting trades and repair crews
• Unauthorised info focussed visits
• Hardware/software plants in equipment
• Memory sticks in rest rooms
• +++
Open
Screens
Open
Access
Paper
Notes
Open Desks
Telephone
Numbers
Namers
Contacts
Data Devices
urls
7. • Carless and loud discussions
• Open screens readily visible
• Poor security of devices
• Shoulder surfing
o p p o r t u n i s t i c !
P e o p l e a n d t e c h n o l o g y a v a i l a b i l i t y
• Careless PIN and PassWord use
• Devices left unguarded
• Open phone and SMS
• Paper notes
8. H u n t i n g I N pa c k s
Far more powerful and effective than individuals
• Team work is the new mode
• Rapid sharing is the key advantage
• Skill sharing and real time learning
• High speed adaptability a prime ability
• Results based reward system a key driver
9. • Team work is the new mode
• Rapid sharing is the key advantage
• Skill sharing and real time learning
• High speed adaptability a prime ability
• Results based reward system a key driver
H a c k e r N e t s
Dynamic aggregation of global assets
Sharing Trumps Need to Know
10. M u t e d g o o d
Almost zero sharing of anything !
Need to Know Culture Disabling
• Commercial confidence/secrets
• Government protecting national good
• Solutions sold and traded not shared
• Companies limping along in ignorance
• Specialist companies protecting markets
• Individuals unknowingly exposed to risks
• Exact damage caused is often undisclosed
11. e c o n o m i c s o f s h a r i n g
When the cost gets too great organisation have to share
• Hakers have upper hand
• Retrospective solutions only
• Software requires regular updates
• Machines need regular security scans
• Most people are unaware and exposed
• Infections spread rapidly and go undetected
• File sharing apps are popular but very risky
• All machines come out of their box on day one infected
• We can broadly assume that there are no clean devices
• It is all a ticking time bomb !
12. Good
Bad
>> 3:1
Sufficient for good to prevail over bad !
But ‘bad’ shares resources and knowledge
Whilst ‘good’ operates by ‘need to know’
Sharing knowledge and resources is vital
to assure success !
Best estimate assuming equally
good people and technical
resources on both side of the line:
resourceS
Ratio of aggregated good to bad
13. sharing at every level
An essential element necessary to secure a safe future
The future really
is in our hands -
we actually hold
all the ace cards
14. Identity theft
I t i s s o v e r y v e r y e a s y ! Lax security protocols and procedures
Spoof bank calls and paperwork
Big Data,Meta Data analysis
Bogus call centres/services
Spoof eMails,TXT, IMs
Government records
Institutional records
Face to face surveys
Social networking
Company pages
On-line surveys
Home pages
Data mining
Broader
Protection
N e c e s s a r y
15. Lax security protocols and procedures
Old technologies mixed with the new
Crack one item gives access to all ?
Crack one item to acces the network
Change/control all ownerships
Use ownership as collateral
Ownership affords validity
Viral step and repeat
Creates new crimes
Things as hostages
eBlackmail
+++
Broader
Protection
N e c e s s a r y
ownership theft
IoT rolled out at speed makes it even easier !
16. F I R E WAL L S
Old thinking and insufficient
• Easy to end run
• Easy to penetrate
• Difficult to maintain
• Easy to circumnavigate
• Demand high level expertise
• Only provide limited protection
• An impediment to sharing apps
• Inflexible for modern working
• Counter cultural to BYOD
• Slow to change/update
17. m a l wa r e p r o t e c t i o n
No satisfactory solutions available to date
• Hackers have upper hand
• Retrospective solutions only
• Software requires regular updates
• Machines need regular security scans
• Most people are unaware
• Infections spread rapidly
• File sharing apps is risky
• All machines come infected
• There are no clean devices
• It is all a ticking time bomb
18. P E O P L E p r o t e c t i o n
Unintended and Intended people based exposure
• Laxity
• Mistakes
• Gullibility
• Coercion
• Conspiracy
• Criminal acts
• Opportunistic acts
People are habitual and
conform to patterns of
regular behaviour
19. behaviou ral An alysis
Continuous monitoring of activities to detect anomalies
• Uploads and Downloads
• EMail attachment types
• Web Site addresses
• Networks accessed
• eMail addresses
• Device owneship
• Device type
• Home time
• Desk time
• Road time +++
Activities, Connections, Quantities, Timings
20. Axio matic !
T h e r e a r e n o s i l v e r b u l l e t s
If we do nothing new things will get worse
Non stop learning & adaptation required
Acting in isolation guarantees failure
Continual monitoring necessary
Machines action trumps humans
Networking and sharing are key
Early detection and action vital
Integrated security is a must
Localised quarantene vital
Every level to be protected
Every device proactive
All networks proactive
A New
Era For
Security
Nosingularsolutionsonlyamultiplicity
oftechniquestobeappliedinunison
21. Ax iom atic
T i m e t o t h i n k a g a i n !
Scenarios for the age of everything on line
Mobile and Social Everything
Smart to Smart Everything
The Internet of Things
Clouds of Things
IntelligentThings
Repurposing
Recycling
Reuse
Apps on line
WiFi domination
Distributed storage
Clouds of things
The internet of things
More on-line than off
New working practices
More mobile than fixed
More connectivity modes
Thousands of Cloud Species
Far
Greater
Variability
22. a u t o I m m u n e s y s t e m s
C a p a b l e o f d e t e c t i n g a n d i s o l a t i n g m a l w a r e
Hardware malware traps on every chip and card
And on every device, card, shelf, suit, floor, network
Also on all network elements & components
Soft malware traps in all code everywhere
Automatic experience/solution sharing
Fully automated response/reporting
Resource sharing and adaptation
Many variants & contributions
Evolution dominates design
Industry wide adoption
Full integration
Behaviour
Emmeregent
& Unpredictable
23. USING a multiplicity of channels
Attack exposure and offset through access diversity
BlueTooth
Short Range
Device to Device
Device to Cloud
WiFi/WiMax
Medium Range
WLAN/Cloud
3, 4, 5, 6 G
Long Range
Device to Net
Device to Cloud
Integrated and intelligent
security apps embedded
into product/components
Attacks almost never occur on more than one channel at a time
Intercepting parsed information transmitted over many channels and modes extremely secure
Using more one
device also adds
security options
24. Automation/AI essential
D e m a n d s a r e w a y b e y o n d h u m a n s !
Continuous monitoring is a necessity
Getting it all right on the night is impossible
Rapid evolution & response are a required
Frustrating the enemy all the time
Integration of all available resources
Gathering all available intelligence
Analysing every aspect from both sides
Rapid response and repair an essential
Punitive responses and attacks an option?
War gaming the next moves to be built in
Open learning and solution dissemination
Human intervention should be the exception
25. Automation and AI is essential
T h e d e m a n d s a r e w a y b e y o n d h u m a n a b i l i t i e s !
Thank
Y o u
cochrane.org.uk