SlideShare une entreprise Scribd logo

106 Threat defense and information security development trends

Télécharger en tant que PPTX, PDF
S
SsendiSamuel

106 Threat defense and information security development trends

Formation
1  sur  23
www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Threat Defense and Information Security Development Trends 15 MINUTES BREAK – CLASS RESUMES 8:30 PM EAT (+3 UTC)
Page 2 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  The previous courses have introduced some basic concepts and knowledge about information security and common attack types. Consider this question: What measures should we take to ensure enterprises' information security?  Defense against security threats not only requires professional tools but also the awareness of everyone involved in information security construction.
Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Describe the basic elements of security threat defense.  Describe the importance of information security awareness in security protection.  Describe the future development trends of information security.
Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Security Threat Defense 2. Information Security Awareness 3. Information Security Development Trends
Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Key Elements of Information Security Protection • Ensure security compliance during process operations of enterprises. Implement in-time response, defense, and improvement when threats occur. • Security protection technologies ensure appropriate action can be implemented. • Security protection technologies have different protection methods at different technical layers and domains. • "People are the weakest link in information security." • It is very important to ensure that enterprise employees have high security awareness. Security O&M and Management People Security Products and Technologies Three interconnected elements
Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Protection Methods Security products and technologies • Network security: firewall, IPS/IDS, anti-DDoS, etc. • System security: server security, host security, etc. • Endpoint security: secure access, identity authentication, etc. • Application security: antivirus, vulnerability scanning, penetration testing, etc. O&M and management • Security operation • Emergency response • Disaster recovery Security awareness • Fostering security awareness in enterprise employees • Raising awareness of social engineering
Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Security Threat Defense 2. Information Security Awareness 3. Information Security Development Trends
Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Cyber Security Awareness Survey  Do you read the User Agreement in detail when you register an account?  Do you use the same password for all your accounts?  Do you think the current cyber environment is secure? Unique password to each account 24.1% Not all accounts use the same password 61.4% The same password to all accounts 13.8% Others 0.7% 6.9% 49.1% 32.8% 9.2% 2.0% Extremely safe Very safe Safe Very dangerous Extremely dangerous
Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Public Wi-Fi Security Awareness  Do you connect to free Wi-Fi in public places?  Do you do online shopping, payment, money transfer, or  other similar things while connected to a public Wi-Fi network? Access any free Wi-Fi network available 19% Do not access any public Wi-Fi network 19% Access only protected Wi-Fi networks of well-known brands 60% Others… Connection to Public Wi-Fi Networks 25.1% 13.6% Email & chatting Online shopping & banking transactions Things People Do on Public Wi-Fi Networks
Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Security Risks of Wi-Fi in Public Places  Eighty percent of Wi-Fi networks can be easily cracked. Every year, access to public Wi-Fi networks incurs an economic loss as high as CNY 5 billion (eBank theft, online account theft, etc.). Below are some examples of public Wi-Fi security risks: The hacker steals CNY 34,000 from the person who steals the neighbor's Wi-Fi A financial scam using McDonalds' Wi- Fi cost some users CNY 2000 Phishing Wi-Fi in buses Online game purchases accumulated over a number of years stolen by hackers Those who intend to save money may be at risk due to weak security Hackers routinely succeed in obtaining user password information Unexpected Shocking Up-to-date Suffocating Aggrieved Harmful
Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Social Engineering  Social engineering was first appeared in the 1960s as a formal discipline.  Social engineering was discussed in The Art of Deception by the infamous hacker Kevin Mitnick, who authored the book following a prison term for hacking-related offenses. It refers to the psychological manipulation of people to give away important personal information, which can cause great damage to the victims. Is this an example of social engineering? People are the weakest link. — World's most notorious hacker Kevin Mitnick
Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case Study  Discussion: If you find another person's SIM card, what information can you obtain? Insert the SIM card into a phone. The phone displays the SIM card number. Phone number Obtain name of the card owner. Alipay Login details Use QQ (Chinese Facebook) and Weibo (Chinese Twitter) to obtain information such as the birthday, location, and age of the card owner. Personal information of the SIM card owner Obtain the first four and last four digits of the card owner ID number. Hackers can guess the remaining digits based on the birth date and area. Login for the online service center of the SIM card Using the web browsing history provided by the service center, you can obtain the owner's most frequently visited websites, QQ account, and Weibo account. Web browsing history Obtain information about friends, relatives, and photos of the card owner from social platforms such as Weibo. Information about social relationships
Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Fostering Security Awareness  Remaining vigilant when online is an effective way to defend against cyber security scams. Think like a detective Be Observant Willing to learn Be Skeptical Think before you act Attention to details Search for the truth Practices
Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Security Threat Defense 2. Information Security Awareness 3. Information Security Development Trends
Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Gartner Top 10 Security Technologies Cloud access security brokers (CASBs) Endpoint Detection and Response (EDR) Gartner Top 10 Security Technologies
Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Future Development Trends of Security Protection Security as a service Endpoint detection increasingly important Traffic control IP addresses -> applications Software-defined security protection solution
Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Trend 1: Security as a Service Reverse proxy Client Behavior File Traffic App Anomaly Internet Security check service
Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Trend 2: Endpoint Detection Increasingly Important Detect unknown malicious files and C&C communications Locate internal endpoints infected by malicious files 1 2 3 1 2 3 MD5 of malicious files MD5 of executed files Correlate to malicious files Correlate to C&C attack source IP addresses Targeted IP addresses of C&C attacks IP addresses of infected endpoints Unknown malicious files C&C anomalies E E E E E E E E E E Infected endpoints First infected endpoint Locate infected endpoints using MD5 and address threats Locate infected endpoints based on the C&C attack traffic. Find the first infected endpoint and end further infection. Sandbox Detection Log Traffic Metadata Endpoint Log Analysis
Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Trend 3: Traffic Control — from IP Addresses to Applications Content User Threat App location IP Port Protocol VPN IPS Antivirus DDoS DLP Anti Spam URL Layer-4 quintuple control Layer-7 application threat control
Page 21 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Trend 4: Software-defined Security Solution (Huawei SDSec) • Service-driven policy management, manual O&M -> intelligent O&M • Automated service provision for tenants • Based on automatic mapping from services to policies O&M Intelligence Enforcer Switch Router Wi-Fi AR FW/vFW AntiDDoS DFW DFW Controller SecoManager CIS FireHunter Global security intelligence center Analyzer • Cyber security collaboration, single-point defense -> network-wide associative defense • Security service orchestration • AI-based auto-learning and detection of threats, from reactive to proactive defense • Huawei third-generation sandbox based on deep neural network algorithms Detection Intelligence Handling Intelligence Controller Analyzer Third-party security Integrate Associate
Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Which of the Esecurity protection? A. A. Security O&M and management B. B. Monitoring C. C. Security products and technologies D. D. People 2. Which of the following password settings is more secure? A. A. Digits only B. B. Letters only C. C. Digits + letters D. D. Digits + letters + special characters
Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Basic elements of security threat defense  Importance of information security awareness in security protection  Future development trends of information security
Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com

Recommandé

101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
SsendiSamuel
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
Anne Starr
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devices
SsendiSamuel
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
kailash shaw
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
Amy Daly
 

Recommandé

101 Basic concepts of information security
101 Basic concepts of information security101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
SsendiSamuel
 
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
Anne Starr
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
 
104 Common network devices
104 Common network devices104 Common network devices
104 Common network devices
SsendiSamuel
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
kailash shaw
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
Amy Daly
 
Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
AbhilashYadav14
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021
Shawn Nutley
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
Imperva
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
CentraComm
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
Rahul Tyagi
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Knowledge Group
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and Beyond
Nandita Nityanandam
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
Vertex Holdings
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification course
chandrashekar965278
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
PECB
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
Rama Reddy
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
Stephen Cobb
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
IT Governance Ltd
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
Amrit Chhetri
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Illumeo
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
Leandro Bennaton
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
inLabFIB
 
HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
JordanKinobe1
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 

Contenu connexe

Tendances

Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
PECB
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 

Tendances (20)

Summer internship - Cybersecurity
Summer internship - CybersecuritySummer internship - Cybersecurity
Summer internship - Cybersecurity
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
 
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
Joint Presentation - Part 1: The Future Evolution of E-Banking & Cyber Securi...
 
Top 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and BeyondTop 5 Cybersecurity Trends in 2021 and Beyond
Top 5 Cybersecurity Trends in 2021 and Beyond
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification course
 
Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019Top Cyber Threat Predictions for 2019
Top Cyber Threat Predictions for 2019
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 Challenges
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 

Similaire à 106 Threat defense and information security development trends

Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
Mark Albala
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
talhajann43
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
RakeshPatel583282
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 

Similaire à 106 Threat defense and information security development trends (20)

HCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptxHCSCA101 Basic Concepts of Information Security.pptx
HCSCA101 Basic Concepts of Information Security.pptx
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
Cyber security
Cyber securityCyber security
Cyber security
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Top Cybersecurity Challenges Faced By Fintech Applications! .pdf
Top Cybersecurity Challenges Faced By Fintech Applications! .pdfTop Cybersecurity Challenges Faced By Fintech Applications! .pdf
Top Cybersecurity Challenges Faced By Fintech Applications! .pdf
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 
Domain 6 of CEH Wireless Network Hacking.pptx
Domain 6 of CEH Wireless Network Hacking.pptxDomain 6 of CEH Wireless Network Hacking.pptx
Domain 6 of CEH Wireless Network Hacking.pptx
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information security
 

Plus de SsendiSamuel

Plus de SsendiSamuel (7)

103 Basic network concepts
103 Basic network concepts103 Basic network concepts
103 Basic network concepts
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trends
 
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization featuresChapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
 
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basicsChapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
 
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computingChapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
 
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computingChapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
 
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualizationChapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
 

Dernier

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 

Dernier (20)

Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 

106 Threat defense and information security development trends

  • 1. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Threat Defense and Information Security Development Trends 15 MINUTES BREAK – CLASS RESUMES 8:30 PM EAT (+3 UTC)
  • 2. Page 2 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  The previous courses have introduced some basic concepts and knowledge about information security and common attack types. Consider this question: What measures should we take to ensure enterprises' information security?  Defense against security threats not only requires professional tools but also the awareness of everyone involved in information security construction.
  • 3. Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Describe the basic elements of security threat defense.  Describe the importance of information security awareness in security protection.  Describe the future development trends of information security.
  • 4. Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Security Threat Defense 2. Information Security Awareness 3. Information Security Development Trends
  • 5. Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Key Elements of Information Security Protection • Ensure security compliance during process operations of enterprises. Implement in-time response, defense, and improvement when threats occur. • Security protection technologies ensure appropriate action can be implemented. • Security protection technologies have different protection methods at different technical layers and domains. • "People are the weakest link in information security." • It is very important to ensure that enterprise employees have high security awareness. Security O&M and Management People Security Products and Technologies Three interconnected elements
  • 6. Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Security Protection Methods Security products and technologies • Network security: firewall, IPS/IDS, anti-DDoS, etc. • System security: server security, host security, etc. • Endpoint security: secure access, identity authentication, etc. • Application security: antivirus, vulnerability scanning, penetration testing, etc. O&M and management • Security operation • Emergency response • Disaster recovery Security awareness • Fostering security awareness in enterprise employees • Raising awareness of social engineering
  • 7. Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Security Threat Defense 2. Information Security Awareness 3. Information Security Development Trends
  • 8. Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Cyber Security Awareness Survey  Do you read the User Agreement in detail when you register an account?  Do you use the same password for all your accounts?  Do you think the current cyber environment is secure? Unique password to each account 24.1% Not all accounts use the same password 61.4% The same password to all accounts 13.8% Others 0.7% 6.9% 49.1% 32.8% 9.2% 2.0% Extremely safe Very safe Safe Very dangerous Extremely dangerous
  • 9. Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Public Wi-Fi Security Awareness  Do you connect to free Wi-Fi in public places?  Do you do online shopping, payment, money transfer, or  other similar things while connected to a public Wi-Fi network? Access any free Wi-Fi network available 19% Do not access any public Wi-Fi network 19% Access only protected Wi-Fi networks of well-known brands 60% Others… Connection to Public Wi-Fi Networks 25.1% 13.6% Email & chatting Online shopping & banking transactions Things People Do on Public Wi-Fi Networks
  • 10. Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Security Risks of Wi-Fi in Public Places  Eighty percent of Wi-Fi networks can be easily cracked. Every year, access to public Wi-Fi networks incurs an economic loss as high as CNY 5 billion (eBank theft, online account theft, etc.). Below are some examples of public Wi-Fi security risks: The hacker steals CNY 34,000 from the person who steals the neighbor's Wi-Fi A financial scam using McDonalds' Wi- Fi cost some users CNY 2000 Phishing Wi-Fi in buses Online game purchases accumulated over a number of years stolen by hackers Those who intend to save money may be at risk due to weak security Hackers routinely succeed in obtaining user password information Unexpected Shocking Up-to-date Suffocating Aggrieved Harmful
  • 11. Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Social Engineering  Social engineering was first appeared in the 1960s as a formal discipline.  Social engineering was discussed in The Art of Deception by the infamous hacker Kevin Mitnick, who authored the book following a prison term for hacking-related offenses. It refers to the psychological manipulation of people to give away important personal information, which can cause great damage to the victims. Is this an example of social engineering? People are the weakest link. — World's most notorious hacker Kevin Mitnick
  • 12. Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Case Study  Discussion: If you find another person's SIM card, what information can you obtain? Insert the SIM card into a phone. The phone displays the SIM card number. Phone number Obtain name of the card owner. Alipay Login details Use QQ (Chinese Facebook) and Weibo (Chinese Twitter) to obtain information such as the birthday, location, and age of the card owner. Personal information of the SIM card owner Obtain the first four and last four digits of the card owner ID number. Hackers can guess the remaining digits based on the birth date and area. Login for the online service center of the SIM card Using the web browsing history provided by the service center, you can obtain the owner's most frequently visited websites, QQ account, and Weibo account. Web browsing history Obtain information about friends, relatives, and photos of the card owner from social platforms such as Weibo. Information about social relationships
  • 13. Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Fostering Security Awareness  Remaining vigilant when online is an effective way to defend against cyber security scams. Think like a detective Be Observant Willing to learn Be Skeptical Think before you act Attention to details Search for the truth Practices
  • 14. Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Security Threat Defense 2. Information Security Awareness 3. Information Security Development Trends
  • 15. Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Gartner Top 10 Security Technologies Cloud access security brokers (CASBs) Endpoint Detection and Response (EDR) Gartner Top 10 Security Technologies
  • 16. Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Future Development Trends of Security Protection Security as a service Endpoint detection increasingly important Traffic control IP addresses -> applications Software-defined security protection solution
  • 17. Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Trend 1: Security as a Service Reverse proxy Client Behavior File Traffic App Anomaly Internet Security check service
  • 18. Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Trend 2: Endpoint Detection Increasingly Important Detect unknown malicious files and C&C communications Locate internal endpoints infected by malicious files 1 2 3 1 2 3 MD5 of malicious files MD5 of executed files Correlate to malicious files Correlate to C&C attack source IP addresses Targeted IP addresses of C&C attacks IP addresses of infected endpoints Unknown malicious files C&C anomalies E E E E E E E E E E Infected endpoints First infected endpoint Locate infected endpoints using MD5 and address threats Locate infected endpoints based on the C&C attack traffic. Find the first infected endpoint and end further infection. Sandbox Detection Log Traffic Metadata Endpoint Log Analysis
  • 19. Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Trend 3: Traffic Control — from IP Addresses to Applications Content User Threat App location IP Port Protocol VPN IPS Antivirus DDoS DLP Anti Spam URL Layer-4 quintuple control Layer-7 application threat control
  • 20. Page 21 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Trend 4: Software-defined Security Solution (Huawei SDSec) • Service-driven policy management, manual O&M -> intelligent O&M • Automated service provision for tenants • Based on automatic mapping from services to policies O&M Intelligence Enforcer Switch Router Wi-Fi AR FW/vFW AntiDDoS DFW DFW Controller SecoManager CIS FireHunter Global security intelligence center Analyzer • Cyber security collaboration, single-point defense -> network-wide associative defense • Security service orchestration • AI-based auto-learning and detection of threats, from reactive to proactive defense • Huawei third-generation sandbox based on deep neural network algorithms Detection Intelligence Handling Intelligence Controller Analyzer Third-party security Integrate Associate
  • 21. Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Which of the Esecurity protection? A. A. Security O&M and management B. B. Monitoring C. C. Security products and technologies D. D. People 2. Which of the following password settings is more secure? A. A. Digits only B. B. Letters only C. C. Digits + letters D. D. Digits + letters + special characters
  • 22. Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Basic elements of security threat defense  Importance of information security awareness in security protection  Future development trends of information security
  • 23. Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com