Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (20)
Similaire à 2017 Security Report Presentation
Similaire à 2017 Security Report Presentation (20)
Dernier
Dernier (20)
2017 Security Report Presentation
- 1. 1© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | SECURITY REPORT 2 0 1 7
- 2. 2© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THE YEAR IN REVIEW HUMAN ELEMENT HACKERS COMPLEXITY GROWTH FINDINGS BASED ON 20 YEARS OF VISIBILITY AND VALIDATION GROWTH IN ATTACK SURFACE LED TO GROWTH IN ATTACKS
- 3. 3© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | IXIA ATI RESEARCH CENTER • Combines proficiency in cybersecurity threats and application protocol behavior. • Application and threat intelligence across test, visibility, and security solutions to: • Create realistic application attacks—from protocols through loading and threats • Block malicious inbound and outbound communications • Collect ongoing intelligence on new threats • Identify unknown applications • Detect traffic locations
- 4. 4© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | GROWTH
- 5. 5© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | LEADING CONTRIBUTOR OF GROWTH: THE CLOUD AND ITS EVOLVING ATTACK SURFACE Growth Shared Responsibility Speed of Change (Container and Virtualized) Attack Surface = ∑ of attack vectors where an unauthorized user can enter and extract data from an enterprise. How much data do I have? Where is my data? What applications do I run?
- 6. 6© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THE CLOUD: GROWTH Global Cloud Index, Cisco, 2016 15.3 Zettabytes Total Data Center Traffic 92% of Workloads Are Cloud Based By 2020
- 7. 7© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THE CLOUD: SPEED OF CHANGE SERVER LIFETIME Containerized Data Center DAYS Virtualized Data Center WEEKS Traditional Data Center MONTHS
- 8. 8© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | SaaS Software as a Service • Email • CRM • Virtual Desktop • Gaming PaaS Platform as a Service • Database • Web Server • Dev Tools • Execution Runtime IaaS Infrastructure as a Service • Servers and Virtual Machines • Storage • Network THE CLOUD: SHARED RESPONSIBILITY Software delivered over the web: Platform for creation of software: Hardware & software delivered on-demand:
- 9. 9© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | determine your responsibility and exposure Source: Gartner, Staying Secure in the Cloud Is a Shared Responsibility, April 2016 Report. THE CLOUD: SHARED RESPONSIBILITY IaaS PaaS SaaS People People People Data Data Data Applications Applications Applications Runtime Runtime Runtime Middleware Middleware Middleware Operating System Operating System Operating System Virtual Network Virtual Network Virtual Network Hypervisor Hypervisor Hypervisor Servers Servers Servers Storage Storage Storage Physical Network Network Network Customer ResponsibilityCSP Responsibility THE SERVICES YOU USE
- 10. 10© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 10x 670 more cloud services are deployed than what IT expects of these cloud services are unknown to IT 3800+ total services and most lack basic security THE CLOUD: UNDERSTAND THE SHADOW CLOUD APPLICATIONS UNAUTHORIZED OR UNKNOWN BY IT
- 11. 11© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THE CLOUD: UNDERSTAND THE RISKS If in a regulated industry, understand your exposure Combat the Shadow Cloud Ensure your employees are trained avoid risky behavior
- 12. 12© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | COMPLEXITY
- 13. 13© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 67% deploy business-critical applications on the public cloud which is often opaque. How do you secure this? COMPLEXITY: THE FOG OF SECURITY 13© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Securing the attack surface takes on its own complexity. Vendors. Regulations. The Cloud. Conflicting Guidance.
- 14. 14© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | 460,000 Dockerized applications 4 Billion containers pulled 192% enterprise container growth Virtualization Containers Security Vendor Management 2015 2020 Workload Density 7.3 11.9 500Number of rules allowed per Security Group COMPLEXITY: THE LAW OF NUMBERS
- 15. 15© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Perimeter Security Network Security Endpoint Security Application Security Web/Data Security Threat Intelligence Risk and Compliance Security Operations and Incident Response Fraud Prevention / Transaction Security Identity and Access Management INDUSTRY TERMINOLOGY – SIEM – Security Information Event Management EPP – Endpoint Protection DCAP - Data Center Audit and Protection DLP – Data Loss Prevention IDPS – Intrusion Detection and Protection Systems NGFW – Next Generation Firewall WAF – Web Application Firewall AST – Application Security Testing CASB – Cloud Access Security Broker Mobile Security Cloud Security Industrial (IoT) Security Messaging Security NGFW EPP DLP DCAP IDPS WAF SIEM AST CASB IAM COMPLEXITY: EXPERTISE IN ALL THINGS
- 16. 16© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | COMPLEXITY: THE CISO’S CHALLENGE 16he© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Even well-protected systems can and will be hacked Constantly monitor, test, and shift tactics to keep ahead of attackers
- 17. 17© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | HUMAN ELEMENT
- 18. 18© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THE HUMAN ELEMENT: THE ENEMY WITHIN Mitigating the human element of security leaders expect a major cloud provider to suffer a significant security breach 44% of employees adequately trained to avoid risky behavior that could lead to a data breach Yes No 44% 56% Yes No 20% 80% 20%
- 19. 19© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THE HUMAN ELEMENT: VECTORS FOR ATTACK Decreasing attack vectors: Network and perimeter Increasing attack vectors: Soft underbelly of user vulnerabilities Server User Device Person Media Kiosk/Terminal Network 2009 2010 2011 2012 2013 2014 2015 0% 10% 20% 30% 40% 50% Percent of breaches per asset category over time, (n=7.736)
- 20. 20© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THE HUMAN ELEMENT: VECTORS FOR ATTACK Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, and not cloud provider vulnerabilities. 48%52% Malicious Intent Human error & process failure If there is any redeeming factor, less than half (48%) are due to malicious intent. The other 52% are due to human error (25%) and IT or business process failures (27%). 80%
- 21. 21© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | THE HUMAN ELEMENT: REACTION SPEED Breaches, planned or unplanned, take time to discover Breach Time MINUTES Data Collection DAYS Discovery MONTHS The time to discovery averages over 200 days and is compounded by a further 70 days to contain them Humans can’t react quickly enough
- 22. 22© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | HACKERS
- 23. 23© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | HACKERS: DEMOCRATIZATION AND COMMODITIZATION Most attackers were not APTs Most were looking for one mistake among many targets Tools are widely available on the Internet The most extensive breaches were through brute force: • Checking for passwords that are 14 years old • Probing for vulnerabilities that are over 10 years old • Serving up malware that has not changed in years
- 24. 24© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | HACKERS: EASY TARGETS Easily exploitable systems will be exploited Easily exploitable people will be exploited Laziness leads to exploitation
- 25. 25© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | HACKERS: YOUR WORTH Essentially, you’re not worth much Consumers do not even bat an eyelid when their credit cards are compromised If the $300,000 asking price for the 1 billion Yahoo email records said to be compromised is true, your identity on the Internet is worth 3/100th’s of a cent
- 26. 26© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | HACKERS: CLASSIC ATTACKS 37% 11% 20% 32% Malware Exploits Phishing Other Mostly from U.S. Mostly from U.S. ATTACKS Mostly from U.S. & China
- 27. 27© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | HACKERS: SOCIAL, SAAS, AND FINANCE TARGETS Facebook Adobe Yahoo AOL Dropbox Google Paypal Wells Fargo Ebay Bank of America LinkedIn PayPal Poste Italiane Apple Alibaba American Express USAA Amazon UPS mail.com Phishing Attacks
- 28. 28© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | HACKERS: SLOPPY PASSWORDS root admin ubnt support user pi test 1234 mother usuario oracle 111111 password 123456 guest PlcmSplp 123321 ubuntu ftp server Top 30 guesses seen over a year of secure shell (SSH) user names and passwords postgres akyacht ftpuser tomcat nagios a blank git 54533 15565 4614 2790 1745 1356 1263 1213 1024 926 708 672 535 442 371 359 359 350 300 270 222 220 191 176 175 173 169 159 10000010000100010010
- 29. 29© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | BEST PRACTICES AND RECOMMENDATIONS
- 30. 30© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | BEST PRACTICES AND RECOMMENDATIONS: SPEND INTELLIGENTLY 2016 2021 $187B $85B 2017 $9.2B in Cloud But is it all intelligent spend? GLOBAL CYBERSECURITY GLOBAL CYBERSECURITY
- 31. 31© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | BEST PRACTICES AND RECOMMENDATIONS: DEPLOY A UNIFIED VIEW Virtual Private Cloud Single View Across Common Tools Private Cloud Public Cloud V Hybrid Cloud
- 32. 32© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | PERCENTAGE of your network segments currently being actively monitored Have less than 2/3 visibility coverage 47% BEST PRACTICES AND RECOMMENDATIONS: DEPLOY FULL COVERAGE Source: Ixia Survey of 242 enterprises
- 33. 33© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | Legacy Visibility Solutions Data Volume Blind Spot – attacker can enter and hide his tracks in an instant BEST PRACTICES AND RECOMMENDATIONS: KEEP UP WITH THE DATA ASK YOUR VENDOR: Dropped packets at peak volumes? Performance with all features on? Visibility architecture easy to configure / change?
- 34. 34© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | BEST PRACTICES AND RECOMMENDATIONS: SAFETY ACTIONS MONITOR YOUR SOFT SPOTS KNOW YOUR SUPPLIERS FIX WHAT IS BROKEN BE A DRILL SERGEANT SECURITY IS A VERB ARE YOU (YOUR TESTS) SMARTER THAN A 5TH GRADER THINK LIKE A CROOK
- 35. 35© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | BEST PRACTICES AND RECOMMENDATIONS: TEST OFTEN AND ENSURE TOTAL VISIBILITY IXNETWORK • IXLOAD • IXIA IOT • VISION ONE • BYPASS • FLEX TAPS BreakingPoint • CloudLens • ThreatARMOR
- 36. 36© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. | CONCLUSION: KEY TAKE AWAYS Protect the simple stuff Challenge your security architecture Validate provisioning Adopt a Zero Trust Model Inspect encrypted traffic Limit your attack surface 1 2 3 4 5 6
- 37. 37© 2017 IXIA AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. |
Notes de l'éditeur
- Hello and welcome to our discussion of the Ixia 2017 Security Report. Today, we will share the findings and observations seen by our ATI (Application Threat and Intelligence) Research Center across the whole of 2016. It covers the trends observed, the major incidents observed, original research findings, and ultimately recommendations and best practices to protect your organization.
- Over 2016, one thing was crystal clear. We saw growth across the board. We saw growth in the number of organizations using the Cloud. We saw growth in the attack surface of most organizations, not just from cloud growth but also accompanying shadow IT growth. We saw the attack surface also grow from increased IOT use and more personal and mobile devices being used for work. We experienced much of the same bad and ugly behavior from hackers who also grew not only from population growth but also the easy accessibility of hacking tools. We also saw an increase in the speed of change of IT implementations. This lead to complexity in systems and structure and being able to see what breaks through and what is unnoticed. The CISO role became much more of an orchestrator across the different IT models – in-house, mobile devices, personal devices, private and public cloud use. And ultimately, this complexity and speed of change highlighted the growth of human error be it from simple items like keeping up with passwords for new infrastructure to ensuring patching of vulnerabilities takes place. We will focus on each of these—the leading contributor of growth, what we saw with complexity, the human element and what hacker attacks were seen.
- The majority of the findings in our security report and this presentation are from the Ixia ATI Research Center. This is a group within the company that combines expertise in both threats and application behavior, and spans our test, visibility, and security products. The ATI Research Center with 20 years of expertise is considered a leader in the industry.
- Lets first look at the the first major trend, growth, tied primarily to the cloud.
- Cloud growth creates a larger and multi-dimensional attack surface. Three factors contribute to this. First is the tremendous growth seen in deployments, followed by the speed of change in a virtualized and container environment and last the new model of shared responsibility.
- Each year, we continue to see increases in total data center traffic. Analysts predict that by 2020, we will have over 15.3 Zettabytes of data center traffic and 92% of the workloads will be cloud based. Already today, we have crossed the 50% mark of public cloud based workloads according to some studies and this is expected to increase. http://www.cisco.com/c/dam/en/us/solutions/collateral/service-provider/global-cloud-index-gci/white-paper-c11-738085.pdf
- The second factor to be aware of with cloud deployments is the speed of change. If we look back to traditional datacenters, servers were configured and left running for months or more. With the introduction of virtualization, a single physical server could now support many virtual machines, and the lifetimes of each could be measured in weeks. More recently, containers have been top-of-mind, with lifetimes measured in days or less. What this means is that a static visibility and security architecture no longer fits the bill. You need to be able to detect changes in your network immediately, and take appropriate action.
- The third dimension of the cloud attack surface is the shared responsibility model, and this bears some discussion. If we look at the primary types of cloud services, we have Infrastructure as a Service, Platform as a Service, and Software as a Service. The first is where the cloud provider offers just the physical infrastructure, and the enterprise does all the rest. In a PaaS offering, some basic services such as database or web are offered, and with SaaS, you have access to actual applications. All three are popular and offered by the major cloud service providers like AWS, Microsoft Azure, and Google Cloud Platform.
- Digging deeper, this chart from Gartner shows the elements of the three types of services, and more importantly, depicts what security responsibility the organization has—thus shared responsibility. For IaaS, the enterprise is responsible for pretty much everything, and needs to secure its operating system, applications, and data. It is just as if you were running your own datacenter. For PaaS, you are still responsible for locking down your applications and data. And for SaaS, although you only have control over your data, another important element comes to bear. Your SaaS provider needs to be secure. You need to ensure that the email, file storage, and other applications you consume are just as secure as if they were deployed by your own IT. Determining this is a key responsibility of IT moving forward.
- Why is SaaS so critical to secure? You may have heard the term ‘Shadow IT.’ Well, there is also the ‘Shadow Cloud.’ This is the set of SaaS applications that your employees use but are not controlled or even known by IT. Employees may collaborate with suppliers, contractors, and each other, across geographies and platforms, many times unaware of potential security and regulatory risks. In fact, in an average enterprise there are up to 10x more applications than IT expects, equating to hundreds of individual services. Pretty scary. And, of the universe of SaaS offerings, thousands do not offer industry standard security assurances. Reference: Skyhigh cloud adoption risk report, Q2 2015
- What are the risks you must understand and combat? Separate from cloud growth, which is inevitable, the speed of change, which we can monitor, and the shared responsibility model, which we can address, the shadow cloud is potentially the most damaging. Ask yourself – how many applications have you used unknown to your IT team? If you are in a regulated industry, understand that your cloud exposure is even more critical. And, above all, make sure your employees understand the risks that come with the benefits of the cloud. We look at the human element a bit later.
- Moving on from growth which is at the center of it all, we now look at three interrelated areas that affect security and your increasing attack surface. The first being complexity. What do we mean by this?
- Security complexity is a result of the different demands placed upon the IT department, spanning on-premises data centers, cloud deployments, and SaaS. One almost longs for a simpler time, and a term that we sometimes hear is ’the fog of security.’ What this means is that it is sometimes hard to tell what is real or not, what is a threat or not. What alarm from one of your different security platforms is to be believed or not. And how to avoid battle fatigue. Reference: https://www.ixiacom.com/company/blog/virtualized-monitoring-public-cloud-dilemma
- You’ve got to keep up with increasing complexities of virtualization, containers, the types of rules implemented, and the different vendors you use for perimeter, network, application, data, and xxx security not to mention policy enforcement and operations. We estimate that the average enterprise engages upwards of 15 vendors, and others have stated that this could be as many as 50. In any case, they all require management, understanding of their role, and how they relate to a breach. References: Workload density (workloads per physical server) for cloud data centers was 7.3 in 2015 and will grow to 11.9 by 2020. http://www.cisco.com/c/dam/en/us/solutions/collateral/service-provider/global-cloud-index-gci/white-paper-c11-738085.pdf During the DockerCon keynote of Docker’s CEO Ben Golub the incredible growth of Docker already became clear. Some highlights from his presentation: There are 460K Dockerized applications, a 3100% growth over 2 years Over 4 billion containers have been pulled so far 500 rules – Ixia estimates.
- Here we try to map the different aspects of security to industry terminology. We’re all familiar with hardware platforms and some of the better understood elements such as network, endpoint, application, and web. One of the fastest growing areas and one requiring additional expertise is highlighted in green. These relate more to the operational and less obvious aspects of security, but still incredibly important. Ultimately, the CISO can’t be an expert in all of these areas, so needs to train, to automate, and too offload where appropriate. The security footprint of the enterprise is more complex than ever, counter to what we probably all expected.
- And some parting thoughts on complexity and the CISO. Prepare for attack. Every day, we read of another corporation or government hacked. You can only prepare. As we guided on the last slide, put in place whatever possible to allow you to take a more strategic view. If your day is spent on firefighting, you won’t prepare for the flood or the earthquake. The CISO must no longer be just a tactician… he or she must act strategically.
- Next, we look at the human element, potentially the best understood in terms of cause and effect, but the most difficult to combat. The human element consists of both unintentional breaches, as well as those that are planned. Sometimes, it is difficult after the fact, to tell which is which.
- As an example, all too many employees don’t receive the proper training to protect the enterprise against exposure. Better automation helps, but it cannot ever be foolproof as we saw with CloudFlare. Because of this, many believe that their cloud provider will experience a major breach, though current evidence is proving just the opposite. If you remember back to the shared responsibility model, if an enterprise’s data or applications are compromised, they may think it was due to their provider, but in fact it was due to their own neglect. Back to the human element. References: 20% - http://www.smartbrief.com/poll/2016/11/do-you-feel-your-employees-are-adequately-trained-avoid-risky-behavior-could 44% - IBM - http://m.ibm.com/http/www-03.ibm.com/press/us/en/photo/45327.wss
- This is further confirmed by changes in the sources of breaches. In the past, most focus and investment was on network and other infrastructure. We’ve made progress in these areas over the past decade, and the threat now is from the user and his or her device. This is the ‘soft underbelly’ of enterprise security and must be addressed. Reference: Verizon 2016 Data Breach Investigations Report -www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf
- The human element also translates to the cloud, and Gartner has been bold enough to make the statement that the vast majority of cloud breaches will be due to the enterprise and not to the cloud provider itself. What this goes to show is that, though enterprise may move their workloads to the cloud, security training and implementation doesn’t end. As Churchill said, it is not the beginning of the end, but the end of the beginning. However, some good news. Over 50% are not due to malicious intent. They are due to error or process failures. I didn’t really mean it is good news - still an ‘F’ in my book but it’s not malicious. References: 80% - Gartner, Best Practices for Securing Workloads in AWS. https://www.gartner.com/document/3030318 48% - 2016 Ponemon Cost of Data Breach Study
- The most damaging part of both innocent, if we can call it that, and planned attacks, is the time to react. Though this has improved, once an intruder has breached the perimeters and accessed the soft underbelly, anything goes. Sort of like termites in a house where you don’t have an exterminator. They have plenty of time to take their next steps and exfiltrate on their own timeline. Thus the requirement for monitoring and automated response. Reference: 2016 Ponemon Cost of Data Breach Study.
- Now onto the hackers, the third influencer and of course, the most visible due to impact. They have not gone away. On the contrary, the threat is greater now than ever, as we shall see.
- Probably the most disturbing trend is what we’ll call democratization and commoditization of hacking, the spread of tools and techniques previously limited to the more sophisticated hackers and even governments into the ‘mass market.’ This is actually very dangerous, since a more sophisticated hacker may have had control of a given exploit, while a newbie may just press the button and hope for the best. Or worst. And it should be obvious that, although government actors receive the publicity, the typical enterprise has more mundane threats to worry about such as targeting just plain sloppy behavior. Way too many organizations don’t patch and don’t follow basic password hygiene.
- In essence, hackers are looking for the low hanging fruit… those systems that are easily exploited. Much like going down the street at night and looking for an open window or unlocked door. If the window is closed and the door is locked, on to the next house. And this applies to both systems and people. Remember what we mentioned earlier about training and the human element. You’ve got to be vigilant 24x7. The hackers are and have all the time in the world!
- On the commoditization front, face it, you aren’t worth too much! Just look at the asking price for the compromised Yahoo records, $300,000 for the lot. Maybe that is at the low end, but we see the same trends for credit card data, and more damaging, social security numbers and health records. Credit card numbers can be replaced in a matter of minutes. Your medical history? Not so fast. How many of you have had to replace at least one credit card over the last year or two? It is almost becoming commonplace, and I keep a small file listing the accounts that are under autopay for each… sort of like a credit card bug-out bag. Sad. Reference: https://thenextweb.com/security/2016/12/16/yahoos-billion-user-database-reportedly-sold-on-the-dark-web-for-just-300000
- If we look at the types of attacks and their origins, nothing new. We have malware, exploits, and phishing attacks, and their volume roughly equates to Internet use. We always think of China, Russia, and North Korea, but the source of many of the attacks is staring us in the face, as reported by Ixia ATI. Maybe mapping to expertise, although malware and phishing attacks were primarily US-driven, exploits were more balanced between the US, China, and other countries. Reference: Ixia ATI Research Center 2016
- Looking at some of the attacks in greater detail, also with data from Ixia ATI, we see that social networks, many common cloud-based offerings, and of course financial sites are the most vulnerable. Here you must be doubly on-guard. How many of you have received an email that looked perfectly reasonable at first glance, but then seemed a little bit off when compared to what you normally receive from your bank or favorite chain store? We’ve gotten to the point that many filtering systems are ineffective and you’ve got to review each and every email. Exhausting.
- As we mentioned earlier, the tried-and-true still works, and at the heart of this is poor password hygiene. If you use one of these, consider yourself open to attack. Much like putting a code lock on your front door, and then taping the number under the mat. In fact, many of these are also endemic to cloud deployments not just within the enterprise. Though a typical enterprise end-user wouldn’t select ’ubnt’, that is short for Ubuntu, one of the more popular Linux distributions, we found that it was still an often used password for the cloud.
- So with what we’ve covered – cloud growth, user risk, hackers, and complexity – do you just give up, or is there a way out? We’d not be here if it was the former. How can you protect your network, your applications, and your data?
- First-off, take a step back and evaluate what you have, what you need, and your gaps. Speak with colleagues in the industry and develop a game plan. Spend intelligently. As we mentioned earlier, a typical enterprise may have upwards of 15 different security solutions. Just think if you worked with 15 storage or server vendors. Chaos. So take a measured approach to fixing the highest priority issues, and make sure that what you deploy helps to re-enforce your security posture by providing consistent guidance. References: Cloud security service market (Infonetics, 2013) - 2017 - $9.2B The global cybersecurity market should reach $85.3 billion and $187.1 billion in 2016 and 2021, respectively, reflecting a five-year compound annual growth rate (CAGR) of 17 percent. The American market, the largest segment, should grow from $39.5 billion in 2016 to $78 billion by 2021, a projected five-year CAGR of 14.6 percent. That’s according to BCC Research’s new report, "Cyber Security: Technologies and Global Markets." For purposes of the report, the cybersecurity market includes companies that provide products and services to improve security measures for IT assets, data and privacy across different domains such as the IT, telecom and industrial sectors.
- A major step in this direction is deployment of a common set of tools spanning on-premises, hybrid, and public clouds. You don’t want separate solutions providing different guidance for each. As your workloads migrate from one domain to another, visibility needs to follow. And as multi-cloud deployments take hold, your tools must handle this as well.
- Unfortunately, most enterprises don’t have this unified view and have tools that leave parts of their network unmonitored – essentially keeping the door unlocked while you are on vacation. In fact, across enterprises, almost half the networks have less than 2/3 visibility coverage.
- This is the visibility gap, where the typical visibility solutions can’t keep up with network growth. It is a blind spot, leaving the door open for intrusion. The way to close the gap is to look closely at any solution as to packet drop at corner cases, performance under feature load, and ease of configuration. A true visibility architecture will close all these gap. At Ixia, we are proud that our visibility architecture has the highest performance in the industry with an easy to use GUI that helps eliminate potential configuration errors.
- With a visibility architecture in place, you can take a more strategic view to really address today’s threats. Our security report looks at these in depth. At a high level, they include: Security is an ongoing process. A journey and not a destination. A verb and not a noun. You don’t implement a set of controls and rest on your laurels. You need to be sophisticated, in understanding hackers and your employees. And also challenge them. Think like the hacker, and you can call upon plenty of industry guidance for this. The more regulated or critical your business, the more vigilant you must be. Look at where you are most vulnerable, and re-enforce that area. Remember the Trojan Horse. The highest and thickest wall in the world won’t protect you if the back gate is left unlocked, or if the attacker social engineers his or her way in. One area of increasing scrutiny is the supply chain, as this has been the source of many breaches. Know your suppliers, and hold them to the same high standards. We don’t all need to be Navy SEALs, but keep your team on-guard and avoid fatigue. Deploy tools that minimize false positives. Make it interesting and engaging. Finally, and the simplest, fix what is broken. You have plenty of guidance and automation at your disposal.
- At Ixia, we provide you the tools to challenge your network, validate it and ensure you have a scalable visibility architecture that lets you see inside what is happening in your network. We strongly recommend that you test often to ensure that you have not introduced configuration errors. We also recommend that you check for dropped packets from your visibility architecture as security tools are only as good as the data they see. We are happy to also provide cyber range training to ensure your teams are properly prepared in case of an attack.
- In conclusion, constantly question, challenge, and most importantly test your network’s ability to withstand attacks. Thank you.