Title: The Difficult Road To Cybersecurity
1The Difficult Road To Cybersecurity
-
- Steve Katz, CISSP
- Security Risk Solutions
- 631-692-5175
- stevekatz_at_securityrisksolutions.org
2Mission
- To prevent, detect and respond to acts that could
impact the ability of a company to provide
essential services. - To maintain public/customer confidence in a
companys ability to ensure the confidentiality,
integrity and availability of information and
services. - To enable a company to pursue business
opportunities while meeting security and privacy
commitments. - To create a culture where security is an integral
part of the business governance process.
3Key Drivers
- The Need to Deliver Trust to Customers, Partners
and Staff - Legal/Regulatory
- ISO17799/ISF/BITS/COSO/COBIT Security Standards
- Company Policy, Standards and Practices
- Internal Audit Practices and Procedures
4Operating Assumptions
- All companies are targets
- All technology is vulnerable to intrusion
- Web commerce systems are the windows to the
company - Internet based Malware is a prevalent reality
- What is secure today, wont be tomorrow
- Ongoing assessment is mandatory
- Security is a Journey NOT a Destination
- Metrics If You Cant Measure It, You Cant
Manage It!
5Some Top Concerns
- Not Having An Effective Vulnerability/Patch
Management Process. - Not Using Vulnerability Assessment and IDS/IPS
Tools. - Not Analyzing Source Code.
- Not Having Effective End Point Security.
- Not Having Effective Application Level Security.
- Having Improperly Secured Remote Access.
- Unprotected Laptop Computers Being Stolen.
- Ineffective Security For Web Services.
6Some Top Concerns
- Having Improperly Configured Firewalls Servers.
- Not Having Effective Security Over Stored and
Transmitted Data. - Using Non-secured E-Mail for Restricted/Private
Information. - Not Pen-Testing Internet Based Applications.
- Not Analyzing Security Event Logs
- Not Changing/Deleting Entitlements after Changes
in Job or Employment Status. - Not Effectively Communicating with Business
Management and the Board.
7Classification of ThreatFirst Generation
- Spread via email, or sharing files, disks, etc.
- Examples would be the common viruses of the
80s/90s. - Remedy Human action and anti-virus programs
8Classification of ThreatSecond Generation
- Threat usually self propagating worms.
- Leverage known vulnerabilities.
- Mostly non-destructive.
- Remedy Identify the vulnerability and fix ASAP.
9Classification of ThreatThird Generation
- Leverage known and unknown vulnerabilities where
patches may not be available. - May be targeted attacks.
- May hide behind encryption.
- Attacks aimed at obtaining information, including
phishing/pharming. - Remedy Automated vulnerability management tools
and processes.
102005 Symantec ReportBased on 24,000 Sensors in
180 Companies
- Increasing use of sophisticated, Worms, Trojans,
and Bots sold to the highest bidder. - Information Theft is on the rise 74 of code
submitted could steal information. - Almost 11,000 new Malware programs identified in
first half of 2005 up 48 over 2004. - Increase in number of Phishing attacks.
- Average time from disclosing an exploit to a
working attack 6 days. - Average time between exploit and patch release
54 Days - Biggest Threat worms, trojans, viruses and bots.
- Number of attacks is decreasing - severity of
attacks is increasing. -
11Vulnerability-to-Exploit Window
122005 CSI/FBI Security Survey
- 700 Respondents vs. 494 in 2004
- Causes of Financial Loss
- Viruses 42.8M
- Unauthorized Access 31.2M
- Theft of Information 30.9M
- DOS 7.3M
132005 CSI/FBI Security Survey
- Security Technology Used
- Firewalls 97
- Antivirus 96
- IDS 72
- Server Based ACLs 70
- Encrypting Data in Transit 68
- Encrypted Files 46
- Password Tokens 42
- Biometrics 15
14Need To Look At Additional Tools
- Risk, Vulnerability Remediation Management
- Vulnerability Assessments Threat Alerts
- Impact Assessment
- Patch Validation Distribution
- Anti-phishing/anti-pharming tools
- Identity Access Management
- End Point Security Products
- Event Log Analyzers
- Network Security Intelligence
- Source Code Analysis
- Web Services/XML Security Tools
15Security Risk Framework
People-Who Process-What Technology-How
Prevention Awareness Programs Security Training Policy Standards Trust Permit Risk Acceptance Anti-Virus ID Access Management App. Code Review
Detection Security Report Violation Logs Event Logs IDS Report Analysis Violation Analysis Tools IDS Event Log Analysis Tools
Investigation Forensics Cyber Security Investigators SIRT Data Mirroring/Forensics Tools
Recovery Reconstitution
Verification Validation Metrics Pen Testing War Games Assessment Tools Remediation Verification App. Code Analysis
16Thank You