SlideShare ist ein Scribd-Unternehmen logo

Top Security Trends for 2013

Imperva
Imperva

Looking at the security landscape for 2013, we predict that previous security investments made by larger, well-funded organizations will serve as a partial deterrent to hackers. However, those same hackers, armed with sophisticated malware and cloaked in a dangerous anonymity provided by the Cloud, will turn their collective eyes to a new, more vulnerable target: small companies. This presentation reveals the four super-sized security trends that will impact business security practices across the globe in 2013.

Technologie
1 von 42
Downloaden Sie, um offline zu lesen
Top Security Trends for 2013 Rob Rachwald, Director of Security Strategy, Imperva
Agenda  Trends 2012: A look back  Trends 2013: High-level overview  Trends 2013: Details on the big 5 © 2012 Imperva, Inc. All rights reserved.
Today’s Presenter Rob Rachwald, Dir. of Security Strategy, Imperva  Research + Directs security strategy + Works with the Imperva Application Defense Center  Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and Australia  Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today  Graduated from University of California, Berkeley © 2012 Imperva, Inc. All rights reserved.
How Did We Do?  SSL gets caught in the crossfire  HTML5 goes live  DDoS moves up the stack  Internal collaboration meets its evil twin  NoSQL = NoSecurity?  The kimono comes off of consumerized IT  Anti-social media  The rise of the middle man  Security (finally) trumps compliance © 2012 Imperva, Inc. All rights reserved.
Trends 2013: Summary Good News  Security will improve for larger, well- funded organizations.  Community policing comes to cyber security. © 2012 Imperva, Inc. All rights reserved.
Trends 2013: Summary Bad News  As bigger firms get smarter and more effective, hackers will choose the path of least resistance —small companies.  Not surprisingly, hackers will continue to get more sophisticated. © 2012 Imperva, Inc. All rights reserved.
#5: Hacktivism Gets Process Driven CONFIDENTIAL
Hacktivism in the Past Key Problem Past performance no guarantee of future returns. © 2012 Imperva, Inc. All rights reserved.
Example © 2012 Imperva, Inc. All rights reserved.
Process Driven: What is it?  In 2012, Hacktivists moved towards awareness campaigns rather than targeted attacks  Hacktivism awareness means more for less + Arbitrary targets in order to get easy results + Automation in all stages of the process + More aggressive marketing of Hacktivism campaigns © 2012 Imperva, Inc. All rights reserved.
Example: Team GhostShell  In order to maximize results, Hacktivists now: 1. Target CMS systems with known vulnerabilities and harvest vulnerability databases to collect potential attack vectors 2. For other targets, Hacktivists simply run vulnerability scanners 3. Use Google Dork and error message hunting to allocate potential targets within a domain list 4. Use automated injection tools (SQLmap or Havij) to automate the final process of dumping the data 5. Publish the campaign open letters on pastebin.com on Facebook and Twitter to distribute their message © 2012 Imperva, Inc. All rights reserved.
Supporting Evidence  From TeamGhostShell December hack letter : ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net. It was clear through this group and others that the targets were chosen not by sector or interest, but by the fact that they were vulnerable. © 2012 Imperva, Inc. All rights reserved.
#4: Government Malware Goes Commercial CONFIDENTIAL
Military Influence on the Private Sector © 2012 Imperva, Inc. All rights reserved.
The Same Will Hold True in the Cyber World  With Flame and Stuxnet, modern malware has evolved dramatically, which will: + Inspire private hackers to follow—Technologies previously attributed to “state sponsored” attacks are going to become commercialized (or commoditized), blurring the difference between Cyber Crime and Cyber War. + Increase in compromised insiders—Devices affected by modern malware (APT), representing a “compromised insider” threat, are going to become a more prominent risk factor than malicious insiders. © 2012 Imperva, Inc. All rights reserved.
Malware is Popular in Hacking Communities 2012 Verizon Data Breach Report • Malware is on the rise: “69% of all data breaches incorporated malware” - a 20% increase over 2011 • Malicious insider incidents declining: “4% of data breaches were conducted by implicated internal employees” - a 13% decrease compared to 2011 Director of National Intelligence • “Almost half of all computers in the United States have been compromised in some manner and ~60,000 new pieces of malware are identified per day”. © 2012 Imperva, Inc. All rights reserved.
Differences: Commercial vs APT Malware Commercial APT  Broader target  Focused  Relies on broader  Heavily relies on 0-Day vulnerabilities  Purpose can be theft,  Purpose is theft espionage or sabotage © 2012 Imperva, Inc. All rights reserved.
Similarities: Commercial vs APT Malware  Similarity #1: Bypass antivirus.  Similarity #2: More sophisticated malware. + Some of the modules are larger than 1MB and in some of the instances we tracked the total code size amounted to almost 10MB. + We saw version numbers grow substantially over time.  Similarity #3: The command and control structure needs to get bigger and more robust. + Managing more, better methods to control the redirection of user traffic to the attacker controlled server provide improved efficacy and redundancy. + Individual operation able to last a few weeks before being shut down. © 2012 Imperva, Inc. All rights reserved.
The Objective: Compromised Insider Compromised Insider A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. © 2012 Imperva, Inc. All rights reserved.
Few Users are Malicious, All Can be Compromised “Less than 1% of your employees may be malicious insiders, but 100% of your employees have the potential to be compromised insiders.” Source: http://edocumentsciences.com/defend-against-compromised-insiders © 2012 Imperva, Inc. All rights reserved.
#3: Black Clouds on the Horizon CONFIDENTIAL
“Just in Time” Hacking © 2012 Imperva, Inc. All rights reserved.
Some Problems with Hacking Today  Problem #1: Blacklisting by enterprises limits attack duration.  Problem #2: Hackers needed to acquire infrastructure—often illegally—made matters a bit more complex. © 2012 Imperva, Inc. All rights reserved.
What is it?  We expect to see a growing use of IAAS by attackers for different activities due to: + Elasticity: the ability to quickly get hold of a lot of computing resources without too many prerequisites. + Cost: the ability to closely tie up spending with specific attack campaign and the potential gain. + Resilience: the use of commercial cloud computing platforms reduces the ability of defenders to black list attackers and adds much valued latency to the process of server takedown.  Amazon’s EC2 is a good example © 2012 Imperva, Inc. All rights reserved.
How Does it Work? 1. Steal a credit card 2. Leverage cloud infrastructure for attacks • More power • Better anonymization 3. Use cloud infrastructure to process bounty • Unstructured data or files • Data © 2012 Imperva, Inc. All rights reserved.
Examples Over the past year we have seen a number of attack campaigns in which attackers were deploying attack servers in Amazon EC2 cloud. Fraud and business logic attacks DDoS © 2012 Imperva, Inc. All rights reserved.
#2: Strength in Numbers CONFIDENTIAL
A Short History in Community Policing © 2012 Imperva, Inc. All rights reserved.
Strength in Numbers: What is it?  Business and government parties will create collaborative defenses by sharing individual protection data. + In order to get the most out of their initial investment in hacking infrastructure, attackers strive to reuse their attack infrastructure against as many targets as possible. + When there’s no collaboration between defending parties, then each new target has to react to the attack as if it’s new, while most chances other targets had already experienced the same attack in the past. © 2012 Imperva, Inc. All rights reserved.
The Concept  Use the fact that hackers rely on reusing infrastructure to launch attacks. © 2012 Imperva, Inc. All rights reserved.
A Precedent © 2012 Imperva, Inc. All rights reserved.
#1: APT Targets the Little Guy CONFIDENTIAL
A Rare Interview © 2012 Imperva, Inc. All rights reserved.
The Details  Highlights the partnership between government, hacking, and industry in China.  Evidence that China is winning their intention to be “the leader in information warfare.” © 2012 Imperva, Inc. All rights reserved.
What is it?  We expect that in 2013 attackers will also extend the practice commonly dubbed as APT to smaller businesses. + The industrialization of hacking that successfully automated Web application attacks. + Attackers have learned to exploit and profit from compromised Web applications—especially since automation can help uncover poorly protected, smaller companies. + Automation and poor protection will assist APT hackers target smaller organizations containing valuable information. © 2012 Imperva, Inc. All rights reserved.
Industrialization of Hacking and Automation Roles Optimization Automation Researching Vulnerabilities Direct Value – i.e. IP, PII, Growing Botnets and Developing Exploits CCN Exploiting Vulnerabilities Growing Botnets Command & Control Selecting Targets via Search Malware Distribution Engines Exploiting Targets Phishing & Spam Templates & Kits Consuming DDoS Centralized Management Service Model © 2012 Imperva, Inc. All rights reserved.
Quantifying Automation © 2012 Imperva, Inc. All rights reserved.
Conclusion CONFIDENTIAL
Rebalance the Portfolio © 2012 Imperva, Inc. All rights reserved.
Webinar Materials 40 CONFIDENTIAL
Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, for… Answers to Post-Webinar Attendee Discussions Questions Webinar Join Group Recording Link © 2012 Imperva, Inc. All rights reserved.
www.imperva.com

Empfohlen

Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Cyber Threats
Cyber ThreatsCyber Threats
Cyber ThreatsProf John Walker FRSA Purveyor Dark Intelligence
 

Empfohlen

Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Trend Micro - Targeted attacks: Have you found yours?
Trend Micro - Targeted attacks: Have you found yours?Global Business Events
 
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...
Empowering the business while efficiently mitigating risks - Eva Chen (Trend ...Minh Le
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Countering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryCountering the Advanced Persistent Threat Challenge with Deep Discovery
Countering the Advanced Persistent Threat Challenge with Deep DiscoveryTrend Micro
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security Booz Allen Hamilton
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Cyber Threats
Cyber ThreatsCyber Threats
Cyber ThreatsProf John Walker FRSA Purveyor Dark Intelligence
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIBM Switzerland
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Leonardo
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
CTI Report
CTI ReportCTI Report
CTI ReportAlex Deac
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaTechBiz Forense Digital
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security LandscapeArrow ECS UK
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securitybethpatrick
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Challenges2013
Challenges2013Challenges2013
Challenges2013Lancope, Inc.
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 

Weitere ähnliche Inhalte

Was ist angesagt?

2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsBooz Allen Hamilton
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Security B-Sides
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aMark Henshaw
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksTrend Micro
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIBM Switzerland
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Leonardo
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security LandscapeArrow ECS UK
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsJose Lopez
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentationwhmillerjr
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy clubGet up to Speed
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 

Was ist angesagt? (20)

2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Cyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber AnalystsCyber Training: Developing the Next Generation of Cyber Analysts
Cyber Training: Developing the Next Generation of Cyber Analysts
 
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
Advanced Persistent Threats (Shining the Light on the Industries' Best Kept S...
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 aBright talk intrusion prevention are we joking - henshaw july 2010 a
Bright talk intrusion prevention are we joking - henshaw july 2010 a
 
The Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted AttacksThe Custom Defense Against Targeted Attacks
The Custom Defense Against Targeted Attacks
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership Selex ES at Le Bourget 2013 Cyber Partnership
Selex ES at Le Bourget 2013 Cyber Partnership
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
 
CTI Report
CTI ReportCTI Report
CTI Report
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
The Changing Security Landscape
The Changing Security LandscapeThe Changing Security Landscape
The Changing Security Landscape
 
The impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clientsThe impact of a security breach on MSP's and their clients
The impact of a security breach on MSP's and their clients
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
December ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security PresentationDecember ISSA Meeting Executive Security Presentation
December ISSA Meeting Executive Security Presentation
 
Keeping your business safe online cosy club
Keeping your business safe online cosy clubKeeping your business safe online cosy club
Keeping your business safe online cosy club
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 

Ähnlich wie Top Security Trends for 2013

Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]AngelGomezRomero
 
Defending Against Ransomware.pdf
Defending Against Ransomware.pdfDefending Against Ransomware.pdf
Defending Against Ransomware.pdfJenna Murray
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-naAndreas Hiller
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017Bret Piatt
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
Avoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security ThreatsAvoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security ThreatsJumpCloud
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity GroupsDragos, Inc.
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
Should we fear the cloud?
Should we fear the cloud?Should we fear the cloud?
Should we fear the cloud?Gabe Akisanmi
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsImperva
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfTechugo
 

Ähnlich wie Top Security Trends for 2013 (20)

Challenges2013
Challenges2013Challenges2013
Challenges2013
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
 
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
OpenSouthCode '19 - Application Security Fundamentals [2019-May-25]
 
Defending Against Ransomware.pdf
Defending Against Ransomware.pdfDefending Against Ransomware.pdf
Defending Against Ransomware.pdf
 
Sophos security-threat-report-2014-na
Sophos security-threat-report-2014-naSophos security-threat-report-2014-na
Sophos security-threat-report-2014-na
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
3 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 20173 Tips to Stay Safe Online in 2017
3 Tips to Stay Safe Online in 2017
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
Avoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security ThreatsAvoid These Top 15 IT Security Threats
Avoid These Top 15 IT Security Threats
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Should we fear the cloud?
Should we fear the cloud?Should we fear the cloud?
Should we fear the cloud?
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Cloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdfCloud Application Security Best Practices To follow.pdf
Cloud Application Security Best Practices To follow.pdf
 

Mehr von Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 

Mehr von Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 

Kürzlich hochgeladen

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Kürzlich hochgeladen (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Top Security Trends for 2013

  • 1. Top Security Trends for 2013 Rob Rachwald, Director of Security Strategy, Imperva
  • 2. Agenda  Trends 2012: A look back  Trends 2013: High-level overview  Trends 2013: Details on the big 5 © 2012 Imperva, Inc. All rights reserved.
  • 3. Today’s Presenter Rob Rachwald, Dir. of Security Strategy, Imperva  Research + Directs security strategy + Works with the Imperva Application Defense Center  Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and Australia  Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today  Graduated from University of California, Berkeley © 2012 Imperva, Inc. All rights reserved.
  • 4. How Did We Do?  SSL gets caught in the crossfire  HTML5 goes live  DDoS moves up the stack  Internal collaboration meets its evil twin  NoSQL = NoSecurity?  The kimono comes off of consumerized IT  Anti-social media  The rise of the middle man  Security (finally) trumps compliance © 2012 Imperva, Inc. All rights reserved.
  • 5. Trends 2013: Summary Good News  Security will improve for larger, well- funded organizations.  Community policing comes to cyber security. © 2012 Imperva, Inc. All rights reserved.
  • 6. Trends 2013: Summary Bad News  As bigger firms get smarter and more effective, hackers will choose the path of least resistance —small companies.  Not surprisingly, hackers will continue to get more sophisticated. © 2012 Imperva, Inc. All rights reserved.
  • 7. #5: Hacktivism Gets Process Driven CONFIDENTIAL
  • 8. Hacktivism in the Past Key Problem Past performance no guarantee of future returns. © 2012 Imperva, Inc. All rights reserved.
  • 9. Example © 2012 Imperva, Inc. All rights reserved.
  • 10. Process Driven: What is it?  In 2012, Hacktivists moved towards awareness campaigns rather than targeted attacks  Hacktivism awareness means more for less + Arbitrary targets in order to get easy results + Automation in all stages of the process + More aggressive marketing of Hacktivism campaigns © 2012 Imperva, Inc. All rights reserved.
  • 11. Example: Team GhostShell  In order to maximize results, Hacktivists now: 1. Target CMS systems with known vulnerabilities and harvest vulnerability databases to collect potential attack vectors 2. For other targets, Hacktivists simply run vulnerability scanners 3. Use Google Dork and error message hunting to allocate potential targets within a domain list 4. Use automated injection tools (SQLmap or Havij) to automate the final process of dumping the data 5. Publish the campaign open letters on pastebin.com on Facebook and Twitter to distribute their message © 2012 Imperva, Inc. All rights reserved.
  • 12. Supporting Evidence  From TeamGhostShell December hack letter : ProjectWhiteFox will conclude this year's series of attacks by promoting hacktivism worldwide and drawing attention to the freedom of information on the net. It was clear through this group and others that the targets were chosen not by sector or interest, but by the fact that they were vulnerable. © 2012 Imperva, Inc. All rights reserved.
  • 13. #4: Government Malware Goes Commercial CONFIDENTIAL
  • 14. Military Influence on the Private Sector © 2012 Imperva, Inc. All rights reserved.
  • 15. The Same Will Hold True in the Cyber World  With Flame and Stuxnet, modern malware has evolved dramatically, which will: + Inspire private hackers to follow—Technologies previously attributed to “state sponsored” attacks are going to become commercialized (or commoditized), blurring the difference between Cyber Crime and Cyber War. + Increase in compromised insiders—Devices affected by modern malware (APT), representing a “compromised insider” threat, are going to become a more prominent risk factor than malicious insiders. © 2012 Imperva, Inc. All rights reserved.
  • 16. Malware is Popular in Hacking Communities 2012 Verizon Data Breach Report • Malware is on the rise: “69% of all data breaches incorporated malware” - a 20% increase over 2011 • Malicious insider incidents declining: “4% of data breaches were conducted by implicated internal employees” - a 13% decrease compared to 2011 Director of National Intelligence • “Almost half of all computers in the United States have been compromised in some manner and ~60,000 new pieces of malware are identified per day”. © 2012 Imperva, Inc. All rights reserved.
  • 17. Differences: Commercial vs APT Malware Commercial APT  Broader target  Focused  Relies on broader  Heavily relies on 0-Day vulnerabilities  Purpose can be theft,  Purpose is theft espionage or sabotage © 2012 Imperva, Inc. All rights reserved.
  • 18. Similarities: Commercial vs APT Malware  Similarity #1: Bypass antivirus.  Similarity #2: More sophisticated malware. + Some of the modules are larger than 1MB and in some of the instances we tracked the total code size amounted to almost 10MB. + We saw version numbers grow substantially over time.  Similarity #3: The command and control structure needs to get bigger and more robust. + Managing more, better methods to control the redirection of user traffic to the attacker controlled server provide improved efficacy and redundancy. + Individual operation able to last a few weeks before being shut down. © 2012 Imperva, Inc. All rights reserved.
  • 19. The Objective: Compromised Insider Compromised Insider A person with no malicious motivation who becomes an unknowing accomplice of third parties who gain access to their device and/or user credentials. © 2012 Imperva, Inc. All rights reserved.
  • 20. Few Users are Malicious, All Can be Compromised “Less than 1% of your employees may be malicious insiders, but 100% of your employees have the potential to be compromised insiders.” Source: http://edocumentsciences.com/defend-against-compromised-insiders © 2012 Imperva, Inc. All rights reserved.
  • 21. #3: Black Clouds on the Horizon CONFIDENTIAL
  • 22. “Just in Time” Hacking © 2012 Imperva, Inc. All rights reserved.
  • 23. Some Problems with Hacking Today  Problem #1: Blacklisting by enterprises limits attack duration.  Problem #2: Hackers needed to acquire infrastructure—often illegally—made matters a bit more complex. © 2012 Imperva, Inc. All rights reserved.
  • 24. What is it?  We expect to see a growing use of IAAS by attackers for different activities due to: + Elasticity: the ability to quickly get hold of a lot of computing resources without too many prerequisites. + Cost: the ability to closely tie up spending with specific attack campaign and the potential gain. + Resilience: the use of commercial cloud computing platforms reduces the ability of defenders to black list attackers and adds much valued latency to the process of server takedown.  Amazon’s EC2 is a good example © 2012 Imperva, Inc. All rights reserved.
  • 25. How Does it Work? 1. Steal a credit card 2. Leverage cloud infrastructure for attacks • More power • Better anonymization 3. Use cloud infrastructure to process bounty • Unstructured data or files • Data © 2012 Imperva, Inc. All rights reserved.
  • 26. Examples Over the past year we have seen a number of attack campaigns in which attackers were deploying attack servers in Amazon EC2 cloud. Fraud and business logic attacks DDoS © 2012 Imperva, Inc. All rights reserved.
  • 27. #2: Strength in Numbers CONFIDENTIAL
  • 28. A Short History in Community Policing © 2012 Imperva, Inc. All rights reserved.
  • 29. Strength in Numbers: What is it?  Business and government parties will create collaborative defenses by sharing individual protection data. + In order to get the most out of their initial investment in hacking infrastructure, attackers strive to reuse their attack infrastructure against as many targets as possible. + When there’s no collaboration between defending parties, then each new target has to react to the attack as if it’s new, while most chances other targets had already experienced the same attack in the past. © 2012 Imperva, Inc. All rights reserved.
  • 30. The Concept  Use the fact that hackers rely on reusing infrastructure to launch attacks. © 2012 Imperva, Inc. All rights reserved.
  • 31. A Precedent © 2012 Imperva, Inc. All rights reserved.
  • 32. #1: APT Targets the Little Guy CONFIDENTIAL
  • 33. A Rare Interview © 2012 Imperva, Inc. All rights reserved.
  • 34. The Details  Highlights the partnership between government, hacking, and industry in China.  Evidence that China is winning their intention to be “the leader in information warfare.” © 2012 Imperva, Inc. All rights reserved.
  • 35. What is it?  We expect that in 2013 attackers will also extend the practice commonly dubbed as APT to smaller businesses. + The industrialization of hacking that successfully automated Web application attacks. + Attackers have learned to exploit and profit from compromised Web applications—especially since automation can help uncover poorly protected, smaller companies. + Automation and poor protection will assist APT hackers target smaller organizations containing valuable information. © 2012 Imperva, Inc. All rights reserved.
  • 36. Industrialization of Hacking and Automation Roles Optimization Automation Researching Vulnerabilities Direct Value – i.e. IP, PII, Growing Botnets and Developing Exploits CCN Exploiting Vulnerabilities Growing Botnets Command & Control Selecting Targets via Search Malware Distribution Engines Exploiting Targets Phishing & Spam Templates & Kits Consuming DDoS Centralized Management Service Model © 2012 Imperva, Inc. All rights reserved.
  • 37. Quantifying Automation © 2012 Imperva, Inc. All rights reserved.
  • 38. Conclusion CONFIDENTIAL
  • 39. Rebalance the Portfolio © 2012 Imperva, Inc. All rights reserved.
  • 40. Webinar Materials 40 CONFIDENTIAL
  • 41. Webinar Materials Join Imperva LinkedIn Group, Imperva Data Security Direct, for… Answers to Post-Webinar Attendee Discussions Questions Webinar Join Group Recording Link © 2012 Imperva, Inc. All rights reserved.