Weitere ähnliche Inhalte Ähnlich wie Selex Es main conference brief for Kingdom Cyber Security Forum (20) Kürzlich hochgeladen (20) Selex Es main conference brief for Kingdom Cyber Security Forum1. © Copyright Selex ES S.p.A 2014 All rights reserved
A perspective from a Cyber Integrator
From Reactive to Proactive:
The power of managed situation awareness
Presentation to Kingdom Cyber Security Forum
May 2014
2. © Copyright Selex ES S.p.A 2014 All rights reserved
What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
3. © Copyright Selex ES S.p.A 2014 All rights reserved
What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
4. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
Threats, vulnerabilities and underlying information technology are
changing at a ferocious pace; so must all the countermeasures
Viruses
Trojans
Botnets
Phishing
Waterhole
Man in
the email
Policy
Training
Hardening
Intrusion
detection
Anomaly
detection
Malware
analysis
Certification
And in complex environments, no single product or service
specialist can keep up
5. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
Defence (National & NATO)
National Security Agencies
Governments & institutions
Law Enforcement
Telecommunications
Banking & Insurance
Healthcare
Transport & Utilities
Prime Contractors
Large Enterprises
A Cyber Integrator is typically a systems integrator and manufacturer with
a broad perspective of security requirements
– and a dedicated security practice
6. © Copyright Selex ES S.p.A 2014 All rights reserved
Understand
factors,
methods
and history
Driven by nature and extent of
measures required to achieve
desired security
In some cases, an annual check up Is sufficient.
In others, constant monitoring is recommended!
Level of threat X Level of vulnerability = Extent of security measures required
Understand
technical
vulnerabilities
and weaknesses in
security governance
and user habits
A practiced Cyber Integrator seeks to
diagnose before prescribing
7. © Copyright Selex ES S.p.A 2014 All rights reserved
• Customer desired business objectives
SOLUTIONS ARE BUILT ON:
• Customers’ direct threats and vulnerabilities
• Customers’ indirect risks and challenges
• Engineered solutions and services
A Cyber Integrator takes a systems
engineering approach
8. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
Compromising
Ability to Perform Intellectual
Property Theft
Loss of
Financial Control
Ability to
Recover
Threat to Human Safety
Affecting
Compliance Status
Threatening
Reputation
Clients suffering data loss, theft and cyber attack
with serious to existential consequences
9. © Copyright Selex ES S.p.A 2014 All rights reserved
Selex ES: What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
10. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
Our customers are beset by the same global issues
Front office Operations
IT and Administration
Back office Operations
Internal Contractors
Bought-in
Services
Trusted
Partners
Executive
Tactics
Relentless
Spam
Socially
engineered
Botnet
Attack
Insider
Attack
Techniques
Phishing
Waterhole
Spam
Insider
Procedures
Reconnoitre
Penetrate
Sleep
Propagate
Control
Transmit
Transform
Weapons
Virus
Trojan
Worm
Rootkit
Logger
Dialler
Toolkits
VANDALS
PROTESTORS
THIEVES
SPIES
NATIONS
Deface
Destroy
Steal
Cheat
Impair
Customer
POS, ATM etc
BranchPhone
Online
Contact with
Enterprise
11. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
And the evidence suggests that the money to be made
attracts the very best talent – of the wrong sort
• Face to face
• Online payment
• Man in the email
(China, Nigeria and South Africa)
Fraud
Banking
Account takeover
Automated clearing
Global fraud losses linked to ACH and
wire fraud for banking institutions
Corporate finance
Mobile banking and financial
transaction threats
• $455 million 2012
• 2013 projection - $523 million
• 2016 projection - $795 million
12. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
https://
https://
And enterprises share
common vulnerabilities
POORLY INSTALLED
FIREWALLS
USING DEFAULT
PASSWORDS
POORLY PROTECTED
CUSTOMER DATA
AT REST
POORLY MAINTAINED
APPLICATIONS
AND SYSTEMS
IRRATIONALLY APPLIED
ORGANISATION
SECURITY POLICY
POORLY MAINTAINED
ANTI-VIRUS
AND IPS/DLP SYSTEMS
LOOSE
UNDERSTANDING OF
NETWORK
ACTIVITY
INSUFFICIENT
ENCRYPTION
OF DATA IN TRANSIT
LOOSE
‘NEED TO KNOW’
POLICY
POORLY PROTECTED
CUSTOMER DATA
AT REST
POORLY MAINTAINED
APPLICATIONS
AND SYSTEMS
IRRATIONALLY APPLIED
ORGANISATION
SECURITY POLICY
POORLY MAINTAINED
ANTI-VIRUS
AND IPS/DLP SYSTEMS
LOOSE
UNDERSTANDING OF
NETWORK
ACTIVITY
INSUFFICIENT
ENCRYPTION
OF DATA IN TRANSIT
LOOSE
‘NEED TO KNOW’
POLICY
USING DEFAULT
PASSWORDS
POORLY INSTALLED
FIREWALLS
13. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
So, we work with enterprises to improve awareness of
Vulnerabilities, Threats and Attacks
Processes
People
Culture
Systems
Tools
TechniquesDrivers
Organisation
ThreatsVulnerabilities
Level of
Damage
Tolerance of
Damage
Technology Procedures
And then we start to build the appropriate responses…
14. © Copyright Selex ES S.p.A 2014 All rights reserved
Selex ES: What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
15. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
CYBER DOCTRINE
Assess
CYBER SERVICES
Assessment Guidance Remediation
Projects
Managed
Services
Managed
Services
A Cyber Integrator draws on a coherent set of services
designed to address threats and resolve vulnerabilities
• Vulnerability
• Maturity
Assure
Prevent
Protect
Detect
Resist
Defend
Respond
Contain
Eradicate
Recover
Learn
• Policy
• Certification
• Training • System hardening
• System provision
• Enterprise
protective
monitoring
• Incident
response
forensics
COMPETITIVE ADVANTAGE. INFORMATION SUPERIORITY.
16. © Copyright Selex ES S.p.A 2014 All rights reserved
Taking an Integrators’ approach, we then develop
the Advisory, Skills transfer, Change and enduring
Services solution to meet the need.
Understand
factors,
methods
and history
Driven by nature and extent of
measures required to achieve
desired security
But to keep up with changing threats, exploits and attack methods, our services have to be agile,
flexible and truly innovative.
Level of threat X Level of vulnerability = Extent of security measures required
Understand
technical
vulnerabilities
and weaknesses in
security governance
and user habits
17. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
• Policy and legislation background
• Essential industry architecture
• Key industry governance processes
• Key financial functions and processes
• Key systems
We immerse ourselves in your
environment:
How does a cyber services integrator
achieve agility and flexibility?
18. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
• Understand and model predominant
attack/exploit methods
• Develop and maintain a library and understanding
of characteristic system vulnerabilities
• Anticipate next generation exploits
• Characterise key domain processes that are
subject to attack
We maintain sector specific technical expertise,
backed by our own wider technical expertise and context
Which enables us to provide a coherent set of
appropriate services to the companies operating within
the particular sector
How does a cyber services integrator
achieve agility and flexibility?
19. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
What would the outcome look like?
Achievement and
maintenance of
security compliance
Monitoring and real time analysis
of anomalies plus development
of intelligence data
-plus reaching out to external
sources
Response to incidents:
containment, eradication
and recovery
Development and maintenance
of situation awareness, dynamic
risk analysis and feed back for
training and process improvement
- plus deeper malware / TTP
analysis (DIY or bought-in)
Hardening of
key systems
Regular
vulnerability
assessment
DeterDetect
Through
life
security
AssureRespond
Learn Assess
Your Cyber Security Capability
20. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
Detect
Resist
Defend
Respond
- Contain
- Eradicate
- Recover
- Learn
Deter
Protect
OrganisationUsersCore Systems
Assess Assure
© Copyright Selex ES S.p.A 2013 All rights reserved
An Enterprise CIRT or equivalent managed
service provides the right focus
Enterprise CIRT
21. © Copyright Selex ES S.p.A 2014 All rights reserved
Selex ES: What is a Cyber Integrator?
Situation Awareness – of what?
Building a specific response
Benefit from wider system collaboration
22. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
The key characteristic of national
and international response to cyber
threats is collaboration
© Copyright Selex ES S.p.A 2013 All rights reserved
23. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
The key characteristic of response is
collaboration
• Joint research centre – vulnerabilities etc
• Pan European exercises
• Sector and National CSIRTs
• Europol and Interpol: cooperation for Cyber
EU CYBER STRATEGY
RESTS ON COLLABORATION
© Copyright Selex ES S.p.A 2013 All rights reserved
24. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
• To optimise information sharing,
collaboration and interoperability
NATO: LISBON DECLARATION
The key characteristic of response is
collaboration
© Copyright Selex ES S.p.A 2013 All rights reserved
25. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
Comprehensive National Cyber security Initiative
• Connecting Cyber Operations Centres
• Shared Situational Awareness
• Federal, State, Local and Private Sector
• Supply chain initiative
US INITIATIVES:
© Copyright Selex ES S.p.A 2013 All rights reserved
The key characteristic of response is
collaboration
• Education and R&D initiative
• FUNDING!
The concept of sector and national nodes and hubs for reporting,
correlating data and sharing intelligence is gaining momentum
26. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
And what does all that
collaboration provide to the
participants?
A massive surface area to gather
cyber intelligence
So, where does one start?
27. © Copyright Selex ES S.p.A 2014 All rights reserved
Plans
Procedures
Lessons learned
Vulnerabilities
Threats
Impact
Breach and
incident data
Technical indicators
of compromise
Suggested
remediation actions
© Copyright Selex ES S.p.A 2013 All rights reserved
Vulnerabilities
Threats
Impact
Breach and
incident data
Sector CIRT
Secure and
trusted
information
sharing
Enterprise CIRTEnterprise CIRT
Within any Business or Government Sector, a federated and
trustworthy Sector CIRT would encourage collaboration
28. © Copyright Selex ES S.p.A 2014 All rights reserved© Copyright Selex ES S.p.A 2014 All rights reserved
The national effect: shared situational awareness of network
vulnerabilities, threats, and events
Banking
Oil & GasPower
generation
Aviation
TelecomsMedical
Are you
seeing what
we are
seeing?
29. © Copyright Selex ES S.p.A 2014 All rights reserved
Presentation to Kingdom Cyber Security Forum
Thank you for listening
May 2014