Lots of change is impacting security. This presentation looks at four key security concerns that are most impacted by application and technology trends and what we can look for in solutions to address those concerns.
2. { }THE MORE THINGS CHANGE
the more they stay the same1- Jean-Baptiste Alphonse Karr
@lmacvittie
3. What is your trouble?
Mistaken identity.“
“
- Wei Wu Wei
@lmacvittie
4. The top factor driving network
security strategy is preventing
and/or detecting malware
threats
Phishing still catches 45% of
targets
NOWTHEN
NIMDA
SQL SLAMMER
ZEUS
CRIDEX
CONFICKER DYRE
E-MAIL
FTP SITES
E-MAIL
WEB SITES
M A L W A R E
D I S T R I B U T I O N
@lmacvittie
5. 44% of organizations say security and fear
of a data breach keeps them from
expanding mobile programs
The Most Common Types of Incidents
82%
70%
66%
49%
malware access breach false alarm DDoS attack
@lmacvittie
7. NEED SMARTER DECISIONS ON WHO ACCESSES WHAT FROM WHERE AND WHEN AND HOW AND …
Browser / Device / Thing
Fingerprinting
Geolocation Malware Detection Identity Verification
Contextual Security: Evaluating multiple variables to determine legitimacy of client
It’s not just for banks any more
@lmacvittie
8. { }2SOMETIMES THE THINGS WE
CAN’T CHANGE
end up changing us
- Unknown
@lmacvittie
9. You cannot stop an attack.
You can only prevent it from
having an impact.
“ “
- me
@lmacvittie
10. DPS of a DDoS
has doubled
5 Gbps
10 Gbps
2011 2013
Leading rhetorical question: Has your bandwidth doubled too?
@lmacvittie
11. More than 1/3 were hit by a
DDoS attack between April 2013
and May 2014
55% of DDoS targets experienced
smokescreening with nearly 50%
having malware/virus installed and
26% losing customer data.
@lmacvittie
12. 50% agree specialized countermeasures against DDoS attacks are an important security requirement
WE HAVE TO CHANGE BECAUSE WE CAN’T CHANGE ATTACKERS
35% of organizations plan to deploy more security services in the next 12 months
HYBRID DDoS PROTECTION ARCHITECTURE
@lmacvittie
14. More than half of organizations
protect applications and data on
the client, on request and on
response.
WE HAVE TO CHANGE BECAUSE WE CAN’T CHANGE THE APPS
@lmacvittie
15. { }3THINGS CHANGE FOR THE
WORSE SPONTANEOUSLY
if not changed for the better purposefully
- Francis Bacon
@lmacvittie
16. Wearables are like your
tag-along little brother.
They get access because
they are attached to you.
“ “
- me
@lmacvittie
17. 170 M wearable devices
by 2017. 2 M telehealth
patients by 2018.
12 percent of cars will
be connected to the
Internet by 2016
26.8 percent of TVs
will be connected by
2018
212 B connected things,
1.4 mobile devices per
capita by 2018
THINGS ARE CHANGING EVERYTHING
Licensing Activation Remote control Data management Usage Billing Engagement
Within the next five years, more than 90% of all IoT data will be hosted on service provider
platforms as cloud computing reduces the complexity of supporting IoT “Data Blending”.
18. FOUR
the order of magnitude difference between employees and customers needing access
19. THINGS WE CAN CHANGE PURPOSEFULLY
PROGRAMMABILITY & PROVISIONING
DNS IDENTITYAVAILABILITY SECURITY ACCESS
ORCHESTRATION
• Focus on scale of core capabilities like DNS and availability
• Evaluate readiness to federate access across cloud apps
• Examine state of identity and access* to manage millions of users
• Strategize on automation for provisioning and auto-scale
Licensing Activation Remote control Data management Usage Billing Engagement
* This means your identity store, too. Can your LDAP/AD/SQL infra keep up? @lmacvittie
20. { }THINGS WE CAN CHANGE
to improve security this year4
21. 1
3
2
4
• SCALE and SMARTS of IDENTITY and ACCESS
• WEB APPLICATION SECURITY
• DDoS PROTECTION APPROACHES
• OPERATIONLIZE with APIs, TOOLS and FRAMEWORKS
@lmacvittie
THEN is 2001-2004. Now is, well, now. 61 Percent of Breaches Caused by Stolen Credentials. Then, attackers targeted systems directly. Today, attackers target systems through individuals using the same kinds of tools and distribution mechanisms.
Javelin Strategy & Research’s 2014 Identity Fraud Report: Card Data Breaches and Inadequate Consumer Password Habits Fuel Disturbing Fraud Trends.
Yes, this is consumer data. Go ahead and dismiss it, but remember – these are the same consumers that work inside your organization and are therefore an integral part of your security strategy. Remember, phishing still catches 45% of these folks. No matter how good your password policy may be, it can’t stop someone from sharing it with a malevolent third party.
This is just logic. By the time you have identified an attack – even the first packet – it’s already begun. You can’t stop it, you can only prevent it from having an impact. You can deflect it or reject it, but you can’t stop it from happening. This is why it’s absolutely critical to have in place systems able to detect an attack at the earliest possible point in time.
According to Verizon's 2014 Data Breach Investigations Report (DBIR) the mean density of a DDoS attack in 2011 was 4.7 Gbps. In 2012 it was 7.0 Gbps. Last year it reached 10.0 Gbps.
Yes, you read that right. The DPS of a DDoS has doubled in less than two years. And that's the mean. The largest attacks have registered at over 300 Gbps.
Neustar’s just-released 2014 DDoS Attacks and Impact Report
FTR, that is Smokescreen the Transformer. That’s really his name. Apropos of the context, seems legit.
Now, remember that based on IDC data, applications double every 4 years and industry expert Bernard Golden tracked the impact of new technologies on application growth at 10% per technology.
It’s not just the apps, but the app platforms and the app frameworks and the app… everything. We can’t change that, we’re not that involved. We can only change how we protect it, with more inspection and validation – on the client, on request and on response. Data from f5.com/soad
21580 – number of devices already connected to the corporate network (Ponemon). Everyone – and I mean everyone – is convinced there will be a breach caused by wearables in 2015.
The use of the phrase “connected to the Internet” is misleading because these things are really connecting to apps using the Internet… through your network.
74% of innovative organizations will monetize new applications and services. Access is required. For both users and things. You’re going to have to deal with that. Order of magnitude is representative of exponential change. A magnitude of 4 is equivalent to 10,000 times more. So if you have 1 employee, you have to service 10,000 customers, and so on.