2015 Year to Date Security Trends
Download as PPTX, PDF•0 likes•977 views
The document discusses 2015 security trends, highlighting an increase in cybersecurity awareness and evolving threats due to outdated systems and rising automated attacks. It emphasizes the shift towards cloud-based security solutions and the challenges associated with hybrid environments, as well as the need for advanced threat detection and response strategies. Additionally, it outlines the importance of compliance with evolving regulations such as PCI DSS.
2015 Year to Date Security Trends
- 1. 2015 Security Trends (So far…) Edward Vasko, CISSP CEO
- 2. About Terra Verde Terra Verde provides customized risk management services and solutions to your business. Our mission is to provide value driven, high quality cybersecurity services and solutions our clients will recommend to their associates, partners and peers. 1
- 3. Trend Trend Trend Trend Trends 2015 Top Security Trends Information Security is undergoing huge growth and changes. The general public is now more than ever painfully aware of IT Security. Technology is changing at an accelerated rate, threats are evolving almost at the same pace. • Data from our Scottsdale Security Operations Center (SOC) • Virtualization • Monitoring, Defense, Testing, Intelligence • Network, Cloud, Mobility • Identity and Access Mgmt. • PCI DSS Compliance 2
- 4. Data from our SOC (1/2) At Terra Verde we operate a Security Operations Center monitoring security related events for thousands of systems nationwide. From January 2015 until yesterday these are the top events flooding our Security Information and Event Management systems: • Outdated clients (including frameworks): flash, java, PHP. • Automated attacks are targeting these outdated systems. • Vulnerable clients susceptible to Heartbleed and POODLE are being attacked. • CHS systems was hacked due to this weakness (https://www.trustedsec.com/august-2014/chs-hacked-heartbleed- exclusive-trustedsec/) 3
- 5. Data from our SOC (1/2) • XSS "cross-site scripting“ attacks are on the rise. • Combined phishing attacks with Stored XSS are making a comeback. • Shellshock exploits are being attempted at an increased rate. • BrowserStack was hacked vie ShellShock (http://www.esecurityplanet.com/network-security/browserstack- hacked-via-shellshock.html) 4
- 6. Data from our SOC (2/2) • Attempted SQL injections are evolving. • Reconnaissance scanning from high threat countries such as China and Russia have increased in 2015 Q1. • The use of exploit kits including angler, fiesta, magnitude and nuclear are gaining popularity. 5
- 7. Virtualization (1/2) • Security is being Virtualized • Most solutions we grew accustomed to in data centers are now readily available and deployable in the cloud. Anything from routers and switched to specialized appliances. • Security controls are now residing in the cloud. • More and more organizations are migrating from data centers to the cloud. With those migrations technical security controls are now in the cloud as well. The challenge is brokering the co-existence of these solutions. 6
- 8. Virtualization (2/2) • Unified Threat Management • SIEMs and other sophisticated monitoring solutions are evolving to correlate live data to system’s events, potential threats, likelihood and providing actionable data. • Hybrid Environments • Virtualization efforts are leaving behind hybrid environments. Full migration is not possible every time. Deploying security controls and administering in both the physical data center and the cloud are posing a new set of challenges for organizations. 7
- 9. Monitoring, Defense, Testing, Intelligence (1/2) • Threat detection and response • Monitoring, Protection and Response are no longer enough. The model is evolving to the realms of avoidance. The new model is becoming: Detect, Respond, Predict and Prevent. • Big data security analytics • Defenses against targeted attacks are now driven by risk and justified by data analytics and aggregation. 8
- 10. Monitoring, Defense, Testing, Intelligence (2/2) • Security intelligence • Security intelligence is improving significantly. It no longer serves one audience (IT) it is now serving the business too. • Context-aware controls • Next generation data loss prevention tools can be adjusted to deal with multiple contexts: endpoint, network, user, entity, channels, products and analytics. 9
- 11. Network, Cloud, Mobility (1/3) • UTM – Unified Threat Management is not quite integrated at all levels and all devices. There are still some limitations in terms of support and compatibility with all nodes that generate security related events. • Cloud Access Security brokerage services • Contextual information from physical and virtual assets are leading to policy decisions around: • Operations: load balancing, access control, content delivery network optimization, etc. • Security: identity management, logging, monitoring, data loss prevention, malware analysis, etc. 10
- 12. Network, Cloud, Mobility (2/3) • Website protection • Web application firewalls are being put to the test and they are delivering exceptional services (not after some pain, you get what you pay for and more importantly what you configured for) • "Brobot" and "Kamikaze/Toxin“ botnets keep being used to launch DDOS attacks toward financial institutions. Compromised high bandwidth webservers with vulnerable content management systems (CMS) are being used to upload attack scripts to the high bandwidth servers. 11
- 13. Network, Cloud, Mobility (3/3) • Endpoint breach shifting to mobile devices • Increased number of threats are targeting mobile platforms. • Researchers have demonstrated success rate of over 90% (http://www.fiercewireless.com/tech/story/researchers-demo-92- success-rate-hacking-smartphone-apps/2014-08-24) • Smartphone-based POS applications attacks are on the rise. • Mobile POS and app-based wallets are being targeted • Most attacks on mobile devices still require human collaboration: • Trojan, Trojan downloaders, Trojan-SMS, Trojan-spy, backdoors, adware, etc. 12
- 14. PCI DSS Compliance Payment Card Industry (PCI DSS) • Version 3.0 introduced multiple challenges: • Legal agreements 12.8.2 • Secure protocols (SSL) • Card Data environments scope are increasingly challenged with cloud solutions. • Tokenization offers and solutions are not articulating vendor’s responsibilities. • EMV implementation deadlines are fast approaching. • Requirement 9.9: Physical access and point of sale 13
- 16. About Terra Verde About • Established in 2008 • Headquartered in Scottsdale • Payment Card Industry Qualified Security Assessor – PCI QSA • Pragmatic solutions to solve problems 15 Key differentiators • Objective and certified • Experienced & dedicated • Service team averages 18 years experience Primary markets served • Health Care • Financial Institutions • Gaming/Hospitality • Retail • Technology Background • 40 FTEs • Hundreds of engagements performed worldwide • Largest AZ headquartered security company
- 17. Terra Verde Services Assessment/Testing • Penetration testing • Vulnerability assessment • Technical risk assessment • Web security assessment • Physical security assessment Security Strategy • Maturity assessment • Interim leadership • Program support/implementation • Control implementation • Secure SDLC Technology Operational Risk • Advisory services • Expert Witness • Forensics/Incident Response • Project Management 16 Compliance & Audit PCI, HIPAA, SOX, FTC, FISMA, CSP, ISO, etc.
- 18. Terra Verde Solutions Managed Security • Device monitoring • Security device management • Web application firewall • Vulnerability Management • Compliance portal • Patching • 24x7 US based SOC Audit Documentation • Eliminate audit fire drills • “Business as Usual” • Reduce compliance costs Application Monitoring • Metrics • Performance/availability • Secure SDLC 17