SESSION ID: #RSAC Kamran Ahsan Defending the Digital Enterprise: Cyber Threat Visibility and Resolution SPO1-W06A Senior Director – Digital Security Etisalat
SESSION ID:
#RSAC
Kamran Ahsan
Defending the Digital Enterprise: Cyber Threat Visibility and Resolution
SPO1-W06A
Senior Director – Digital Security Etisalat
#RSAC
A new digital world has emerged…
http://www.forbes.com/sites/louiscolumbus/2013/09/28/
2
#RSAC
Organizations have digital footprints
3
#RSAC
Digital footprint has many stakeholders
4
#RSAC
Digital footprint falls beyond security controls
5
#RSAC
Digital footprint has unique risks
6
#RSAC
Identifying risks areas…
Branding & Reputation
Business Disruption
Online Fraud
7
#RSAC
Ignorance is bliss!
• Stolen user credentials of System Administrators
• Information leaks related to profiles of key resources
• Fake job offers with unauthorized use of brands, logos and images
• Suspicious activities of employees on social media
Branding & Reputation
• Stolen credit cards for sale in the Black Market
• Unauthorized and typo squatting domains
• Supply chain vulnerabilities• Suspicious mobile applications• DDoS campaigns
Business Disruption
• Unique malware being developed • Phishing sites• Malware infections related to an
industry vertical • Global fraud • Technical vulnerabilities of critical
systems
Online Fraud
8
#RSAC
..but it puts us into a state of
9
#RSAC
We need to manage through…
… gathering intelligenceabout all activities affecting
organization’s digital footprint - a continuous mechanism of
detection and
resolution supplemented
by human intelligence
10
#RSAC
…which is achieved as…
[{Intelligence on Threat Detection + Remedial Action}]+{Human Intel}
Enrich
Analyze
Process
Scouting Data from Multiple Sources
11
#RSAC
Suspicious Domains
Information Leaks
Breach of Security Controls
Credential Theft
Suspicious Mobile Apps
…having basic coverage of managing risks as…
12
#RSAC
…specific to industry verticals…
Information leaks Online services vulnerabilities
Phishing Malware Pharming Carding
Theft of on-line bank credentials and credit cards information
Sale of products through the “grey market” and brand abuse
Grey Market Fake products Traffic deviation
Intellectual property offence and threats to online media
DDOS AttacksIntellectual property
Relationship with faked brands
Banking & Financial Services
Retail & Wholesale
Media & Entertainment
13
#RSAC
…and available as…
14
#RSAC
You are forearmed if you are forewarned!
Detection
Threat broadest coverage
Actionable intelligence
Investigations
Response
Countermeasures
Cyber threats mitigation
Support & Advisory
Continuous monitoring
Threat evolution analysis
Decision making support
Anticipation
15
#RSAC
Next week you should:Identify assets/ resources of your digital presence and assign criticality
In the first three months following this presentation you should:Understand threat scenarios and qualify as a business need Review and pilot Cyber Threat Intelligence (CTI) services in the market
Within six months you should:Select a service suited to YOUR digital presence & risk appetite Consider multiple internal stakeholders as consumers of this service; this is to best utilize the service and organization’s budget
Apply what you have learned today
16
#RSAC
Thank You