Mapping the Territory of Cyber Threats - Prevent, Detect and Respond to Cyber Attacks

0 Copyright 2016 FUJITSU

Fujitsu Forum 2016

#FujitsuForum


Mapping the territory of Cyber threats. Prevent, detect and respond to Cyber attacks

Rob Norris

Head of Enterprise & Cyber Security EMEIA, Fujitsu

Richard Curran

Security Officer EMEA , Intel

Bryan Campbell

Senior Security Researcher , Fujitsu, @Bry_Campbell


Delivering Intelligent Led Security - Agenda

Threat Landscape

Legislation – NIS & GDPR

Security Predictions

Intelligent Security Operations Centre (ISOC)

Fujitsu Security Capabilities

Summary & Q&A


Threats

Weak Supply chains

Hacktivism

Credit Card Data

Customer Data

IPR Theft

Insider Threat

Prevent

Detect

Respond

The Landscape – Case of When not If


By 2018 - New Legislation will drive Security Requirements Network & Information Security Directive (NIS) & General Data Protection Regulation (GDPR)

New Legislation Main Customer Tasks Prepare Now!

Network and Information Security Directive (NIS) • Harmonized requirements on

each Member State’s legislation

• Each member state must pass a national law based on the directive by 2018

General Data Protection Regulation (GDPR) • Regulation is valid as is in every

country from 2018 on

• Countries may add national extensions

• Open issue: is relevant law that of consumer’s or provider’s jurisdiction?

Information Systems and Data Governance • Evidence of policies and effective

implementation, e.g.

• Security Audit • Data Protection Impact

Assessments • Data Protection Officer to be

implemented

Reporting • Records of Processing • Specific reporting of security

incidents / data breaches without undue delay

Severe Fines • GDPR: 20M€ or 4% of annual

turnover

Governance, Risk and Compliance • Security Consulting, e.g.

Continuity & Resilience

• Data Protection, e.g. IAM, encryption

• MSS, e.g. vulnerability management, perimeter protection, content inspection

Assessments & Audits • Security Audits • Privacy Impact Assessment

Detect and Response • Cyber Threat Intelligence • SIEM enhanced by reporting

according to NIS/GDPR

5 INTERNAL USE ONLYINTERNAL USE ONLY Copyright 2016 FUJITSU

Major threats predictions for 2015

State sponsored cyber

espionage POS Malware

Major Software Flaws Ransomware ATM

Jackpotting Crimeware as a service

Banking Trojans

DDOS attacks

Mobile platform threat IoT Attacks


2015 – The Year of banking Trojans

2015 – Fujitsu Cyber Threat Intelligence provided intelligence about banking Trojans

Further assisted Government & Law enforcement agencies by sharing information & key learnings

Our work has helped protect both Fujitsu existing & non Fujitsu Customers

2016 – Despite the above Banking Trojans still pose a significant threat


Major Threat Predictions for 2016

Flash in the spotlight

The Insider Threat

Web Attacks under attack

Data Remains King

IoT growth equals DDoS

Biometrics on the Rise

Check the mail

Things get Personal

Companies need expert

help


The IoT of Distrbuted Denial of Service (DDoS) Attack


Data Remains King


Flash in the Spotlight


Check The Mail


Phishing


How do we combat these - Intelligence led Security


Title


Our own Intelligence gathering…



A Day in the life of a SOC Agent


Security by Design : In the DNA of Your Organization

Enable Your Business to go FAST, SAFELY

BUSINESS OBJECTIVES Does your board recognize the

opportunity in embracing security as an

opportunity?

How do you approach developing or

enhancing a security-minded culture?

What do you expect from your partners

to deliver secure services?


A Hardened Infrastructure is paramount?

Hardware

Applications

Operating System

Virtual Machine (Optional)

Attacks disable security products

OS infected with APTs:Threats are hidden from security products

Traditional attacks: Focused primarily on the application layer

Ultimate APTs: Compromise platform and devices below the OS, using rootkits as cloaks

Compromise virtual machine

New stealth attacks: Embed themselves below the OS and Virtual Machine, so they can evade current solutions

VISIBILITY/

CONTROL

Cloud

Trusted

Trusted

Untrusted Unknown

Identity Protection

HW-based IT-policy managed, Multi-

Factor Authentication

Protecting authentication factors, IT

policy decision and credentials


40+ Year History in design, delivery and Integration of large scale cyber security

services

Highest Strategic Technology Partner

Accreditations

Operating across Public and Private

sector, and National Defence Businesses

R&D Capability – developing/delivering

Fujitsu security products, e.g.

PalmSecure and SURIENT

Security Operations Centres operating to

highest National Government security

levels

350+ Security professionals today moving to 1000+ in

next 3 years

PalmSecure

SURIENT Web & Email security

Endpoint protection

Firewalls and IDS/IPS

Managed Security Services

Cloud and DLP Security

Assessments

Continuity and Resilience

Consultancy

Technical Design and Integration

Assessment Services

Security Consultancy

Data Loss Prevention

Advanced Threat Protection

SIEM and SIEMaaS

Vulnerability Management

Identity & Access Mgmt

Consultancy and Advisory

Cyber Threat Intelligence and Threat Response

Products

Fujitsu EMEIA Security Offerings


Developing Fujitsu own Security Portfolio SURIENT as well as Artificial Intelligence Tools

Managed Rack Sol. Sealed Rack Sol. Stealth Connect Sol. AI - Zinrai

New way of caging in data center for secured physical access (for housing and hosting services)

Server rack opens only for authorized people and logs all openings/closings for audits

Biometric Authentication via PalmSecure ID Match

Installation Services included

New to the world high end solution to protect from intrusion and manipulation with completely separated zones

Fujitsu stealth technologies implemented in control unit

Exceeds MRS security by far

High Secure blocking tool for external communication to a Data Center

Attackers see only closed ports (even behind the same NAT as a user signed in)

Secure strongly against elevation of rights, MitM, Zero Day Exploits, Untrusted Platform

Developed in Japan Zinrai meaning lightning fast in Japanese, is an AI platform that allows Predictive Analysis of Security attacks

Anomaly detection is a typical use case for machine learning systems

Anomaly detection is applied to network traffic information (IDS Logs) to detect cber attacks


Biometric Technology - PalmSecure – Visit the Cyber area to see Portfolio & Typical User Cases


Summary - People & Service Matter…

Collaborative

Strong Vendor

Relationships

Vendor & Technology Agnostic

Deep Real World Experience

Service Integration Background

Co-located

Technical Skills

Pragmatic &

Realistic

Extension of our

Customers’ Business

Market

Intelligence

Service Flexibility

Proven Services

Sense & Respond

Gen X & Gen Y

Hybrid Delivery Model

Service Culture

Service Intimacy

Extra Mile

Proactive

Customer Experience


SECURITY Updates November 16:

Nov 16, 13:00 - 13:30 New European Legislation - impact on Security requirements

What is GDPR and how will it affect you ?

Ralf Adebar

Nov 16, 13:30 - 14:00 Top 10 Cyber Predictions Review & Predictions from our Fujitsu Security Operations Center

Luke Smalley & Bryan Campbell

Nov 16, 15:00 - 15:30 Cyber Threat Intelligence

Why you cannot afford your organization to be without it Ryan Smith & Bryan Campbell

Nov 16, 15:30 - 16:00 Next Generation SIEM With the growing requirement to be able to make alerts relevant, what is the future of SIEM

Martin Cook from LogRhythm @ Ian Whittingham

Nov 16, 16:00 - 16:30 Security Operation Centers (SOC)

How should a SOC operate and how you can benefit Iain Slater & Ian Whittingham

November 17

Nov 17, 10:00 - 10:30 E2E Security Challenges and solutions - demonstrated with innovative usage scenarios based on our SURIENT technology

Dr. Heinz-Josef Claes

Nov 17, 10:30 - 11:00 Intelligent Security Solutions - based on R&D Own developments, cooperation with partners and relationship with academia

Thorsten Höhnke & Daniel Prince

Nov 17, 15:00 - 15:30 Identity and Access Management Challenges and solutions - demonstrated with innovative usage scenarios based on PalmSecure technology

Thomas Bengs

Nov 17, 15:30 - 16:00 Advanced Threat Protection (ATP)

Why Prevention alone isn’t enough and why organizations should shift focus to Detection and Response.

Symantec
