Securing Systems of Engagement

© 2015 IBM Corporation

Securing Systems of Engagement

. . With the meteoric rise in the usage of smartphones and social media

V1, 1 May15

John Palfreyman, IBM

© 2015 IBM Corporation 2

1. Cyber Security & Cyber Crime in Context

2. Technology & Business Landscape

3. A Smarter Approach

4. The Future & Concluding Remarks

Agenda


Cyber Security & Cyber Crime in Context

Who are the bad guys & what are they up to?


Cyber Security – IBM Definition

Cyber Security /–n 1. the protection of an organisation and its assets from electronic attack to minimise the risk of business disruption.


Cyber Security - Expanded

Hacking

Malware

Botnets

Denial of Service

Trojans

Cyber-dependent crimes

Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13


Cyber Crime

Hacking

Malware

Botnets

Denial of Service

Trojans

Cyber-dependent crime

Fraud

Bullying

Theft

Sexual Offences

Trafficking

Drugs

Cyber-enabled crime

Source : UK Home Office – Cyber Crime: a review of the evidence Oct 13


Confusion & hype abound

Common attack methods

Common methods of defense / counter / investigation

Data > Insight chain

Prosecution – burden of evidence

Learning & sharing possible, but patchy

Cyber Security & (counter) Cyber Crime


Cyber Threat

M O

T I

V A

T I

O N

S O P H I S T I C A T I O N

National Security, Economic Espionage

Notoriety, Activism, Defamation

HacktivistsLulzsec, Anonymous

Monetary Gain

Organized crimeZeus, ZeroAccess, Blackhole Exploit Pack

Nuisance,Curiosity

Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red

Nation-state actors, APTsStuxnet, Aurora, APT-1


A new type of threat

Attacker genericMalware / Hacking / DDoS

IT Infrastructure

Traditional

Advanced PersistentThreat

Critical data /infrastructure

Attacker

!!


Attack Phases

11Break-in Spear phishing and remote

exploits to gain access

Command & Control (CnC)

22Latch-on

Malware and backdoors installed to establish a foothold

33Expand

Reconnaissance &lateral movement increase access & maintain presence

44Gather Acquisition & aggregation

of confidential data

Command & Control (CnC)

55

ExfiltrateGet aggregated data out to external network(s)


IBM X-Force

11


Technology & Business Landscape

New opportunities for cyber crime!


Smarter Planet

Instrumented – Interconnected - Intelligent


Cloud

DRIVERS

Speed & agility

Fast Innovation

CAPEX to OPEX

USE CASES

SCM, HR, CRM as a SERVICE

Predictive Analytics as a SERVICE


Mobile

DRIVERS

Mobility in Business

Agility & flexibility

Rate of technology change

USE CASES

Information capture, workflow management

Education where & when needed

Case advice


Big Data / Analytics

DRIVERS

Drowning in Data

Insight for SMARTER

More UNRELIABLE data

USE CASES

Citizen Sentiment

Predictive Policing

OSINT augmentation

Open Source

Internal Sources

Intelligence Analysis

SIGINT BiometricsEmail GeoINT Telephone Records

Data Records


Social Business

DRIVERS

Use of Social Channels

Smart Employment

Personnel Rotation

USE CASES

Citizen Sentiment

Counter Terrorism

Knowledge Retention

Gather INTELLIGENCE•Social Media as OSINT•Individuals, Groups, Events•Supplement traditional sources

Efficient WORKING•Breaking down Silos•Collaboration•“Self help” Culture

Leverage KNOWLEDGE•Access to Experts, Content•Collaborative Ventures•Enables Innovation

Positive IMAGE•Promotion / marketing•Recruiting•Citizen engagement

InternalExternal


Systems of Engagement

Collaborative Interaction oriented User centric Unpredictable Dynamic

Big Data / Analytics

Cloud

Social Business

Mobile


Use Case – European Air Force Secure Mobile

CHALLENGE

•Support Organisational Transformation

•HQ Task Distribution

•Senior Staff demanding Mobile Access

SOLUTION

•IBM Connections

•MS Sharepoint Integration

•MaaS 360 based Tablet Security

BENEFITS

•Improved work efficiency

•Consistent & timely information access

•Secure MODERN tablet


The Millennial Generation

EXPECT . . .

to embrace technology for improved productivity and simplicity in their personal lives

tools that seem made for and by them

freedom of choice, embracing change and innovation

INNOVATE . . .

•Actively involve a large user population

•Work at Internet Scale and Speed

•Discover the points of value via iteration

•Engage the Millennial generation


Smart Phones (& Tablets) . . .

21

Used in the same way as a personal computer

Ever increasing functionality (app store culture) . . .

. . . and often more accessible architectures

Offer “anywhere” banking, social media, e-mail . . .

Include non-PC (!) features Context, MMS, TXT

Emergence of authentication devices


. . . are harder to defend ? . . .

22

Anti-virus software missing, or inadequate

Encryption / decryption drains the battery

Battery life is always a challenge

Stolen or “found” devices– easy to loose

Malware, mobile spyware, impersonation

Extends set of attack vectors

Much R&D into securing platform


. . . and Bring your Own Device now mainstream

23

Bring-your-own device expected

Securing corporate data

Additional complexities

Purpose-specific endpoints

Device Management


Social Media – Lifestyle Centric Computing

24www.theconversationprism.com

Different Channels

Web centric

Conversational

Personal

Open

Explosive growth


Social Media – Special Security Challenges

25Source: Digital Shadows, Sophos, Facebook

Too much information

Online impersonation

Trust / Social Engineering / PSYOP

Targeting (Advanced, Persistent Threat)

Source: Digital Shadows, Sophos, Facebook


A Smarter Approach

to countering cyber crime


Balance

Technical Mitigation

Better firewalls

Improved anti-virus

Advanced Crypto

People Mitigation

Leadership

Education

Culture

Process


Monitor threats

Understand (your) systems

Assess Impact & Probability

Design containment mechanisms

Don’t expect perfect defences

Containment & quarantine planning

Learn & improve

Risk Management Approach


Securing a Mobile Device

DEVICE

•Enrolment & access control

•Security Policy enforcement

•Secure data container

•Remote wipe

TRANSACTION

•Allow transactions on individual basis

•Device monitoring & event detection

•Sever risk engine – allow, restrict, flag for

review

APPLICATION

•Endpoint management – software

•Application: secure by design

•Application scanning for vulnerabilities

ACCESS

•Enforce access policies

•Approved devices and users

•Context aware authorisation29


Secure, Social Business

30

LEADERSHIP

•More senior, most impact

•Important to leader, important to all

•Setting “tone” for culture

CULTURE

•Everyone knows importance AND risk

•Full but SAFE usage

•Mentoring

PROCESS

•What’s allowed, what’s not

•Internal & external usage

•Smart, real time black listing

EDUCATION

•Online education (benefits, risks)

•Annual recertification

•For all, at all levels


The Future & Concluding Remarks

What next . . .


Global Technology Outlook – Beyond Systems of Engagement


Contextual, Adaptive Security

Monitorand Distill

Correlate and Predict

Adapt and Pre-empt

Security 3.0

Risk Prediction and Planning

Encompassing event correlation, risk prediction, business impact

assessment and defensive strategy formulation

Multi-level monitoring &big data analytics

Ranging from active, in device to passive

monitoring

Adaptive and optimized response

Adapt network architecture, access protocols / privileges to maximize attacker workload


1. Are you ready to respond to a cyber crime or security incident and quickly remediate?

2. Do you have the visibility and analytics needed to monitor threats?

3. Do you know where your corporate crown jewels are and are they adequately protected?

4. Can you manage your endpoints from servers to mobile devices and control network access?

5. Do you build security in and continuously test all critical web/mobile applications?

6. Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise?

7. Do you have a risk aware culture and management system that can ensure compliance?

Fitness for Purpose


1. Many Similarities – Cyber Crime vs Security – Threat Sophistication

2. Social Business & Mobile offer transformational value

3. New vulnerabilities need to be understood to be mitigated

4. Mitigation needs to be balanced, risk management based and “designed in”

Summary


Thanks

John Palfreyman, IBM

[email protected]

Securing Systems of Engagement

Technology

ibm corporation ibm

aggregated data

enabled crime source

big data analytics drivers

t i o n national security

service predictive analytics

opex use cases scm

access command control