defence strategies for managing network security risks · 3 18 defence strategies for managing...

In association with

Axians is the VINCI Energies brand dedicated to ICT

Defence Strategies For ManagingNetwork Security Risks October 2017

182Defence Strategies for managing network security risks axians.co.uk/network-monsters

Chapter 1. Security Insights

1. Introduction - The Battle of the Network

2. Network Security Defence

2.1 Data Protection

What are the best practices to protect you network?

Match the Security Monster Move for Move with Sky ATP

2.2 Malware


Juniper Networks: When Malware Strikes

2.3 DDoS


Verisign: Detect and Mitigate

3. The Axians Approach - Security Assessments


Network Gods and Monsters

THE BATTLE AGAINST CYBER SECURITY THREATS

Mythology has taught us to avoid the traps and the beaten path and keep an eye out for the

monsters. In Greek Mythology, the monsters are varied in size, style and appearance, and much like

the types of security breaches that continue to emerge, these are threats we need to know how to

overcome. But sometimes when you cut of the head of the three-headed monster, two more heads

appear in their place. So, what defences are there and how do we defeat them?

Network failure is not an option in a world where connection is a demand from consumers 24/7.

When there is a security breach in your network, there needs to be minimal delay in mitigating that

risk with no disruption to service. Network security attacks are constantly evolving and becoming

more intelligent and harder to detect, but so is the technology that helps to defend your business. In

today’s environment, the security landscape needs regular monitoring and refinement and the right

tools to protect against any attacks. If you protect yourself against one type of monster, you may find

that next time it attacks, it has some new tricks up its sleeve.

So do not ignore the monsters lurking in the dark corner of the network; discover their weaknesses

and sharpen your tools in preparation.


Network Security Defence

KNOW YOUR DEMONS AND HOW TO DEFEAT THEM

The Tale of Jamven Taletreader (The Iron

Knight) and Spycron, The Data Demon

According to legend, Jamven Daveak was trained in the clouds as a young boy, wielding his bow and arrows to strike The Data Demons from great distances. He is never seen without his layers of armour in order to protect his people from Spycron, who pick vulnerable networks to swoop down on, clawing through data and taking rich pickings that they can blackmail for gold.



BEST PRACTICES TO PROTECT YOUR NETWORK DATA

Defence Strategy

Data protection must form an integral part of the architecture of every organisation, considering the

way people work and communicate and how it can be done as safely and efficiently as possible. All

organisations need to balance the level of importance of the data held, where it comes from, how it’s

hosted, and who it goes to, with the level of security measures they put in place.

A sustainable framework for data governance and security, crisis management procedures and IT

architecture needs to be established to achieve a strong security ecosystem and should be at the

heart of every piece of technology used.

Defensive tools

Sky Advanced Threat Protection (ATP) accesses intelligence from the network on where attacks

are and how to mitigate them. This integrates into the Juniper Software Defined Secure Network

portfolio, building a self-healing policy and security into the core of the network. Under this

framework the response is automated so that you can fight more than one security monster at a

time, bringing together a more coherent and powerful protection.

Flowmon will detect unusual activity in the network. Not only will it detect it, but it will isolate the

issues to be fixed. It allows you to look at the behaviour of the network rather than the specific

infection.

Axians Security and Risk Assessments help understand the network challenges, for an outcome that

protects your specific needs. By reviewing, understanding and interpreting data we can build risk

assessments to help towards data compliance regulations.

Attack Spying and stealing your data

Accessing your business

Eating away at your operations

Defence Real-time protection

Extra layers of defence

Direct Detection

186Defence Strategies For Managing Network Security Risks axians.co.uk/network-monsters

MATCH YOUR SECURITY MONSTER MOVE FOR MOVE WITH JUNIPER SDSN


Juniper Networks As security threats continue to rise, it is not enough to use traditional security measures

for defence. To outsmart cyber criminals, you need an intelligent and automated security

solution that can match the bad guys move for move.

The Software-Defi ned Secure Network (SDSN) is a cyber defence ecosystem, ready to defend your busi-

ness with end-to-end security capabilities that mitigate the risk of a breach.

Juniper’s software defined secure networks looks to automate security and adapts to stop new, hard-to-detect threats.

Increase Sophistication

Increase variability

Detecting threats that are already inside

Crucially keeping data secure throughout your network

The Next Line of Defence

Crucially keeping data secure throughout your network

Why Juniper

Leverage the entire network, including the access switches

Expanded defence posture includes third part switches

SDSN adapts to stop new, hard to detect threats

Utilise end-to-end automated security



BEST PRACTICES TO PROTECT YOUR NETWORK

FROM MALWARE

The Tale of Daveak Goblinsfoe and

Kribsell,The Ransomware Reptile

Daveak, known for his firey auburn hair and sharp wit, is poised with his fist of fire and flaming sword to protect the network from Kribsell, The Ransomware Reptile. His long, green tentacles reaching into the network and poisoning systems will make your systems and business vulnerable.



BEST PRACTICES TO PROTECT YOUR NETWORK

FROM MALWARE

Defence Strategy

Attacks like phishing emails are dangerous. They reach out to the whole business, easily going undetected.

Big attacks such as Mirai and Petya have shown that these threats can damage your business by infecting

and deleting data. Some of these attacks come through trusted sources and software, so your systems are

the fi rst line of defence. But your network needs strong visibility to detect and isolate these attacks.

All web connected devices, if not secured, are open doors for any malicious organisations or individuals

to gain access to internal networks or the end-point device itself. Consequently, businesses need to

ensure that they seek expertise from professionals to understand the risks and vulnerabilities as well as

the eff ective mitigation and prevention methods.

Defensive tools

Sky ATP (Advanced Threat Protection) accesses intelligence from the network on where attacks are and

how to mitigate them. It seeks out the monster and informs the network, saving your business valuable

time and operational costs.

Flowmon Network Behaviour Anomaly Detection (NBAD) solution will detect if there is malware on any

device, sensing unusual activity in the network. Not only will it identify the activity, it will isolate the

malware to be fi xed. This allows the administrator to look at the behaviour of the network rather than

the specific infection.

Axians Security Assessments and Audits will provide the visibility and expertise to help understand the

network challenges. By reviewing, understanding and interpreting the data you can make sure that

improvements are continually made.

Attack Malicious Ransomware

Damages and blocks information

Infects your systems

Defence Direct Detection

Eradicates infections

Isolation and Mitigation


WHEN MALWARE STRIKES: HOW WILL YOU PROTECT YOUR NETWORK ?Sky Advanced Threat Protection (ATP)


Juniper Networks

Sky ATP uses machine learning across all detection techniques. It employs a number of

innovative techniques to lure malware into revealing itself, which measurably increase

detection rate. Sky ATP also detects software communicating to unusual servers and

evaluates that activity.

A full networking hardware portfolio – routers, switches, and fi rewalls – gives a much richer set of data

and behaviour, far beyond what is available to vendors who only off er standalone security appliances.

New strains of malware are constantly threatening businesses and creating angst for IT Managers. As

cyber risks grow in both volume and sophistication, the tools used to fi nd and eradicate them have to get

smarter and scale better.

Early in Sky ATP’s analysis pipeline, each new sample is run against a suite of anti-virus engines, which is

a fast and effi cient way to catch and fi lter out known threats and their close variants.

The Juniper Approach

Juniper Networks Sky ATP cloud-based solution detects malware and mitigates threats. Unlike many

other security systems, which started out simplistic and evolved over time, Sky ATP was purpose-

built to take full advantage of modern and innovative machine-learning techniques.

Sky ATP includes the information and identifies what traditional threat prevention tools use but, in

addition, takes advantage of ambiguous structural and behavioural properties of potential malware

to determine maliciousness.

Removing these known threats from the analysis pipeline as early as possible reduces the load on the

more computationally expensive parts of the pipeline, which include static analysis engines and full

sandbox detonation.

Traffi c is fed to the cloud from customers’ Juniper Networks SRX Services Gateways. This way,

requirements to adapt to the current threat landscape are made centrally, and customers do not have to

change out their fi rewalls.

Conclusion

While machine-learning isn’t, by itself, the golden bullet, it fundamentally changes the security landscape

by improving accuracy of detection. Machine-learning doesn’t remove the people in the network, it

enables them by handling complex data. Combined with other security methods, machine-learning is the

only tool available that can tame attacks at a massive scale.



BEST PRACTICES TO PROTECT YOUR NETWORK FROM DDOS

The Tale of Aluvial Urthadar (The Scout)

and Drisddos, The Bison

Aluvial Urthadar, with her powerful rope skills is the best of the best, never failing at a quest to defend the paths of the kingdom as its most loyal scout. She has a knack to trick The Bison, sending him off the capacity path. Without this protection from Aluvial, Drisddos and his botnets can easily overwhelm the village, causing distraction and consuming your data crops.



BEST PRACTICES TO PROTECT YOUR NETWORK FROM DDOS

Defence Strategy

DDoS attacks can overwhelm the network bandwidth, which could lead to satisfaction in your services

dropping. It not only sits on your network consuming bandwidth, but can be used to distract you from

other viruses and monsters that are elsewhere, infecting systems. All is not lost, as 75% of DDoS attacks

could be mitigated with the hardening of your network.

Using fl ow-based protection, you can detect spikes in the bandwidth across a large estate. It helps by

identifying things out of the ordinary. On-premise detection and mitigation is also a defence strategy.

This will show you what is going in and out of the network, allowing you to stop monsters getting

through. If you have more than one path of network traffi c to deal with, there are solutions and tools

available to provide a control room, so you can direct bad traffi c to where it can be mitigated, without

disrupting day-to-day operations.

Defensive tools

Verisign’s DDoS protection services’, cloud-based mitigation platform, off ers a complete DDoS protection

solution; intelligence-driven to protect your critical applications and network.

Corero uses an on-premise mitigation solution, where the search for cyber attacks who have invaded a

network allows for these intruders to be mitigated immediately.

Axians DDoS Risk Assessments provides you with a report based on the data and best practice to

implement, mitigate or limit the exposure of a DDoS attack.

Attack Eats and blocks bandwidth

Distracts you from other attacks

Possessive and hungry

Defence Detecting their network movements

Maintaining the path

Multiple route mitigation


VERISIGNIn Q2 2017, Verisign observed that DDoS attacks remain unpredictable and persistent,

and vary widely in terms of volume, speed and complexity. As such, DDoS events need

to be closely monitored for changing vectors in order to optimize mitigation strategies.

NUMBER OF ATTACKS 55% decrease compared to fi rst quarter

ATTACK PEAK SIZE Volume: 12 gigabits per second

Speed: 2.5 Million packets per second

AVERAGE ATTACK PEAK SIZE 2.7 Gbps

25% of attacks over 5Gbps

MOST COMMON

ATTACK TYPE MITIGATED 57% User Datagram Protocol Floods

74% Employed multiple attack types

Q3 2017 Verisign DDOS Trends Report

EXECUTIVE SUMMARY DDoS attacks and ransomware attacks are damaging enough when used separately to cripple

an organization’s network. However, cybercriminals are becoming more sophisticated and are

combining DDoS attacks and ransomware for greater impact. In one published attack, there was a

ransomware variant that held the organization’s machine and data hostage until the ransom was

paid. While the attackers waited for the ransom payment, they used the organisation’s machines as

botnets to launch DDoS attacks on another unsuspecting victim.


DETECT AND MITIGATE


The Axians Approach

REDUCE THE IMPACT OF CYBER SECURITY BREACHES ON

THE NETWORK

A large percentage of businesses in the UK have suff ered a security breach in their network in the last

year, costing in operations loss, brand reputation damage and profi tability. With the complexity of

attacks increasing, it is diffi cult to keep up to date and ensure that you have the appropriate security

infrastructure in place to mitigate any threats and protect your network and customers.

Our Network Security Assessment has been designed to deliver a rapid, detailed picture of the current

state of your network and access security. Helping businesses meet objectives and ensure defences are

in place.

Our approach includes a three-phase programme; assess, educate and prepare. We start by

understanding your security needs and requirements for change:

Conducting an in-depth audit of:

The Current Network

Access Security Structure

Services And Features

Our recommendations:

Where And How Changes Can Be Made

How To Be More Secure And Reduce Risk

Address Gaps And Meeting Business Security Requirements

At the end of the assessments we off er:

Observations And Recommendations For Next Steps

Analysis Of Data Gathered

A Final Workshop To Discuss Findings In Detail And Provide Consultancy.

axians.co.uk/network-monsters

#battleforthenetwork

Viables 3, Jays CloseBasingstoke

RG224BS

+44 (0)1256 312 350

[email protected]

axians.co.uk

defence strategies for managing network security risks · 3 18 defence strategies for managing...

Documents