efinancials 2014 - john ayers - level3
TRANSCRIPT
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
John AyersSenior Director, Managed Security Services
December 16, 2014
Problem withThe Internet of Things?
© 2014 Level 3 Communications, LLC. All Rights Reserved. Level 3, Level 3 Communications, the Level 3 Communications Logo, the Level 3 logo and “Connecting and Protecting the Networked World” are either registered service marks or service marks of Level 3 Communications, LLC and/or one of its Affiliates in the United States and/or other countries. Level 3 services are provided by wholly owned subsidiaries of Level 3 Communications, Inc. Any other service names, product names, company names or logos included herein are the trademarks or service marks of their respective owners.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Who Is Level 3?
2
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
WLAN
Mobility
Cloud
Voice & Video
Big Data
Hactivist
Nation State
Cybercriminal
Changing Business Models Evolving Threat Landscape Complexity and Fragmentation
The security problem of today’s global environment
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Changing Business Models- Extends Security Exposure
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Consequences of the IT Sprawl: Attack Landscape Has Grown
http://www.darkreading.com/attacks-breaches/infographic-70-
percent-of-worlds-critical-utilities-breached/a/d-id/1298006http://www.prolexic.com/knowledge-center-ddos-attack-report-2014-q2-botnets-infographic.html
Gov’t Regulations
http://vmblog.com/archive/2014/06/20/infographic-
mobile-at-work-what-you-don-t-know-can-hurt-
you.aspx#.VIdexjHF-uM
Broader Exposure Footprint
Certain Uncertainty in Data Location and Protection
?
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Evolving Threat Landscape-Attackers are creative and smart
6
Attacker
Sop
hist
icat
ion
Motivation Targets
In May, the U.S. Justice Department indicted 5 Chinese military officers on charges of hacking into the computer networks of U.S. companies and stealing commercial secrets. It linked all of them to PLA Unit 61398 in Shanghai.
• Political Statement• Protest
• Military Actions• Industrial Advantage
• $$$$$$• Extortion• Commercial Ransom
• Sell Trade Secrets• Disgruntled Employee
In a manifesto announcing its DDoS operation, Anonymous railed against Sony for going after coders who seek to modify hardware that they own.
Hackers found vulnerabilities in a popular retailer’s network through remotely controlled HVAC systems and were able to access payments system data of over 40 Million credit cards.
Matthew Keys used his access as a former employee of the Tribune Co. to help a hacker deface the website of the Los Angeles Times in 2010.
Low
Med
ium
Hig
hH
igh
Source: Analysis of the North American Managed Security Services Market, July 2014.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Complexity and Fragmentation
Public Internet
VPN
Mobile
Workers
Mobile
Connectivity
Email and Web
Traffic
Web Properties
Headquarters
Singapore
Branch Office
Mumbai
Branch Office
Cloud Deployments-
Amazon Web Services,
Google, MS Azure
Partner, Contractor Access-
Environmental Controls, POS,
CRM
Remote Offices
Third Party Datacenters
Applications
Mobile
PhoneSmart
Watch
Tablet
Appliances
Security
Systems Google TV
Apple TV
Netflix
Gaming Systems
Lights
Entertainment
Engine
computer
Wi-Fi
GPS
Bluetooth
Glass
Vendor
Supply
Chain
Computer
22
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Internet of Things : What does it mean?
8
Defining Internet of Things (IOT): An infrastructure of interconnected objects, people, systems, and information resources together with intelligent services to allow them to process information of the physical and the virtual world and react.
Source: International Standard Organization, SWG IOT, August 2014
The Internet is changing the way we work, socialize, create and share
information… Yet the magnitude of this transformation is still unknown
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. 9
Internet of Things: the Scary Side
Source: http://www.informationisbeautiful.net
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. 10
Internet of Things Growing At Double-Digit Rates
Source: International Telecommunications Union, 2014
By end 2014, the number of Internet users globally will have reached almost 3 billion .
Two-thirds of the world’s Internet users are from the developing world.
More than 90 percent of the people who are not yet using the Internetare from the developing world.
90%
This corresponds to an Internet-user penetration of 40% globally
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. 11Source: Ponemon 2014 Cost of Data Breach Study: Global Analysis
What is the risk?
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Why Level 3 Security?
• We believe it’s our responsibility to secure – and protect – the network
and facilities our customers use to move their critical business
information.
• In today’s threat environment, all enterprises must deploy a multi-
layered security approach to guard against sophisticated attacks.
• Enterprises do not have to face increasing cyber threats alone. They can
rely on Level 3 to create effective security strategies, integrating
solutions backed by threat intelligence and diligent, around-the-clock
monitoring by experts in our Security Operations center.
• This approach simplifies threat management. Companies can maintain
control while taking advantage of our depth of expertise in managed
security solutions, monitoring, reporting and mitigation.
Our
Responsibility
Guard our
Network
Support our
Customers
Simplify
Challenges
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Level 3 Global Technology
Network Systems Security
Process
4 petabytes of storage 3600 servers
Multiple data centers in 3 regions
Many applications
866 million IP addresses analyzed monthly
550 million detected events per day
85 terabytes of security event data a day
Global task level processes across 9 functional domains
260 petabytes of storage20,000 servers
200,000+ route miles25,000 locations
110,000 network elements
Products and Services
Data Voice VideoCloud and IT
ServicesManaged and
Professional ServicesSecurity
13
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Tips for Navigating Internet of Things
• DDoS protection is more than a insurance policy. Disruption by denial-of-service attacks have detrimental consequences for enterprise and financial firms leveraging IoTservices.
• Understand the what and how. Any product offered involving IoT devices must be designed with security in mind. Incorporate security controls, leveraging a pre-built role-based security model.
• Your data is an asset -- understand its value, location, and movement.
• Management: IoT management is the big challenge for enterprises in an IoTenvironment form how to quickly patch IoT device vulnerabilities -- and how to prioritize vulnerability.
• Identifying, implementing security controls . This is a challenge with emerging Internet-connected devices. Some security functions must be done in partnership with your service providers.
• New data, new opportunity, new risk. Wi-Fi-enabled devices connected to the Internet bring a flood of data for enterprises to collect, aggregate, process and analyze. New data means new business opportunities for Enterprises, but also means new risks.
• Mitigation will equal money. Enterprises must be able to identify legitimate traffic vs malicious traffic patterns on IoT devices. It is critical to have actionable threat intelligence measures in place to detect threats and mitigate them before they impact consumer experience, data or worse.
Prepare a DDoS Attack Defense
Understand Data Movement
Maintain Consumer Confidence
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Summary
• The threat landscape is evolving rapidly due to nation-state, organized crime, and cyber terrorism
• Organizations must assume the “new normal” -- at least some parts of their networks have been compromised
• Your data is an asset -- understand its value, location, and movement
• Establishing and adhering to a governance framework is critical
• Perform regular security evaluations, risk assessments, and awareness training for employees
• Determine core competencies, perform functions that you do well, outsource others to trusted, skilled firms
• Some security functions must be done in partnership with your service provider(s)
• Information sharing partnerships are essential
• Technology-based controls are important, but are not a cyber security panacea