presentation▶ cyber security services (css): security simulation
TRANSCRIPT
Cyber Security Simula/on
Michael Garvin Senior Manager, Product Management
Security Organiza/ons are Figh/ng an Asymmetric Ba=le
Copyright © 2015 Symantec Corpora;on 2
Cybersecurity top IT skills shortage for 4th
year in a row*
Staff unproven—lack of hands-‐on
experience with a breach
Organiza;ons are never certain of cyber-‐readiness
Seemingly limitless resources
Sophis;cated, mul;-‐stage aMacks
AMacker tac;cs constantly morphing
• * ESG’s annual global IT Spending Inten6ons survey has shown a ’problema6c shortage’ of cybersecurity experts as the top IT skills shortage for four years in a row. • hBp://www.esg-‐global.com/research-‐reports/2015-‐it-‐spending-‐inten6ons-‐survey/
Security Simula/on Strengthens Cyber Readiness
• Cloud-‐based, virtual training experience • Live-‐fire simula;on of mul;-‐staged, advanced targeted aMack scenarios
• Players assume the iden;ty of their adversaries to learn mo;ves, tac;cs and tools
Engaging, immersive security training through gamifica/on
Copyright © 2015 Symantec Corpora;on 3
Simula/on Concept Tested and Proven Worldwide
Copyright © 2015 Symantec Corpora;on 4
Annual company-‐wide war games
A culture of Educa/on, Innova/on and Passion
Currently ac/ve in 30+ countries
Now in 4th Year of Ac/ve Deployment
80+ Cyber Readiness events worldwide Focused on Security Awareness and thought leadership Global customer & partner events
Largest event -‐ 1500 registrants Largest compe//on -‐ 400 teams
Innova/on Model for Achieving Cyber Readiness
Copyright © 2015 Symantec Corpora;on 5
• Cloud-‐based, virtual training experience simulates mul;-‐staged aMack scenarios allowing players to take on the iden;fy of their adversaries
• Gamifica;on provides a more engaging, immersive educa;onal experience
• Frequent content updates ensure team stays current on latest adversaries, mo;ves and techniques
• Scenarios impart knowledge gleaned from Symantec security experts, threat analysis and current threat landscape
THINK LIKE AN ATTACKER
• Leaders and par;cipants receive in-‐depth security skill assessments
• Provides structured recommenda;ons for cybersecurity skill development
• Iden;fy gaps in team coverage and assess skills of new-‐hire candidates
ASSESS AND ADVANCE YOUR TEAM
Security Simula;on strengthens cyber-‐readiness through live-‐fire simula;on of today’s most sophis;cated advanced targeted aMacks
Think Like Your A=acker
Copyright © 2015 Symantec Corpora;on 6
Hack/vist wants notoriety, a=en/on
Cyber Criminal mo/vated by money
Cyber Espionage seeking Intellectual Property for profit
Cyber War Crimes
poli/cally mo/vated, na/on states,
looking to gain advantage
What They’re Trying to Steal
How They Stole It
The A=acker
Reconnaissance
Incursion
Discovery
Capture
Exfiltra/on
Real-‐world A=ack Scenarios
Copyright © 2015 Symantec Corpora;on 7
Scenario 1: The EDC and RKI
Scenario 2:
The Coffee Shop Hack
Scenario 3: EDC and the Lost Laptop
Scenario 4: Forensics Examiner
Mishandles Evidence
Skills:
• Ethical hacking • Penetra;on Tes;ng • Forensics • Data exfiltra;on
Methods:
• Iden;fy targets • Compromise network and
systems • Blend aMacks • Exfiltrate data
Mission: Breach & Steal Informa/on
Scenario Storyboard
Scenario Map
Target & Content Crea/on
QA Tes/ng
Scenarios and Content Updated as New A=ackers and Techniques Emerge
Copyright © 2015 Symantec Corpora;on 8
Symantec Security Experience Global Threat Intelligence Real World A=acks
Refine Content Customer Feedback Deploy Scenario
Implement Skill Assessment and Development Programs
Iden/fy Organiza/onal Gaps
Assess and Advance Your Team
Copyright © 2015 Symantec Corpora;on 9
• Iden;fy skills requirements for individuals and organiza;ons
• Iden;fy gaps in team coverage • Assess skills of poten;al job candidates, new hires and exis;ng employees
• Focus on security strategy and tac;cs, techniques and procedures (TTP)
• Manual and automated skills assessment and performance analysis
• Prescrip;ve guidance for skill set development
• Conduct itera;ve skill development programs for con;nuous learning
Par/cipate
Assess skills
Create development
plan Par/cipate /
Learn
Assess Progress
Two Delivery Op/ons
Copyright © 2015 Symantec Corpora;on 10
Security Simula/on Yearly Subscrip/on
Security Simula/on Exercise One-‐/me Workshop
Personalize to organiza;onal objec;ves Delivery Op;ons: • Delivered either Onsite or Online • Facilitated or Self-‐directed • One or Mul;-‐day
• Contact your account representa;ve to determine schedule availability
• Fully managed, cloud-‐based service • Prac;ce your skills 24x7 – just like the aMackers • Includes all four scenarios as on-‐demand self-‐paced training • Frequent content updates • New scenarios added to address evolving threats
Thank you!
SYMANTEC PROPRIETARY/CONFIDENTIAL – INTERNAL USE ONLY Copyright © 2015 Symantec Corpora;on. All rights reserved.
Michael Garvin [email protected] (919) 454-‐9128
Mul/-‐Staged A=ack Campaigns
Copyright © 2015 Symantec Corpora;on 12
1. Reconnaissance A=acker leverages informa/on from a variety of factors to understand their target.
2. Incursion A=ackers break into network by using social engineering to deliver targeted malware to vulnerable systems and people.
3. Discovery Once in, the a=ackers stay “low and slow” to avoid detec/on. They then map the organiza/ons defenses from the inside and create a ba=le plan and deploy mul/ple parallel kill chains to ensure success.
Mul/-‐Staged A=ack Campaigns
Copyright © 2015 Symantec Corpora;on 13
4. Capture A=ackers access unprotected systems and capture informa/on over an extended period. They may also install malware to secretly acquire data or disrupt opera/ons 5. Exfiltra/on Captured informa/on is sent back to a=ack team’s home base for analysis and further exploita/on fraud – or worse.
Your Success Can Be Measured.
Copyright © 2015 Symantec Corpora;on 14
-‐2
3
8
13
18
23
28
33
38
43
Total Flag Captures per Event and # of Hints used
Total Cap
Hints Used
Security Simula/on: Soiware as a Service
Copyright © 2015 Symantec Corpora;on 15
• On demand, managed SaaS offering
• Hands-‐on, completely browser-‐based
• Role-‐based views / scenarios
• Scoring and repor;ng
• Launching 1H CY15
Security Simula/on Exercise What do they want, and how will they try to get it?
Copyright © 2015 Symantec Corpora;on 16
• On demand, managed SaaS offering
• Hands-‐on, completely browser-‐based
• Role-‐based views / scenarios
• Scoring and repor/ng
• Launching 1H CY15
Guided Simula/on
Assess and Advance Your Team
Copyright © 2015 Symantec Corpora;on 17
Assessment • Iden/fy Skills Requirements for Individuals and Organiza/ons • Structure Appropriate Cyclical Programs for Ongoing Learning
Training • Classroom and Online Training Op/ons • Integra/on into SSP for Objec/ve based Skills Development
in an Exercise • Focused on security strategy and tac/cs, techniques,
and procedures (TTP)
Evalua/on/Performance • Manual and Automated Skills Assessment /
Performance Analysis • Prescrip/ve guidance for exper/se and skill set
development