real-time threat detection & reduction of risk · 2020. 3. 18. · cyber risk reduction -...
TRANSCRIPT
Real-Time Threat Detection & Reduction of Risk
Andrew Kays – Chief Technology Officer
Who are Redscan?
• 15 years’ managed security experience
• Deliver ‘Red’ and ‘Blue’ Team operations
• One of the UK’s most qualified ethical hacking companies
• UK-based 24/7 Security Operations Centre
Our services include:
• Managed detection and response (MDR)
• Cyber-attack simulation
• Penetration testing
• Vulnerability assessments
• Cyber Essentials certification
Some of our customers…
100% cyber-crime prevention is impossible
Verizon Data Breach Report 2017
• £4.1m - Average cost of a breach
• £158 - Cost per record Ponemon Institute
• 150 days - Average time to detect a breach Carbon Black
Regulators are demanding improvements
Others include: • GPG-13• PCI-DSS• SWIFT CSP
GDPR – May 2018- Breaches must be reported within 72 hours- Affected individuals in ‘high-risk’ cases must also be notified- Fines up to 4% of global annual turnover
TalkTalk - £400,000 fine
ICO: TalkTalk’s failure to implement basic cyber security measures allowed a hacker to penetrate their systems
• 16 year-old boy from his bedroom
• Share price down 11%
• Direct costs of £42m
• Under GDPR this fine could have been £70m
Financial and reputational damage
Thinking like the adversary
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Sun Tzu, The Art of War
Red Team OperationsSimulated real-world cyber-attacks
Understanding your security posture
Penetration & Vulnerability TestingEvaluate and mitigate exposures
Security AssessmentsCyber-security consultancy
Cyber Security Lifecycle
Market still maturing:
• Low policy/price differentiation between firms – struggling to understand level of risk between firms with a varying degree of systems/processes for cyber risk reduction - Insurers have 100yrs data on automobile accidents, little on cyber- Incidents go unreported (until next year)- Very complex environments
Cyber insurance
• Apportion of blame Cyber insurance policies often include exclusions for incidents that are acts of war. This makes the attribution of cyber attacks extremely critical. Who decides who is behind these attacks?
SIEM Behavioural Monitoring
Intrusion DetectionVulnerability Assessment
FIM, Asset Discovery
MILLIONSLogs ingested per day
HUNDREDSAlerts generated per day
TENSIncidents investigated per day
SINGLEIncident reported per day
TECHNOLOGYMulti-Layered Threat Detection Platform
PROCESSAdvanced Analytics
Global Threat Correlation
PEOPLECertified Security
Experts
Red Team ResearchOSINT, OTX, CISP
Global Honeypot Network
24/7/365 C-SOCRedscan Labs
Red Team and Incident Responders
Actionable IntelligenceRemedial Recommendations
Detailed Reporting
Managed Detection and Response (MDR)
Cyber Security Lifecycle
MDR greatly increases the likelihood of stopping an attack before a breach, and will therefore reduce the risk to the client and the Insurer
How MDR reduces risk in real-time
MDR can detect & intercept this process, and potentially stop the attacker reaching their target
This happens in real-time with SOC Analysts managing the process
• CBEST- CBEST is a framework to deliver controlled, bespoke, intelligence-led
cyber security tests for the banking industry
• Red Teaming- Understand your security posture with a simulated real-world attack,
even wider scope, less constrained
Stress test your systems
• GDPR will drive a lot of positive change
• Insurance is an important part of a client’s cyber security posture
• MDR greatly reduces the client’s risk and the insurer’s
• Systems need to be cyber stress tested
• The financial Industry is an attractive targetHacking a bank is less risky and more lucrative than robbing one physically!
Final thoughts