your security: do you know what’s missing?€¦ · • spreads rapidly across networks •...
TRANSCRIPT
© 2019 Jack Henry & Associates, Inc.®1 © 2019 Jack Henry & Associates, Inc.®
Your Security: Do You Know What’s Missing?Presented by: Viviana Campanaro – CISSP Sebastian Fazzino – CISSP, CISM, CGEIT
May 22, 2019
© 2019 Jack Henry & Associates, Inc.®2
Top Concerns
• Regulatory Compliance
• Cybersecurity and IT
• Reputation
© 2019 Jack Henry & Associates, Inc.®3
2019 Risk Forum Top Cybersecurity Concerns
1. Phishing – clicking links
Phishing – downloading attachments
2. Vendors/Supply Chain
3. Ransomware
4. Employees
© 2019 Jack Henry & Associates, Inc.®4
• 'In 2019, successful exploit-based attacks will involve vulnerabilities
for which patches have been available for weeks or even months
but have not been applied yet.’ -Trend Micro’s Mapping the Future: Dealing with
Pervasive and Persistent Threats
• Predicts there will be no more big APTs in 2019 – Kaspersky
• Back to the basics on security (again) - Verizon
© 2019 Jack Henry & Associates, Inc.®5
Nation State Attacks
• Cyberespionage driven by trade war with China- US Justice Department
• Pre-2020 Election Influence (Russia)- Director of National Intelligence
• Sanctions driving an increase in Iranian and North Korean cyber activity– US Cyber Command (hacking force in DoD)
• $1.1 billion attempted theft from global banks
© 2019 Jack Henry & Associates, Inc.®6
Financial Threat Landscape Report
Source: IntSights Financial Institutions Threat Landscape Report, July 2018
• 151% increase in FI assets on the dark web
• 91% increase in targeted phishing attacks against FIs
• 149% increase in stolen credit card information
• 135% increase in the selling of online banking information and banking records on the black market
• 40% increase in employee credential theft
Social Media
State-sponsored APT Groups
Mobile Banking
Phishing-as-a-Service
© 2019 Jack Henry & Associates, Inc.®7
In the News
• 60 Minutes– Fed Chairman Powell – Cyber threats #1 concern– Russian Hackers for hire by Nation– City of Leeds pays ransomeware
• Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak– NOBUS– WannaCry, NotPetya
© 2019 Jack Henry & Associates, Inc.®8
Emotet
• Emotet Banking Trojan/Worm
• Polymorphic, Worm-like capabilities
• Spreads rapidly across networks
• Computers can become infected without any user interaction
• Brute forcing passwords increases the chances of users being locked out of their machines
© 2019 Jack Henry & Associates, Inc.®9
Verizon 2018 Data Breach Investigations Report
How long did it take to detect compromise?
© 2019 Jack Henry & Associates, Inc.®10
Do You Know What’s Missing?
• Vulnerability Scanning• Applied Threat Intelligence• DNS Security• Early Breach Detection• SSL Decryption• SIEM• SOAR• SOC
© 2019 Jack Henry & Associates, Inc.®11
Vulnerability Scanning
• Scan Weekly• Look for
– Configuration risks– Unpatched software
• Timely Remediation!
© 2019 Jack Henry & Associates, Inc.®12
A.I.
Applied Threat Intelligence
US-CERT
FBI FS-ISAC
iSIGHT
NCFTA
PlatformVendorsUTMs
3rd Party
OtherPartners
© 2019 Jack Henry & Associates, Inc.®13
DNS Security
• Protect against– Malware downloads via URL links– Unsafe web redirects – Data exfiltration – Command & Control (C&C) activity – Malicious phishing links
© 2019 Jack Henry & Associates, Inc.®14
DNS Security - Phishing
1. Malware in email
2. User clicks link
SOC Cloud
3. Threat Analyzed
4. The request redirected
© 2019 Jack Henry & Associates, Inc.®15
Early Breach Detection (Sandbox)
• Provide advanced threat intelligence
• Examine behavior of network traffic
• Detect unknown threats
• Provide immediate notification
© 2019 Jack Henry & Associates, Inc.®16
Early Breach Detection (Sandbox)
Advanced Threat Intelligence
SOC Analyze
CorrelateExecutable Files Sandbox
© 2019 Jack Henry & Associates, Inc.®17
Early Breach Detection (Sandbox) - Overview
Sandbox• Deep Content Inspection• Analyze mirror copy of all Internet traffic
Network Switch
UTM (Firewall, IDS, IPS, WCF, AV, VPN)
© 2019 Jack Henry & Associates, Inc.®18
SSL Decryption
• Over 72% of all network traffic is encrypted*
• Inspect encrypted network communications
• Outbound (from inside your network)
• Inbound (from outside your network)
*Source: www.networkcomputing.com/network-security/encrypted-traffic-reaches-new-threshold
© 2019 Jack Henry & Associates, Inc.®19
SSL Decryption
© 2019 Jack Henry & Associates, Inc.®20
Machine Learning (AI)
• Descriptive Analytics– Insight into the past
• Predictive Analytics– Understanding the future
• Prescriptive Analytics– Advise on possible outcomes
© 2019 Jack Henry & Associates, Inc.®21
Security Information and Event Management
SIEM is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
What is SIEM?
© 2019 Jack Henry & Associates, Inc.®22
• Security Orchestration, Automation and Response
• Enable data collection from different sources
• Use artificial intelligence and machine learning
• Triage incidents• Standardize incident response
What is SOAR?
© 2019 Jack Henry & Associates, Inc.®23
1. Threat and vulnerability management
2. Security incident response
3. Security operations automation
Three primary SOAR technologies:
© 2019 Jack Henry & Associates, Inc.®24
SOC
• Security Operations Center• 24/7 monitoring• IT and Security skills and expertise• Costly to do in-house
© 2019 Jack Henry & Associates, Inc.®25
Your Financial Institution
Core Provider
WAN
© 2019 Jack Henry & Associates, Inc.®26
Vulnerability Scan Data
Threat Intelligence
DNS Monitoring
Data
UTMsSandboxes
ServersRouters
SwitchesEndpoints
SIEM/SOARINPUT
Security Engineering
Configuration Mgmt.
© 2019 Jack Henry & Associates, Inc.®27
Reports
Alerts & Incidents
Disable Ports(UTM &
Switches)
Archive Logs
SIEM/SOAROUTPUT
24/7 SOC
© 2019 Jack Henry & Associates, Inc.®28
So what?
• Patch promptly after testing • Make people and non-security staff an effective line of defense • Utilize the principle of least-privilege basis • Implement systems for early breach detection• Encrypt critical and sensitive data • When possible, use strong authentication including two-factor • Use SSL Decryption on UTM’s• Upgrade/Implement SIEM & SOAR
© 2019 Jack Henry & Associates, Inc.®29
Thank you for a t tending today’s webinar