your security: do you know what’s missing?€¦ · • spreads rapidly across networks •...

© 2019 Jack Henry & Associates, Inc.®1 © 2019 Jack Henry & Associates, Inc.®

Your Security: Do You Know What’s Missing?Presented by: Viviana Campanaro – CISSP Sebastian Fazzino – CISSP, CISM, CGEIT

May 22, 2019

© 2019 Jack Henry & Associates, Inc.®2

Top Concerns

• Regulatory Compliance

• Cybersecurity and IT

• Reputation


2019 Risk Forum Top Cybersecurity Concerns

1. Phishing – clicking links

Phishing – downloading attachments

2. Vendors/Supply Chain

3. Ransomware

4. Employees


• 'In 2019, successful exploit-based attacks will involve vulnerabilities

for which patches have been available for weeks or even months

but have not been applied yet.’ -Trend Micro’s Mapping the Future: Dealing with

Pervasive and Persistent Threats

• Predicts there will be no more big APTs in 2019 – Kaspersky

• Back to the basics on security (again) - Verizon


Nation State Attacks

• Cyberespionage driven by trade war with China- US Justice Department

• Pre-2020 Election Influence (Russia)- Director of National Intelligence

• Sanctions driving an increase in Iranian and North Korean cyber activity– US Cyber Command (hacking force in DoD)

• $1.1 billion attempted theft from global banks


Financial Threat Landscape Report

Source: IntSights Financial Institutions Threat Landscape Report, July 2018

• 151% increase in FI assets on the dark web

• 91% increase in targeted phishing attacks against FIs

• 149% increase in stolen credit card information

• 135% increase in the selling of online banking information and banking records on the black market

• 40% increase in employee credential theft

Social Media

State-sponsored APT Groups

Mobile Banking

Phishing-as-a-Service


In the News

• 60 Minutes– Fed Chairman Powell – Cyber threats #1 concern– Russian Hackers for hire by Nation– City of Leeds pays ransomeware

• Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak– NOBUS– WannaCry, NotPetya


Emotet

• Emotet Banking Trojan/Worm

• Polymorphic, Worm-like capabilities

• Spreads rapidly across networks

• Computers can become infected without any user interaction

• Brute forcing passwords increases the chances of users being locked out of their machines


Verizon 2018 Data Breach Investigations Report

How long did it take to detect compromise?


Do You Know What’s Missing?

• Vulnerability Scanning• Applied Threat Intelligence• DNS Security• Early Breach Detection• SSL Decryption• SIEM• SOAR• SOC


Vulnerability Scanning

• Scan Weekly• Look for

– Configuration risks– Unpatched software

• Timely Remediation!


A.I.

Applied Threat Intelligence

US-CERT

FBI FS-ISAC

iSIGHT

NCFTA

PlatformVendorsUTMs

3rd Party

OtherPartners


DNS Security

• Protect against– Malware downloads via URL links– Unsafe web redirects – Data exfiltration – Command & Control (C&C) activity – Malicious phishing links


DNS Security - Phishing

1. Malware in email

2. User clicks link

SOC Cloud

3. Threat Analyzed

4. The request redirected


Early Breach Detection (Sandbox)

• Provide advanced threat intelligence

• Examine behavior of network traffic

• Detect unknown threats

• Provide immediate notification


Early Breach Detection (Sandbox)

Advanced Threat Intelligence

SOC Analyze

CorrelateExecutable Files Sandbox


Early Breach Detection (Sandbox) - Overview

Sandbox• Deep Content Inspection• Analyze mirror copy of all Internet traffic

Network Switch

UTM (Firewall, IDS, IPS, WCF, AV, VPN)


SSL Decryption

• Over 72% of all network traffic is encrypted*

• Inspect encrypted network communications

• Outbound (from inside your network)

• Inbound (from outside your network)

*Source: www.networkcomputing.com/network-security/encrypted-traffic-reaches-new-threshold


SSL Decryption


Machine Learning (AI)

• Descriptive Analytics– Insight into the past

• Predictive Analytics– Understanding the future

• Prescriptive Analytics– Advise on possible outcomes


Security Information and Event Management

SIEM is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.

What is SIEM?


• Security Orchestration, Automation and Response

• Enable data collection from different sources

• Use artificial intelligence and machine learning

• Triage incidents• Standardize incident response

What is SOAR?


1. Threat and vulnerability management

2. Security incident response

3. Security operations automation

Three primary SOAR technologies:


SOC

• Security Operations Center• 24/7 monitoring• IT and Security skills and expertise• Costly to do in-house


Your Financial Institution

Core Provider

WAN


Vulnerability Scan Data

Threat Intelligence

DNS Monitoring

Data

UTMsSandboxes

ServersRouters

SwitchesEndpoints

SIEM/SOARINPUT

Security Engineering

Configuration Mgmt.


Reports

Alerts & Incidents

Disable Ports(UTM &

Switches)

Archive Logs

SIEM/SOAROUTPUT

24/7 SOC


So what?

• Patch promptly after testing • Make people and non-security staff an effective line of defense • Utilize the principle of least-privilege basis • Implement systems for early breach detection• Encrypt critical and sensitive data • When possible, use strong authentication including two-factor • Use SSL Decryption on UTM’s• Upgrade/Implement SIEM & SOAR


Thank you for a t tending today’s webinar

your security: do you know what’s missing?€¦ · • spreads rapidly across networks •...

Documents