Information Security

&
Current Threat
Bobby M Varghese
Landscape
Vice President
Enterprise Security
Services
12th Sep 2014
CSS Corp | Confidential| CSS Corp | Confidential |
www.csscorp.com
www.csscorp.com

Information security has many

challenges

CSS Corp | Confidential |

www.csscorp.com

Threats accompany technology

trends
Web Exploits: SQL Injection / Cross-site Scripting
Botnets: Updating and Modifications
BYOD: Personal and Professional usage
Data Loss: Intellectual Property Protection, Health data,
Compromises
Failed Trust: Certificate system, authentication
Big data : Greater storage of data = greater liability
Internet of things : greater attack surface
Cloud & Virtualization
Evolution of SCADA networks to IP
Virtual / common currencies
Targeted and Persistent Attacks
Sponsored Cyber Operations: espionage, attacks, offensive
security

CSS Corp | Confidential |

www.csscorp.com

CIOs World of Security

1.Expanding boundaries of
Enterprise
a) Earlier: Physical and defined
b) Recent: Physical and undefined(mobility)
c) Now: Cloud/Virtual and undefined.
2.Security Imperatives
a) Earlier: WAN and Compliance
b) Recent: Breaches and lost
money
c) Now: Loss of Business and
CSS Corp | Confidential |
www.csscorp.com

Detection is key to Respond and

Recover

Source: Cisco Threat Report

CSS Corp | Confidential |
www.csscorp.com

Market Snapshot
Threat Intelligence
14% YoY increase in vulnerabilities and threats
Spam volume down in 2013, but proportion of maliciously
intended spam remained constant
Boston Marathon bombing-related SPAM represented 40% of
World wide spam on April 17, 2013

Mobile Attacks
Emerging and logical area of exploration for malware
developers
Increased attempt to monetize
Android compromises
Adware, SMB-related spyware

CSS Corp | Confidential |

www.csscorp.com

Threat flow Landscape

Desktop

Firewall

IDS/IPS

Attacker
Cross Site
Scripting
Web Server
Known
Vulnerabilities

DoS
Antispoofing

Applications

Databases
Privileged users
(DBAs, developers)

Parameter
Tampering

Mobile
Port
Scanning
PatternCookie
based Attack Poisoning

Users

SQL
Injection

Logs are forwarded to SIEM for Threat Monitoring and

Alerting by
SOC Team
CSS Corp | Confidential |
www.csscorp.com

Retail Chain Breach Notification

Timeline
Page 11

Hackers break in
using credentials
from PA HVAC
contractor

et
DOJ Contacts RT
to inform them of the
breach

Targe
wit

ts

RT retains
investigators

RT notifies payment
processors and card
brands begins malware removal

More malware removed

from 25 disconnected
terminals

CSS Corp | Confidential |

www.csscorp.com

Public breach
notification

Retail Chain CC Data Security Breach

Researchers view

CSS Corp | Confidential |

www.csscorp.com

Impact of breach at Retail Chain

Impact of breach at Retail Chain

CSS Corp | Confidential |

www.csscorp.com

10

SOC Requirement

Compliance factors
Reduce the impact of an incident
Real Time Threat Monitoring
Proactive reaction

Centralized Management and Monitoring of Network

Infrastructure for :

External Threats
Internal Threats
User Activity
Data Activity
Provide evidence in investigations
CSS Corp | Confidential |
www.csscorp.com

11

Security Operations Center

SOC is a centralized location where an
organizations security, network, end-user devices
and systems are monitored.
Through people, processes and technology, a SOC
is dedicated to detection, investigation, and
response of log events triggered through security
related correlation logic.
Delivers
24x7x365
security
management,
monitoring and reporting services.

CSS Corp | Confidential |

www.csscorp.com

12

Attack Detection through SIEM

Cyber- Attack is
attacking the network

Security
Operations
Center

Blacklisted
IPs
Threat
Intelligence
SIEM
Visual Analytics
CSS Corp | Confidential |
www.csscorp.com

13

Attack Detection
Observed Botnet event
activity
Analyzed the impact

Incident Ticket would be created

for scanning the asset with updated AV
signatures and required recommendation

Detectio
n

Continuous monitoring of logs for

any further malware activity and
proceed for ticket closure.
CSS Corp | Confidential |
www.csscorp.com

Analyze and
Create Incident
Ticket

Containment
and Eradication
14

10 Security Essentials Every CIO

Needs to Know

CSS Corp | Confidential |

www.csscorp.com

15

Best Practises

Establish an Information Security Policy

Dedicate resource/s for Information Security System
Do Risk Assessments regularly
Create Awareness across the Organisation
Involve App Development Teams in implementation
Conduct Vulnerability Assessments at periodic
intervals
Enable Monitoring of your Digital Assets Security
Operations & Management
Integrate Vulnerability reports into Security
Operations
Regular reviews to measure control effectiveness
CSS Corp | Confidential |
www.csscorp.com

16

Enterprise Security Services

Governance, Risk and Compliance
Risk Assessments, Policies & Controls and Identity and
Access Management
Security
Monitoring
Services
24x7x365
Monitoring
Monitoring &
Notification
Service from
SOC
Reporting
Services

Device
Management
Services

Vulnerability
Management
Services

Firewall
Vulnerability
/IDS/IPS / WAF
Assessment
Management
Penetration
Authentication
Testing
Server
Web Application
Management
Security
End-Points
Assessment
Management
Secure
Implementation
Configuration
Services
Management
Anti Virus and
Patch
malware
Management
management
service
Security
Operations Center

CSS Corp | Confidential |

www.csscorp.com

Mobile
Security
Services
BYOD Policy
Creation
Mobile Devices
(Security)
Management
Mobile Security
Testing

17

SOC Architecture

CSS Corp | Confidential |

www.csscorp.com

18

Vulnerability Management
VM services covers four activities - Vulnerability Assessment of IT
assets, validation of identified vulnerabilities, Providing
Recommendations and Reporting
Provides an independent baseline and validation of the organizations
security posture.
Risk analysis and develop remediation plans that are tailored to
unique business requirements and security needs

CSS Corp | Confidential |

www.csscorp.com

19

Thank You
CSS Corp
The information contained herein is subject to change
without notice. All other trademarks mentioned herein
are the property of their respective owners.

CSS Corp | Confidential |

www.csscorp.com

20

Network & Security Operations

The NOCs purpose has always been to ensure "power, ping, and
pipe" to computing resources and is critically measured on uptime.
Conversely, the SOCs purpose has been to "protect, detect,
react, and recover" and is critically measured on response time.

Network
Operations

Security
Operations

Network Monitoring &

Management

Network Behavior
Anomaly

Network fault tolerance

Intrusion Detection

Network device
configuration

Threat & Log

Management

Sniffing Troubleshooting

Network Forensics

CSS Corp | Confidential |

www.csscorp.com

21

SIEM Event Types

Event Type
System
activity
Web proxy
logs
Malware
logs

Firewall
logs

Web server
logs

Source

Vendor/Applica
tion

Server syslog

Windows, Linux

Web proxies

Websense

Antivirus
Spam filter

Mcaffe epo
Blue Coat
Cisco ASA,
Checkpoint,
Juniper

Network
firewall
Web
Application
Firewall

Trustwave,
Imperva

Web servers

Apache, IIS

CSS Corp | Confidential |

www.csscorp.com

Events
Authentication/authorization
Services starting/stopping
Config changes
Audit events
Web malware downloads,
Command Control check-ins
Malicious activity, Malicious URLs,
malicious attachments

Accepted/denied connections

Access logs, Error logs

22

Security Event Analysis

CSS Corp | Confidential |

www.csscorp.com

23

Source / Target Analysis

CSS Corp | Confidential |

www.csscorp.com

24