Future Threat Landscape - How will technology evolve and what does it mean for cyber security?

(1)

James Hanlon

CISSP, CISM

Security Strategist

Office of the CTO

EMEA

Future Threat Landscape -

How will

technology evolve and what does it

(2)

How will cyber

security be

impacted today and

tomorrow?

Think >

Know >

Protect >

How do we need to

address cyber

security moving

forward?

What does the

(3)

3

Digitization

(4)

(5)

5

Everything will be connected more than ever before….

Internet of Everything (IoE) is arising

(6)

6

(7)

7

Machine Learning (AI)

A key future trend

“Google’s Eric

Schmidt believes

that we are at the

cusp of a new age

of AI”

(8)

8

(9)

9

AI Analysis (Astroturfing)

(10)

10

AI & Automation

(11)

11

The promises of nanotechnology

(12)

12

(13)

13

IoE

Nanotechnology

AI & Machine Learning

Future Technology Risk Landscape

(14)

How will cyber

security be

impacted today and

tomorrow?

Think >

Know >

(15)

(16)

Cyber

Security

& the

Board

(17)

(18)

ATTACKERS

DEFENDERS

Can focus on one target

Only need to be right once

Attacks can be very complex

Focus only on getting in

Attackers can buy

and test security products

Must defend everything

Need to be right every time

Blocks are expected & complexity is hard

Must balance defense with business impact

Defenders can’t pre-test

targeted malware

(19)

19

Cyber Security is key concern for all new technological

advances!

IoE / Connectivity Era

Security must be “Built-In” to the

devices and cloud services, not

deferred to be added later

(20)

But for every new technology invention today……..

“a cyber hack exists”

(21)

21

So, what can you do about

cyber risks today &

(22)

Think >

Know >

Protect >

How do we need to

address cyber

(23)

(24)

24

It’s getting harder to stay ahead……….

but it is impossible to

conduct a cyber attack without leaving a trace

Network

Server

Endpoint

(25)

C L O U D

25

What if …

Apply

Context

Correlate

& Prioritize

• You could collect info from

every endpoint, network

device, and server

• You could watch this data

at the

Enterprise

level –

looking for patterns and

anomalies

• You could apply knowledge

and learning from across

global

Communities

Indicators

of

Breach

Knowledge

about URLs,

file hashes

Attack

patterns &

actors

Correlation

across

ecosystems

E N T E R P R I S E

D E V I C E S

(26)

This is the promise of big data cyber security analytics

Machine Learning

& Big Data Cyber Security

(27)

Symantec have been a leader in cyber security big data analytics &

machine learning for many years…….

27

1 billion+ systems

_{Norton & SEP users}

200M+

(the biggest source of telemetry)

3.9 trillion rows of

security telemetry

100 billion more/month

14 security ops centers globally;

500+ expert analysts

Blocked 182 million threats

last year

(28)

A Portfolio Built on Big Data Analytics & Machines Learning

Threat Protection

ENDPOINTS

DATA CENTER

GATEWAY

S

• Advanced Threat Protection Across All Control Points • Built-In Forensics and Remediation Within Each Control Point

• Integrated Protection of Server Workloads: On-Premise, Virtual, and Cloud • Cloud-based Management for Endpoints, Datacenter, and Gateways

Unified Security Analytics Platform

Log and Telemetry Collection Unified Incident Management and Customer Hub Inline Integrations for Closed-loop Actionable Intelligence Regional and Industry Benchmarking Integrated Threat and Behavioral Analysis

Information Protection

DATA

IDENTITIES

• Integrated Data and Identity Protection

• Cloud Security Broker for Cloud and Mobile Apps • User and Behavioral Analytics

• Cloud-based Encryption and Key Management

Users Data Apps Cloud Endpoints Gateways Data Center

Cyber Security Services

Monitoring, Incident Response, Cyber Simulation Platform, Adversary Threat Intelligence

(29)

29

“is the organization's capability to

withstand negative impacts due to

known, predictable, unknown,

unpredictable, uncertain and

unexpected threats from activities in

cyberspace”

But security is not all about technology

Acknowledge the shift from 100% Security to Cyber Resilience

100%

Security

Cyber

Resilience

What’s

different

now ?

D

if

fer

en

ce

_{Accept Bad}

things will

happen

_D

if

fer

en

ce

_{Higher level}

of business

engagement

_D

if

fer

en

ce

_{From known}

threats to

unknown

risks

D

if

fer

en

ce

_{Detect &}

Respond

Faster

_D

if

fer

en

ce

_Intelligence

& Threat

Sharing

(30)

Understand that means there are two processes to implement

CYBER INCIDENT

RISK MANAGEMENT

INCIDENT RESPONSE

BEFORE

AFTER

(31)

Reactive

& Manual

 People based  Lack of policy  Ad-hoc responses  Fire fighting

Proactive

Cyber-Resilience

 A fully optimised & integrated

security framework exists

 Policy and processes are

optimised and updated frequently

 Established cyber governance

structure

 External & internal threat

intelligence is gathered, correlated and acted upon

 Partnering in cyber ecosystems

is common

 Organisation demonstrate

proactive cyber agility

Responsive

Cyber-Resilience

 An optimized & integrated

security framework exists

 Processes and policies include

most security requirements

 Improved security visibility  Basic cyber governance is in

operation

 Capability to respond to cyber

incidents exists

Integrated

Policy & Tools

 Partially integrated security

framework exists

 Policies encapsulate some

security requirements

 Security Framework is

internally focused

 Deficiencies still exist, limited

security visibility is common

Disparate

Policy & Tools

 Disparate policy  Disparate tools  Limited processes  Little security visibility