The Ever-evolving Threat Landscape

good to go

are you tight on okay presentation type i'm usually right on so no worries there unless there's a lot of q a

okay well how do y'all from atlanta georgia that's as southern as i get it is really good to be here today honor and privilege uh my name is jeff maltz i run north america for del secure works in case you're not sure where the dell logo came from secureworks has been in existence for the past 14 years dell acquired us two and a half years ago we are a managed security service provider so i'm going to share a lot of stories with you anecdotal perhaps real to many of you i'm gonna apologize for two things one you probably won't sleep well tonight unless you're in this game day-to-day and some of you are some of you are not

some of you here for education some of you here on behalf of your businesses and some of you uh just want to explore some cool stuff so the lions tigers and bears as i call it of malware is incredible i cannot believe in my 28 years in existence as an i.t professional that the stuff we're seeing every day in 2003 when i joined secure works we were sifting through analyzing cataloging a hundred thousand security events a day today in the past 24 hours 50 billion events i thought ignorance was bliss before joining secure works i'm going to tell you holy cow passion and fighting the fight is what we do i'm going to talk about the viewpoint of

where we are and then i'm going to dig into the threatscape itself and that's perhaps why you're here some of you might have listened to that podcast it was meant to provoke and evoke a visceral response as this talk is meant to do to you i'm going to share with each and every one of you if you have a business or data you're out to protect what you were doing before this talk is not enough there's a lot of basics i will share with you and i'm not trying to talk down but most hackers and attack victims today can be handled understood remediated stopped in the easiest possible ways i love capture the flag stuff it will

teach you what the bad guys are perhaps doing at a very baby level no offense i'm going to challenge all you that are play hackers if you will i hope none of you are the bad guys the actors the hackers we see are not doing good things to us and they tend to be a very organized crew so the presenter before me you said team up absolutely this is not a sole hand-to-hand one-person game i'm going to dispel a lot of myths i hope all of you use this for your own security awareness training this is my fourth talk this week it started in albany new york then new york city and now here this is what i do i'm away from my

family for one reason i need to change what's happening in this market as an evangelist i hope you'll agree with most of what i share with you i'm going to share at the start of this you're going to be incredulous you will fight me to the very end by the end of this i think you'll say oh my gosh maybe this really is happening here and now i'm gonna share with you a counter threat unit research team it's a cool term from the 24 show but it's the coin marketing of our 70 incredible malware reverse engineers and researchers we have to take responsibility at dell secure works of not waiting on manufacturers of blinky blue lights and

technologies no offense but they can't keep up with the hackers you have to be ahead of the hackers to beat them we are living out 6 12 18 months in the future what's in rear view is already too late how many in your universe zero days are there in this present day era hundreds thousands that's the reality on the best day of coding as a programmer i had a thousand bugs i knew of in my code and i had tens of thousands i didn't know of how many of you tried to qa your own code doesn't work you're blind sorry you can't see the trees through the forest it's not possible you can't think like a bad guy well

enough because they are very creative and we're going to share that with you our platform our technology we monitor business networks 3 800 across the globe this is not just a small bank or 10 companies 3 800 and we're adding three to five a day so this visibility that i'm sharing with you is from true global and knowledge that we've attained daily many of you will fall under these regs regulations the alphabet soup as i coined it i will pontificate this to the end of time to be compliant does not mean you're secure if you look in the paper for every data breach that you will read about today or in the future or in the past

every one of them was compliant to some degree and it didn't keep them out of the paper so i hate using compliance for anything other than a framework to say i got that check mark i'm compliant it's not secure but i'm going to tell you something if you're secure you will be fully compliant i'm going to talk about security as an approach compliant for free this is the nightmare the bad guys get in via vulnerabilities these are known or unknown vulnerabilities and i don't mean to talk down this is a wide varied audience for a second show a hand how many of you are the network admin cto of your businesses none you all uh what are you any executive

ceo cio cso cfo okay cool what are the rest architects software designers software engineers programmers excellent well again sorry to hit you in the belly this is what we deal with vulnerabilities the bad guys love to exploit these things before you even know about them or before you can correct them i'm going to challenge all of you in the development side throughout this talk your i.t staffs or whether you're part of it as far as security are doing real things elsewhere instead of watching the house it's a 24 7 gig folks and our businesses are getting hacked when we are not watching do you know there's a doubling of attacks every weekend every american-based holiday it almost

goes 3x 2.75 times the number of attacks because small to medium business can't watch 24 7. that's what we're facing our job as a managed security service provider is to protect assets i'm going to go fast because most of you are developers or programmers or in the software side but i need you to understand the view of what we're watching so that you understand what we're protecting hence that code but there's three asset types all of us need to understand the first two you know money data the one that we always forget is computing resources the bad guys love stealing computing resources using it against you spamming your best customers creating botnets stealing data transversing across the

globe using you against you how bad for your business would it be if you were spamming some interesting content to your best customers it would be bad you have a cost to secure it the bad guys cost unfortunately is always below your cost to secure their cost to steal it because they have gargantuan resources time energy they can exploit things we never knew to exist and our costs rivals theirs because we are gurus and experts and i hope you will find some interesting tidbits and what i'm about to share with you and our job is to make the criminal cost past the value of the asset itself these are not dumb people they're about business and we're talk

about why are they creating this what are they doing we have four towers of services so you understand we have a multiple pronged approach a viewpoint monitoring of networks or managed security risk consulting penetration tests it audit web app testing code reviews we do extensive amounts of this risk consulting this is the gaps to your regulations and threat intelligence is what i'm sharing with you today i hope you've heard of us so from a credibility viewpoint we're known globally gartner rates us in the leaders quadrant the finest position you can be in in the marketplace sc magazine i have to thank some of you for voting for us that's the reader's choice awards and mid enterprise if you're in a small

to medium business we've won twice back to back as far as innovators now this is a slide of the business problem start in the upper left the malware is doubling and tripling on an ongoing basis again i shared with you 03 100 000 events at secure works to 50 billion events a day slight growth i think it's a real challenge if you're trying to code against this lower right the most embarrassing portion i could challenge all of us most breaches are not found by you or us us being the collective we it's found by a third party which can be a very embarrassing day you we need to find it before they do and protect against these exploits

and here i often get in the boardrooms i present to jeff it's a global 500 problem it's the biggest companies it is but it's also a small to medium business enterprise issue forty percent of all attacks and it's growing more dramatically for the small business than it is the large enterprise can you understand why do any of you have any idea why yes less money

exactly so partners and partnerships i'm going to talk about weak links which include people not just technology i'm going to talk about weak links who you're partnering with no offense i'm going to throw someone under a major bus and someone's not a person small cloud vendors are the nightmare of existence i'd love to coin them two guys a dog in a garage no offense if some of you are them i'm sorry we have seen countless attacks and remediation we're having to do incident response is what we call it because some business trusted a smaller business and their security at that other vendor is nowhere near even the security of the company buying the service be very cognizant of this your entire

network security could be rendered useless by whom you partner with case in point so it's less abstract um just up the road here it's not american it's unfortunately canadian if any of you are i have i'm part canadian but um i walk into a back-up company up the road and they they were very proud they showed me a closet where their computers are but no one had a key i mean they literally just opened the closet and i asked them what security stuff do you have now it's a techie term stuff they were very proud of their blinky blue light i won't even mention the brand firewall and it wasn't even a next-gen firewall with all the cool other stuff

and i said do you have intrusion detection or prevention they said what is that and that someone's laughing thank you i i need to have some brethren here this is astounding to me and i said how many customers back up to your cloud back up to your service they said eleven hundred are you kidding me really and they said just the other day we had a problem and we're stumped um some customer called us that they got a virus from us and we weren't sure how that might happen now this is the the ceo telling me this thank you yes uh we see a lot of this okay for those of you that didn't get it i'll

take you offline after this and we'll talk the threat landscape what are we facing how is and why is this so i talk about why and why now a lot and the misnomers and myths might not be prevalent amongst developers so i'm sorry this could be a little bit boring for a few minutes humor me it was notoriety it was programmers that were really gifted my namesake a guy named jeffrey invented some really cool worms in the 90s that was cool he bragged about it it made it around the world faster than any other worm at that time it moved to fame he bragged about how cool his malware was it's not there anymore folks it has

moved to money and it has moved to national interest this is a thing we coin i coined in adjacency and this is the war of today let me pose rhetorically a scenario and this is indeed happening this is not just theoretical if you were another country would you attack the american government you might but let's say that's not very wise that would be an act of war and the same is true vice versa so what do you do you go after maybe the national military base of that country but might they be fairly to very good in security posture probably so what do you do you go after the adjacencies who does business with those

companies look in this room i promise you it is some if not all of you i was dealing with a hotel chain in dallas texas and they said so how does this relate to us they couldn't get it at the board level and i said sir the ceo with all due respect you will you tell me beyond a shadow of a doubt your high visibility hotel chain no one from the u.s government has ever stayed in one of your hotels and he turned very pale because it just so happened the president of the united states was in his hotel at that moment not bad huh can any of you relate to this are you a bank a credit union a

software provider for anyone that does business with these peeps we're seeing record numbers of attacks against law firms accountancies technology companies is it for what you've got no it's for what you're doing business with part of my passion it's the only way i can wake people up it's truly a war and it is about these two points money big return on investment huge are they going to get caught or killed not likely either malware malicious software we use technologies against ourselves whether we inadvertently or intentionally or oops click on that link do any of you click on links do any of you know anyone that clicks on links okay thank you i knew i'd get somewhere i feel like i'm

the tech support for my family okay my brother i love him the death my my my i've got nephews and nieces and they click on links my daughter clicks on links come on we're gonna talk about project scareware and adaware and all this other nasty stuff that's happening we've all seen it it's moved now to advanced threats the odds of them getting through are pretty high it's not happenstance denial of service distributed denial service any of you relate to that if you're related to banks and credit unions we're getting spanked by iran right now just a fact cyber warfare it is real it is here and it is now it's not theory and yes the term apt is overused but it

truly is an advanced threat and it's bloody persistent they don't give up and by the way the symptom of all of this besides the most obvious you're offline slow networks have any of you been on or used a slow network yeah thank you uh in all honesty does it mean you have malware no but you might want to check because you could that's the only symptom we're seeing all these cool blinky lights and technologies you're going to see a little cynicism in me come out am i saying they're useless no but almost let's think for a second if you were a bad dude or dudette or group of bad dudes wouldn't you buy every commercially

available technology anyone in this room could buy of course you would would you have a programmer focusing on breaking any one of those blinky things because at the end of the day it's not a blinky blue light it's software the thing maybe no one in this room will i accuse of this firewalls are nothing but software on a box everyone thinks it's a piece of hardware not we in this room any of you attend rsa the large security conference annually i had the honor not this last rsa but the one before heard robert mueller fbi director he says these quotes these are his quotes the middle one is what i face in the market jeff we're small business

jeff we're in podunk usa or po don't canada up here they have this um ignorance is bliss approach but it couldn't be farther from the truth on the internet what is it removed it removes time space slash distance doesn't it i can get to you faster from germany on the internet than i could two street lights away especially in detroit michigan and everyone attacks atlanta i'm telling you your traffic here is really bad but new york was the worst it took me two hours to go through the tunnel lincoln tunnel it's crazy but it is about these two quotes here any of you heard the uh it's not uh if it's going to happen is only when and

it's a very mirrored approach look in the mirror it's the truth it's not fud fear uncertainty doubt understand what we're facing the bad guy's job is to break whatever technology you have to get in get out and not raise the alarms as this quote says on the bottom this came from wall street journal 2012. great quote it is very timely i'm not consult your intelligence by reading everything here the bottom line is their job is to understand whatever technology you want to throw at it the one thing we hold against them is human to human combat it's not the technology's gonna fail it will but do you have enough humans to throw at that distance and hence our mission

and purpose at dell secure works is to monitor the network beat the bad guys find them help you remediate both code and technology and remove their malware if it ever got in this is something every one of you will relate to i try to pick topical really as close to timely as possible these are faces these are real faces they're sad individuals but their job is to get in get out and get caught not so much we see this in record numbers if you've ever been in a browser and it says you have malware click here to remove it have any of you ever seen that come on every one of you should raise your yeah

this is the thing i'm talking about do anyone you know ever click on that or god help them pay that visa to remove the malware just by clicking you get the malware you didn't have do you understand that you had no malware but when you click on it they deliver the malware and when you pay them to buy the anti-virus program that removes it it doesn't and of course more malware and more malware and your data leaked that's a fact what we're finding is a lot of country states and it's not the countries that are most intuitive i'm going to show you a chart in real time from last month it shocked me i think it will shock all of you

it is about competitive advantage other countries want to copy what we're doing why would that be money innovation we're seeing pharmaceuticals getting under siege because if someone else can deliver a drug 30 days sooner do you know imagine how many billions of dollars that means and possible trademark patent loss organizations brand oh my gosh if i were a country that had a company just like yours and i could damage you my company wins you see my country company wins and this we see a lot leapfrog i call it the frog approach i get in this business i really want to get to who they do business with and who they do business with this is a fact we're seeing today they

want you not because you're you it's who you might do business with or connected to now this is the one i get fighting in the room maybe not amongst programmers developer types the reality of this is what we're seeing today is fourth generation it evolves it changes it's not constant or perpetual i wish it was we could predict and it never changes it's not that way we can predict and i'm going to guarantee one thing it's going to change from this in the next few hours but we've coined this 4th gen because we're in the fourth generation of hacking and technologies and techniques it used to be someone had to write malicious software it's put guys like

programmers like myself out of business we don't have to write it anymore do any of you do ebaying i do a lot of ebaying yes so the ebay of malware you go online to this place called wabi-sabi lobby you gotta love these names folks it's an exploit auction house have any of you ever visited it shaking heads you might not want to but if you want to if you're curious just do it on a machine you don't care if you get compromised it delivers some really nice malware but you go online and you bid in the morning and you see if you win the malware at night the opening bid for a worm this is uh

depressing if you're in software sales it's 150 dollars to buy a worm today put on my credit card will you does anyone see humor in that oh you think um gosie trojan a nice banking trojan is about eight thousand dollars it's not a lot of money is it zeus the god of all trojans and all its variants are about twelve thousand dollars-ish now it won't close at that the closing bid will be many times that but it's fascinating to watch this stuff happen so now you bought this thing this malware you bought this malware what do you do with it this is crazy you don't even have to distribute it you can hire iframes and they'll distribute

it for you you want a million machines compromised it's 10 grand sign me up then the harvesting of the data you don't even have to harvest the data the data is sold to the real evil empire 76service.org please do not visit that site you bid on social security numbers and identities there you can buy a million social security numbers for 15 million dollars this is downright depressing i'm worth 15 bucks folks you're worth 15 bucks i could swear i'm worth more than that at least to my family and social networking in this crowd maybe not so much but i'm one of the only guys out there that's really going public be careful not don't use

all the social networking stuff where there's good guys there's bad guys doing bad things to good people the data we find out there to be used and social engineering exercises is appalling look at some bank presidents what they put out there and i always crack a joke do i need to know you're in hawaii right now probably if i'm a robber tell me when you come back you were in hawaii wouldn't that be a better approach just that simple crazy times now if you're not sure the magnitude of this problem here it is if hackers incorporated were a legitimate company not what they are fortune 500 you got walmart at 400 bill hackers inc would be number one by a

magnitude of this 74 times and that was last year's take i challenge all of us we could retire the u.s deficit in a handful of years if we could harvest the money from hackers inc how about we just put them out of business by being more secure we are making change and i'm about to show you a map and some data here i always am plagued with data why and why now plagues me i always want to know and it will i'll stay up all night my wife uh doesn't appreciate it but if i get on a problem until i solve it it drives me crazy can any of you relate to that so here was a problem traditional crime

dropped for the first time in history normally in a downward economy and i'm not making light in an area that has been plagued in an economic every downward economy in american history since 1929 traditional crime which is gun point robbery etc skyrocket except one the one we're in if we could agree down when economy hit in those seven we had the exact opposite occur traditional crime dropped fortunately for me i have lots of data and didn't have to look far here's the why for the first downward economy we have some really cool malware that is a lot easier because i'm not going to get killed or caught as i said earlier zeus the net loss of zeus exceeds

traditional crime if we add the other 2200 variants and flavors of classes of malware it would be an obnoxious chart off the top is this real to everyone in the room i hope it is here's another mythbuster i often get jeff we need to watch everything inside we have some bad people inside we need to be concerned with and i immediately ask a question and i say do you have do you employ more bad people in your firm or are there more outside of your firm and i'm not dealing with a fortune 500 either and they go wow i hadn't thought of that okay well wouldn't you want to bolster your external defenses aka your

perimeter before you worry about the insider threat here's why outside threat 59 inside threat roughly 18 18 is significant but if i only had one dollar to spend where might i need to spend it it's easier to keep them out than to get them out have any of you cleaned up a virus worm or spyware on your networks was it fun no it's not fun and how many times does it flare up you ever have conficker as an example or a conflict or type yeah i call it whack-a-mole you kill one and 20 more show up those are not fun and how many hours of your time could have been spent on better things even if

at a concert or swimming somewhere not into cleaning that stuff up so the reality is if you bolster your defenses it should have never come in the first place had you done it right agree or disagree second breaches are we worried about laptops stolen and documents yes we are they're significant here a lot of them right here but look at this big pie that's hacker activity it is more likely we will get robbed without ever knowing it that's a fact until it's too late and you go oops now this is a funny graph i often get jeff look at the date in the upper right it's q1 2012. i don't want to get worried about what dates these are we

watch this stuff at dell secureworks i more wanted to show you that not only are we tracking by type of business but we see an evolutionary trend on an ongoing basis first and foremost normally if i ask you what you're seeing here if you were a manufacturer you're feeling pretty sick right now if you were in legal you're probably feeling pretty good but i'm going to reverse it the ones that keep me up at night in our firm are the ones on the right those are targeted attacks these are mass attacks it doesn't mean the month after this this trend didn't reverse the bad guys send out mass attacks and feel out the defenses and then the poor souls that they find

respond in some way non-desirable they then name in their attacks we see line one of code being name of poor soul actual named businesses what the bad guys do is they scan you on a perpetual basis they penetrate perhaps they social engineer a lot the most and oldest trick of the trade any of you see pen drives or usb as they're called in your parking lots please don't plug them in please don't it's the oldest game you may you could buy them by the the gross which is 144 right for a few bucks now so we're seeing whole cart loads being dumped in parking lots with nice malware on it are you telling your customers your

employees not to touch those who wouldn't plug it in home or at work is this real i hope it is we're seeing these basics don't plug in thumb drives usb drives and they're getting attacked like this law firms galore and we forensically diagnosed after the fact what happened in incidents and we're finding these things we even find the poor soul that did it and they go yeah i did it i didn't know it did blah okay that's what the bad guys do now this is the graph i alluded to it changes ongoing some of these are truly at a country level our friends but i'm going to tell you hackers love it there's one trend here

that i need to point out notice the english speaking countries notice where russia is which probably would have come up in your first two notice where china is definitely in the first two but look at these india ireland peru us turkey those are not necessarily intuitive to all of you am i going to say all the bad people are in these countries no i'm not i'm going to say we've made it so bloody easy in these countries to hack those machines to then use against us this is the us these are the activities coming at us we all know blending and blinding rules you bounce around we've seen the movies we understand this it's rarely the bad

guy or girl is sitting wherever that machine is we all understand that now if i've done my job and if all i do is change the way you look at the internet and do business on and the way you code i'm doing my job this is the wall of shame if i've done my job you will never appear on one of my slides unintentionally or intentionally these are some companies some of these are governments city local some of these companies are gone it's really unimportant what i put up there's hacks of the day in usa today there were three today wall street journal announced two very high high visibility reaches do any of you read the paper and not see

one two five ten it's the the game of the day the bigger the dot here the larger the data breach some of these are going to shake your head and yes their names are here if you do business with them be cognizant your data is at risk was at risk if they haven't bolstered their defense these are some massive data breaches these are dollars known publicly disclosed i'm sure there's a lot of dots i couldn't put up here because they're hypothetical and we don't know the size of the breach is it real to everyone that the loss is substantial and could be to your brand reputation and perhaps the viability of a business so i beg you to think differently

clearly if you unplug from the internet it would be a very secure posture agree now all of us as individuals can unplug for our vacation week but can you really unplug your businesses from the internet i haven't met many or any recent history of the talks i've given now you've decided to do business on the internet how do you do business on the dirtiest place to do business we have to co-exist don't we so we're going to talk about this we've touched on all this this is what we do the day-to-day battle i've removed some of the pictures because they pose as actors if you will we don't need them disclosed in these public forums

one of our chief founders john ramsey is uh right here our ciso a retired colonel from the u.s military doug steelman colonel hensley runs our counter threat unit retired u.s army we have a lot of ex-military and they know a lot and of course non-classified is known by secure works we share data to and fro we can't do it alone 70 guys versus millions of bad people not so much but i can say to all you we've never seen in any other organization 70 of these minds in one place at one time this might be a good place to recruit so i'm going to put some ideas out there if any of you are looking for employment

in a good firm doing the good thing against the bad guys beg you to go to secureworks.com we have over 400 open head count we're growing dramatically in two and a half years we've doubled in size to 1700 employees and we've doubled the size of this group here because the threat is changing that fast that's how bad it is we used to see change in a week we're now seeing change within an hour of the threats we're facing this is the threatscape and evolution it started out as script kiddies we've all heard that term kids boarded out of the gourd doing this for fun it has evolved clear to advance persistent threat which by the way will

break through any technology you throw at it i promise you next gen included any blinky blue replace brand here it doesn't matter it is not the technology be cognizant i've seen more shelf wear in my career than i could care to brag about we all know it started with erp went to crm and today at sim tools security information management bad guys love you buying tools because they already know how to get past them so these threats are truly advanced and their job is to use your own technology against you a false sense of security if you will do any of you feel secure with the the controls the technology that you have you've admitted kindly that you found

virus spyware worms on your network how good did your malware detection work yeah it i'm going to use some language it pisses me off i bought all this cool technology but i'm still finding it how good was it really i went to rsa this past year i've never seen more snake oil sold in my career i almost got thrown out of more booths in the history of my my existence in technology because i just couldn't sit there and agree it was complete bunk there is no perfect technology and you need as many layers between you and the bad guys as you can possibly afford and at the end of the day be sure your code is secure

take a security approach not a compliance approach as a programmer my gift and job was to get code working fast but i'm going to tell all of you open kimono was it very secure not so much sql injection does that keep anyone up in the room sql injection sql injection yep the view we have we're seeing a record number of sql injection and cross-site scripting attacks please understand this it is a global threat not just in american or not just detroit michigan or not just windsor canada it is global and it is evolving and people the gangs are global they're not sitting all in one place you might have two dudes in detroit 16 in belarus a guy in chile

14 in china and they're one band of evil characters and they're evolving current code they're taking that nasty trojan dosy or evolving zeus do any of you know you can buy the source code of zeus please don't but i'm just letting you know it's crazy you can license the zeus malware and it's a darn good trojan i'll have you know real life examples so this isn't the theory of application on the left are some of the names you've seen flame and black hole keep us up at night when we take over a network we say it lights up like a christmas tree 47 percent of all our new customers had malware on their network and the only

thing they said to us jeff that that explains a lot our network was slow we found a porn site being hosted out west on a credit union network and no i i get a question someone snarky in the crowd so was that their side business no it wasn't they did not know it and they said the cto greatly relieved of course said wow that's why it got slow it the network got slow at 6 pm every night

the game over zeus trojan oh my gosh we're finding them on a plethora of home machines so here too is another threat byod right bring your own device does this keep anyone else up at night are you secure are you using a sandbox approach to your devices are you even certifying your devices don't open your networks unless you've got to and then be very cognizant there's malware for every platform i get in a crowd this size and they're very proud of their apple things okay sorry i work for dell there's nothing apple in my house but the reality is no i am not on an apple i'm the last guy they're going to kick off the blackberry network i'm very

proud of that that's not an advertisement for our canadian friends it's just that we we have a security approach but what i'm going to share with all of you there's malware for all platforms and some of the nastiest malware we've seen have come out for the apple platforms not just a machine it's that i thing okay it there is no way to escape it there's no better browsers i get asked all sorts of fascinating questions the only way to beat them is be more secure than them they're going to get frustrated at some point and they're going to move on to easier prey because there's always someone easier than you at least that's my hope and intent

these are not dummies remember that return on investment if you increase your cost for them to steal the asset and your value of the assets down here they're moving on so all i ask irrespective of platform irrespective of a browser irrespective of operating system be vigilant so my challenge all you who's watching your firewall right now i had three guys run out in new york city they freaked out on that statement please don't this is a really good conference the bottom line to this is it's got to be watched 24 7 vigilantly or you will lose the bad guys favorite line two three and four of code is line two shut off antivirus line three shut off content filtering

line four open a high firewall port that's a fun one they have to phone home somewhere and they get real mischievous when they use your 443 any of you familiar with that port might have it open right now because you use encrypted so the bottom line to this is these are not dummies but would you notice that a high firewall port just happened to be open at this moment and some of you might say yes and some of you might say oh blank yeah this is what we're facing and then targeted exploits they target specific vulnerabilities behavioral or code oriented sql injection here was a mind-boggling thing it used to require a guy or gal

that really understood sql i'm an sql programmer so the reality of it is it's not hard i think in it but now there's even tools i think some of you could buy one at this conference i i saw it you can buy a tool that randomly checks sql injection that's pretty mind-boggling the first day my my development team showed me that i almost grabbed the garbage can uh it made me really sick it used to require a human you know to attack that code not so much today it's all automated now some of you might be business folks some you might not this might not appeal to everyone but at least i want you to

be cognizant of this it is about risk cost again unplugging from the internet there's very low to no risk on the internet well there's a whole bunch of risks so i've categorized it in four ways you're the target in the center this is not bad guys this is business case business risk the lower right i always start compliance based risk the lowest form of life thou shalt do this by the way every regulation you read about is so common sense it's mind-boggling did i really have to be told i need a firewall really did i really have to be told i need intrusion prevention really did i have to be told i need anti-virus you follow that's regulatory compliance

now that we're done with that let's talk about the real stuff liability by a show of hands how many of you know or believe you have cyber insurance at your business well done to those that did raise their hands i would advise everyone that has a business needs cyber insurance i don't sell it i'm not here pontificating that but because of all the data i've shared with you you will have some issue some point and you need coverage but by the way many of you that apply for cyber insurance might get declined because your risk is too great ironic you have to mitigate that risk you have to monitor it 24 7 before they'll insure

it it's like your home insurance maybe not in detroit i was in albany new york and i'm going to tell you someone said we don't lock our doors here so that metaphor doesn't work in atlanta we lock our bloody doors and i have an alarm on my house for my family you know what i'm saying well the same applies here you want an alarm to watch 24 7 your network and cyber insurance is demanding it libel how many of you could prove that you weren't liable if a suspected data breach occurred could you prove beyond a shadow of a doubt the data wasn't leaked by you we've dealing with tens if not hundreds of prospective customers in just this

pickle forensically we're having to go on site to diagnose if the breach occurred and in many cases there's nothing there to tell us if they did or didn't ouch then there's a lawsuit direct loss some of you were kind enough to share with me that you found the trojan spyware you've invested time that to me is a direct loss whether you admit to it or not humor me keep a log book of every minute hour day you spend remediating i call it the poopy diapers this stuff can be eliminated i had a cto do this because he was incredulous he said jeff i'm spending you know an hour a month i had him track it for 90 days can any

of you guess how much time was in that logbook thank you for your guess it was 188 hours if it were a thousand i think he'd be looking for a job he might in this case he was the entire network security team of that organization so very good point 188 hours if we take that as a just a hypothetical average in this room wouldn't you be able to find better stuff to do for 180 hours of your time in a quarter year and if you multiply that by four four quarters ouch now what is that worth to your business and how much opportunity cost did it cost your business that's a lot of money and the last one is usually the province

of the chairman of the board the ceo and board of directors reputational risk we're finding companies vaporize due to a breach i hope this is real to any of you i hope it's not too conceptual or abstract i met with a board of directors of a small manufacturer and he quoted in the past week jeff our reputation is worth 10 x our revenues 10 times our revenues because they've been doing this for 85 years and without going for overkill warren buffett said it best it took the reputation building decades on the speed of the internet how fast could it be wiped out he said this to our cyber terrace are the united states of america

that's pretty real so i think of doing business differently i need you i beg you to do the same i get asked jeff okay all this abstract stuff how can you monitor through the internet what is it you do how do you do this just so it's not conceptual we deploy an appliance to collect the logs at your locale at the top there is perhaps your network three firewalls three ids's 50 or so servers yours might be smaller or larger it doesn't matter that's 500 million events in a week folks if you've ever looked through logs it's a bloody nightmare we then divvy things up into three buckets negative filter is not security relevant most traffic on your network is

completely benign and legitimate breathe easy where you get the i gotcha is the positive filter i am positive you do not want it on your network it is malicious i get accused by my own customers of course we're paying you to do that but the real value is the anomalous it's never before been seen and by the way it's a really bad day if we're seeing fifty billion events and we haven't seen it before in this case sixteen hundred of them in a week per customer we consolidate all that to about fifty five hundred events fifty six hundred thirty three specifically and we categorize them into red yellow green and we call you on all red

incidents to help you remediate it we're not a bell ringing service if you forget everything i've shared with you this is your take home i like to button it up tie it in a bow and make it very tight and succinct first all of you in your businesses invest in intrusion prevention it is oxygen on the internet and i'm going to clarify that it is not meant to be just on your next-gen firewall next-gen firewalls have firewalls and ips's and a whole bunch of other stuff i'm gonna talk about what i'm speaking to here is separate from that firewall from a different manufacturer than your firewall you need a check and balance we've seen next gens get compromised in

minutes and their ips found it after the firewall i can't say this without any total certainty a hundred percent certain you need this layer of prevention educate your employees i hope you'll use some of this this is going to be online i'm more than happy to email this preso to you just don't publicly post it please there's some data in here we don't need bad people to get access to protect your assets i i can't tell you how many technology discussions i have and they go ten minutes later oops i forgot to tell you about have a complete inventory of your true i.t assets i t assets include your human resources employee data not just valuable patient

or customer data here's a neat one for everyone in the room reduce your security costs how many of you have a flat i.t budget year-over-year this year last declining i.t budget the rest you have an increasing budget i haven't met many of them god bless you all that's great now remember use an enablement of compliance don't just be compliant be secure it is a 24 7 gig if you're getting asked why are we having to spend more than all these blinky blue lights you've been asking for because it's around the clock and the last point i guarantee you've never heard before because this is just very personal to me it's the 50 30 20 rule

if you had to have a to-do list this would be it out of the 50 billion events we monitor daily 50 percent of those hence the 50 number 50 percent of those are seen by the firewall and next gen layer of your networks so how important is it to monitor your firewalls folks it'll be very important then the 30 is from that separate layer of intrusion prevention not on the next-gen firewall it's probably the most important 30 of your careers because it keeps it out and the last but not least is the 20. those are your servers routers switches inside that need to be monitored and i'm going to open this up to questions that you might have we're

right on time here

any questions if not thank you very much for your attendance i do hope this changes the way you look at and use that internet thing and please please be secure thank you

thank you

so

so

so

you