Cyber Defence attraverso un modello organizzativo e … · • COBIT 4.0 • ISO 27002:2006 •...

Comando Generale dell’Arma dei CarabinieriIII Reparto – SM – Centro Sicurezza Telematica

Cap. tlm Valerio ViscontiCapo Nucleo Sicurezza Logica (S.O.C.)

C.do Gen. CC - III Rep. – CESIT

Viale Romania, 45 - Maggio 2015

Cyber Defence attraverso un modello organizzativo e tecnologico

AGENDA


2

• Evoluzione delle Minacce

• Evoluzione delle strategie

• Nuove sfide della Cyber Security

• SOC Management System

• Incident Handling

• Security Intelligence

Evoluzione delle Minacce - Scenari sempre più ostili

Increased Volume

New

ThreatsEvasion

More

Professional

Increased

Volume

Targeted

threats

increased by

91% in 2013

Threats such

as mobile

botnets have

emerged

Threats are

better

designed to

evade

detection

Well

resourced,

highly capable

groups


3

Create an INTELLIGENCE-BASED decision making and response advantage

Increased Volume

NewThreats

Evasion MoreProfessional

Evoluzione delle Strategie

Focus & prioritization

Proactiveactions

Rapid &efficientresponse

New forms of protection


4

5

Escalating ThreatLandscape

Large ComplexEnvironments

Advanced Adversaries

Expanded Attack Service

- Targeted attacks

- More data at risk

- Internet of everything

- Disguised attacks

- Multiple products

- Thousands of servers

- Multiple endpoints

- Lack of talent

- Well funded

- Nation states

- Country sponsored

- Underground market

- Mobile protection

- BYOD

- Cloud infrastructure

- Internet of everything


Nuove Sfide della Cyber Security

COME USARE AL MEGLIO LE PROPRIE RISORSE E CAPACITA’ PER PROTEGGERE L’ORGANIZZAZIONE?

COME IDENTIFICARE E DARE UNA PRIORITÀ ALLEMINACCE IN COSTANTE AUMENTO?

COME POSSO MISURARE E DIMOSTRARE IL VALORE DELLE SPESE IN AMBITO SICUREZZA?


6

COME RISPONDERE RAPIDAMENTE AD UN INCIDENTE AL FINE DI CONTENERNE L’IMPATTO E PROCEDERE CON IL

RECOVERY?

DLP

ProgramFirst-in-class reference

model

Technology SolutionsIndustry and best

practices alignment

Training & Awareness

SOC Management System - Framework di sicurezza


7

SOC Management System - Modello basato su Best Practices

SOC

Quality & MaturityProcesses

Services Catalog

Organization

Roles & Responsabilities

Technology

Standard & Best Practice

• CMU HB 001• CMU HB 002• CMU TR 001• RFC 2350

• NIST SP 800-61• CMU TR015• ISO 18044• ISF

• COBIT 4.0, • ISO 27002:2006• ISO 1335:2004• ISO 18044• ITIL

• COBIT 4.0 • ISO 27002:2006• NIST SP 800-61• CMU TR 015• ITIL

• COBIT 4.0 (RACI)• ISO 17799:2005

• ISO 21827 (CMM)• COBIT 4.0• ISM3


8

SOC Management System - Catalogo Servizi

9


• Identification, Classification, Notification

• Containment• Eradication• Incident Recovery• Post Mortem Analysis

Incident Incident Handling:

• Monitoraggio real time

• Security Audit• Security Intelligence• Reporting

Proactive:

• Risk Assessment • Training• Policy Definition

Goverance:

Processo di Incident Handling

Symantec SOC Management System

10


10

PreparationPreparation

Identification

Classification

Notification

Identification

Classification

Notification

ContainmentContainment

EradicationEradication

Incident

Recovery

Incident

Recovery

Post Mortem

Analysis

Post Mortem

Analysis

Technical Model Architecture

11

Complianceand Risk Management

Security Intelligence

Real Time Threat Monitoring

Sicurezza Proattiva

Threat Monitoring Incident Handling

Security Operation Center

Vulnerabilità e Configurazioni

Gestione Sicurezza


11

Big Data Analysis

Intelligence Analysts

Data Fusion Warehouse

Analytics

Global Data Collection

Attack Quarantine System

Malware Protection

Gateways

3rd Party Affiliates

Global Sensor Network

Phishing Detections

Online Operations

Social Media Monitoring

Open Sourcing Mining

Liaisons

Sharing Forums

Security Intelligence – New Investments

12Global Intelligence Network

1

2

DeepSight

Portal

DataFeeds

Directed Research

Sign

als

Hu

man


12

Security Intelligence - Emerging Threats

IDS Threat Alert Trending


13

Security Intelligence - Metriche Reputazionali

• Comportamenti anomali

– Behavior Severity

– Behavior Frequency

– Data Confidence

• History attività malevoli:

– Consecutività eventi malevoli

– Malicious activity ultimi 90 giorni

0

5

10

15

20

25

30

35

0

1

2

3

4

5

6

7

8

9

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29

His

tori

cal V

alu

es

Rat

ings

Day

Attack Rating (combined) Consecutive Listings

Behaviour Reputation Historical Adjustment

Total Reputation


14

D o m a n d e


Cyber Defence attraverso un modello organizzativo e … · • COBIT 4.0 • ISO 27002:2006 •...

Documents

Transcript of Cyber Defence attraverso un modello organizzativo e … · • COBIT 4.0 • ISO 27002:2006 •...