Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
빅데이터로 풀어보는 보안 전략
김창오 | 컨설팅/기술이사블루코트
관리 대상의 복잡도 증가
성장 > 시스템 확대 > 보안구성 복잡 > 신규 시스템 등장 > 공격 대상 증가 > 취약점 대상 증가
현대 보안 공격의 특징
지능적인전략 금전적목적과목표 시간초월적공격
APT 공격 방어의 허와 실
웹 보안위협 동향 – 악성코드 네트워크
240%
전년대비악성코드증가
40%
소셜네트워크사이트를통한악성코드
감염
2/3모든웹공격중 2/3는악성코드네트워
크(Malnet)을통해서발생
1/142
검색엔진검색결과중악성코드링크
5000
기업이매달직면하는보안위협
취약점에 대한 공격 방법
E-mail / Messenger/ SNS
Public Web Site 공격* 취약점을만들기위해사회공학적방법을이용
기업의 정보보호 대응 방안
보안 강화설계
Security by Design
Privacy by Design
Secure Coding/SDLC
사전영향평가
Security Impact Assessment
Privacy Impact Assessment
Technology Impact Assessment
지속적인보안관리
Risk Management Governance Compliance
보안역량지속관리
Education/Training
Awareness/Campaign
Security Team/Recruiting
사고대응준비/증거기반강화
Forensic Readiness/Digital Forensics
Business Continuity Plan Disaster Recovery Plan
위험 예측/식별 강화
Breach Notification/Report
Monitoring/Audit Public Notice on Security Level
사전예측 가능성및 정확성 강화
보안 거버넌스확립
실시간 대응가능성 강화
위험관리/정보 보증능력강화
사후 책임추적가능성 강화
국내 보안 시장의 흐름
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
80.0%
2011Year 2012Year 2013Year 2014Year 2015Year 2016Year
0.4% 0.4% 0.4% 0.5% 0.5% 0.5%
7.1% 7.5% 8.4% 9.3% 10.2% 11.0%
21.7% 21.6% 22.3% 23.0% 23.6% 24.1%
70.8% 70.5% 68.9% 67.2% 65.7% 64.3%
Communication Governance & Compliance Auditing and Analyzing Technical(Network, System and Application) Security
보안활동의 골든 타임
84%
Initial Attack to Compromise
78%
Initial Compromiseto Discovery
Hours
60%
Days
13%
weeks
2% Seconds11%
Minutes13% Months
62%Weeks12%
Days11%
Hours
9%Years
4%
CISO들의 생각
Who did this to us?
How did they do it?
What systems and data were affected?
Can we be sure it is over?
Can it happen again?
현대 위협의 대응
TODAY’SADVANCED
THREATLANDSCAPE
2014년 Security Key-words& ATP : Advanced Threat Protection
INTELLIGENT VISIBILITY ANALYTICS
Integration Layer
Threat Intelligence
Big Data Security Analytics Security Visibili
tyFull Packet Capture
Layer 2 - 7 indexing & classification
Visual InsightContext, real-time awareness, alerts
Advanced Malware DetectionWhite/blacklists, sandboxing, feeds
Big Data Security Analytics for Advanced Threat Protection
Security Analytics andAdvanced Threat Protection
Security Visibility
Security Visibility• Full packet capture• Layers 2-7 indexing• Deep packet inspection• Session reconstruction• Scalability and performance• Single pane-of-glass
Big Data Security Analytics• Heuristic detection• Statistical analysis• Inferential reporting• Context-aware analysis• IOC’s & TTP’s• Visual insight
Security Analytics andAdvanced Threat Protection
Security Visibility
Big Data Security Analytics
Security Analytics andAdvanced Threat Protection
Security Visibility
Big Data Security Analytics
Threat Intelligence
Threat Intelligence• Real-time white/black lists• Sandbox detonation• On-premises or cloud-based• External data enrichment• Dynamic Intelligence Cloud• Machine-learning architecture
Integration Layer
Threat Intelligence
Big Data Security Analytics Security Visibili
ty
Integrated Advanced Threat Protection
Security Ecosystem
Context-Aware Security
Adaptive Security
Enhance existing investments
Integrated workflow automation
Integration Layer
Threat Intelligence
Big Data Security Analytic
s
Security Visibility
네트워크 포렌식 솔루션
1
4
2
2
3
1
1=Check 2=Check
3=Check
4
Packet Security Tools
Network Forensics
Unknown Packet
- When?- Where?- What?- How?- How Long?- Who?- Target(s)?
아무도 모름?
Full Packets Capture
분류추출색인
모니터링분석
보고서저장
Raw
Data
원본 저장
Replay
의심점특이사항
(악성코드)
네트워크 포렌식 솔루션은 기존의 보안 솔루션에 의해 탐지/식별되지 않은 패킷들에 대한 검사가 가능하게 함
Integration
수백만 개의 달하는데이터 요소의
미심쩍은 활동 포착 필요
다수 미심쩍은 사고에서중요한 사고를 추려냄
보안침입사건에서기업들은명확한
침입증거가있었음에도불구하고데이터
과부하로증거를발견하지못함
.
모든 관련데이터 분석
문제의 징후를지능적으로 포착
분석된 정보를사전 예방에 활용
AnalyticsSecurity Intelligence
실시간 모니터링
근원 분석
Layer 2 ~ 7 분석
어플리케이션 분류
상관 관계 분석
Pre-
Explo
itPo
st-E
xplo
it
네트워크 포렌식 - SA (Security Analytics)
블루코트의 네트워크 포렌식 솔루션 - SAP
블루코트의 네트워크 포렌식 솔루션(SAP)(Security Analytics Platform)
1. WebThreat BLADE inspects all web traffic and identifies malicious communications
2. FileThreat BLADE identifies known good and known bad files
3. If no clear verdict, suspicious file delivered to MalwareAnalysis BLADE
Solera is the Security Camera for your Network
DPI classification of over 1,800 applications and thousands of meta attributes
On the wire, file-level visibility and analysis of data exfiltration & malware infiltration
Context enrichment – including Reputation, User and Social Personas…
Attribute-based packet, report and artifact access
Real-time navigation of 100s GBs of data in seconds, 100s TBs in minutes
Records, classifies and indexes all packets and flows up to 10Gbps per instance
SOLERA IS THE SECURITY CAMERA FOR YOUR NETWORK
Providing real-time analysis and full visibility of everything going in and out of your network
do we do what we do?
ProxySG Not From Known Malicious Site/Malnet
ALLOW Further Inspection
Blue Coat Malware Sandbox
Non-BlueCoatSandbox
BLOCKKnown Malicious Site/Malnet/
Malware
Not In Malware Signature Databases
Allow Further Inspection
On WhitelistALLOW DELIVERY
Not On WhitelistSend To Malware Signature
Databases
MaliciousUPDATE & ALERT
Not Malicious
MaliciousALERT
WebPulseGlobal Intelligence Networ
k
Internet
Content Analysis System
Malware Signatures Databases
Application Whitelist
다계층 악성코드 분석 플로우
ATP(Advanced threat protection)전략
CAS
Advanced Threat Protectionthat Unifies Big Data Security Analytics,Threat Intelligence and Security Visibility
we deliver