- Telefonica Business Solutions
Transcription
- Telefonica Business Solutions
A Telefonica Global Solutions White Paper Protecting the future_ Understanding the value of security in a digital world. September 2014 Introduction “In 2013, organizations faced many high-profile and very significant data breaches, public disclosures and advanced, targeted attacks. These targeted attacks have evolved beyond traditional defensive controls; consequently, security technologies must evolve along with the threats.” Lawrence Pingree, Gartner Agenda Overview for TSP Security Solutions, January 2014 Enterprise businesses are increasingly under attack from hackers and cyber-criminals, intent on gaining access to valuable secure and sensitive information or simply seeking to test and verify security protection, sometimes only for fun. New threats emerge regularly as the battle continues. As recently as August 2014 the US Homeland Security office published a warning about the new “Point Of Sale” malware dubbed “BackOff”, an example of the never-ending cycle of attack and counter-attack. Gartner, a world leading research company forecast that in 2013 Enterprises have spent approximately $67 billion on information security to thwart this threat.† Innovative approaches to executing security crime are not new. Legendary computer programmer, John Thomas Draper, (AKA ‘Captain Crunch’) used a whistle from a box of ‘Cap’n Crunch’ cereal to emit a 2600Hz-tone that allowed him to illegally access phone landlines and make calls for free. Often, what starts as a hobby can evolve into something far more sinister. Once motivated by curiosity and an interest in technology, along with the subsequent fame for ‘beating the system’, hacking has now become a cyber-crime; an industry in itself seeking financial gain and posing a terrorist threat. Terrorists and information thieves are now highly advanced. Organised groups and individuals are capable of bringing down online retailers, accessing and selling personal data and infiltrating IT systems. In the battle to prevent this, governments, security agencies and Telco operators are constantly developing, implementing and reviewing ways to limit and ultimately eradicate the effects of this cyber war. There are tough challenges to face: how do we physically protect ourselves from an invisible threat? Where should we construct our defences? Security threats and breaches impact us all in every business sector and we are having to learn from the experiences. This table demonstrates some of the real breaches to have recently affected some highly recognisable and respected brands. 2013 Who Industry Sector Impact February March September October December Federal Reserve Evernote Win7 Vista Forum Adobe Target Central Bank Software Software Software Retail 4,000 accounts Up to 50m users 200,000 users Up to 3m users Up to 40m customers 2014 January Who Industry Sector Impact February April Yahoo Snapchat WPT Amateur Poker League Forbes UN Internet Governance Forum Michaels Business Acumen Magazine IT Communication Online Media Government initiative Retail Media 81m users 4.6m users 175,000 accounts Up to 1m users Up to 40m customers Up to 3m customers Up to 26,000 users †Gartner Symposium/ITxpo 2013, Q&A: How is the Digital World Impacting Security? September 2013 2. 1. Defining the security perimeter When any Chief Information Security Officer (CISO) considers the security of their company, they face the same standard questions: • What do I have to protect? • Where is that information? • W here do I have to place the perimeter? Defining where a company places its defences and deciding on the approach to protect important data is not easy. These tasks have become so critical and challenging that increasing numbers of companies are delegating them to an experienced security partner. In fact, telecommunication companies are seen as the most trusted organisations to manage mobile security by 51% of companies according to Yankee Group. (Data courtesy of TDIG.) “As advancing threats, mobility and blurring network borders continue to plague organizations globally, requirements for security products, services and incident response continue to evolve. Organizations are looking to recraft their core security technology and service requirements to fill new gaps that have been identified.” Lawrence Pingree, Gartner Agenda Overview for TSP Security Solutions, January 2014 3. In the past, defining the security perimeter of a company was relatively simple: a couple of firewalls with some additional equipment to protect the servers. Today, however, this is far from sufficient. Consider when an employee goes on a business trip, connects to an open wireless network and begins a VPN session. Their credentials, passwords and even personal documents are potentially easily retrievable by the network administrator. This is a very simple and common example, yet many more sophisticated attacks are taking place daily across the globe. There are three core IT areas where company security is paramount: 1.1 Network Security Issues: Complexity, costs and expertise Companies storing customer information must adapt their security infrastructure to protect the important data. Currently, almost 70% of companies rely on hardware equipment alone, following a traditional security strategy; shared and virtualised infrastructure are becoming an option. The formula is well understood: install as much equipment as needed on the premises. NGFWs, UTMs, IDSs, IPSs, etc, are acronyms that network administrators and security teams are all too familiar with. However when a multinational company is required to manage expansive and expensive security infrastructure, they are faced with a multifaceted and intricate challenge. The most important and immediate issues include complexity, costs and knowledge (expertise). 1.2 Cloud Security Issues: Control, sharing and trust Multinational companies have thousands of employees worldwide, many needing to travel as part of their role, while sending and receiving emails and processing confidential information on the move. They may be working from an airport or hotel room by tethering a connection from their mobile, or in a car park using free WiFi. These employees are outside of the company’s traditional security perimeter and are certainly facing a security risk. After all, it doesn’t take much to become unknowingly infected by malware, before returning to the office and potentially infecting the company’s network. 1.3 Mobile Security Issues: Privacy, technology and mobility ‘Bring your own device (BYOD)’ is here to stay. Any device not managed by the central IT team poses a risk to a company’s security. Employees want to use one device for both personal and professional use. They may use the same device to send an internal memorandum and then to update their Facebook status. So, what controls are in place to stop them accidentally sending confidential documentation to a person outside the company, or accidently leaking a new product on Twitter? The mobile market is constantly evolving, introducing new devices every week, discovering bugs every day, and updating apps every hour. Therefore protecting the privacy of the employee, company data and their personal information is fundamental. “On average, 15% of employees are accessing sensitive data such as customer information, nonpublic financial data, intellectual property, and corporate strategy from devices other than work laptops and desktops. So it’s now far less important to focus on protecting individual devices the organization no longer owns, or attempting to lock down the devices that connect to the network, and far more important to protect the organization’s sensitive data regardless of device type or location.” The Future Of Data Security: A Zero Trust Approach Forrester Research Inc. John Kindervag, Heidi Shey, and Kelley Mak, June 2014 4. 2. The elements of security 2.1 Network Security Network security is a mature market, based on the capabilities of a SOC (Security Operation Centre) that handles all operational work to ensure effective security management. Having more than one SOC can clearly be an advantage, enabling coverage of different geographies whilst working in a federated mode. Early detection is the key to keeping network security in good shape. Using Security Information Events Management (SIEM) engines, the SOCs gather and correlate information from all the devices of the security infrastructure to draw a picture of the status of the service, in real-time. Advanced correlation engines can handle thousands of 5. events per second and detect advanced threats that the devices cannot detect on their own. To face the challenges of complexity and costs, customers should rely on a MSSP (Managed Security Service Provider) to manage their security infrastructure which, via their own SOCs, can remotely supervise and oversee all company devices. This allows companies to benefit from an efficient network, expertly managed by a dedicated security team for a fixed and predictable cost. 2.2 Cloud Security Cloud-hosted security services are growing in both use and importance. Advantages such as not requiring Capex investment, ease of equipment deployment and the ability to instantaneously protect any device in any location are making these solutions highly appealing to customers of all sizes. Importantly, there are three major risk factors to consider: •Web-related threats affect web browsing, applications use and social network information sharing. •Spam represents more than 95% of the total amount of emails and can harm employee productivity. •Distributed Denial of Service (DDoS) attacks can seriously damage the infrastructure of an organisation, often causing major disruption to business activity. However, there is now a wide range of online tools to combat these threats. Email cleaners are available to manage spam, whilst web navigation gateways control the Internet sites employees can access without limiting the information sharing. 2.3 Mobile Security This is a relatively new threat vector that is increasing rapidly and there are a multitude of niche companies focusing on different aspects and solutions. Current solutions are most often an evolution of Mobile Device Management (MDM) rather than new, horizontal mobile security solutions. However, we anticipate that with the increase in popularity of BYOD, this trend is likely to change in the very near future, with highly customised mobile security services coming to market. What is clear is that managing mobile security in the long term will remain an ongoing challenge. The mobile market is evolving incredibly quickly with thousands of new devices using millions of combinations of hardware and software. Protecting all variations of devices is a huge challenge. Often more than one solution is needed to efficiently protect the user from external risks. Due to limitations on the operating systems, the four major platforms (Android, iOS, Windows Phone and BlackBerry) often don’t provide the same level of protection. At present, web navigation filtering and application control are two of the most common solutions allowing enterprises to keep control of their devices without harming user experience or violating employee privacy. 2.4 Cyber Security (and the new digital threats) Until recently, DDoS attacks, information theft and email spamming were common methods to damage and disrupt the operation of a business. Today, criminal organisations use the Internet as a lucrative source of revenue. Phishing, credential and identity theft and counter-fitting are just a few of the new threats facing companies, their employees and their customers. Whether engaging with a bank or a retailer (online or high street), customers expect to be protected against security threats. In December 2013, credit and debit card details of up to 40 million customers and personal information of up to 70 million were hacked from a major retailer in the US. Providing solutions to address these real needs is a new market, and one which is growing at a fast rate to meet customer demand. Security providers are constantly evolving their products, adding more functionality to protect companies and their customers. It is an ongoing race to anticipate, address and secure customer security. “Data is the lifeblood of today’s digital businesses, and protecting it from theft, misuse, and abuse is the No. 1 responsibility of every S&R leader. Hacked customer data can erase millions in profits within weeks, stolen intellectual property can erase competitive advantage in less than a year, and unnecessary privacy abuses can bring unwanted scrutiny and fines from regulators while inflicting reputational damage that can last months, even years” The Future Of Data Security: A Zero Trust Approach Forrester Research Inc. John Kindervag, Heidi Shey, and Kelley Mak, June 2014 6. 3. How can we help? We understand the global complexity of these security dangers and have the experience to ensure that your business stays protected whatever the threat. Our worldwide solutions give you more than just security. They provide peace of mind. Our three families of Security Services include: Mobile Services Managed Services Cyber Security Mobile Security Vulnerabilities Management Cloud Services Cyber Security Clean Email Security Monitoring Security Device Management Managed Security Services: Managed Security Services (MSS) delegate the management of security devices and security incidents of your organisation to an expert, global team. This team works with you to identify critical business assets, evaluate the risks to them, and subsequently deploy customised measures to improve your security. This, in turn, allows you to focus on your core business. We have improved SIEM technology with SAQQARA, a unique Telefónica development. Using neuronal 7. Anti DDoS networks, statistical analysis and multiple algorithms, we can detect periodical behaviours and, using decision trees, respond in the best way. SAQQARA feeds back into the SIEM correlation engine to create an ever-improving ecosystem. Furthermore, SAQQARA is compatible with other SAQQARA-powered SIEMs, enabling the sharing of knowledge and intelligence with regard to new security patterns which other SIEMs may not yet detect as an attack. Cyber Security: Cyber Security Services act as your eyes and ears on the Internet, helping you to identify and manage the increasing possibilities of digital threats. Cyber Security gathers information from different sources (public, hacking and underground, partners, etc.) across the Internet and our own intelligence resources in order to help protect you against false information, ID theft, data leakage, credit card theft and “hacktivism”. Cyber Security also provides a vision of the actual security situation from an attacker’s perspective of customer assets, providing support to prioritise and fix a customer’s security flaws. Our Local Analysts continuously engage with you to advise and help identify potential security gaps that need addressing. Web Security Gateway: The Web Security Gateway (WSG) service provides a secure experience to users navigating the Internet from any location or device without the need for any hardware, software or connector. It analyses and blocks traffic that does not comply with the company’s security policy and supports compliance by imposing web browsing controls at the internet perimeter. Clean E-Mail: Clean e-mail provides e-mail filtering and e-mail policy enforcement to help your organisation meet legal and regulatory compliance requirements. Features include filtering, anti-virus/anti-malware and anti-spam protection, directory harvest attack protection, file filtering, archiving and encryption. Anti DDoS: The Anti-DDoS Shield is a centrally managed service that detects and mitigates Distributed Denial of Service (DDoS) attacks before they reach your business infrastructure, avoiding interruption and potential harm to your business activities. Mobile Security: This combines features from Managed Mobility, Web Security Gateway and Cyber Security. Mobile secure wipe, localisation, dual persona, secure ID protection, web and app navigation control are the heroes of this service. 8. 4. Contact us 9. To find out how your business can benefit from our Security Services, email us at: globalsolutions@telefonica.com or visit www.globalsolutions.telefonica.com/multinational and complete the ‘Contact Us’ form. This document is the property of Telefonica Global Solutions. Any reproduction, distribution or public communication without the express written consent of Telefonica Global Solutions is forbidden.