Vice President of Products and Global Marketing, RiskSense, Inc. Best Practices Revealed: A Blueprint for a Modern Enterprise Security Program Dr. Torsten George Vice President of Products and Global Marketing, RiskSense, Inc.

Total IT Security Spend +26.1% $116 billion $92 billion +19.6% +8.2% $76.9 billion $71.1 billion +7.9% $65.9 billion 2013 2014 2015 2016 2019 Source: Gartner, Gartner Says Worldwide Information Security Spending Will Grow Almost…, August 2014; Gartner Summit, June 2016 2

Cyber Reality Check Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/; as of April 25, 2017 3

A Growing Attack Surface Public Internet VPN Mobile Workers Mobile Connectivity Email and Web Traffic Web Properties Headquarters Munich Branch Office Cloud Deployments- Amazon Web Services, Google, MS Azure Partner, Contractor Access- Environmental Controls, POS, CRM Remote Offices Third-Party Datacenter Applications Mobile Phone Smart Watch Tablet Appliances Security Systems Google TV Apple TV Netflix Gaming Systems Engine computer Wi-Fi Bluetooth Vendor Supply Chain Computer Lights GPS Entertainment Paris Branch Office 4

Manual Data Aggregation Today’s Cyber Security Challenges + + + + Silo-Based Security Tools A Growing Attack Surface Manual Data Aggregation and Analysis Lack of Context Reactive Mitigation 5

Today’s Cyber Security Approach 6

Network layer is primary defense perimeter Cyber Security Limitations | One Dimensional Network layer is primary defense perimeter 7

Source: Verizon 2016 Data Breach Report Fact Check: Cyber Risk is Everywhere Source: Verizon 2016 Data Breach Report 8

Source: RiskSense Research Center Cyber Security Limitations | NVD-Focus Source: RiskSense Research Center 9

Source: Verizon 2016 Data Breach Report Fact Check: Time-to-Remediation Matters Source: Verizon 2016 Data Breach Report 10

Today’s Cyber Security Limitations | CVE-Focus 10 9 Scanner Reported CVVS 8 Threat-Contextualized Severity Score 7 6 POODLE Vulnerability 5 Severity 4 3 2 1 50,000 100,000 150,000 200,000 250,000 300,000 Vulnerability Count 11

Emerging Market Requirements The ongoing skills and expertise shortage, and increasing escalation in the threat activity, will hasten the move to full and semi-automation of operational activities. To enable a truly adaptive and risk-based response to advanced threats, the core of a next-generation security protection process will be continuous, pervasive monitoring, and visibility that are constantly analyzed for indications of compromise. Enterprise monitoring should be pervasive and encompass as many layers of the IT stack as possible, including network activity, endpoints, system interactions, application transactions and user activity monitoring. Source: Gartner, Designing an Adaptive Security Architecture for Protection from Advanced Attacks, January 2016 Gartner, Innovation Tech Insight for Security Operations, Analytics and Reporting, November 2015 12

Action vs. Reaction LEADING LAGGING Cyber Risk Management Proactive Vulnerability • Configuration • Network • Policy • Proactive Reactive Attack 13

Cyber Risk vs. Threat and Vulnerability Management 14

An Intelligence-Driven Approach 15

Identify and Prioritize Risk-based prioritization Contextualized with external threat data (e.g., malware) 16

Analyze | Asset and Organizational Level Security Score Methodology (RS3) CVE CWE OWASP Database Vulnerabilities Exploit Malware CVVS Default Passwords Proof of Concept IP Reputation IP-Based Accessibility Firewall Rules User-Specific Business Criticality Business Criticality from Asset Management System 17

Visualize 18

Cover Network, Applications, and Databases Cyber risk score for a system, consisting of applications, databases, and network components.

Visualization of application attack path analysis Analyze | Application Layer Visualization of application attack path analysis 20

Assign tickets and trigger pre-defined workflows Orchestrate Assign tickets and trigger pre-defined workflows 21

Pro-Active Cyber Risk Management | Benefits Shortens Time-to- Remediation Increases Operational Efficiency Strengthens Security Programs Improves Cyber Hygiene Minimizes Cyber Risks 22

One of the nation’s largest universities was able to Success Stories One of the nation’s largest universities was able to Testimonials: “RiskSense lets us cut the data and take a different view and helps us prioritize what we should be working on. That’s where we really found a lot of value.” – CISO, Fortune 200 Telecom Company 23

Questions and Answers Session Okay, are there any questions? 24

RiskSense | Who We Are Pioneer in a $2.5 billion market Privately held with investments from Paladin Capital, Sun Mountain Capital, EPIC Venture, Jump Capital, and CenturyLink Growing 50+% year-over-year since 2013 Software-as-a-Service and Managed Services business model 150+ customers Close to 100 employees Offices in Albuquerque, NM and in Sunnyvale, CA Research, innovation-driven 25

The Solution | The RiskSense Platform 26

DON’T REACT TO ATTACKS. BE PRO-ACTIVE! Contact RiskSense at +1 505.217.9422 • info@risksense.com 27