Is technology ubiquity a chance to re-connect security? Greg Day Director of Security Strategy
The changing technology landscape Circa 50% Source: Citi Investment Research and Analysis (support iPads) 150m a year (2015) Source: Ovum Q m 12.1m Source: Circa 50% Source: IDC, Data is freely intermingle d
What risks do they really bring? Banking services already targeted –Authentication –Vulnerabilities in the apps Heavily used for social networking Apps stores add revenue –10,000,000,000+ downloads to date! –Worth billions per year! Less than 1000 viruses today due to diversity
Enterprise and LOB Apps Web and Social Media Basic Services Customer Facing Apps Mobile Enterprise Apps are Rapidly Evolving What are your long term goals?
Approaches to Security on Smart Devices Segregate data (inc wipe) Secure 3 rd party apps Security controls Sandbox Full device Mitigate on device attacks
Integration of Smart devices to your existing security strategy - Enterprise Mobile Manager Database Files Directory Applications Certificate Services Messaging Enterprise Environment Windows Mobile Symbian Android webOS iPhone iPad McAfee EMM IT Ops Support Provisioning Compliance Policy Management Security & Authentication Mobile Device Management
Virtualization Enables technology ubiquity Expect 50% of the enterprise data centers workloads to be virtualized by the end of 2012 (Gartner) –Go green, decrease datacenter footprint, improve utilization –Enables faster response reducing application deployment and migration times But Gartner report that –Through 2012, 60% of virtualized servers will be less secure than the physical servers they replace, dropping to 30% by YE15 –40% of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning Hypervisor VM
Secure Virtualization Challenges How can I ease management across physical and virtualized environments? Virtual images built on the fly redefine the notion of an asset Virtualized systems are no longer systems, they become data Security impacts performance Compliance and operational procedures l ess defined Lack of support for live-migration Endpoint security not designed for VDI Excessive resource utilization is slowing adoption Virtualized Desktops Virtualized Servers
Is your security utilizing the advantages of technology? MOVE (McAfee Optimized Virtual Environments ) Move security processing out of each VM – Offloading Optimized with the Hypervisor to address scalability Enables planned capacity ~60% more VDI density Integrated management, responsive user experience, supporting persistent and non-persistent desktops Hypervisor VM MOVE Virtual Appliance MOVE Server McAfee EPO Cache Synchronization Protocol Cloud Threat Intel (GTI) Scan Engine
Changing the way we apply security in the future Application Control Dynamic whitelisting Trusted applications Trusted sources Memory Protection No Updates Change Control Change configuration audit File Integrity Monitoring and Change Prevention Prevents “compliance drift” Keep the bad stuff out Stop unauthorized apps “Greater protection, faster time to compliance, lower cost” Deny unauthorized changes Enforce change policy Integrity Control = Application Control + Change Control
Security Management The Problem Security Dashboard Modestly Helpful Decision-making still manual Based on human correlation of available information Net Result Dramatic increase in Information Risk and Costs to secure Security Purchases are Tactical Patchwork of independent products Requiring separate management Threats Overwhelm Existing Approach Many product types and security layers Can’t continue to add resources to manage new events, products
Leads to Proliferation of Security Management Consoles and Reporting Tools Anti-virus Management Tools 1 Network Access Control Management Tools 8 Anti-spyware Management Tools 2 Host Intrusion Prevention Management Tools 7 Desktop Firewall Management Tools 3 Data Protection (DLP, Encryption, etc.) Management Tools 6 Policy Auditing Management Tools 4 Web Security Management Tools 5 Security Landscape
A Re-connection strategy: Security Connected
Optimizing a Security Architecture Requires / Centralized security management Open platform for centralized management and maximum interoperability / Real-time Threat Intelligence Actionable protection with the delivery of correlated threat intelligence and immediate visibility into enterprise-wide security posture / Multi-layered protection Effective and efficient defense in depth provided by multi-layered security approach / Automated compliance Compliance-ready solutions which streamline prioritization of threat responses, reporting, policy and risk management
McAfee Global Threat intelligence - Intelligent Connected Security via the Cloud Firewall IPS DLPWebAWL ePO AV File Reputation Web Reputation Web Categorization Network Connection Reputation Message Reputation Vulnerability Information Threat Intelligence Feeds Other feeds & analysis ServersFirewallsEndpointsAppliances Mobile
PROTECTION REAL TIME THREAT FEEDS (GTI) ACTIONABLE INFORMATION SECURITY METRICS ePO DLP Web IPSSIA Endpoint White Listing Encrypt. Risk Mgmt Firewall Security Optimization Security Management Platform: ePO Executive Security Admin IT Architect Security Management Platform
Real Business Risk Assessment ““3,000 to 30” – Countermeasure aware risk management correlates MTIS threat feeds with discovered vulnerabilities, assets, and deployed countermeasures (intrusion protection, anti-virus, buffer overflow) Leverages GTI threat advisory information, delivered by MTIS feed Risk = (Threat X Vulnerability X Asset)/Detailed Countermeasure 17
McAfee’s Open Platform for Security Risk Management Industry Leadership to Drive Better Protection, Greater Compliance and Lower TCO SIA Associate Partner SIA Technology Partner (McAfee Compatible)
Cost Model of Enterprise Security 19 RISK OPTIMIZATION Optimized spend ~4% with very low risk Compliant/Proactive spend ~8% of IT budget on security Medium risk Reactive spend ~3% of IT budget on security High risk Why has it been so challenging to reduce risk? DYNAMIC Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix and target for response. Tools Based Applying tools and technologies to assist people in reacting faster REACTIVE & Manual People only. No tools or processes. “Putting out fires”.
Greg Day Director of Security Strategy, EMEA McAfeeGregDay