Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Game has Changed… Ready or Not! Ted Lee

Published byCharles Poole Modified over 7 years ago

Similar presentations

Presentation on theme: "The Game has Changed… Ready or Not! Ted Lee"— Presentation transcript:

1 The Game has Changed… Ready or Not! Ted Lee
Manager, Systems Engineering

2 Visibility Confidence
How confident are you that you can identify every device, user, and application in your environment, in real-time?

3 2016 Mandiant M-Trends Report
146 DAYS MEDIAN NUMBER OF DAYS BEFORE DETECTION 56 DAYS TO RESPOND TO A BREACH 53% OF COMPANIES LEARNED THEY WERE BREACHED FROM AN EXTERNAL ENTITY 100% OF VICTIMS HAD FIREWALLS OR UP-TO-DATE ANTI-VIRUS SIGNATURES $4M AVERAGE COST OF A BREACH SOURCE: MANDIANT M-TRENDS REPORT, PONEMON COST OF DATA BREACH STUDY

4 Date 146 Days Ago ? August 16, 2016

5 The Challenging Threat Landscape
Dec 2014: “Within two years, 90% of all IT networks will have an IoT-based security breach” Number of unmanaged devices is exploding 2010 2012 2014 2016 2018 2020 Less than 10% of new devices connecting to the corporate environment will be manageable through traditional methods By 2020: 20+ Billion Unmanaged Connected Devices Unmanaged Devices Managed Devices [begin] The second primary reason the bad guys are winning has to do with the rapidly changing landscape of endpoints. [click once - animation] By 2020, less than 10% of all new devices connecting to your network will be manageable via an agent. As we all know, putting an agent on devices is the defacto standard for controlling enterprise devices; however, the onslaught of BYOD and IoT makes this no longer possible. IDC is predicting that by the end of next year, 90% of all IT networks will have an IoT-based security breach. [next slide] ========================= Information about sources BI Intelligence forecast: Gartner forecast: Verizon forecast: IDC: Source: Gartner, BI Intelligence, Verizon, ForeScout

6 IT Security Challenges
IBM “70 to 90 percent of all malicious incidents could have been prevented or found sooner if existing logs and alerts had been monitored” Verizon Data Breach Investigations Report “Average time to contain a cyber attack is 31 days” Ponemon Institute “2014 Global Report on the Cost of Cyber Crime” Fragmented security lets attackers in IBM Firewall SIEM ATD VA Endpoint Patch EMM Security products are siloed. Human beings are needed to compensate for lack of automation. SecOps teams are overwhelmed and cannot respond in a timely fashion. [begin] The third major reason the bad guys have an advantage has to do with the lack of coordination between all of our security, management and compliance tools. [click once – animation] Each major technology tool does not share information with other relevant tools that could help detect, prevent or respond to a cyber threat. Therefore, people – rather than technology – are required to connect the dots. As we learned with some of these well-publicized breaches, relying on overwhelmed security operations teams to sift through alerts from dozens of tools, is a losing proposition. All this fragmentation lets attackers in. The recent Verizon report states that 70 – 90 percent of malicious incidents could have been prevented or found sooner if effective coordination between disparate tools existed. And once you have been breached, it takes on average 31 days to contain the attack, and we know that much of this delay is caused by of the lack of coordination between tools. [next slide] NOTES: Opportunity for the Adversaries Swivel Chair Administration Builds sometimes trip people up. Defense in Depth doesn’t work because of lack of communications to each other “throwing people at the problem” How do they work – human beings.. Already overlooked

7 The Threat Landscape: 5 Major Trends Emerging 2016
80% Global 2000 hit by targeted attacks 1. Highly Targeted Attacks 2.5x Increase in losses from targeted attacks yoy 2015 PwC Information Security Breach Study and Symantec Internet Security Threat Report 20 (2015)

8 The Threat Landscape: 5 Major Trends Emerging 2016
60% Can’t catch credential thieves today Highly Targeted Attacks 2. Credential Theft 40% Windows hosts with high-risk credentials for pivot points

9 The Threat Landscape: 5 Major Trends Emerging 2016
41% Breaches caused by trusted partners Highly Targeted Attacks Credential Theft 3. Insider Element 33% Enterprises that give partners privileged network access Protiviti 2014 IT Security and Privacy Survey and 2015 PwC Information Security Breach Study

10 The Threat Landscape: 5 Major Trends Emerging 2016
26k Netscreen Firewalls with malicious backdoor Highly Targeted Attacks Credential Theft Insider Element 4. Hijacked Security Layers 70% Cloud applications impacted by Heartbleed SSL flaw

11 The Threat Landscape: 5 Major Trends Emerging 2016
5 out of 6 large companies is hit with targeted attacks today 17% Android apps that are malware Highly Targeted Attacks Credential Theft Insider Element Hijacked Security Layers 5. New Threat Vectors 70% IoT devices shipping with known vulnerabilities

12 Can Agents Do It All? Continuous Monitoring and Threat Mitigation with Next-generation NAC- Frost & Sullivan – October 2015 ioT = Internet of Things

13 Internet of Things, Ready or Not…
20+ Billion Dec 2014: “Within two years, 90% of all IT networks will have an IoT-based security breach” IoT 5 Billion BYOD PC This chart shows: A lot of unmanaged devices…. 1990 2015 2020 Gartner, Nov. 10, 2015

14 What about Internet of Things (IoT)?
Network connectivity enables these objects to collect and exchange data Video cameras Healthcare equipment Safety equipment Climate Control Environmental sensors Vehicles Asset Tracking devices Refrigerators Physical Security devices Identity Controls

15 Time to re-think our approach

16 See Discover Classify Assess
001101 So how do you see how these BYOD and Unmanaged devices? Notes: Thousands of different hardened operating systems. Not prone to agents. WE NEED TO STAY AGENTLESS SO WE SEE EVERYTHING We need to recognize everything.  AUTO CLASSIFY 100% THIS ALLOWS CUSTOMERS TO SET POLICIES BASED ON REAL WORLD USE CASES (HVAC, PRINTER, BYOD..) On slide 12 – should be DISCOVER, CLASSIFY, ASSESS – in that order… not sure having the words ‘ integrations ‘ makes sense since we are not speaking to our solution rather suggesting what should be done to SEE everything connecting to the enterprise… can you explain the order of the builds for me? I am sure there is a reason.  IE give me the talk track.

17 Less Privileged Access
Control Less Privileged Access Quarantine Block Limit Notify Data Center Guest Network Corporate Network

18 Orchestrate ATD SIEM VA EMM Custom

19 IoT Use Case IOC Scanner 1 Device connects to the network 2 Device is detected and classified as a printer 3 Compromised printer communicates with the corporate file server 4 SIEM/ATD detects an anomaly and forwards the event to CounterACT Firewall ATD SIEM Endpoint Patch EMM 5 Compromised printer is blocked from accessing the network Corporate File Server Network Internet ) ) ) ) ) ) ) ) ) BYOD Devices IoT Devices Corporate Devices Rogue Devices

20 Advanced Threat Detection Use Case
1 1 ATD system notifies ForeScout of an infected endpoint and threat profile 2 2 ForeScout policy based on threat classification restricts network access of endpoint ATD 3 1 3 3 ForeScout initiates managed endpoint remediation actions using details from the ATD system and removes network access restrictions on endpoint Internet 2 3 1 5 4 ForeScout CounterACT® 4 4 ForeScout scans other managed endpoints on the network for the IOC and initiates remediation actions Switch Wireless LAN Controller 5 5 ForeScout scans endpoints for IOCs as new endpoints attempt to connect to the network 4 5 2 3 1 May 2016 [begin] BYOD Devices Managed Devices IoT Devices Rogue Devices Reference Acronym Glossary at the end of presentation

21 Vulnerability Assessment Use Case
1 1 ForeScout detects an endpoint connecting to the network ForeScout requests the VA System initiate a real-time scan of the endpoint 2 2 VA Patch 3 2 5 3 3 VA system sends scan results to ForeScout 4 4 ForeScout places endpoint in remediation VLAN based on VA scan results and policies Internet 5 6 4 1 3 2 ForeScout CounterACT® 5 5 ForeScout requests patch management system to apply correct patches Switch Wireless LAN Controller 6 6 ForeScout provides endpoint with appropriate network access once remediated 6 4 1 2 May 2016 BYOD Devices Managed Devices IoT Devices Rogue Devices Reference Acronym Glossary at the end of presentation

22 Enterprise Mobility Management Use Case
1 1 ForeScout discovers endpoint connecting to network 2 2 ForeScout queries EMM server to see if endpoint is managed by EMM, if so, network access continues EMM 3 2 4 3 3 ForeScout moves endpoint to restricted access if not currently EMM managed, does http redirect and prompts user to install EMM agent Internet 4 3 1 2 ForeScout CounterACT® 4 4 ForeScout moves endpoint back to appropriate network access once EMM confirms endpoint is EMM managed and meeting EMM policy Switch Wireless LAN Controller 2 4 1 3 May 2016 [begin] BYOD Devices Managed Devices IoT Devices Rogue Devices Reference Acronym Glossary at the end of presentation

23 THANK YOU!

Download ppt "The Game has Changed… Ready or Not! Ted Lee"

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.

Managed Security Monitoring. 2 ©2015 EarthLink. All rights reserved. Today’s top IT concerns — sound familiar? Source: IT Security Risks 2014: A Business.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
It’s Not Your Father’s NAC: Next-generation NAC

It’s Not Your Father’s NAC: Next-generation NAC
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.
May 2015 Toni Buhrke, Director Systems Engineering.

May 2015 Toni Buhrke, Director Systems Engineering.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Synchronized Security Revolutionizing Advanced Threat Protection

Synchronized Security Revolutionizing Advanced Threat Protection
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Similar presentations

Ads by Google