Presentation is loading. Please wait.

Presentation is loading. Please wait.

Director of Sales Engineering, RiskSense, Inc.

Published byClyde O’Connor’ Modified over 6 years ago

Similar presentations

Presentation on theme: "Director of Sales Engineering, RiskSense, Inc."— Presentation transcript:

1 Director of Sales Engineering, RiskSense, Inc.
Best Practices Revealed: A Blueprint for a Modern Enterprise Security Program J. Daniel Culpepper Director of Sales Engineering, RiskSense, Inc.

2 Cyber Security State of the Market
“Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks.” Source: Gartner, Designing an Adaptive Security Architecture for Protection from Advanced Attacks, January 2016 2

3 Total IT Security Spend
+26.1% $116 billion $92 billion +19.6% +8.2% $76.9 billion $71.1 billion +7.9% $65.9 billion 2013 2014 2015 2016 2019 Source: Gartner, Gartner Says Worldwide Information Security Spending Will Grow Almost…, August 2014; Gartner Summit, June 2016 3

4 Cyber Reality Check Source: as of April 25, 2017 4

5 A Growing Attack Surface
Public Internet VPN Mobile Workers Mobile Connectivity and Web Traffic Web Properties Headquarters Munich Branch Office Cloud Deployments- Amazon Web Services, Google, MS Azure Partner, Contractor Access- Environmental Controls, POS, CRM Remote Offices Third-Party Datacenter Applications Mobile Phone Smart Watch Tablet Appliances Security Systems Google TV Apple TV Netflix Gaming Systems Engine computer Wi-Fi Bluetooth Vendor Supply Chain Computer Lights GPS Entertainment Paris Branch Office 5

6 Manual Data Aggregation
Today’s Cyber Security Challenges + + + + Silo-Based Security Tools A Growing Attack Surface Manual Data Aggregation and Analysis Lack of Context Reactive Mitigation 6

7 99% 84% 95% Cyber Security Facts
of the exploited vulnerabilities were compromised more than a year after the CVE was published of cyber-attacks today are targeting the application layer requiring a more holistic approach to cyber security. of compliance and cyber insurance policies now require continuous diagnostics and mitigation. Sources: 2016 Verizon Data Breach Report; Gartner Summit 2016; 2017 Global Risk Management Survey 7

8 Today’s Cyber Security Approach
8

9 Network layer is primary defense perimeter
Cyber Security Limitations | One Dimensional Network layer is primary defense perimeter 9

10 Source: Verizon 2016 Data Breach Report
Fact Check: Cyber Risk is Everywhere Source: Verizon 2016 Data Breach Report 10

11 Source: RiskSense Research Center
Cyber Security Limitations | NVD-Focus Source: RiskSense Research Center 11

12 Source: Verizon 2016 Data Breach Report
Fact Check: Time-to-Remediation Matters Source: Verizon 2016 Data Breach Report 12

13 Today’s Cyber Security Limitations | CVE-Focus
10 9 Scanner Reported CVVS 8 Threat-Contextualized Severity Score 7 6 POODLE Vulnerability 5 Severity 4 3 2 1 50,000 100,000 150,000 200,000 250,000 300,000 Vulnerability Count 13

14 Emerging Market Requirements
The ongoing skills and expertise shortage, and increasing escalation in the threat activity, will hasten the move to full and semi-automation of operational activities. To enable a truly adaptive and risk-based response to advanced threats, the core of a next-generation security protection process will be continuous, pervasive monitoring, and visibility that are constantly analyzed for indications of compromise. Enterprise monitoring should be pervasive and encompass as many layers of the IT stack as possible, including network activity, endpoints, system interactions, application transactions and user activity monitoring. Source: Gartner, Designing an Adaptive Security Architecture for Protection from Advanced Attacks, January 2016 Gartner, Innovation Tech Insight for Security Operations, Analytics and Reporting, November 2015 14

15 Action vs. Reaction LEADING LAGGING Cyber Risk Management Proactive
Vulnerability • Configuration • Network • Policy • Proactive Reactive Attack 15

16 Cyber Risk vs. Threat and Vulnerability Management
16

17 Collaborative and Converged Analytics
Best Practices in Cyber Risk Management Disjointed Analysis Collaborative and Converged Analytics Result Slow, heavy and burdensome Complex to maintain Limited stakeholder participation Fragmented visibility Result Fast and streamlined Reduces complexity Broader stakeholder participation Holistic visibility 17

18 An Intelligence-Driven Approach
18

19 Compliance and Regulatory Reporting Customer Segmentation
Connecting the Dots Compliance and Regulatory Reporting SCAP Data Attack Vectors Score Risk Scoring and Orchestration Customer Segmentation Darkweb Exploit Analysis Ease of Exploitation NVD and Vendors Access Vectors Security Controls Exploit Pulse Vulnerability Threat Business Criticality 19

20 Identify and Prioritize
Risk-based prioritization Contextualized with external threat data (e.g., malware) 20

21 Analyze | Asset and Organizational Level
Security Score Methodology (RS3) CVE CWE OWASP Database Vulnerabilities Exploit Malware CVVS Default Passwords Proof of Concept IP Reputation IP-Based Accessibility Firewall Rules User-Specific Business Criticality Business Criticality from Asset Management System 21

22 Visualize 22

23 Cover Network, Applications, and Databases
Cyber risk score for a system, consisting of applications, databases, and network components.

24 Visualization of application attack path analysis
Analyze | Application Layer Visualization of application attack path analysis 24

25 Assign tickets and trigger pre-defined workflows
Orchestrate Assign tickets and trigger pre-defined workflows 25

26 Pro-Active Cyber Risk Management | Benefits
Shortens Time-to- Remediation Increases Operational Efficiency Strengthens Security Programs Improves Cyber Hygiene Minimizes Cyber Risks 26

27 One of the nation’s largest universities was able to
Success Stories One of the nation’s largest universities was able to Testimonials: “RiskSense lets us cut the data and take a different view and helps us prioritize what we should be working on. That’s where we really found a lot of value.” – CISO, Fortune 200 Telecom Company 27

28 Questions and Answers Session
Okay, are there any questions? 28

29 RiskSense | Who We Are Pioneer in a $2.5 billion market
Privately held with investments from Paladin Capital, Sun Mountain Capital, EPIC Venture, Jump Capital, and CenturyLink Growing 50+% year-over-year since 2013 Software-as-a-Service and Managed Services business model 150+ customers Close to 100 employees Offices in Albuquerque, NM and in Sunnyvale, CA Research, innovation-driven 29

30 The Solution | The RiskSense Platform
30

31 DON’T REACT TO ATTACKS. BE PRO-ACTIVE!
Contact RiskSense at • 31

Download ppt "Director of Sales Engineering, RiskSense, Inc."

Similar presentations

Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Next Generation Monitoring in Cisco Security Cloud Leon De Jager and Nitin.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
©2014 Extreme Networks, Inc. All rights reserved. Microsoft Skype for Business Integration Overview Leveraging the Power of Technology Partnerships Niels.

©2014 Extreme Networks, Inc. All rights reserved. Microsoft Skype for Business Integration Overview Leveraging the Power of Technology Partnerships Niels.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Identity Assurance Emory University Security Conference March 26, 2008.

Identity Assurance Emory University Security Conference March 26, 2008.
2015 Security Conference Dave Gill Intel Security.

2015 Security Conference Dave Gill Intel Security.
Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.

Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.
Nov 22/26 Tech Forum 2015 Roberto Trinconi Cloud the New Path to the Business Leadership.

Nov 22/26 Tech Forum 2015 Roberto Trinconi Cloud the New Path to the Business Leadership.

Similar presentations

Ads by Google