Presentation is loading. Please wait.

Presentation is loading. Please wait.

| Data Connectors: Atlanta, GA

Published byJune Eaton Modified over 6 years ago

Similar presentations

Presentation on theme: "| Data Connectors: Atlanta, GA"— Presentation transcript:

1 1.18.2017 | Data Connectors: Atlanta, GA
Mind the Gaps: Leveraging “Security as a Service” to Gain Cyber Advantage Open with question – maybe even current events quiz What’s been in the news… We’re seeing waves of attacks… Ransomware attacks Healthcare breaches (7 latest) Legal – theft of IP, insider trading/manipulation iOS devices turned to bricks On my way here, I heard an SVP from Symmantec talk about results from their latest study of attack activity They saw attack volumes drop off significantly on the weekends and holidays, indicating that these attackers are operating as 9-5 businesses Organized around economic ecosystems where data is stolen and then bought and sold in market places Is anyone else worried? Just personally, I find myself sending queries to my family about whether they’ve updated and backed up their devices and if their passwords are complex enough What’s contributing to the wave of daily alerts and events? And what can we do about them? That’s what we’ll explore in the next thirty minutes | Data Connectors: Atlanta, GA Alex Knight, Director of Security Product Strategy |

2 An expanding perimeter with more points of vulnerability,
Technology Continues to Open Up New Frontiers “Internet of Things” connected sensors and monitors Cloud storage and infrastructure Mobile access “Shadow IT” implementation of SaaS business applications More points of vulnerability, more surface area for attacks, global accessibility An expanding perimeter with more points of vulnerability, more surface area for attacks, offering global accessibility We live in a really exciting time – Some of us remember a time before and the ubiquitous presence of the Internet, when business systems and technology were pretty much the exclusive domain of the IT group Shadow IT Technology has become incredibly user friendly – easy to buy, easy to deploy and easy to use Great example are the wave of SaaS applications that business people can try for free and then start paying to use – all web based, on-demand This starts the migration of business data into new infrastructure areas that you may or may not know about ?? INFORMAL SURVEY – Anyone… Cloud Similarly, more corporate applications and data moving into the cloud In the healthcare world, this is leading to large accumulations of patient data as EHR records are shared and population health applications are implemented Cloud storage and Office 365 create opportunities to share and collaborate, but expand boundaries Mobile Of course data is ending up on mobile devices that travel all over the place – including personal devices – “BYOD” complex to manage and secure ?? IOT One of the most intriguing areas is the Internet of Things – this has been hyped for a long time, but now we’re seeing it come into its own These devices are showing up everywhere… Storage – temperature and humidity control Parking – entrance and exit monitors, IP-based cameras Healthcare – patient monitoring – all on flat network If you look at OWASP Top 10 vulnerabilities, it looks pretty familiar: Insecure web interface Insufficient authentication/authorization Insecure network services Insecure interfaces to cloud and mobile ?? INFORMAL SURVEY The point here is that we’re blowing up the traditional perimeter, and adding a ton more endpoints – that creates greater surface area and more points of vulnerability © ControlScan 2017

3 These gaps are further manifested in survey after survey…
We’re Creating Gaps in Our Ability to Protect Data Technology adoption is outpacing security and compliance Attackers are evolving and innovating as fast or faster We struggle to keep up with the basics Gaps are forming between what’s truly required to maintain security and… What is typically in place What can realistically be maintained All this technology is being deployed for good reason – it has real business impact, But it is being done at breakneck speed and is outpacing the ability of the organization’s ability to ensure security of critical assets – primarily sensitive data This, in turn, impedes with the ability to maintain compliance on a continual basis, opening up the organization to possible fines, reputational damage, loss of revenue, and other unplanned costs At the same time, attackers are evolving their methods, finding new attack vectors while exploring new ways to repurpose old attacks Phishing attacks are more creative – spoofing internal s and attaching boobytrapped Office documents that are far more damaging that the past, And the malware payloads delivered are harder to detect – more patient and stealthy than in the past On top of that, we still face some of the age old problems we’ve been talking about for years…these are best practices that are called for over and over, and are requirements in a number of compliance frameworks like PCI DSS Patching and updating applications Segmenting networks and actively reviewing maintaining firewall rules Running out of date operating systems like Windows XP Ensuring the secure coding of web applications It’s kind of a perfect storm…and the presence of these gaps are validated in the various IT security surveys that are continually run These gaps are further manifested in survey after survey… © ControlScan 2017

4 Security Threat Management”
“The Current State of Security Threat Management” Lack of internal resources and insufficient budget are preventing IT teams from creating a strong security posture for their organizations What does this mean? 52% 1/3 62% of in-house IT teams do not include an information security professional have the same security budget this year that they had in 2015 – and 2014 feel their organization's security-related investments are not sufficient for their business's level of risk “Just not enough technology or knowledge.” 52% 29% 48% There are a number of surveys out there This particular one was conducted with IT professionals in small and medium enterprises across multiple industries The goal was to understand how SMEs were responding to the escalating threat environment The first observation is the lack of in-house expertise in the information security area – about half of those surveyed did not have a trained information security professional and were essentially doing their best with the staff they had Second, it doesn’t appear budgets are changing substantially. In many cases, companies are planning to do the best with the security technologies and resources they already have in place In fact, budgets didn’t change substantially from 2014 to 2015, either, for those who participated That said, most of those surveyed were very cognizant of the fact that security investment wasn’t keeping pace with the rising level of risk faced. We also looked one level deeper at some of the ongoing security tasks that are critical… 52% were doing their best to monitor logs despite not having experienced professionals on staff – hoping that they can catch anomalous behavior that could indicate an incursion or attack 48% were conducting their own security risk assessments – Now it’s great that they’re performing risk assessments at all, but the question is whether they’re finding all the major gaps and weaknesses that could lead to a breach ** workers.html are attempting to monitor security logs in-house (without in-house security expertise) aren’t monitoring their logs at all are trying to conduct their own security risk assessments © ControlScan 2017

5 Spotting the Gaps Before
You’re Tripped by Them 1 Eyes on Security : incorporating security into “business as usual” 2 Access to Expertise : on-the-spot experience and knowledge 3 Best Practices, Proven Processes : consistent, predictable execution 4 Defense in Depth : belts and suspenders for your infrastructure security 5 Adaptability : rapid response in the face of new threats and internal changes The title of this presentation was “Mind the Gaps”, and there are 6 of them that I’d like to talk about today These are all important considerations in formulating a strong security strategy and building effective defenses Let’s take a look at them one-by-one A common phrase you’ll hear these days is security as part of “business as usual” It requires resourcing at a level that ensures that someone is monitoring the environment to ensure that suspicious activities are picked up in a timely manner We talked about how quickly the threat landscape changes as attackers change their tactics – security expertise needs to stay just as current in order to thwart those attacks This means ongoing training as well as experience and exposure to a broad variety of threat situations This becomes critical when it’s time to actually assess and respond to a security incident Security and compliance both involve putting ongoing processes and practices in place that ensure consistency and predictability – it can take time to mature these to the point where they need to be Defense in Depth is the coordinated use of multiple security countermeasures This forces attackers to defeat a more complex defense system than simply penetrating a single barrier We’ll see, though, the challenges with implementing, maintaining, and coordinating multiple technologies can be overwhelming – particular for a small or mid-size enterprise Your IT environment will grow and change to support your business – security solutions have to adapt to these changes to maintain defenses And finally, flexibility in how budget dollars are applied to security. The surveys showed that budgets are limited, so organizations need maximum flexibility to work with the money they do have, and ensure they’re not locked into an inadequate position. 6 Financial Flexibility : flexibility in executing a security & compliance strategy © ControlScan 2017

6 The Results of Gap Inaction and Indecision
Breaches of sensitive data Disruption/distraction within operational areas Unbudgeted costs to remediate/recover Fines levied for contractual/compliance violations Complex efforts to recover Ongoing, closer scrutiny Erosion of brand name and customer confidence Gaps that go unaddressed have real world implications, and we’re seeing them every day These are all pretty well-covered, well-understood consequences Further, extensive studies are regularly done by firms like Ponemon Institute around the cost of a breach In fact they’ve started looking at specific industries like retail and healthcare The upshot here is that even the suspicion of a breach can be highly disruptive to your organization Outside costs are incurred and insider resources are diverted It just makes sense to manage the risk here as closely as possible © ControlScan 2017

7 Leveraging Security As A Service
There are probably a number of alternatives to addressing the list of gaps we just ran down The one I’d like to talk about today is Security as a Service The Security as a Service market is still fairly young today, but it largely tracks with the way the cloud market in general evolved Early on, most IT managers were uncomfortable allowing their corporate applications and data to exist in the cloud given its wide accessibility It’s obvious that reluctance has faded, leading to a massive adoption of cloud infrastructure One of the clear reasons is that over time, IT managers realized that a dedicated effort to maintain availability and security by cloud infrastructure vendors probably outmatched their ability to secure data and applications Today, Security as a Service can be acquired piecemeal to fill gaps that you may have, or can be leveraged for full lifecycle support Here, we see a blend of professional services, management services, testing services, and monitoring services Identify – risk assessment, Protect – UTM firewall, WAF, endpoint detection & response Test & Prove –penetration testing, gap analyses Maintain & Monitor – log monitoring, file integrity monitoring, vulnerability scanning © ControlScan 2017

8 Eyes on Security 1 2 3 Continuous security monitoring
Time for discovery and response 3 Leveraged insight across multiple environments Let’s go back to each of the gaps that we mentioned earlier and talk about how a Managed Security Service Provider can help bridge them… At this point, it’s generally accepted that simply building a strong perimeter and “walling off” your assets is not a complete strategy This approach can sometimes lead to a “set it and forget it” condition, where organizations fail to actively manage and monitor key security systems Monitoring – particularly of logs and machine data that are generated out of the environment – is a best practice security measure Not only does it directly meet a number of requirements found in most compliance frameworks; it also ensures that other requirements are in place and functioning as expected The problem is that many organizations cannot fund a dedicated Security Operations Center or the three shifts worth of staff needed to man it year round MSSP solutions offer a cost effective option for 24/7 log monitoring and management You end up sharing the cost of the SoC and the staff with others that have your same needs and requirements Beyond the pure financial benefits, the performance of the function has the potential to exceed what you can do on your own, too. First, resources in the SoC have the benefit of being exposed to activity, events, and alerts across many client environments What they see, experience, and learn in one environment can be applied back to the others Second, the use of dedicated staff and systems ensures that when there is an alert, that the time to discovery and response is substantially lowered We’ve all ready about breaches where an external party informed the breached party of the breach, And then subsequent investigations uncover the fact that the initial incursion occurred 3 years prior © ControlScan 2017

9 Access to Expertise 1 2 3 Security hiring challenges continue to grow
Opportunities for experts-on-demand 3 Requirements for ongoing training & development This is probably one of the biggest gaps that will impact organizations over the next decade – There simply aren’t enough security professionals to go around, and they’re not being developed quickly enough You can pick up just about any market report or news article on the IT security industry and you’ll read about the scarcity of talent For example, a SANS Survey from 2015 noted that in 2014, 30% of surveyed cited lack of people and skilled dedicated resources for understanding security analytics. In 2015, that INCREASED to 59%, almost doubling! If you do have a dedicated IT security resource, you better be prepared for the ongoing investment in career growth, and then pay for their value as they advance – retention is likely to be a key challenge An MSSP is able to maintain a larger workforce and provide compelling career paths and choices to resources as they develop Because there’s some level of resource redundancy, there’s also less of an impact when someone leaves This, in effect provides an opportunity to offer security expertise on demand – Again, you’re sharing a pool of resources with others that have a similar set of needs in the security and compliance areas Increasingly, security technologies require a depth of knowledge and ongoing use… Take SIEM – Security Information and Event Management – for example With a SIEM product, there is a constant need for manual review and confirmation of security events, correlation with other incidents or tickets and remediation of any issues identified. It requires a specialized set of skills, such as ability to… Configure logging on standard and non-standard systems Tuning complex devices, such as network IDS/IPS, web application firewalls Writing custom rules and tuning existing correlation rules Customizing report data © ControlScan 2017

10 Best Practices; Proven Processes
Best practices surfaced from industries and frameworks Predictable deployments Consistent operations SLA-backed reporting When implemented with a “business as usual” mindset, security involves an ongoing, continuous set of practices and processes MSSPs work with multiple clients, and have documented, repeatable processes Key processes involve the handling of alerts, events, and the response to security incidents Processes are usually backed up by Service Level Agreements that you can hold them to – which is hard to do with internal resources Working with multiple clients also justifies applying automation to processes, improving efficiency and response times Great example is processing alerts and events – A big advantage is having an expert validate them in order to sort through false alerts generated by SIEM solutions This is a common complaint about SIEM, but one that can be handled efficiently by an expert, and eventually tuned out by refining correlation rules Since MSSPs work with multiple clients and have documented, repeatable processes, they are able to provide workflow automation and to significantly improve time to remediation for security issues. MSSPs validate security events in the Security Operations Center (SOC) before notifying the client. This helps to dramatically reduce the number of false positive alerts clients must respond to, reducing costs and increasing efficiency. © ControlScan 2017

11 SIEM Defense in Depth Directory Services Data Management Security
MSSP Sec Ops Directory Services Data Management Security Network Physical Multi-layered defenses More challenging for the attacker; contingency when a layer fails Layers as “services” often easier to add or shift Firewall Active Directory Routers Data Loss Spam Alarms IPS Data in Motion Malware Switches Users Malware Surveillance As we said, defense in depth provides a more complex set of layers for an attacker to work through The value in this approach becomes even higher when there’s a vulnerability in one of the layers that leaves it weakened We saw this recently with flaws in the operating systems of a couple different security products When such a flaw is discovered, it’s reassuring to know there are layers above or below it providing additional protection The problem, though is the deployment, management, and monitoring of these various layers You end up with a number of silos – all generating reports, logs, alarms and alerts This can be very difficult for companies with limited resources An MSSP can provide the ability to more cost effectively deploy, manage, and monitor security layers Economies of scale and purpose-built solutions allow them to achieve greater efficiency and accuracy In addition, they will typically have a SIEM platform, which allows the consolidation and correlation of all these data streams into actionable intelligence WAF Access Control Wireless Groups Data at Rest Phishing End Point © ControlScan 2017

12 Adaptability Leveraging best-of-breed solutions
Expansion & refinement of in-place solutions Taking advantage of latest features/functions in solution upgrades Overall elasticity of solution to manage environmental growth and change Lack of resources and static budgets have left many companies hoping their current security infrastructure will be adequate to protect them for the foreseeable future This is especially problematic if a bare bones approach has been taken – deploying a firewall at the perimeter that is not regularly maintained, and installing A/V on the endpoints MSSPs can bring access to the latest solutions to the table You can tap into best-of-breed technologies on a subscription basis New technologies and approaches can be applied as they come out on the market without going through long budgeting cycles for large up-front capital expenditures Another area of adaptability is the expansion and refinement of in-place solutions Your IT infrastructure will inevitably change as the business it supports changes – growing and shifting Existing solutions – like your log monitoring solution – may need to be refined to include more data feeds or check for more alarm conditions Existing solutions will also need to be upgraded to latest versions – a Security as a Service subscription makes this more straight forward and allows you to take advantage of latest features and functions Overall, the solution can also be fairly elastic, growing to handle an expanding environment without budget-busting, step-function pricing changes © ControlScan 2017

13 Financial Flexibility
Procured Internally Year 1 Year 2 Year 3 Total Hardware purchase $1,995 Software license $1,333 $3,999 Annual maintenance Staff ($120k, 2%) $2,400 $7,200 Training $300 $900 Total: $14,094 MSSP Year 1 Year 2 Year 3 Total Installation & setup $250 Service subscription fee $2,400 $7,200 Total: $7,450 The last gap we’ll talk about is financial flexibility Here, major investments in internal capabilities and technologies can be very difficult to shift Once resources are hired and hardware and software is purchased, you’ve started down a pretty well-defined path I’ve shown a matrix here that gives you a start on thinking about how to compare investments in the two approaches For this example, I took a firewall purchase straight off the web – list price – and compared it to an MSSP service for providing the UTM firewall on a subscription basis along with associated services You might not buy into all the numbers here, but I think one of the main areas to point to is the staffing In this case, it would include activities like reviewing logs, alerts, and reports; performing regular updates to firmware and software, etc. Again, the ability to share a pool of resources with other companies that have similar or even identical needs provides a compelling financial model If you take this approach and start extending it up into higher order services, such as 24x7 monitoring, the argument becomes even more compelling That’s when you start needing more expensive resources, too, like analysts that can develop correlation rules and validate security events What isn’t even reflected here is the impact of other costs like staff turnover MSSP solutions have scale advantages – the infrastructure and processes needed to support new organizations coming online have already been built and are reused © ControlScan 2017

14 So What’s the Downside? Cost perceptions
Trust issues (parallels with cloud computing) Loss of control Potential loss of internal SME/competency over time Hard to bring back in house MSSP understanding of internal culture/dynamics More limited choices in technology So no solution is perfect, and there are certainly downsides to using an MSSP There are also environments that may not be well suited to applying Security as a Service An example would be if you had systems that generated sensitive log data that can’t leave your network infrastructure Have to decide if these are important to you The trend now is to focus more on results, and the end security intelligence that is being generated © ControlScan 2017

15 Consider This When Selecting a Partner
1 Competence in Security + Compliance : They should be considered in tandem 2 Certifications : Proof points for ongoing investment in education & development 3 Flexibility : Willingness to adapt solutions to your business vs. one size fits all 4 Holistic : Lifecycle support from “Identify” to “Recover” If you’re thinking about going this route, here’s a checklist to get you started. First, look for competence in both Security and Compliance if you’re subject to any compliance mandates such as PCI, HIPAA, etc. The two are very intertwined, and you can gain big advantages from an MSSP that knows how to deploy security solutions in a way that also make compliance easier to achieve and maintain Look for companies that make ongoing investments in the education and development of their resources – Those that don’t risk losing expertise to the hot job market and entering a cycle of constant staffing churn Certifications and accreditations are good indicators that investment is being made Try to find a partner that is able to offer flexibility in tailoring their solutions to your needs. The services should perform as extensions of your IT function, and not a disconnected service that needs constant attention. In fact, many businesses are adopting a hybrid staffing model, using managed-security services to handle the triaging of incidents and initial monitoring and using in-house security teams for incident response. Organizations are also looking to automation to help ease incident response, so as to free up security resources to conduct hunting and breach investigations. Finally, look across the range of services offered, even if they aren’t all within the scope of your current needs It’s impossible to predict what you might need in the future – business will change, the regulatory environment will change, the threat landscape will change – A partner with a broad range of services across the security and compliance landscape can offer unique advantages 5 Balanced : Solutions supporting both “Protect” and “Detect” © ControlScan 2017

16 Thank You Alex Knight Visit Us At:
Director of Security Product Strategy P: 11475 Great Oaks Way Suite 300 Alpharetta, GA 30022 controlscan.com Visit Us At: Be Social With Us! With that – I want to thank you Note that you can find some great resources… © ControlScan 2017

Download ppt "| Data Connectors: Atlanta, GA"

Similar presentations

Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Cloud Computing Project By:Jessica, Fadiah, and Bill.

Cloud Computing Project By:Jessica, Fadiah, and Bill.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
KasPer Pro HRMS with Self Service Brings a Fully Featured Human Resources Management Solution to the Office 365/SharePoint Online Environment OFFICE 365.

KasPer Pro HRMS with Self Service Brings a Fully Featured Human Resources Management Solution to the Office 365/SharePoint Online Environment OFFICE 365.
SAM Baseline Review Engagement

SAM Baseline Review Engagement
WHY VIDEO SURVELLIANCE

WHY VIDEO SURVELLIANCE
WHY VIDEO SURVELLIANCE

WHY VIDEO SURVELLIANCE
Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda

Your Office 365 Journey Prepare, Migrate, and Operate with Barracuda
Fourth Dimension Technologies

Fourth Dimension Technologies
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Wallpaper only – on screen during welcome and chat

Wallpaper only – on screen during welcome and chat
Cisco Defense Orchestrator

Cisco Defense Orchestrator
Avenues International Inc.

Avenues International Inc.
| Data Connectors: Atlanta, GA

| Data Connectors: Atlanta, GA
Office 365 is cloud-based productivity, hosted by Microsoft.

Office 365 is cloud-based productivity, hosted by Microsoft.
What is it ? …all via a single, proven Platform-as-a-Service.

What is it ? …all via a single, proven Platform-as-a-Service.
StreetSmart Mobile Workforce App Incorporates Microsoft Office 365 Outlook Add-In for Improved Field Worker Scheduling and Streamlined Invoicing OFFICE.

StreetSmart Mobile Workforce App Incorporates Microsoft Office 365 Outlook Add-In for Improved Field Worker Scheduling and Streamlined Invoicing OFFICE.
Customer Guide to Limited-Time Offer

Customer Guide to Limited-Time Offer
What is Cloud Computing - How cloud computing help your Business?

What is Cloud Computing - How cloud computing help your Business?

Similar presentations

Ads by Google