Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Themes Debunked

Published byWalter Bell Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Themes Debunked"— Presentation transcript:

1 Security Themes Debunked
Brian Minick Security Themes Debunked

2 Who is this guy? Brian Minick CEO and Founder of Morphick
CISO General Electric Aviation Energy Transportation Industry leader across: Defense Industrial Base DSIE Policy consulting: White House Department of State Pentagon NSA Personal Three daughters Running Church (my second startup)

3 Security is noisy A lot of people trying to get your attention and your $$$ A lot of investment A lot of messages One dimensional thinking is dangerous The best lie is based on truth How do you know what to believe? Let’s look at some messages

4 Technology will save the day
The claims Our technology solves your security issues Most effective way to stop attacks Make your team more effective The reality Our technology solves your security issues…or just a couple of them. Most effective way to stop attacks...at least for today Attackers figure out a way around. Signature, reputation, whitelist, sandbox, analytics, what’s next? Make your team more effective…by giving them more work to do Security is too large a space to find one technology to solve all the issues (insider attacks, outsider attacks, account management, firewall rule management, patch management, on and on) All businesses end up with numerous technologies that do not work together. Orchestration is next big thing because of all the point solutions. There is a difference between random and targeted attacks. Technology is effective against random attacks…at least in the mid term Targeted attacks are driven by people and people figure out ways around tech Most detection technology turned into work generation systems.

5 Process will save the day
The claims Compliance with standards will solve security problems Risk based controls effectively prioritize Standards create an effective measuring stick The reality Compliance with standards will solve security problems…or auditor problems Risk based controls effectively prioritize…just not quickly enough Standards create an effective measuring stick… Things take on a life of their own. Don’t lose sight of the goal, which is to protect the business, not to pass an audit. Risk based is great, but how quickly is risk assessed and changed? Hyper risk assessment. Risk doesn’t change with every attack. Risk changes with targeted attacks though. Need an effective measuring stick, current standards need updated. Acknowledge the difference between random and targeted, include rapid change capabilities for targeted.

6 Smart people will save the day
The claims Nothing works without the right people They built it once, they can do it again It just takes a couple great people The reality Nothing works without the right people…and process and tech They built it once, they can do it again…if everything else is equal It just takes a couple great people…and an army behind them

7 Reality is never simple
Truth in all these messages None offer a complete picture People, process and technology is required

8 Different problems different approaches
Random Adversary is a computer program Find the solution and repeat it A product will solve the problem Security through compliance Targeted Adversary is a person using a computer program Creativity and strategy People need to solve the problem Unique, morphing defenses

9 Where is cyber headed - random
Dealing with random attacks Technology to address technology Technology to automate process Technology to eliminate people Technology direction This is an arms race The race is fought at the industry level

10 Where is cyber headed - Targeted
Dealing with targeted attacks People to address people Technology for efficiency and agility Process to morph defenses Technology direction This is an arms race It is fought by your company only

11 Reality is complicated…and so is security
So what Reality is complicated…and so is security Security is a broad discipline No company can do it all alone No vendor can do it all for their customers Find an ally What are your current strengths What strengths do you want to develop What allies can you identify to help develop those strengths and fill your weaknesses?

Download ppt "Security Themes Debunked"

Similar presentations

Boost your network security with NETASQ Vulnerability Manager.

Boost your network security with NETASQ Vulnerability Manager.
Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.

Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.
Ergonomic Fix Ergonomics team changed design of part to completely eliminate this hazard No change in cost of part & cost savings of labor alone is $25,000.

Ergonomic Fix Ergonomics team changed design of part to completely eliminate this hazard No change in cost of part & cost savings of labor alone is $25,000.
[Name / Title] [Date] Effective Threat Protection Strategies.

[Name / Title] [Date] Effective Threat Protection Strategies.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan www.gilligangroupinc.com May, 2009.

Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.
Holistic Approach to Security

Holistic Approach to Security
The Steel Method SALES MANAGEMENT Stop Hiding Start Managing 2.0.

The Steel Method SALES MANAGEMENT Stop Hiding Start Managing 2.0.
Cyber Security for the real world Tim Brown Dell Fellow and CTO Dell Security Solutions.

Cyber Security for the real world Tim Brown Dell Fellow and CTO Dell Security Solutions.
Exclusive Business to Business CRM

Exclusive Business to Business CRM
Dial-In Number: 1 (631) Webinar ID: FHC Tech Talk Automation and Efficiency Series Talk #1 Carbonite automated backup.

Dial-In Number: 1 (631) Webinar ID: FHC Tech Talk Automation and Efficiency Series Talk #1 Carbonite automated backup.
AUDITING Elysa Hartati.

AUDITING Elysa Hartati.
Michael Wright • Chief Security Officer • Tech Lock

Michael Wright • Chief Security Officer • Tech Lock
Getting Started with Flow

Getting Started with Flow
Your Company Name [Note: Font size of your presentation should be the average age of your audience divided by 2] Copyright 2010 Venture Mechanics, LLC.

Your Company Name [Note: Font size of your presentation should be the average age of your audience divided by 2] Copyright 2010 Venture Mechanics, LLC.
The 6 Marketing Metrics Investors Care About

The 6 Marketing Metrics Investors Care About
3 Do you monitor for unauthorized intrusion activity?

3 Do you monitor for unauthorized intrusion activity?
Lessons from the Field: 7 Steps to Proactive Cybersecurity

Lessons from the Field: 7 Steps to Proactive Cybersecurity
Six Steps to Secure Access for Privileged Insiders and Vendors

Six Steps to Secure Access for Privileged Insiders and Vendors
Philosophy I think it’s good to be realistic, in between a pessimist and optimist.

Philosophy I think it’s good to be realistic, in between a pessimist and optimist.

Similar presentations

Ads by Google