Connecting The Information Security Community ... 1,000+ clients: Technology & Service...

UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved
Pg. 1 UBM Copyright 2015. All Rights Reserved
Connecting The Information Security Community
Sara Peters Senior Editor, Dark Reading Eric Hanselman Chief Analyst, 451 Research

Pg. 2
2015 Enterprise Securities Priorities Connecting The Business Technology Community
1 – Source: Gartner, Aug 2014 2 – Source: InformationWeek Strategic Security Survey, April 2014
Worldwide IT security spending was over $70B in 2014, and expected to reach almost $77B in 2015.1
75% of IT professionals believe their organizations are about the same or more vulnerable to attacks than a year ago.2
Security’s Hottest Trends • Frequency, cost, and size of breaches continues to rise • Higher percentage of targeted and politically-motivated threats • Current, Single-Purpose Security Technology Is Not Working • Increasing Portion of Computing Is Out of IT’s Control • Shortage of Staffing, Skills
http://www.gartner.com/newsroom/id/2828722 http://reports.informationweek.com/abstract/21/12509/Security/Research:-2014-Strategic-Security-Survey.html http://reports.informationweek.com/abstract/21/12509/Security/Research:-2014-Strategic-Security-Survey.html

Pg. 3
The Critical Role of IT Security Professionals Create A Secure Business That Doesn’t Hinder Operations
• Alerts on attacks and vulnerabilities as soon as they are discovered • Insight on emerging threats and vulnerabilities to help “triage” current
dangers and prioritize responses
• Feedback from industry colleagues on the right actions to take and how to implement them
• Understanding vendor strategies – not just what’s new
Today’s Enterprises Are Faced With Some of the Most Sophisticated Threats They Have Ever Encountered • Today’s security pros are tasked with figuring out what is compromising their
systems, how to fix the damage, and how to prevent it from happening again. • They have no single place to both gather and share information, relying on a myriad
of sites and social networks.
What IT Security Pros Need To Succeed

Pg. 4
451 Research
Founded in 2000
210+ employees, including over 100 analysts
1,000+ clients: Technology & Service providers, corporate advisory, finance, professional services, and IT decision makers
15,000+ senior IT professionals in our research community
Over 52 million data points each quarter
4,500+ reports published each year covering 2,000+ innovative technology & service providers
Headquartered in New York City with offices in London, Boston, San Francisco, and Washington D.C.
451 Research and its sister company Uptime Institute comprise the two divisions of The 451 Group
Research & Data
Advisory Services
Events
451 Research is an information technology research & advisory company

Pg. 5
Agenda
A true Crash Course – InfoSec in an hour • Introduction • The State of Enterprise Security • Today’s Enterprise Threat Environment • Why Enterprise Security Requires a Multi-Layered Defense • Understanding Targeted Attacks • The Real Risks of Mobile Technology In the Enterprise • Users, Endpoints, and Passwords – What Really Works • Insider Threats and Preventing Data Leaks • Social Engineering – How Users Get Fooled (And How to Stop It) • Eliminating Risk In Cloud Computing Environments • Q&A

Pg. 6
The State of Enterprise Security Collision of requirements
• Protection • Mitigation • Governance, regulatory, compliance • Enablement

Pg. 7
We’re Playing Defence Threats are on the attack
Whether in detection, control, or prevention, we are notching personal bests but all the while the opposition is setting world records. - Dan Geer, CISO In-Q-Tel

Pg. 8
Meet Your Adversaries Changing players with varied motivations
• Your users • Your vendors • Lower skilled attackers • Cyber criminals • Hacktivists • Nation states

Pg. 9
Your Users Well meaning and trying to get work done
• Risks: Device/data loss, Phishing victims • Consumer technology mindset • Limited understanding of risks • Some malicious users, too

Pg. 10
Your Vendors and Partners Good intentions, but imperfect
• Risks: Vulnerable software and equipment, data and identity compromise • Operational costs for maintenance and patching • Access often not limited well • Audits not often extended

Pg. 11
Lower skilled attackers Annoying, but potentially dangerous
• Risks: Door knob rattling, systems damage • Script kiddies and the like • Tool availability spawns experimentation
– A path for snooping or malicious users
• Can be part of reconnaissance process

Pg. 12
Cyber Criminals It’s just a job…
• Risks: Data and financial loss, denial of service • The rise of guild culture
– Specialized services
• Tools part of the infosec arms race – There’s money in this
• Persistent and sophisticated

Pg. 13
Hacktivists Politically motivated, but which politics?
• Risks: Data release, denial of service, collateral damage • Poorly defined groups • Motivations not always clear • Power in numbers • Reasonably sophisticated tools

Pg. 14
Nation States Complex motivations, murky definition
• Risks: Data loss, Denial of service, collateral damage • More actors arriving • The most sophisticated tools • Often invoked, seldom fully identified

Pg. 15
Anatomy of an Attack Determined attackers have a plan
Reconnaissance Beachhead Exploration
Compromise Export Cleanup

Pg. 16
Advanced Persistent Threats APT’s, all the time!
• Some clarity is needed on definition • APT’s are people and attack campaigns • APT’s are not technology or tools • An APT attack will span considerable time • Effective protections look to break attack process

Pg. 17
Effective Security in a Changing World There is no single path, but many can be effective
• Enhancing security posture requires enterprise efforts • Many components with shared intelligence
– Complex coordination task
• Much more than anti-malware

Pg. 18
Attitudes Need to Change Presuming that you’ve been compromised
• Best defence is enhanced situational awareness
• Current attack capabilities are overwhelming • Best tools increase visibility while limiting
complexity • Security can’t be the department of “No!”
– Transformation to department of “know!”

Pg. 19
We’re Still Buying Lots of Security Budgets and purchasing expectations are up
Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014

Pg. 20
But We’re Changing What We Buy Chasing effective mitigations
Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014
Q. How will your spending on this tech

Connecting The Information Security Community ... 1,000+ clients: Technology & Service...

Documents

Transcript of Connecting The Information Security Community ... 1,000+ clients: Technology & Service...

1,000 SF - 15,000 SF AVAILABLE FOR LEASE AT DISTRICT · PDF file 1,000 SF - 15,000 SF AVAILABLE FOR LEASE AT Derick Fluker* 604 638 2125 [email protected] Jack Allpress* 604 638 1975

Emergency Fund BOOT CAMP - St. Mary's Bank · PDF file Emergency Fund Size $ 500 $ 3,000 $ 1,000 $ 6,000 $ 1,500 $ 9,000 $ 2,000 $ 12,000 $ 2,500 $ 15,000 Monthly Expenses Emergency

GDP 図表1．金利・為替・株価の予想水準 · PDF file 日経平均株価 (円) 14,837 15,000±1,000 14,250±1,000 14,500±1,000 15,000±1,000 （資料）NEEDS-FinancialQuestデータベース、Bloombergより作成。先行きは農林中金総合研究所予想。

Appearance Protection Front windshield replacement 24 hour roadside assistance $1,000 $400 $500 Unlimited $3,000 $1,000 $8,000 $6,000 $15,000 $15,000 Coverage Plans Interior protection

I. The - DOE · PDF fileI. The MERALCO Franchise Area ... Sta. Rita 1,000 1,000 1,000 1,000 1,000 1,000 1,000 1,000 1,000 1,000 ... and ADMS) RESILIENT

Guaranteed Auto Protection - US ... Less your auto insurance settlement - $15,000 Insurance deductible + $1,000 The GAP = $6,000 GAP cancels _ $6,000* You owe: $0 Author Tag Europe

THE EU AGRICULTURAL OUTLOOK FOR MEAT AND DAIRY · PDF file 2019. 12. 11. · 500. 1,000. 1,500. 2,000. 10,000. 15,000. 20,000. 25,000. 30,000. 1 000 tonnes. EUR / tonne

Executive Branch Personnel Public Financial Disclosure ... Index... 3.17 The Southern Company N/A $1,001 - $15,000 Dividends $201 - $1,000 3.18 IBM Common Stock N/A $1,001 - $15,000

Peter Krajsa Chairman/CEO AFC First Financial Corporation ... · PDF file Home’s Value 1st, 2 3 Lien Keystone HELP Geothermal $1,000 to $15,000, plus additional “Tax Credit Loan”

超硬ドリル・エンドミル・ルータービット 3.50 15,000 165 450 0.030 4.00 15,000 188 450 0.030 4.50 15,000 212 450 0.030 5.00 15,000 236 300 0.020 6.00 15,000 283 300

Pins, Background and Usage - · PDF file 25,000 great velvet pins 2s.8d per 1,000 39,000 small velvet pins 20d per 1,000 19,000 small head pins 20d per 1,000 ... however lace makers

WÄRTSILÄ RENEWABLE GAS/ PUREGAS SOLUTIONS ... ... Water 66 Food Scrap 645 at Landfills Potential 8,300 on Farm 4,000 Wastewater 1,000 Food Scrap 440 at Landfills 15,000+ Potential

品目処分料金表 · PDF file 2020. 11. 26. · ¥7,000～/m3 ¥13,000～/m3 ¥25,000～/m3 ¥10,000～/m3 ¥15,000～/m3 ¥15,000～/m3 ¥15,000～/m3 ¥15,000～/m3 ¥15,000～/m3

To Toro Shareholders For personal use · PDF file Toro Energy Limited (“Toro”) is pleased to provide eligible shareholders the opportunity to invest between $1,000 and $15,000

UNA GUÍA A Sus Beneﬁ cios 1DEJULIO2015–30JUNIO201 ... Persona $500 $500 Ninguno! Familia $1,000 $1,000 Ninguno! Annual Out-of-Pocket Maximum Persona $5,000 / $15,000 $2,000 $1,500

Advertising Guide 2018 - Harness Magazine · PDF file Instagram: 15,000+ Facebook: 1,000 Page Views: 10,500 Newsletter: 2,000+ subscribers

C · PDF file love charms phi mu foundation $1,000 honor $2,500 truth $5,000 foundation $10,000 quatrefoil $15,000 heart & hand $100,000 florine stevens $20,000 sisterhood $25,000

inancial D iScloSure eport ... Amgen Inc. (AMGN) [ST] $1,001 - $15,000 Dividends $1 - $200 $201 - $1,000 MEIJER GST EXEMPT 97 FBO PETER ⇒ Anadarko Petroleum Corporation (APC) [ST]

InternationalMascotCorporation · PDF fileIMC, headquartered in Edmonton, produces about 1,000 mascots a year—800 at its 15,000-square-foot factory in the city's ... retailer Toys

SIVA 2 Rules $1,000,000 $800,000 $600,000 $400,000 $200,000 $100,000 $75,000 $50,000 $30,000 $20,000 $15,000 $10,000 $5,000 $3,000 $2,000 $1,000 $900