Connecting The Information Security Community ... 1,000+ clients: Technology & Service...

Click here to load reader

  • date post

    10-Oct-2020
  • Category

    Documents

  • view

    1
  • download

    0

Embed Size (px)

Transcript of Connecting The Information Security Community ... 1,000+ clients: Technology & Service...

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 1 UBM Copyright 2015. All Rights Reserved

    Connecting The Information Security Community

    Sara Peters Senior Editor, Dark Reading Eric Hanselman Chief Analyst, 451 Research

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 2

    2015 Enterprise Securities Priorities Connecting The Business Technology Community

    1 – Source: Gartner, Aug 2014 2 – Source: InformationWeek Strategic Security Survey, April 2014

    Worldwide IT security spending was over $70B in 2014, and expected to reach almost $77B in 2015.1

    75% of IT professionals believe their organizations are about the same or more vulnerable to attacks than a year ago.2

    Security’s Hottest Trends • Frequency, cost, and size of breaches continues to rise • Higher percentage of targeted and politically-motivated threats • Current, Single-Purpose Security Technology Is Not Working • Increasing Portion of Computing Is Out of IT’s Control • Shortage of Staffing, Skills

    http://www.gartner.com/newsroom/id/2828722 http://reports.informationweek.com/abstract/21/12509/Security/Research:-2014-Strategic-Security-Survey.html http://reports.informationweek.com/abstract/21/12509/Security/Research:-2014-Strategic-Security-Survey.html

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 3

    The Critical Role of IT Security Professionals Create A Secure Business That Doesn’t Hinder Operations

    • Alerts on attacks and vulnerabilities as soon as they are discovered • Insight on emerging threats and vulnerabilities to help “triage” current

    dangers and prioritize responses

    • Feedback from industry colleagues on the right actions to take and how to implement them

    • Understanding vendor strategies – not just what’s new

    Today’s Enterprises Are Faced With Some of the Most Sophisticated Threats They Have Ever Encountered • Today’s security pros are tasked with figuring out what is compromising their

    systems, how to fix the damage, and how to prevent it from happening again. • They have no single place to both gather and share information, relying on a myriad

    of sites and social networks.

    What IT Security Pros Need To Succeed

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 4

    451 Research

    Founded in 2000

    210+ employees, including over 100 analysts

    1,000+ clients: Technology & Service providers, corporate advisory, finance, professional services, and IT decision makers

    15,000+ senior IT professionals in our research community

    Over 52 million data points each quarter

    4,500+ reports published each year covering 2,000+ innovative technology & service providers

    Headquartered in New York City with offices in London, Boston, San Francisco, and Washington D.C.

    451 Research and its sister company Uptime Institute comprise the two divisions of The 451 Group

    Research & Data

    Advisory Services

    Events

    451 Research is an information technology research & advisory company

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 5

    Agenda

    A true Crash Course – InfoSec in an hour • Introduction • The State of Enterprise Security • Today’s Enterprise Threat Environment • Why Enterprise Security Requires a Multi-Layered Defense • Understanding Targeted Attacks • The Real Risks of Mobile Technology In the Enterprise • Users, Endpoints, and Passwords – What Really Works • Insider Threats and Preventing Data Leaks • Social Engineering – How Users Get Fooled (And How to Stop It) • Eliminating Risk In Cloud Computing Environments • Q&A

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 6

    The State of Enterprise Security Collision of requirements

    • Protection • Mitigation • Governance, regulatory, compliance • Enablement

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 7

    We’re Playing Defence Threats are on the attack

    Whether in detection, control, or prevention, we are notching personal bests but all the while the opposition is setting world records. - Dan Geer, CISO In-Q-Tel

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 8

    Meet Your Adversaries Changing players with varied motivations

    • Your users • Your vendors • Lower skilled attackers • Cyber criminals • Hacktivists • Nation states

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 9

    Your Users Well meaning and trying to get work done

    • Risks: Device/data loss, Phishing victims • Consumer technology mindset • Limited understanding of risks • Some malicious users, too

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 10

    Your Vendors and Partners Good intentions, but imperfect

    • Risks: Vulnerable software and equipment, data and identity compromise • Operational costs for maintenance and patching • Access often not limited well • Audits not often extended

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 11

    Lower skilled attackers Annoying, but potentially dangerous

    • Risks: Door knob rattling, systems damage • Script kiddies and the like • Tool availability spawns experimentation

    – A path for snooping or malicious users

    • Can be part of reconnaissance process

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 12

    Cyber Criminals It’s just a job…

    • Risks: Data and financial loss, denial of service • The rise of guild culture

    – Specialized services

    • Tools part of the infosec arms race – There’s money in this

    • Persistent and sophisticated

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 13

    Hacktivists Politically motivated, but which politics?

    • Risks: Data release, denial of service, collateral damage • Poorly defined groups • Motivations not always clear • Power in numbers • Reasonably sophisticated tools

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 14

    Nation States Complex motivations, murky definition

    • Risks: Data loss, Denial of service, collateral damage • More actors arriving • The most sophisticated tools • Often invoked, seldom fully identified

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 15

    Anatomy of an Attack Determined attackers have a plan

    Reconnaissance Beachhead Exploration

    Compromise Export Cleanup

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 16

    Advanced Persistent Threats APT’s, all the time!

    • Some clarity is needed on definition • APT’s are people and attack campaigns • APT’s are not technology or tools • An APT attack will span considerable time • Effective protections look to break attack process

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 17

    Effective Security in a Changing World There is no single path, but many can be effective

    • Enhancing security posture requires enterprise efforts • Many components with shared intelligence

    – Complex coordination task

    • Much more than anti-malware

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 18

    Attitudes Need to Change Presuming that you’ve been compromised

    • Best defence is enhanced situational awareness

    • Current attack capabilities are overwhelming • Best tools increase visibility while limiting

    complexity • Security can’t be the department of “No!”

    – Transformation to department of “know!”

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 19

    We’re Still Buying Lots of Security Budgets and purchasing expectations are up

    Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014

  • UBM Copyright 2014. All Rights Reserved © 2015 Property of UBM Tech; All Rights Reserved

    Pg. 20

    But We’re Changing What We Buy Chasing effective mitigations

    Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014

    Q. How will your spending on this tech