Cybersecurity, Yesterday, Today, and Beyond
-
Upload
anitian -
Category
Technology
-
view
49 -
download
0
Transcript of Cybersecurity, Yesterday, Today, and Beyond
AN IT IANSecurity:
Yesterday, Todayand Beyond
intelligent information securityANIT IAN
MEET THE SPEAKER – ANDREW PLATO• President / CEO of Anitian • Principal at TrueBit CyberPartners• 20+ years of experience in security• Discovered SQL injection in 1995• Helped develop first in-line
IPS engine (BlackICE)
intelligent information securityANIT IAN
Who we do it for
What we doBuild great security……Programs …Controls…Operations …Compliance …Response …Leaders
Why we do it We believe security is essential to growth, innovation, and prosperity
intelligent information securityANIT IAN
OVERVIEWOutline• The Fourth Dimension• The Threat Landscape Through Time • Trends for 2020 and Beyond
Intent• Discuss cybersecurity trends through time• Get you thinking about your security needs in 5-10 years
intelligent information securityANIT IAN
The Fourth Dimension
intelligent information securityANIT IAN
30 million years ago two black holes collided
Cats had just evolved on Earth, no Humans
intelligent information securityANIT IAN
Between 1907 and 1915 Einstein developed the theory of Special Relativity, a concept that
did not follow the “rules” of conventional scienceMany people at the time thought he was nuts.
intelligent information securityANIT IAN
In 2016, the LIGO observatories in
Louisiana and Washington
discovered the gravity waves from this collision proving Einstein’s theory.
He was not nuts, just ahead of his time
intelligent information securityANIT IAN
My story: SQL Injection 1995
Oh, did I just equate myself with Einstein?
intelligent information securityANIT IAN
20 Years Later…
intelligent information securityANIT IANThe present can be deceptive
intelligent information securityANIT IAN
How do you know what to look for?
When you do not know what it is
intelligent information securityANIT IAN
Welcome to the Fourth Dimension
Your ability to evaluate a threat depends on your perceptions and bias
intelligent information securityANIT IAN
Former Target CIO Beth Jacob was fired after a huge breach in 2014
The Target breach has become a case study in having all the tech but still could not
protect the business
We are losing the cybersecurity game
Because we keep trying to play by the rules
We must change the rules of the game into a game we can win
intelligent information securityANIT IAN
Threat Landscape Through Time
intelligent information securityANIT IAN
THE PAST• Macro viruses• Network hacks & port scanning • Spam• Market: $500M industry
• SOLUTION: Technology!!
intelligent information securityANIT IAN
THE PRESENT• Encrypting Ransomware• Targeted Phishing • Fileless malware• Botnets • ICS and control systems
attacks• Market: $122B
• SOLUTION: BUY EVEN MORE TECHNOLOGY…and make it all compliant
intelligent information securityANIT IAN
THE FUTURE• AI-based attacks • Threats at the hardware
layer • Chaos attacks • Market: $300B
• Hyper-intelligent attacks, overwhelm your defenses
• SOLUTION: TECHN…wait, maybe we should do something different?
intelligent information securityANIT IAN
OUR PROBLEM
We keep buying security technology… …that does not secure
intelligent information securityANIT IAN
our people are…
distracted
NEXT-GENERATION
SQUIRREL
they are failing to
remember the mission
… you can never hire enough of them
intelligent information securityANIT IAN
…and your workforce is changing
intelligent information securityANIT IAN
is there any hope?
intelligent information securityANIT IAN
YES!we must change the way we
look at cybersecurity
intelligent information securityANIT IAN
GET READY FOR 2020
Stop
Products
Vendors
Perimeter
Headcount
DevOps
Strength
Start
Intelligence
Relationships
Data
Resources
DevSecOps
Agility
intelligent information securityANIT IAN
BEYON
DCYBERSECURITY 2 0 2 0
intelligent information securityANIT IAN
TREND 1: THE CLOUD• This is where IT is going• Only 17% of workloads
are in the cloud• Cloud is more secure• Compliance in the cloud
is difficult • Cloud talent is extremely scarce • Train your internal people • AWS is #1 by a long shot.
intelligent information securityANIT IANWHAT’S MISSING?
intelligent information securityANIT IAN
Security
Compliance
Security
Compliance
Security
Compliance
Security
Compliance
YOU
M
ANAG
E
YOU
M
ANAG
E
YOU
M
ANAG
E
YOU
M
ANAG
E
OH YEAH,SECURITY AND COMPLIANCE !
intelligent information securityANIT IAN
TREND 2: DISPOSABLE IT Emerging new approach to cloud with huge security and compliance benefits: 1. Fully automate the build of your environment
a. System and storage instantiation b. Configuration, hardening, patchingc. Code deployment
2. On a regular basis, recreate the whole environment3. Migrate from old to new (automatically)4. Destroy the original
• Disposable IT forces formality and structure• It also has huge security benefits
intelligent information securityANIT IAN
TREND 3: THE SUBSCRIPTION ECONOMY• We no longer buy things,
we buy relationships• Netflix, Office365, Salesforce• Relationships have value • High-trust relationships
get you access to help, on-demand
• The “lone-wolf” approach to security is a failure
• Focus on building strong, lasting relationships with vendors, partners, and suppliers
• Stop the “race-to-the-bottom” gladiatorial approach
intelligent information securityANIT IAN
TREND 4: SECURITY ANALYTICS• Point security solutions are
useless• Integrated “fabrics” that can
react at multiple levels• Fusion of detection, prevention,
logging, and response technologies
• You will never react fast enough…Get your people out of the reaction mode, into the analysis mode
• Automation and orchestration can do that
intelligent information securityANIT IAN
TREND 5: THE NEW NORMAL• People become indifferent to breaches• Privacy is gone, we expect our data to be stolen• Value of data declines • Automation allows for rapid detection, response, and repair• The security bubble pops, a lot of vendors implode
• Security shifts to stability and assurance duties• Breaches have minimal impact • Spending and headcount decrease• Cybersecurity skills shift from hacking, to relationship building• Everything is in the cloud, everything is rebuildable at a
moment’s notice
intelligent information securityANIT IAN
FINAL THOUGHTS• It is not strength that wins, its agility • It is not technology that protects you, its intelligence • It is not compliance that assures, it is discipline • It is not what you know, its what you do not know that makes a
difference • It is not skill that makes somebody qualified, it is behavior
• Do not let your current perceptions, affect your future security
intelligent information securityANIT IAN
Andrew Plato, [email protected]
LinkedIn: http://bit. ly/l i-andrewplato
T H A N K Y O U