Connected(Security:(A(Holis3c(Approach(to(the(Data(Breach(Problem(Garre%&Bekker&)&Principal&Analyst,&451&Research&Stephen&Cox,&&Chief&Security&Architect,&SecureAuth&&

2&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Our(Speakers(

Stephen(Cox&Chief&Security&Architect&

SecureAuth&

&

Garre@(Bekker((Principal&Analyst&

Enterprise&Security&PracBce&&451&Research&

Solving the Data Breach Problem with Connected Security

Garrett A. Bekker, III, Principal Analyst, Information Security

A few words about me….

•  Principal Analyst in 451 Research’s Information Security Practice

•  Involved in infosec since 1999 •  451 coverage areas: Identity and

Access Management (IAM), Data Security.

•  @gabekker on Twitter •  Garrett.Bekker@451Research.com

4

We are spending billions on cybersecurity

•  Cybersecurity M&A hit record levels in 2015

•  Cybersecurity VC: $3.5bn in 2015 (CB Insights)

8

•  (source: 451 Research 2016 M&A Outlook)

Security tools are multiplying like rabbits!

9

•  = ~1400 vendors

•  9 new vendors every month

But we’re setting records for breaches, too

•  Privacy Rights Clearinghouse: from 2014 to 2015, breach volumes doubled

•  Identity Theft Resource Center: data breaches will hit 1,000 in 2016, up 22%.

•  Anthem, Army National Guard, CareFirst Blue Cross/Blue Shield, Premera Blue Cross/Blue Shield, Harvard, Home Depot, JP Morgan, Target, Nieman-Marcus, eBay, Heartland, TJ Maxx, Sony, AOL, Ashley Madison, UbiSoft, Zappos, Adobe, Evernote, Apple, Yahoo Japan, UPS, Vodafone, Experian, Facebook….

10

Breach party!

Too many security point products

•  Most firms can’t keep up with securing legacy, on-prem estate:

•  AV •  FW •  IPS •  DLP •  WAF •  SIEM •  IAM

11

Cloud, Mobile, Big Data and IoT aren’t helping

•  Cloud security requires even more ‘stuff’: •  SaaS SSO/IDaaS •  SaaS encryption gateways •  CAC/CASB •  IaaS Security

•  Big Data: •  Data discovery •  Access controls •  Encryption/tokenization, etc.

•  IoT? •  IoT device authentication •  SSL certs •  Encryption/tokenization •  IoT firewalls •  IoT malware detection

12

MORE TOOLS ≠ BETTER SECURITY!

13

Watch out for your third parties

•  Firms are outsourcing more non-core functions

•  Cloud increases reliance on third-parties

•  Third-parties have access privileges that can be exploited (HVAC vendors?)

14

Who’s going to manage all this?

•  Chronic skills shortage •  ~1mn openings? •  Interns?

15

The math doesn’t add up!

•  ‘Triple-edged sword’: •  More resources to protect – and more coming with IoT, etc. •  More security products to manage •  More end users to worry about •  More threat actors •  More regulations

…and not enough people to help with all of this

16

So how to we turn the math in our favor?

•  Consolidation is inevitable, but still a big backlog •  Security automation is coming •  More ‘native’ security solutions from cloud and big data providers

•  AWS, Box, Salesforce, Microsoft, Cloudera, Hortonworks, VMware, etc. •  More security delivered as a service

•  Traditional MSSPs, sure •  But also: •  ‘Specialist MSSPs’

•  DLP, IAM, SIEM, Encryption, Key Management •  Better integration

17

Thank You!

Connected(Security:(A(Holis3c(Approach(to(the(Data(Breach(Problem(Stephen&Cox&Chief&Security&Architect,&SecureAuth&&

19&

20&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

What(the(Future(Holds(

+  A%ackers&adapt&quickly&making&visibility&of&utmost&importance&

+  A%acks&are&mulB)vector&and&&mulB)faceted&

+  Strong&technologies&across&the&spectrum&

–  We&struggle&at&tying&it&together&–  What&about&the&SIEM?&&

It’s&About&Context!&

21&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Understand(and(A@ack(the(Gap(

+  Look&to&history&of&warfare&for&examples&

–  Yes,&I&am&drawing&that&analogy!&&

+  OrganizaBons&have&security&gaps&

–  Only&so&much&budget,&Bme&

+  Increasing&visibility&is&vital&–  Protect,&detect&and&respond&

Exploit&the&Flank!&&

22&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Oh(Look,(A(Sun(Tzu(Quote!(

“By&persistently&hanging&on&the&enemy's&flank,&we&shall&succeed&in&the&long&run&in&killing&the&commander.”&&

& &&&&&))&Sun&Tzu,&The&Art&of&War&

23&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Iden3ty(is(a(Security(Gap(

+  Focus&is&on&network&perimeter&and&endpoint&

+  Limited&visibility&to&later&stages&of&a%ack&lifecycle&

+  Adopt&a&“follow&the&a%acker”&mindset&

Follow&the&A%acker!&&

24&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Majority of the breaches in the

enterprises start with social engineering and

phishing

Intruders gained access through a Citrix remote access portal set up for use by employees. {Home Depot Breach}

"The hackers acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom built malware on its self check out systems in the U.S. and Canada.” – eWeek

A@acks(on(Today’s(Ba@lefield((The&A%ack&Lifecycle&or&“Kill&Chain”&&

25&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Network(Security(

Endpoint(Security((

Endpoint(Security(

Iden3ty(Security((

Endpoint(Security(

Iden3ty(Security((

Network(Security(

Iden3ty(Security((

Endpoint(Security(

Iden3ty(Security((

Security(Informa3on(&(Event(Management((

A@acks(on(Today’s(Ba@lefield(The&A%ack&Lifecycle&or&“Kill&Chain”&&

26&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Connected(Security(Close&the&Gaps!&&&

27&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

Adap3ve(Authen3ca3on(Taking&AcBon&at&the&IdenBty&Perimeter&

•  Layered&Risk&Analysis&&=&Stronger&Security&

•  No&User&Experience&&Impact&

•  Only&present&MFA&&when&needed&

•  No&other&vendor&has&&as&many&“layers”&

Device&RecogniBon&

Threat&Service&

Directory&Lookup&

Geo)LocaBon&

Geo)Velocity&

Geo)Fencing&

Fraud&DetecBon&

IdenBty&Governance&

Behavior&AnalyBcs&

Behavioral&Biometrics&

28&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

PreUAuthen3ca3on(Risk(Analysis(

Device&RecogniBon&

Threat&Service&

Directory&Lookup&

Geo)LocaBon&

Geo)Velocity&

Geo)Fencing&

Fraud&PrevenBon&

IdenBty&Governance&

Behavior&AnalyBcs&

Behavioral&Biometrics&

Do(we(recognize(this(device?(Associated(with(a(user(we(know?(

RealU3me(Threat(Intelligence(IP(Address(Interroga3on(

Group(membership(and(a@ribute(checking( Request(coming(from(a(known(loca3on?(

Do(we(have(employees,(partners(or(customers(here?(

Has(an(improbable(travel(event(taken(place?(

Who(should/does(have(access(rights?(High(Access(Rights(=(greater(risk/vulnerability(

Track(normal(behavior(Looking(for(anomalies(

Typing(Sequences(&(Mouse(Movements(Unique(to(each(user(on(each(device(

Access(request(coming(from(within(or(outside(a(geographic(barrier(

Reduce(#(of(OTPs,(Block(device(class,(Iden3fy(“por3ng”(status,(Block(by(carrier(

AdapBve&AuthenBcaBon&

29&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

In(the(Real(World(

Device&RecogniBon&

Threat&Service&

Directory&Lookup&

Geo)LocaBon&

Geo)Velocity&

Geo)Fencing&

Fraud&DetecBon&

IdenBty&Governance&

Behavior&AnalyBcs&

Behavioral&Biometrics&

Low(

Medium(High(

Medium( Medium( Medium( Medium(

High( High( High(

Normal(Day( Travel(Day( Lost/New(Laptop( Stolen(Creden3als( Stolen(Laptop(

Allow(MFA(Step(

Deny(

Allow(MFA(Step(

Deny(

Allow(MFA(Step(

Deny(

Allow(MFA(Step(

Deny(

Allow(MFA(Step(

Deny(

dtepe@secureauth.com&

***********&

dtepe@secureauth.com&

***********&

hack@cybera%ack.com&

**********&

hack@cybera%ack.com&

**********&

30&©2015 SecureAuth Corporation. All Rights Reserved. www.secureauth.com

The(Connected(Security(Alliance(

+  Rigorous&interoperability&tesBng&&+  Integrated&reference&architecture&+  Leverages&idenBty&context&+  AcBonable&intelligence&+  Stronger&together!&&&

A&holisBc&approach&to&the&data&breach&problem&&

Iden3ty(Security(

Watch(this(space(for(more(integra3ons!(

Q&A&

THANK&YOU!&Learn&more&at&www.secureauth.com/connected)security&&