View
216
Download
0
Category
Tags:
Preview:
Citation preview
2
• Assessing the Threatscape• Addressing compliance
requirements• Respond, don’t just report• You’re already a statistic, how do
you rebound?• Q&A
YOU’RE ALREADY A STATISTIC…
3
4
• 91% of companies have experienced at least one IT security event from an external source.
• 90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders.
Security Breach Statistics*
*Statistics collected from Gartner, Forrester, Ponemon, Kaspersky, Eschelon
ASSESSING THE THREATSCAPE
5
• Due to complexity, over 70% of organizations still not adequately securing critical systems.
• The median annualized cost of breaches is $3.8 million per year, (range: $1M to $52M/yr)
Security Breach Statistics
ASSESSING THE THREATSCAPE
6
• 96% of attacks were not highly difficult
• 94% of all data compromised involved servers
• 85% of breaches took weeks or more to discover
• 92% of incidents were discovered by a third party
• 97% of breaches were avoidable• 96% of victims subject to PCI DSS
had not achieved compliance
A study conducted by the Verizon RISK Team
ASSESSING THE THREATSCAPE
7
• Data breaches• Data loss/leakage• Account/service traffic hijacking• Insecure interfaces and APIs• Denial of service• Malicious insiders• Insufficient due diligence• Technology vulnerabilities• Social Engineering• Viruses, phishing, malware, spyware • Employees exposing information • Carelessness/lax security policies
According to Cloud Security Alliance
TOP THREATS
8
Source: www.securelist.comKaspersky Bulletin
CYBER WAR HAS BEEN DECLARED
9
And then this happens….
… that becomes this
… which ultimately ends up with this
…followed by this
They all start off like this
THE CHALLENGE IS REAL
10
“I get audited. I get audited a lot.”
- Michael Tampone Chief Technology Officer Sterling Risk
THE WEIGHT OF COMPLIANCE
11
• FFIEC• PCI / DSS• CIP • Sarbanes Oxley• GLBA• FISMA• NERC• HIPAA• FERPA• SB-1386 (California)
ALPHABET SOUP OF OVERSIGHT
12
• It’s expensive• It’s time consuming• It’s resource heavy• Perceived imbalance in the
risk/reward quotient- We’ve got it covered- We haven’t been attacked/complacency- We’re too small for hackers to care/notice
• Expertise difficult to retain
…but it doesn’t have to be
THE PROBLEM IS…
MSPAlliance says: Unemployment for IT security is <1%. And once found, they’re expensive to keep. In fact their
salaries doubled in past 3 years.
13
• Preventive/Preemptive policies• Centralized control• Automation• Transaction Anomaly Prevention• Minimize end user impact• Consistency• Maintain and enforce standards• Minimizing management and
operational cost
Best practices
OVERCOMING OBSTACLES
14
• Continuous monitoring discovers red flags (via Log/SIEM) but too often reviewed days/weeks later
• Doesn’t FIX the problem• Signatures will not detect
anything unusual in a zero-day exploit
• Doesn’t maintain continuous integrity of files/apps/registry
MONITORING IS NOT ENOUGH
15
TURN BACK THE CLOCK
• Real-time configuration mgmt• Recovery back to ideal state• Automated alerts and repair• Avoid unauthorized changes that
threaten compliance• Demonstrate control of
computing environment• Change management• Reduce support incidents
16
• (3.11)Implement automated configuration monitoring system to analyze hardware and software changes, network configuration changes, and other modifications affecting the security of the system.
COMPLYING WITH SECURITY FRAMEWORKS
*Source SANS 20 Critical Controls
SANS offers 12 critical controls for implementation, automation, and measurement. Security Configuration Management applies to 8 of those guidelines, most notably
17
• Reduce, remove security threats• Reduce operational downtime• Reduce support incidents by 80%• Automate security compliance policy• Increase application availability• Reduce case resolution times and
repeat cases• Reduce on-site or remote service
requests• Integrates with existing infrastructure• Automated compliance reporting• Improve customer satisfaction
GO HOME ON TIME…REALLY!
18
Demonstration
LET ME PROVE IT
19
COMPANY OVERVIEW
Innovative Software Company◦ Over 12 years in the marketplace◦ 1,000’s of customer deployments globally◦ Proven and patented technology
IT organizations will fail to successfully manage their PC environment if they have not addressed the
biggest issue: complexity … Persystent Suite … does provide configuration drift management
functionality.
Customers
20
THANK YOU.
Bob Whirley Utopic Softwarebobwhirley@utopicsoftware.com727-512-9001
www.utopicsoftware.com
Recommended