MODERN CYBER RISKS - WHY TRADITIONAL SECURITY

METHODS ARE FALLING SHORT.

RALF KALTENBACH

DIRECTOR DACH & EASTERN EUROPE (ASOC)

22

Organizations’ overall assessment of their risk / security capabilities:

Cybersecurity Poverty Index

Current security approaches are failing

Significant Cybersecurity

Risk Exposure

75%Advantaged

Capabilities

5%Mature Security

Strategies

20%

2

3

55%

3

Breach Readiness

do not have a formal incident

response plan in place

do not have an active

vulnerability management

program in place

lack capability to gather data

from across their environment

and provide centralized

alerting of suspicious activity

40% 30%

4

The threat landscape continues to evolve

TargetsThreat Actors

Nation

States

HacktivistsCriminals Financial

Information

Intellectual

Property

Personally

Identifiable

Information

HACKS

ATTACKS

ATTACK

CAMPAIGNS

5

Our attack surface continues to expand

Mobile

EmployeesBYOD

On Premise

Cloud

Third

PartiesCustomers

Partners

Shadow IT

5

6

The defender-detection deficit

Increasing gap between attacker and defender capabilities

7

Two critical success factors to be considered…

React faster2Reduce Dwell Time1

TIME

Attack Identified Response

SystemIntrusion

AttackBegins

Cover-UpComplete

Cover-Up DiscoveryLeap Frog Attacks

1 TARGETEDSPECIFIC OBJECTIVE

STEALTHYLOW AND SLOW2 3 INTERACTIVE

HUMAN INVOLVEMENT

Dwell Time Response Time

88

The security paradigm must change

PREVENTIONDETECTION &

RESPONSE

9

Shift priorities and capabilities

Today’s Priorities

Prevention

Response

Monitoring

Monitoring

Prevention

Response

Future State

9

1010

The capabilities that matter most now

Visibility

& Analytics

establish foundation /

make responders

faster & smarter

Identity

Assurance

& Governance

address the

most consequential

attack vector

Risk

Intelligence

prioritize

effectively

11

At first, there were HACKS Preventative controls filter known attack paths

Evolution of Threat Actors &

Detection Implications

MaliciousTraffic

Firewall

Threat Actors

IDS/IPS

AntiVirus

Corporate Assets

Whitespace Successful HACKS

12

At first, there were HACKS Preventative controls filter known attack paths

Then, ATTACKSDespite increased investment in controls, including

SIEM

Evolution of Threat Actors &

Detection Implications

MaliciousTraffic

Firewall

Threat Actors

IDS/IPS

AntiVirus

More Logs

Corporate Assets

SIEM

Blocked

Session

Blocked

Session

Blocked

Session

Alert

Whitespace Successful ATTACKS

13

Now, successful ATTACK CAMPAIGNS

target any and all whitespace.

Complete visibility into every process and network

sessions is required to eradicate the attacker

opportunity.

Unified platform for advanced threat detection & investigations,

Evolution of Threat Actors &

Detection Implications

MaliciousTraffic

Firewall

Threat Actors

IDS/IPS

AntiVirus

Logs

Endpoint VIsibility

Corporate Assets

Blocked

Session

Blocked

Session

Blocked

Session

Alert

Process

Network VIsibility Network

Sessions

Secu

rity

An

aly

tics

1414

Security Analytics Architecture Model

On

Prem

Cloud

Security

Operations

LIVE

Action

Security

Operations

Analysis

Threat Intelligence | Rules | Parsers | Feeds | Reports | RSA ResearchRSA LIVE

INTELLIGENCE

Capture Time

Data

Enrichment

Visibility

NetFlow

Packets

Logs

Endpoint

LIVE

LIVE

15

Security Architecture Modules

Cloud

Security Analytics

Governance, Risk, & Compliance

Identity

logs, packets, netflow,

endpoint, identity,

threat, vulernability

DataEnterprise

16

Thank You