Upload
trandat
View
215
Download
0
Embed Size (px)
Citation preview
MODERN CYBER RISKS - WHY TRADITIONAL SECURITY
METHODS ARE FALLING SHORT.
RALF KALTENBACH
DIRECTOR DACH & EASTERN EUROPE (ASOC)
22
Organizations’ overall assessment of their risk / security capabilities:
Cybersecurity Poverty Index
Current security approaches are failing
Significant Cybersecurity
Risk Exposure
75%Advantaged
Capabilities
5%Mature Security
Strategies
20%
2
3
55%
3
Breach Readiness
do not have a formal incident
response plan in place
do not have an active
vulnerability management
program in place
lack capability to gather data
from across their environment
and provide centralized
alerting of suspicious activity
40% 30%
4
The threat landscape continues to evolve
TargetsThreat Actors
Nation
States
HacktivistsCriminals Financial
Information
Intellectual
Property
Personally
Identifiable
Information
HACKS
ATTACKS
ATTACK
CAMPAIGNS
5
Our attack surface continues to expand
Mobile
EmployeesBYOD
On Premise
Cloud
Third
PartiesCustomers
Partners
Shadow IT
5
7
Two critical success factors to be considered…
React faster2Reduce Dwell Time1
TIME
Attack Identified Response
SystemIntrusion
AttackBegins
Cover-UpComplete
Cover-Up DiscoveryLeap Frog Attacks
1 TARGETEDSPECIFIC OBJECTIVE
STEALTHYLOW AND SLOW2 3 INTERACTIVE
HUMAN INVOLVEMENT
Dwell Time Response Time
9
Shift priorities and capabilities
Today’s Priorities
Prevention
Response
Monitoring
Monitoring
Prevention
Response
Future State
9
1010
The capabilities that matter most now
Visibility
& Analytics
establish foundation /
make responders
faster & smarter
Identity
Assurance
& Governance
address the
most consequential
attack vector
Risk
Intelligence
prioritize
effectively
11
At first, there were HACKS Preventative controls filter known attack paths
Evolution of Threat Actors &
Detection Implications
MaliciousTraffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
Corporate Assets
Whitespace Successful HACKS
12
At first, there were HACKS Preventative controls filter known attack paths
Then, ATTACKSDespite increased investment in controls, including
SIEM
Evolution of Threat Actors &
Detection Implications
MaliciousTraffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
More Logs
Corporate Assets
SIEM
Blocked
Session
Blocked
Session
Blocked
Session
Alert
Whitespace Successful ATTACKS
13
Now, successful ATTACK CAMPAIGNS
target any and all whitespace.
Complete visibility into every process and network
sessions is required to eradicate the attacker
opportunity.
Unified platform for advanced threat detection & investigations,
Evolution of Threat Actors &
Detection Implications
MaliciousTraffic
Firewall
Threat Actors
IDS/IPS
AntiVirus
Logs
Endpoint VIsibility
Corporate Assets
Blocked
Session
Blocked
Session
Blocked
Session
Alert
Process
Network VIsibility Network
Sessions
Secu
rity
An
aly
tics
1414
Security Analytics Architecture Model
On
Prem
Cloud
Security
Operations
LIVE
Action
Security
Operations
Analysis
Threat Intelligence | Rules | Parsers | Feeds | Reports | RSA ResearchRSA LIVE
INTELLIGENCE
Capture Time
Data
Enrichment
Visibility
NetFlow
Packets
Logs
Endpoint
LIVE
LIVE
15
Security Architecture Modules
Cloud
Security Analytics
Governance, Risk, & Compliance
Identity
logs, packets, netflow,
endpoint, identity,
threat, vulernability
DataEnterprise