In today’s threat landscape, nothing static remains secure.
Cyber attackers continuously seek new vulnerabilities to exploit in order to keep ahead of the latest security advances, and they are succeeding. High-profile data breaches are dominating headlines, and attacks have become so pervasive that on average, a malware event occurs at a single organization once every three minutes.
In this environment, no single security system can protect your organization from threats. You've got to adapt to survive.
Learn:
--The increased attack vectors inherent in the current security landscape.
--How to rethink your approach and adapt your strategy to achieve a more nimble security stance with multiple layers of defense, analytics and incident response.
--How to safeguard distributed applications and mobile, cloud and social interactions across the enterprise.
--How to optimize your security operations without overspending.
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Survival In An Evolving Threat Landscape
1.
2.
3. Processes are
monitored and
measured with
trending
Best practices
are followed
Continuous
improvements
identified and
applied
Formal
global IT risk
management
process
4. The annual cost of cyber
attacks rose to an average of
$11.6M in 2013, an increase of
26% over 2012. The time it
took to resolve an attack
averaged 32 days, with a cost
of over $32K per day (over
$1M total).
5.
6. 1. Prevention is futile: Advanced Persistent Security Programs
2. The Post-Signature Era: Pervasive Monitoring and Detection
3. Security Big Data Analytics
4. Context-Aware Security
5. Reputation Services and “Trustability”
6. The Growing Role of Collective Intelligence
7. The Shift to Information-centric Security Strategies
8. Virtualized and x86 Software-based Security Controls
9. The Shift to Cloud-based security controls
10. The Software Defined Data Center comes to Security
Gartner analyst: Neil McDonald | “Protection from Advanced Targeted Attacks in a Consumerized, Cloudified World”
12. 1. Adversary performs
reconnaissance on the target &
starts to weaponize
2. Adversary delivers a spear
phishing email with attachment
to target
3. Target opens
attachment,
downloads
malware & it is
executed
4. Adversary exploits the
system, allowing entry into
the network
5. Command & control
communication with
adversary is established
6. Adversary moves
laterally within the
network & establishes
multiple back doors to
maintain persistence
7. Adversary accesses the
directory & compromises
legitimate system & user
credentials
8. Adversary utilizes the
legitimate system & user
credentials to access
sensitive file servers
9. Adversary starts
sensitive data
exfiltration,
leveraging VPN with
compromised
credentials or
evasive techniques
From spear phishing to exfiltration in nine steps
13. Work from the assumption that you are already
compromised; move from a reactive, perimeter-based
mentality to an active approach:
• Enhanced defenses
• Incident response
• Intelligence and
analytics
REPUTATION
SERVICES
THREAT
INTELLIGENCE
ATTACKER
INTELLIGENCE
Collective security intelligence services:
20. Core Risk
Reduction
Enhanced
Risk
Reduction
Core Security
State
Enhanced
Security State
Optimized
Security
• Processes are
ad hoc and
disorganized
• Security is not
defined
• No mgmt
reporting
metrics
• Security is a
reactive
process
• Processes
follow a regular
pattern
• Security is
defined but not
aligned with
business
objectives
• No mgmt
reporting
• Security
involvement in
projects and
initiatives are
ad hoc
• Processes are
documented and
communicated
• Formal integrated
policy suite,
with links to
workforce
awareness,
education,
and training
programs
• From a risk mgmt
committee
• Limited mgmt
reporting
• Processes are
monitored and
measured
• Formal global IT
risk mgmt
process
• Full mgmt
reporting
• Consistent and
repeatable
process
• Processes are
monitored and
measured with
trending
• Best practices are
followed
• Continuous
improvements
identified and
applied
• Formal global
IT risk mgmt
process
21.
22.
23.
24. Knowing what you need to protect
Continuous security posture assessment
Enhanced defenses, detection and intelligence
capabilities
Staff and operational support
Security awareness and training
Proactive incident response
Roadmap to optimized security model
25. Technology consulting, IT infrastructure
technology and integration, and leasing
solutions for your business.
Visit us at www.forsythe.com.
Brought to you by:
David Launches: This is not really a security problem – it’s an IT Ops problem…how can I tee this up?
Applications and data may be in a traditional data center, hybrid data center, or somewhere in the cloud.
David launches
In the past, when IT was setting up access to restricted systems, it only had one location to consider: within the enterprise. Users who wanted to access corporate data had to be on-premise, where security systems were tested and hardened. That was OK, because they were employees who typically did their work from an assigned space at a specific location. The IT department created the systems and distributed the devices that could be used to work within that closed environment.
Today, that intimate corporate network is a globally connected web of users and devices that are accessing IT environments wherever, whenever, and however they choose. And the users have extended beyond employees to include partners and customers. Users could be working from the office, from home, in a car, a coffee shop, an airport or a hotel room. Even if they are internal employees in an office, they may be using a shared space—“hoteling”—rather than working from an assigned port. Each of these cases presents a different set of circumstances that pose the same question:
Maggie: How do you know the person attempting to access corporate data is who they appear to be?
As apps move, companies need to have a better handle on who is using them:
Who are they?
Where are they?
What are they doing?
They need a granular understanding of the following:
Where is the data?
Who owns it?
Do I have it classified?
Do I have data protection controls (encryption etc.)?