The world we live in right now is getting more and more digital. All possible things we were reading in sci-fi books or watching in fantasy movies are becoming a reality. Internet of things, drones, e-world, mobility, applications, cloud, digital prototyping, e-voting, quantum computing, 3D printing like in Terminator movies and much more is a reality. On average auditory of this room can agree that it is ok to say that we live in the future. As what has happened to technology for personal use and business in last 25 years is impressive. And we can experience that. We are unique generation and live in unique times. The digital world gives huge opportunities to any business entering it. There are soon close to 4 billion of potential customers out there in 2015 that are. Digital world introduces new products every day and technology creators are extremely working on to get new products to market as soon as possible. But like in every book, movie, story, historical reality when there are good forces also there are bad forces. Cyber crime is growing and various things are happening everywhere. New technologies also introduce new risks and those risks are with different configuration. Countries attack countries and we call that a cyber wars, citizens are attacking countries and we call that hacktivism, professionals are attacking everyone for financial gains and we call that organized digital crime. And the methods are getting more and more sophisticated so in the end doesn’t matter how great are technologies of defense every day we have new articles of new indicents, data breeches, companies who have huge financial loses and damages of reputation, lost marketplace, stock market positions, customers, employees or even lives. I won’t touch each different method of attacks but I will simply try to share how we as a system integrator of complex cyber security protection technology solutions look at things and protect our customers.

1. Security Intelligence
for business data and
IS protection
Andris Soroka
10.11.2015, Vilnius
Riga, Latvia

2. “Data Security Solutions” business cardWhat We Do?
DSS
Cyber
Security
Only
Full IT
Security
Services
Lifecycle
Most
Innovative
Portfolio in
Baltics
Member–
ships,
Awareness
Rising
Technology
&
Knowledge
Transfer
ICT
Security
Evangelists
Endpoints
Applications
Networks
Data
Identity
Mobility
Management
Cloud

3. DSS Global Partnerships

4. DSS Delivering Excellent ICT Security Operatitions to
its Customers
Customer ICT
Security
Operations
Excellence
Cooperation with
Industry Top
Technology
Leaders
Recognised by
Gartner, IDC,
Forester
Top level ICT
Security
Professionals
Selected
Cutting Edge
ICT Security
Innovative
Technology
Integration
Pan-
Baltic
Projects
Particular
Focus on
Security

5. Our international cyber security conference
6th annual since 2010
70+ presentations
8 parallel sessions
700 on-site visitors
2500 online watchers
http://event.dss.lv

6. Remarks from Cybersecurity Month - October

7. Future is now. We live in future.
3D Printers (Terminator 2 style)
Google Glasses (..and “glassh**es)
Cloud Computing
Big Data & Supercomputers (quantum)
Mobile Payment & Virtual Money
eCasino’s, eBetting, eShops, eAnything
Robotics and Intraday Deliveries
Internet of things & smart cities
Augmented Reality
Extreme development of App’s
Digital prototyping
Gadgets (devices) & Mobility
Technology replaced jobs (automation)
Geo-location power
Biometrics
Health bands and mHealth
Electronic cars
Avegant Glymph and much, much more

8. Opportunity every business should see and seek

9. Trends of the digital future

10. Cyber security future is now ..

12. The Raise of Threats and Attacks
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015
Attack types
2012
40% increase
2013
800,000,000+ records
2014
Unprecedented impact
XSS SQLiMisconfig. Watering
Hole
Brute
Force
Physical
Access
Heartbleed Phishing DDoS Malware Undisclosed
$6.5M
average cost of a U.S. data breachaverage time to detect APTs
256days
Source: 2015 Cost of Data Breach Study, Ponemon Institute

13. Sophisticated attacks of today’s cybercrime
Targeted professional attacks
Massive Denials of Services
Watering hole attacks
Advanced persistent threats
Mobile incidents
Cyber wars
Hacktivists
Global virus outbreaks
Shadow IT and dark net
Insane data leakages
Identity thefts
Cyber espionage
And so on...

14. “You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to
believe. You take the red pill, you stay in wonderland, and I show you how deep the rabbit hole
goes.”
~Morpheus @Matrix

15. Rabbit hole versus wonderland...
Blue pill option e.g. «wonderland»
Don’t invest now
Believe in security of Your data&IS’s
Ignore it all despite reality to
contrary that every business is
affected
Red pill «rabbit hole»
Stop functioning under illusion of
security
Implement effective and innovative
security technologies
Learn how deep rabbit hole goes...

16. Impact of Cyber Security Risks to «C’s»
Loss of market share
and reputation
Legal exposure
Business continuity
Audit failure
Fines and
enforcement impact
Financial loss
Impact to data and
systems,
(confidentiality,
integrity and /
or availability)
Violation of
employee
privacy
Loss of
sensitive data
Loss of
customer
trust
Loss of
brand reputation
CEO / COO CCO / CFO CIO CHRO / CDO CMO
Your board and CEO demand a strategy

17. Political (external and internal)
Technological (risks, threats, fraud, attacks, leaks)
Economical (budget reality, competition, costs…)
Legal (compliances, regulations etc.)
Professional (HR, information quantity)
Psychological ( traditions / knowledge / trust)
Challenges of CIO’s & CSO’s

19. Security myth #2 – old security works well

20. Compliant and secure are two different things....
Compliance does great job to help elevate
awareness of security concerns
And also help to enforce minimum baseline
standards
However checking right boxes to get through
every next audit leaves organization exposed to
any new technologically advanced threat,
sophisticated targeted attack and so on
If organization has automated risk
management (GRC) solution in place that’s also
significantly better than a manual teamwork
(XLS’s)

22. Cyber Criminals Also Use BI or MIS Dashboards

23. Every example in main stream movies now

24. Summary before «silver bullet»
Cybercrime is real deal, everyone is affected and it is
next door if haven’t been knocking at Yours already yet
– and you do not want to get famous...
All traditional securities invented decades ago aren’t
any more efficient, as well all compliances, regulas and
security standards without innovative technologies and
investment in cyber security always remain one step
behind bad guys
World is short on enough smart good guys that know
both – business and IT security – and can translate IT
into business language and manage the risks with
ellegance
Don’t take blue pill – that might cost lot more later

25. How to establish security as imune system?
Security Intelligence & Integration is
mandatory
HR training / awareness raising (corporate
cyber security driver’s license)
Compliance and risk management
Cyber Security as business enabler

26. Business part
Business processes analysis from tech perspective
Assessment and management of cyber security risks
Related technological part
Inventory of devices and software
Secure configuration of everything (end-users, devices)
Vulnerability assessment and management
Malware defenses, application security, pen tests
Wifi security
Mobile security
Data security
Continuos skills training and learning
Access control and visibility
Audit, monitoring, analysis, incident response and more
Business & technology common risk language

27. Complexity of security challenges

28. Prevent. Detect. Respond.

29. Log
Manageme
nt
Security
Intelligence
Network
Activity
Monitoring
Risk
Manageme
nt
Vulnerabili
ty
Manageme
nt
Network
Forensics

30. Suspected
Incidents
Prioritized Incidents
Servers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
Extensive Data Sources
Automated
Offense
Identification
•Massive data reduction (millions to one)
•Automated data collection,
asset discovery and profiling
•Automated, real-time,
and integrated analytics
•Activity baselining
and anomaly detection
•Out-of-the box rules
and templates
Embedded
Intelligence
Security intelligence for automated offense detection

31. Our proposal with Security Intelligence & Integration
Advantages and immediate gains
Intelligence & Visibility (real time risk
identification and management, continous
automated audit, forensics, increased quality
of services, alerts, privilleged users control,
real time topology&inventory etc.)
Centralized intelligent storage (of
business, user, IT event data for auditors,
reports, improved analysis of anything
Current and future costs saving
(technology and HR efficiency perspective)
If used now of in future as integrated
solution – the whole SOC (security
operations centre)

33. Integrated and Intelligent – IBM Security Systems

34. Our proposal with Security Intelligence & Integration

35. How we can help
Analyze and detect risks
Fulfill audit
Build security action plan
Train the employees
Pass compliance regulations
Save from data leakage
Protect critical assets
Get rid of passwords
Consult Your professionals
Protect from attacks
Help creating RFP docs
Be Your IT Security Advisor!
Business value of «Data Security Solutions»

36. Balancing costs and risk – floods happen..

37. Our vision and goal for our Customers!

38. Contact UsAndris Soroka
andris@dss.lv
Mob. +371 29162784
Riga, Latvia
www.dss.lv
LinkedIn: http://lv.linkedin.com/in/andsor
Twitter: @andris_soroka / @dss_it_security
Facebook: http://www.facebook.com/lvdss
Youtube: http://ow.ly/FAfEN
SlideShare: http://www.slideshare.net/andsor

39. Thank You
Merci
Grazie
Gracias
Obrigado
Danke
Japanese
English
French
Russian
GermanItalian
Spanish
Brazilian Portuguese
Arabic
Traditional Chinese
Simplified Chinese
Thai
Korean

40. Think Security First
Thank you