SlideShare une entreprise Scribd logo

The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy

Télécharger en tant que PPTX, PDF
Tripwire
Tripwire

The IT threat landscape has changed substantially over the last year. Attacks come from more patient, sophisticated hackers whose main goal is to remain undetected while slowly gaining access to sensitive data. Social media and cloud services offer new ways in for attackers. The stakes are higher too, with breaches leading to disastrous consequences including business failure. In this webcast, Khalid Kark, Principal Analyst with Forrester Research, describes today’s concerning threat landscape. He also gives best practices related to people, processes, and technologies that can help avoid the disastrous consequences posed by these threats. In this webcast, you’ll learn: How today’s threats are evolving—the tools and methods used, new sources of vulnerability and much more Why traditional reactive approaches and detective controls no longer afford sufficient protection Best practices related to people, processes and technologies that help prevent disastrous impacts of threats

TechnologieBusiness
1  sur  29
The Changing IT Threat Landscape: Three Steps to a Proactive Security Strategy
Khalid Kark Vice President, Research Director, Forrester Research Dwayne Melancon, CISA Products, Tripwire, Inc.
Today’s Speakers Vice President, Research Director
Changing Threat Landscape Emerging trends, threats and responses Khalid Kark, Vice President, Principal Analyst 4 © 2010 Forrester Research, Inc. Reproduction Prohibited 2009
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 5 © 2010 Forrester Research, Inc. Reproduction Prohibited
Security continues to play catch-up  Economics  Regulations  New business models  Consumerization  Business partners  Third-party service providers 6 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 7 © 2010 Forrester Research, Inc. Reproduction Prohibited
The threat landscape keeps evolving . . . Motivation Fame Financial gain Method Audacious “Low and slow” Focus Indiscriminate Targeted Tools Manual Automated Result Disruptive Disastrous Type Unique malware Variant tool kits Target Infrastructure Applications Agent Insider Third parties 8 © 2010 Forrester Research, Inc. Reproduction Prohibited
Method – Low and Slow  Target an individual or a corporation  Take your time to get the information  Can take weeks or months  May need to stop the “attack” for extended periods  “Trickle” of information over time  Goal – not get detected  Many breaches today are discovered when something goes horribly wrong  Many don’t even know it exists 9 © 2010 Forrester Research, Inc. Reproduction Prohibited
Tools: Automated  Web crawlers  Automated IM conversations  Escalation levels  Publically available information  Archives  Better analytics and predictions  Self learning systems - Artificial intelligence 10 © 2010 Forrester Research, Inc. Reproduction Prohibited
Type: toolkits and variants  90K variants of Zeus malware  Mutation is standard part of writing malware today  Adaptability to defenses is key  Advanced encryption algorithms  Tool kits and “do it yourself” kits  Botnets for hire – really cheap  Cost and variation is making existing malware defenses obsolete 11 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 12 © 2010 Forrester Research, Inc. Reproduction Prohibited
Increased concern around empowered technologies Web 2.0 (wikis, blogs, et 40% c.) Cloud 42% computing Smartphones 54% Base: 1,025 North American and European IT Security decision-makers Source: Forrsights Security Survey, Q3 2010 13 © 2010 Forrester Research, Inc. Reproduction Prohibited
Exponential growth in social media adoption Daily visit social networking sites (e.g. Facebook, LinkedIn) 40% 30% 20% 10% 0% 2008 2009 2010 14 © 2010 Forrester Research, Inc. Reproduction Prohibited
Mobile subscribers and connections speeds ascend Global mobile broadband subscribers (in millions) 400 300 200 100 0 2008 2009 2010* Source: GSM Association 15 © 2010 Forrester Research, Inc. Reproduction Prohibited
Rapid growth in cloud services Global IT market (US$ billions) $40 $30 IaaS $20 SaaS and PaaS $10 $0 2009 2010* 2011* 2012* 2013* * Forrester forecast 16 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 17 © 2010 Forrester Research, Inc. Reproduction Prohibited
Too many things on the plate – distracted decisions Threat and vulnerability mgmt. Technical infrastructure security Data security Identity and access management Policy and risk management Application security Full Most Privacy and regulations Half Third-party security Business continuity/disaster recovery Physical security Fraud management 0% 20% 40% 60% 80% 100% 18 © 2010 Forrester Research, Inc. Reproduction Prohibited
Reactive investment for security Maintenance/licensi ng of existing security Security technology, 22% staffing, 23% Security Upgrades to outsourcing and existing security MSSP, 12% technology, 17% Security consultants and integrators, 8% New security technology, 18% 19 © 2010 Forrester Research, Inc. Reproduction Prohibited
Relying on vendors to answer strategic questions 20 © 2010 Forrester Research, Inc. Reproduction Prohibited
Not having a broad scope 21 © 2010 Forrester Research, Inc. Reproduction Prohibited May 2010 “Security Organization 2.0: Building A Robust Security Organization”
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 22 © 2010 Forrester Research, Inc. Reproduction Prohibited
Understanding Process Maturity 23 © 2010 Forrester Research, Inc. Reproduction Prohibited
Current state versus target Identity and access management 5 Business continuity and 4 Threat and vulnerability disaster recovery management 3 2 Application systems 1 Investigations and development records management 0 Ideal Information asset Incident Current management management Target Sourcing and vendor management Source: Output from Forrester’s Information Security Maturity Model 24 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 25 © 2010 Forrester Research, Inc. Reproduction Prohibited
Technology  MSSPs can play a huge role helping you here.  You're not just building on reactive controls but preventive ones as well. – IDS to IPS – SIEM and Log management – DLP – GRC  You're not investing in the best technologies but have a holistic and layered defense. – Best of breed to easier integration and management. – Strategic security partners – Point solutions to layers of security 26 © 2010 Forrester Research, Inc. Reproduction Prohibited
Reactionary spending versus planned allocations IAM 7% Content 7% Network Security 25% Application, 10% Risk & compliance Data security, 10 % 15 % Security Ops Client & threat 14 % mgmt. 10% Source: Forrsights Security Survey, Q3 2010 27 © 2010 Forrester Research, Inc. Reproduction Prohibited
Thank you Khalid Kark +1 469.221.5307 kkark@forrester.com www.forrester.com © 2009 Forrester Research, Inc. Reproduction Prohibited
Khalid Kark www.tripwire.com Forrester Research E-mail : kkark@forrester.com

Recommandé

The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Sect r33
Sect r33Sect r33
Sect r33SelectedPresentations
 
Cyber Threat Landscape
Cyber Threat LandscapeCyber Threat Landscape
Cyber Threat LandscapeErnest (E.J.) Hilbert
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.Splunk
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...Health IT Conference – iHT2
 
Hp Fortify Cloud Application Security
Hp Fortify Cloud Application SecurityHp Fortify Cloud Application Security
Hp Fortify Cloud Application SecurityEd Wong
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 
State of the State IT Workforces
State of the State IT WorkforcesState of the State IT Workforces
State of the State IT WorkforcesChris Brady
 

Recommandé

The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Sect r33
Sect r33Sect r33
Sect r33SelectedPresentations
 
Cyber Threat Landscape
Cyber Threat LandscapeCyber Threat Landscape
Cyber Threat LandscapeErnest (E.J.) Hilbert
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.Splunk
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...Health IT Conference – iHT2
 
Hp Fortify Cloud Application Security
Hp Fortify Cloud Application SecurityHp Fortify Cloud Application Security
Hp Fortify Cloud Application SecurityEd Wong
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzern|u - The Open Security Community
 
State of the State IT Workforces
State of the State IT WorkforcesState of the State IT Workforces
State of the State IT WorkforcesChris Brady
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
AWS Services overview and global infrastructure
AWS Services overview and global infrastructureAWS Services overview and global infrastructure
AWS Services overview and global infrastructureSchibsted Tech Polska
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Frameworkjpubal
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
 
Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016Equiinet
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHaris Tahir
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS SecurityAmazon Web Services
 
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...Dr David Probert
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Shareslide presentation
Shareslide presentationShareslide presentation
Shareslide presentationksross
 
Luis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ESLuis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ESI4MS_eu
 
AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)Amazon Web Services
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesIntroduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 

Contenu connexe

En vedette

Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
AWS Services overview and global infrastructure
AWS Services overview and global infrastructureAWS Services overview and global infrastructure
AWS Services overview and global infrastructureSchibsted Tech Polska
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Frameworkjpubal
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepIBM Security
 
Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016Equiinet
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHaris Tahir
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsSchneider Electric
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...Dr David Probert
 
Shareslide presentation
Shareslide presentationShareslide presentation
Shareslide presentationksross
 
Luis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ESLuis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ESI4MS_eu
 
AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)Amazon Web Services
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesIntroduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 

En vedette (20)

Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
AWS Services overview and global infrastructure
AWS Services overview and global infrastructureAWS Services overview and global infrastructure
AWS Services overview and global infrastructure
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Framework
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
 
Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscape
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
 
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Shareslide presentation
Shareslide presentationShareslide presentation
Shareslide presentation
 
Luis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ESLuis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ES
 
AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesIntroduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Plus de Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughTripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyTripwire
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationTripwire
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportTripwire
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!Tripwire
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...Tripwire
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsTripwire
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksTripwire
 

Plus de Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Dernier

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Dernier (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy

  • 1. The Changing IT Threat Landscape: Three Steps to a Proactive Security Strategy
  • 2. Khalid Kark Vice President, Research Director, Forrester Research Dwayne Melancon, CISA Products, Tripwire, Inc.
  • 3. Today’s Speakers Vice President, Research Director
  • 4. Changing Threat Landscape Emerging trends, threats and responses Khalid Kark, Vice President, Principal Analyst 4 © 2010 Forrester Research, Inc. Reproduction Prohibited 2009
  • 5. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 5 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 6. Security continues to play catch-up  Economics  Regulations  New business models  Consumerization  Business partners  Third-party service providers 6 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 7. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 7 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 8. The threat landscape keeps evolving . . . Motivation Fame Financial gain Method Audacious “Low and slow” Focus Indiscriminate Targeted Tools Manual Automated Result Disruptive Disastrous Type Unique malware Variant tool kits Target Infrastructure Applications Agent Insider Third parties 8 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 9. Method – Low and Slow  Target an individual or a corporation  Take your time to get the information  Can take weeks or months  May need to stop the “attack” for extended periods  “Trickle” of information over time  Goal – not get detected  Many breaches today are discovered when something goes horribly wrong  Many don’t even know it exists 9 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 10. Tools: Automated  Web crawlers  Automated IM conversations  Escalation levels  Publically available information  Archives  Better analytics and predictions  Self learning systems - Artificial intelligence 10 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 11. Type: toolkits and variants  90K variants of Zeus malware  Mutation is standard part of writing malware today  Adaptability to defenses is key  Advanced encryption algorithms  Tool kits and “do it yourself” kits  Botnets for hire – really cheap  Cost and variation is making existing malware defenses obsolete 11 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 12. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 12 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 13. Increased concern around empowered technologies Web 2.0 (wikis, blogs, et 40% c.) Cloud 42% computing Smartphones 54% Base: 1,025 North American and European IT Security decision-makers Source: Forrsights Security Survey, Q3 2010 13 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 14. Exponential growth in social media adoption Daily visit social networking sites (e.g. Facebook, LinkedIn) 40% 30% 20% 10% 0% 2008 2009 2010 14 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 15. Mobile subscribers and connections speeds ascend Global mobile broadband subscribers (in millions) 400 300 200 100 0 2008 2009 2010* Source: GSM Association 15 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 16. Rapid growth in cloud services Global IT market (US$ billions) $40 $30 IaaS $20 SaaS and PaaS $10 $0 2009 2010* 2011* 2012* 2013* * Forrester forecast 16 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 17. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 17 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 18. Too many things on the plate – distracted decisions Threat and vulnerability mgmt. Technical infrastructure security Data security Identity and access management Policy and risk management Application security Full Most Privacy and regulations Half Third-party security Business continuity/disaster recovery Physical security Fraud management 0% 20% 40% 60% 80% 100% 18 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 19. Reactive investment for security Maintenance/licensi ng of existing security Security technology, 22% staffing, 23% Security Upgrades to outsourcing and existing security MSSP, 12% technology, 17% Security consultants and integrators, 8% New security technology, 18% 19 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 20. Relying on vendors to answer strategic questions 20 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 21. Not having a broad scope 21 © 2010 Forrester Research, Inc. Reproduction Prohibited May 2010 “Security Organization 2.0: Building A Robust Security Organization”
  • 22. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 22 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 23. Understanding Process Maturity 23 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 24. Current state versus target Identity and access management 5 Business continuity and 4 Threat and vulnerability disaster recovery management 3 2 Application systems 1 Investigations and development records management 0 Ideal Information asset Incident Current management management Target Sourcing and vendor management Source: Output from Forrester’s Information Security Maturity Model 24 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 25. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 25 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 26. Technology  MSSPs can play a huge role helping you here.  You're not just building on reactive controls but preventive ones as well. – IDS to IPS – SIEM and Log management – DLP – GRC  You're not investing in the best technologies but have a holistic and layered defense. – Best of breed to easier integration and management. – Strategic security partners – Point solutions to layers of security 26 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 27. Reactionary spending versus planned allocations IAM 7% Content 7% Network Security 25% Application, 10% Risk & compliance Data security, 10 % 15 % Security Ops Client & threat 14 % mgmt. 10% Source: Forrsights Security Survey, Q3 2010 27 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 28. Thank you Khalid Kark +1 469.221.5307 kkark@forrester.com www.forrester.com © 2009 Forrester Research, Inc. Reproduction Prohibited
  • 29. Khalid Kark www.tripwire.com Forrester Research E-mail : kkark@forrester.com

Notes de l'éditeur

  1. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  2. http://topnews.in/files/Economic-downturn.jpghttp://s3.amazonaws.com/pixmac-preview/the-3d-person-puppet-rising-under-the-yellow-diagram.jpgEconomic downturnEfficient use of existing resourcesCost cuttingEmphasis on security and riskRegulatory complianceIndustryRegionCountry (legal)New business modelsOutsourcingCloudBusiness alliances Global presence
  3. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  4. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  5. North American Technographics® Online Benchmark Survey, Q2 2010 (US)*Source: North American Technographics® Interactive Marketing Online Survey, Q2 2009**Source: North American Technographics® Media And Marketing Online Survey, Q2 2008
  6. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  7. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  8. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php