Más contenido relacionado La actualidad más candente (20) Similar a Investing in Digital Threat Intelligence Management to Protect Your Assets outside the Firewall (20) Más de Enterprise Management Associates (20) Investing in Digital Threat Intelligence Management to Protect Your Assets outside the Firewall1. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Investing in Digital Threat Intelligence Management to
Protect Your Assets Outside the Firewall
David Monahan
Managing Research Director, Security and Risk
Management
Enterprise Management Associates
Sam Curcuruto
Head of Product Marketing
RiskIQ
2. IT & DATA MANAGEMENT RESEARCH, INDUSTRY
ANALYSIS & CONSULTING
Watch the On-Demand Webinar
Slide 2 © 2018 Enterprise Management Associates, Inc.
• Investing in Digital Threat Intelligence Management to Protect Your Assets outside the
Firewall On-Demand webinar is available here: https://ema.wistia.com/medias/4dhoegrb0k
• Check out upcoming webinars from EMA here:
http://www.enterprisemanagement.com/freeResearch
3. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Today’s Speakers
Sam Curcuruto, Head of Product Marketing, RiskIQ
Sam is the head of product marketing at RiskIQ, where he's responsible for spending time
with security professionals to understand their problems and find innovative ways that
RiskIQ technology can help solve them. Sam's experience spans tech companies focused
on cybersecurity, cyber infrastructure management, and consumer software.
David Monahan, Managing Research Director, Security and Risk Management, EMA
David is a senior information security executive with several years of experience. He has
organized and managed both physical and information security programs, including security
and network operations (SOCs and NOCs) for organizations ranging from Fortune 100
companies to local government and small public and private companies. He has diverse audit
and compliance and risk and privacy experience such as providing strategic and tactical
leadership to develop, architect, and deploy assurance controls; delivering process and policy
documentation and training; and working on educational and technical solutions.
4. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Logistics for Today’s Webinar
An archived version of the event recording will be
available at www.enterprisemanagement.com
• Log questions in the chat panel located on the lower
left-hand corner of your screen
• Questions will be addressed during the Q&A session
of the event
QUESTIONS
EVENT RECORDING
A PDF of the speaker slides will be distributed
to all attendees
PDF SLIDES
5. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Investing in Digital Threat Intelligence Management to
Protect Your Assets Outside the Firewall
David Monahan
Managing Research Director, Security and Risk
Management
Enterprise Management Associates
Sam Curcuruto
Head of Product Marketing
RiskIQ
6. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Investing in Digital Threat Intelligence Management to
Protect Your Assets Outside the Firewall
David Monahan
Research Director, Security and Risk Management
Enterprise Management Associates
7. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Investing in Digital Threat Intelligence Management to
Protect Your Assets Outside the Firewall
David Monahan
Managing Research Director, Security and Risk
Management
Enterprise Management Associates
Sam Curcuruto
Head of Product Marketing
RiskIQ
8. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
The Real Internet
Slide 8 © 2018 Enterprise Management Associates, Inc.
Common Internet
Google, Wikipedia, Bing, shopping,
mobile apps, social media, etc.
Deep Web
Government resources, academic
information, other gated sites
Dark Web
TOR-encrypted illegal trades: arms,
narcotics, pornography, stolen
identities, etc.
9. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Definition: Digital Threat Intelligence Management (DTIM)
• Platforms that aid organizations with external threat
identification and risk management by:
• Locating, gathering, and assimilating threat intelligence
from a variety of sources, including the common
Internet, the deep and dark webs, mobile app markets,
email, and social media repositories.
• Two delivery groups:
• Data aggregators
• Data collectors
Slide 9 © 2018 Enterprise Management Associates, Inc.
10. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Criteria for Inclusion in DTIM
In order for a product set to be credited with a feature or capability in EMA’s
evaluation criteria:
• Not just a data feed!
• Must have paying customers
• Information that is aggregated must be verifiable externally to the tool
• Information that is collected in a proprietary fashion must have source data that
can be corroborated or otherwise validated
• Research time savings must be validated by customers
Slide 10 © 2018 Enterprise Management Associates, Inc.
11. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Criteria for Inclusion in DTIM (cont’d)
Over 100 Key Performance Indicators (KPIs) spanning 5 areas:
• Architecture and Integration
• Deployment and Administration
• Functionality
• Cost Advantage
• Vendor Strength
Slide 11 © 2018 Enterprise Management Associates, Inc.
12. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Market Landscape: The Chasm and Technology Adoption
• Threat Feeds to Threat Platforms
• Threat Platforms: Centralized data aggregation and processing with better analysis.
• To move from Emerging to Growth and survive as more than a niche technology,
market adoption must exceed 25%.
• DTIM past the Emerging stage
• DTIM just past “the Chasm”
• Critical for Market Growth:
• Scale and scope of the problem being addressed
• Features and usability
• Number of competitors in the space
• Market awareness of the solutions
• Price
• Customer satisfaction
Slide 12 © 2018 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
13. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Market Landscape: The Chasm and Technology Adoption
Slide 13 © 2018 Enterprise Management Associates, Inc.
14. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Market Growth
• Market awareness is good; adoption is increasing
• Market is shifting from raw feeds to analyzed information
• Some approaches and technologies have fallen by the wayside in figuring out how to
locate and deliver the intelligence in a consumable and useful manner
• Market spend on DTIM is estimated to be between $550M & $600M USD for 2017
• Weighted growth rate of 35% between 2016 to 2017
• Estimated growth rate of 40% percent in 2018
• If the vendor estimates hold, 2018 should see a market spend between $770M USD
and $840M USD
• Given the market saturation and the continued expansion of managed DTIM as a
service, it is easily foreseeable that the market will exceed $1B USD by 2020
Slide 14 © 2018 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
15. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Why Invest in DTIM
• Breaches are increasing and seem inevitable for every company
• Organized cybercrime operates like a business, perpetrated by a small number
of groups who take great care not to expose their activities in online forums
• Cybercrime presents a significant risk to individuals and organizations
• The FBI reported that Internet crime led to losses in excess of $1.3 billion USD in
2016.1
• Business email compromise (BEC) and business email spoofing (BES) accounted for
$5 billion USD in losses globally, between October 2013 and December 2016.2
• Victims’ losses, related to BEC and BES schemes, increased by 2,370 percent
between January 2015 and December 2016, according to figures released by the FBI.2
• The perceived gap between criminality and nation-states, in terms of both actors
and capabilities, will continue to shrink.2
• 1) 2016 IC3Report.pdf 2) SecureWorks 2017 State of Cybercrime Report
Slide 15 © 2018 Enterprise Management Associates, Inc.
16. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Why Invest in DTIM (cont’d)
• External notification of breach is still the #1 method of discovery! 3
• Compromises take minutes 98% of the time, but discovery is taking weeks to
months
• Nearly 1 billion personal records and just over 1 billion credentials were stolen
in 2016 (no widely recognized tally for 2017 yet)
• DTIM solutions have the opportunity to drive faster response for between 68%
and 75% of breaches.3
DTIM can reduce identification time of information release to hours
rather than weeks!
Slide 16 © 2018 Enterprise Management Associates, Inc.
3 http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
17. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Key Areas for Vendor Selection:
Data Sources & Collection
• Understanding the collection means and sources the prospective
vendor uses.
• Four types of collection evaluated: open sources, government sources,
private subscriptions, and proprietary collection.
• Six areas of collection were evaluated: common Internet, the deep and dark
webs, mobile app markets, email, and social media repositories.
• Do the proprietary data and human researchers add enough value,
based on the organizational requirements and goals, for the premium
prices they command?
• Does your organization need to focus on protecting all of these areas or just
a certain aspect of them? Covering fewer may allow use of a less expensive
vendor that focuses on that space.
Slide 17 © 2018 Enterprise Management Associates, Inc.
18. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Key Areas for Vendor Selection:
Deployment Flexibility and Ease of Administration
• How do you need to deploy your solution?
• Managed service, single or multi-tenant cloud
SaaS service, software installation,
appliance, or image
• What are your business drivers?
• Cost/TCO
• Solution availability
• “Cloud only” mantra
• Internal support resources
Slide 18 © 2018 Enterprise Management Associates, Inc.
19. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Key Areas for Vendor Selection:
Reliance on Professional Services
• What are the additional costs to start and maintain the system?
• Vendors were all over the map on their directive for professional
services. Ensure which of the following require additional expenditure:
Installation
Upgrades
Policy creation
Module reconfiguration/Tuning
Training
• Also identify where PS are available in case internal staff is
unavailable or has insufficient knowledge to do the work.
Slide 19 © 2018 Enterprise Management Associates, Inc.
20. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Key Areas for Vendor Selection: ROI
• Cost Reduction
• Is the organization looking to cut expenditures on other tools or personnel?
• Cost Avoidance
• Is the organization able to reduce investigation time to avoid hiring more personnel?
Customers report an 8-9x improvement in the number of resolved incidents after deploying DTIM
Data collection dropped from a minimum of 80% of time spent to 10% time spent
• Is reporting streamlined for reduced production time and better decision making?
• Reduce Brand Erosion
• Identifying doppelgänger apps and social profiles reduces customer losses and
dissatisfaction
• Identifying stolen information earlier means getting in front of media or other
announcements
Slide 20 © 2018 Enterprise Management Associates, Inc.
21. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Key Areas for Vendor Selection: Integration
• Consider tools already in place
• Premium platforms offer integration with other
tools such as SIEM to facilitate centralized
incident management with defensive systems
• Platform integration is crucial for:
• Breadth of data collection
• Data analysis
• Improved workflow and collaboration
Slide 21 © 2018 Enterprise Management Associates, Inc.Slide 21 © 2018 Enterprise Management Associates, Inc.
IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
22. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Key Areas for Vendor Selection:
Analysis, Automation, Third-Party Risk
• Incident response
• Response and remediation task automation
Update policies on defensive systems
Initiating actions with ISPs, domain registrars,
app stores, etc.
Tracking work with law enforcement
• Engaging a platform that can aid in identifying risk
associated with third-party suppliers, vendors, or
other partners is also a benefit
• DTIM is not designed to be a full third-party risk management solution at this time,
but identifying third-party risks can help organizations be proactive in shoring up
defenses or terminating relationships to reduce overall risk
Slide 22 © 2018 Enterprise Management Associates, Inc.
23. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Key Areas for Vendor Selection: Company
• Debt
• Revenue
• Customer Retention Rate
• Sales Cycle (average length of time to
close deals in the space)
• Responsiveness to Requests
• Quality of Support
Slide 23 © 2018 Enterprise Management Associates, Inc.
24. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
RiskIQ as a Value Leader
• Premium solution suite in a platform
• Maximize intelligence gathering, analytics, and external threat protection
• Gathers data across all identified repositories: common Internet, the deep and dark webs,
mobile app markets, email, and social media
• Highly-enriched metadata intelligence saves analysts considerable time
• Uses a combination of largely proprietary means collecting and maintaining vast correlated
web asset, exploit, attacker, and threat information
• Task-driven web applications optimize data use across teams for incident response, SOC
operations, and vulnerability analysis
• RiskIQ’s data gathering and analysis were highly regarded by its customers,
especially those that previously used other solutions
• “Bringing in RiskIQ reversed our time spent on investigations from 90% data gathering to
10% research gathering and 90% resolving the issue”- Major Financial Institution
Slide 24 © 2018 Enterprise Management Associates, Inc.
25. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
RiskIQ as a Technology Leader
• RiskIQ has been pushing the boundaries of the DTIM market to
achieve a leading technology platform
• Maintains a completeness of vision to deliver the broadest and
deepest levels of information in a useful way
• Gathers data across all vectors: open sources, government,
subscription, and proprietary
• Offers a mature API and built-in
integrations to augment internal
security telemetry with external
threat context
Slide 25 © 2018 Enterprise Management Associates, Inc.
27. ©2017 RiskIQ, Inc.27
A hacker never has to attack your firewall…
• Unmonitored digital assets
• Phishing
• Social media
impersonation
• Rogue and
compromised
mobile apps
• Domain and
brand infringement
28. ©2017 RiskIQ, Inc.28
What RiskIQ Offers
Platform provides unified insight and control for
threats, attacks, adversaries across web, social, and mobile channels
Superior intelligence leveraging advanced
internet reconnaissance, big data analytics, and curated data warehouse
Solution suite allowing different security teams to more efficiently detect,
understand, monitor, and mitigate threats outside the firewall
The most comprehensive discovery, intelligence, and mitigation of threats
associated with an organization’s digital presence outside the firewall
29. ©2017 RiskIQ, Inc.29
Digital Defense + Integrations In Practice
Current State
InefficiencyVaried Toolsets
Varied Intelligence
Desired State
EfficiencyUnified Toolset
Comprehensive Intelligence
Big Data Analytics
30. ©2017 RiskIQ, Inc.30
Key Capabilities of the RiskIQ Platform
• Complete Discovery and Inventory of all internet-facing assets
– Uncover the unknown
• Monitoring of all digital channels for threats against you
– The entire internet, social networks, and mobile app stores
• Built-in Mitigation capabilities and incident response workflows
– Make it easy for your security ops team to address threats
• Comprehensive Internet Data for investigations
– Automated correlation and enrichment
31. ©2017 RiskIQ, Inc.31
RiskIQ Digital Threat Management Platform
Manage
RiskIQ Internet Data Intelligence Warehouse
Block
Automate
Mitigation
Mitigation
Investigation
SIEM
Endpoint
Firewall
Proxy
DFIR
Custom
Google Safe Browsing
Microsoft SmartScreen
Apple
Firefox
Android
Petabytes of internet data, derived data, and curated information at your fingertips
RiskIQ Digital Threat Management Suite
Investigate
and Uncover
Threat Actors
Discover
and Monitor
Attack Surface
Detect
and Mitigate
Threats
32. ©2017 RiskIQ, Inc.32
RiskIQ Solution Suite Built On A Single Platform
DIGITAL FOOTPRINT
Continuously discover an inventory of your
internet-exposed assets and helps reduce risk
associated with your attack surface
EXTERNAL THREATS
Automate the detection, monitoring, and
remediation of digital threats posed by malicious
actors to your organization, employees, and
customers
PASSIVETOTAL
Unify internet data sets into a single threat analysis
platform, empowering security teams to accelerate
investigations and eliminate threats.
Teamswhouseourproducts
• Vulnerability management
• Web and asset
management
• Risk & compliance
• Marketing
• SOC
• Risk & compliance
• Brand & legal
• Information security
• SOC
• Incident response
• Threat, research analysts
• Information security
33. ©2017 RiskIQ, Inc.33
About RiskIQ
• Leader in digital threat management
• Founded 2009, San Francisco
• Top tier VCs
Summit Partners, Battery Ventures,
Georgian Partners, MassMutual Ventures
Security AnalystsLeadership Enterprise Customers Employees
#1 25k+225+ 140+
8 of the largest 15 banks in N. America
7 of the largest global consumer brands
34. IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Question and Answer: Log Questions in the Q&A panel
located on the lower left-hand corner
Slide 34 © 2018 Enterprise Management Associates, Inc.
Learn More About RiskIQ at www.riskiq.com