SlideShare una empresa de Scribd logo

The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy

Descargar como PPTX, PDF
Tripwire
Tripwire

The IT threat landscape has changed substantially over the last year. Attacks come from more patient, sophisticated hackers whose main goal is to remain undetected while slowly gaining access to sensitive data. Social media and cloud services offer new ways in for attackers. The stakes are higher too, with breaches leading to disastrous consequences including business failure. In this webcast, Khalid Kark, Principal Analyst with Forrester Research, describes today’s concerning threat landscape. He also gives best practices related to people, processes, and technologies that can help avoid the disastrous consequences posed by these threats. In this webcast, you’ll learn: How today’s threats are evolving—the tools and methods used, new sources of vulnerability and much more Why traditional reactive approaches and detective controls no longer afford sufficient protection Best practices related to people, processes and technologies that help prevent disastrous impacts of threats

TecnologíaEmpresariales
1 de 29
The Changing IT Threat Landscape: Three Steps to a Proactive Security Strategy
Khalid Kark Vice President, Research Director, Forrester Research Dwayne Melancon, CISA Products, Tripwire, Inc.
Today’s Speakers Vice President, Research Director
Changing Threat Landscape Emerging trends, threats and responses Khalid Kark, Vice President, Principal Analyst 4 © 2010 Forrester Research, Inc. Reproduction Prohibited 2009
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 5 © 2010 Forrester Research, Inc. Reproduction Prohibited
Security continues to play catch-up  Economics  Regulations  New business models  Consumerization  Business partners  Third-party service providers 6 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 7 © 2010 Forrester Research, Inc. Reproduction Prohibited
The threat landscape keeps evolving . . . Motivation Fame Financial gain Method Audacious “Low and slow” Focus Indiscriminate Targeted Tools Manual Automated Result Disruptive Disastrous Type Unique malware Variant tool kits Target Infrastructure Applications Agent Insider Third parties 8 © 2010 Forrester Research, Inc. Reproduction Prohibited
Method – Low and Slow  Target an individual or a corporation  Take your time to get the information  Can take weeks or months  May need to stop the “attack” for extended periods  “Trickle” of information over time  Goal – not get detected  Many breaches today are discovered when something goes horribly wrong  Many don’t even know it exists 9 © 2010 Forrester Research, Inc. Reproduction Prohibited
Tools: Automated  Web crawlers  Automated IM conversations  Escalation levels  Publically available information  Archives  Better analytics and predictions  Self learning systems - Artificial intelligence 10 © 2010 Forrester Research, Inc. Reproduction Prohibited
Type: toolkits and variants  90K variants of Zeus malware  Mutation is standard part of writing malware today  Adaptability to defenses is key  Advanced encryption algorithms  Tool kits and “do it yourself” kits  Botnets for hire – really cheap  Cost and variation is making existing malware defenses obsolete 11 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 12 © 2010 Forrester Research, Inc. Reproduction Prohibited
Increased concern around empowered technologies Web 2.0 (wikis, blogs, et 40% c.) Cloud 42% computing Smartphones 54% Base: 1,025 North American and European IT Security decision-makers Source: Forrsights Security Survey, Q3 2010 13 © 2010 Forrester Research, Inc. Reproduction Prohibited
Exponential growth in social media adoption Daily visit social networking sites (e.g. Facebook, LinkedIn) 40% 30% 20% 10% 0% 2008 2009 2010 14 © 2010 Forrester Research, Inc. Reproduction Prohibited
Mobile subscribers and connections speeds ascend Global mobile broadband subscribers (in millions) 400 300 200 100 0 2008 2009 2010* Source: GSM Association 15 © 2010 Forrester Research, Inc. Reproduction Prohibited
Rapid growth in cloud services Global IT market (US$ billions) $40 $30 IaaS $20 SaaS and PaaS $10 $0 2009 2010* 2011* 2012* 2013* * Forrester forecast 16 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 17 © 2010 Forrester Research, Inc. Reproduction Prohibited
Too many things on the plate – distracted decisions Threat and vulnerability mgmt. Technical infrastructure security Data security Identity and access management Policy and risk management Application security Full Most Privacy and regulations Half Third-party security Business continuity/disaster recovery Physical security Fraud management 0% 20% 40% 60% 80% 100% 18 © 2010 Forrester Research, Inc. Reproduction Prohibited
Reactive investment for security Maintenance/licensi ng of existing security Security technology, 22% staffing, 23% Security Upgrades to outsourcing and existing security MSSP, 12% technology, 17% Security consultants and integrators, 8% New security technology, 18% 19 © 2010 Forrester Research, Inc. Reproduction Prohibited
Relying on vendors to answer strategic questions 20 © 2010 Forrester Research, Inc. Reproduction Prohibited
Not having a broad scope 21 © 2010 Forrester Research, Inc. Reproduction Prohibited May 2010 “Security Organization 2.0: Building A Robust Security Organization”
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 22 © 2010 Forrester Research, Inc. Reproduction Prohibited
Understanding Process Maturity 23 © 2010 Forrester Research, Inc. Reproduction Prohibited
Current state versus target Identity and access management 5 Business continuity and 4 Threat and vulnerability disaster recovery management 3 2 Application systems 1 Investigations and development records management 0 Ideal Information asset Incident Current management management Target Sourcing and vendor management Source: Output from Forrester’s Information Security Maturity Model 24 © 2010 Forrester Research, Inc. Reproduction Prohibited
Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 25 © 2010 Forrester Research, Inc. Reproduction Prohibited
Technology  MSSPs can play a huge role helping you here.  You're not just building on reactive controls but preventive ones as well. – IDS to IPS – SIEM and Log management – DLP – GRC  You're not investing in the best technologies but have a holistic and layered defense. – Best of breed to easier integration and management. – Strategic security partners – Point solutions to layers of security 26 © 2010 Forrester Research, Inc. Reproduction Prohibited
Reactionary spending versus planned allocations IAM 7% Content 7% Network Security 25% Application, 10% Risk & compliance Data security, 10 % 15 % Security Ops Client & threat 14 % mgmt. 10% Source: Forrsights Security Survey, Q3 2010 27 © 2010 Forrester Research, Inc. Reproduction Prohibited
Thank you Khalid Kark +1 469.221.5307 kkark@forrester.com www.forrester.com © 2009 Forrester Research, Inc. Reproduction Prohibited
Khalid Kark www.tripwire.com Forrester Research E-mail : kkark@forrester.com

Recomendados

The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
Andy Hoernecke
 
Sect r33
Sect r33Sect r33
Sect r33
SelectedPresentations
 
Cyber Threat Landscape
Cyber Threat LandscapeCyber Threat Landscape
Cyber Threat Landscape
Ernest (E.J.) Hilbert
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.
Splunk
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
Health IT Conference – iHT2
 
Hp Fortify Cloud Application Security
Hp Fortify Cloud Application SecurityHp Fortify Cloud Application Security
Hp Fortify Cloud Application Security
Ed Wong
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzer
n|u - The Open Security Community
 
State of the State IT Workforces
State of the State IT WorkforcesState of the State IT Workforces
State of the State IT Workforces
Chris Brady
 

Recomendados

The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
Andy Hoernecke
 
Sect r33
Sect r33Sect r33
Sect r33
SelectedPresentations
 
Cyber Threat Landscape
Cyber Threat LandscapeCyber Threat Landscape
Cyber Threat Landscape
Ernest (E.J.) Hilbert
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.
Splunk
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
Health IT Conference – iHT2
 
Hp Fortify Cloud Application Security
Hp Fortify Cloud Application SecurityHp Fortify Cloud Application Security
Hp Fortify Cloud Application Security
Ed Wong
 
Fortify - Source Code Analyzer
Fortify - Source Code AnalyzerFortify - Source Code Analyzer
Fortify - Source Code Analyzer
n|u - The Open Security Community
 
State of the State IT Workforces
State of the State IT WorkforcesState of the State IT Workforces
State of the State IT Workforces
Chris Brady
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
AWS Services overview and global infrastructure
AWS Services overview and global infrastructureAWS Services overview and global infrastructure
AWS Services overview and global infrastructure
Schibsted Tech Polska
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Framework
jpubal
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
IBM Security
 
Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016
Equiinet
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
William McBorrough
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscape
Haris Tahir
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
Amazon Web Services
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
Amazon Web Services
 
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
Dr David Probert
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Shareslide presentation
Shareslide presentationShareslide presentation
Shareslide presentation
ksross
 
Luis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ESLuis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ES
I4MS_eu
 
AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)
Amazon Web Services
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesIntroduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services
Amazon Web Services
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
Mandy Suzanne
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
Volker Hirsch
 
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Tripwire
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
Tripwire
 

Más contenido relacionado

Destacado

Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
IBM Security
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
Dr David Probert
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Shareslide presentation
Shareslide presentationShareslide presentation
Shareslide presentation
ksross
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 

Destacado (20)

Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
AWS Services overview and global infrastructure
AWS Services overview and global infrastructureAWS Services overview and global infrastructure
AWS Services overview and global infrastructure
 
Web Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management FrameworkWeb Application Security Vulnerability Management Framework
Web Application Security Vulnerability Management Framework
 
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never SleepCybercrime Threat Landscape: Cyber Criminals Never Sleep
Cybercrime Threat Landscape: Cyber Criminals Never Sleep
 
Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016Equiinet discussion of cyber threat landscape final 2016
Equiinet discussion of cyber threat landscape final 2016
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Ht seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscapeHt seminar uniten-cyber security threat landscape
Ht seminar uniten-cyber security threat landscape
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
 
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
CyberTerror-CyberCrime-CyberWar! - Crucial Role of CyberSecurity in "War on T...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Shareslide presentation
Shareslide presentationShareslide presentation
Shareslide presentation
 
Luis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ESLuis Usatorre Irazusta, Tecnalia, ES
Luis Usatorre Irazusta, Tecnalia, ES
 
AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web ServicesIntroduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Más de Tripwire

Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
Tripwire
 

Más de Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't EnoughMind the Cybersecurity Gap - Why Compliance Isn't Enough
Mind the Cybersecurity Gap - Why Compliance Isn't Enough
 
Data Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data PrivacyData Privacy Day 2022: Tips to Ensure Data Privacy
Data Privacy Day 2022: Tips to Ensure Data Privacy
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 
Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo Tripwire Energy Working Group: TIV Demo
Tripwire Energy Working Group: TIV Demo
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through
 
Tripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase ColeTripwire Energy Working Group: Customer Session with Chase Cole
Tripwire Energy Working Group: Customer Session with Chase Cole
 
Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller Tripwire Energy Working Group: Keynote w/Patrick Miller
Tripwire Energy Working Group: Keynote w/Patrick Miller
 
World Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest CelebrationWorld Book Day: Cybersecurity’s Quietest Celebration
World Book Day: Cybersecurity’s Quietest Celebration
 
Tripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key FindingsTripwire Retail Security 2020 Survey: Key Findings
Tripwire Retail Security 2020 Survey: Key Findings
 
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact ReportKey Findings: Tripwire COVID-19 Cybersecurity Impact Report
Key Findings: Tripwire COVID-19 Cybersecurity Impact Report
 
The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!The Adventures of Captain Tripwire: Coloring Book!
The Adventures of Captain Tripwire: Coloring Book!
 
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationIndustrial Cybersecurity: Practical Tips for IT & OT Collaboration
Industrial Cybersecurity: Practical Tips for IT & OT Collaboration
 
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...
 
Tripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire 2019 Skills Gap Survey: Key Findings
Tripwire 2019 Skills Gap Survey: Key Findings
 
A Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber MomentsA Look Back at 2018: The Most Memorable Cyber Moments
A Look Back at 2018: The Most Memorable Cyber Moments
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire State of Cyber Hygiene 2018 Report: Key Findings
Tripwire State of Cyber Hygiene 2018 Report: Key Findings
 
Defend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK FrameworkDefend Your Data Now with the MITRE ATT&CK Framework
Defend Your Data Now with the MITRE ATT&CK Framework
 
Defending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber AttacksDefending Critical Infrastructure Against Cyber Attacks
Defending Critical Infrastructure Against Cyber Attacks
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy

  • 1. The Changing IT Threat Landscape: Three Steps to a Proactive Security Strategy
  • 2. Khalid Kark Vice President, Research Director, Forrester Research Dwayne Melancon, CISA Products, Tripwire, Inc.
  • 3. Today’s Speakers Vice President, Research Director
  • 4. Changing Threat Landscape Emerging trends, threats and responses Khalid Kark, Vice President, Principal Analyst 4 © 2010 Forrester Research, Inc. Reproduction Prohibited 2009
  • 5. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 5 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 6. Security continues to play catch-up  Economics  Regulations  New business models  Consumerization  Business partners  Third-party service providers 6 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 7. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 7 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 8. The threat landscape keeps evolving . . . Motivation Fame Financial gain Method Audacious “Low and slow” Focus Indiscriminate Targeted Tools Manual Automated Result Disruptive Disastrous Type Unique malware Variant tool kits Target Infrastructure Applications Agent Insider Third parties 8 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 9. Method – Low and Slow  Target an individual or a corporation  Take your time to get the information  Can take weeks or months  May need to stop the “attack” for extended periods  “Trickle” of information over time  Goal – not get detected  Many breaches today are discovered when something goes horribly wrong  Many don’t even know it exists 9 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 10. Tools: Automated  Web crawlers  Automated IM conversations  Escalation levels  Publically available information  Archives  Better analytics and predictions  Self learning systems - Artificial intelligence 10 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 11. Type: toolkits and variants  90K variants of Zeus malware  Mutation is standard part of writing malware today  Adaptability to defenses is key  Advanced encryption algorithms  Tool kits and “do it yourself” kits  Botnets for hire – really cheap  Cost and variation is making existing malware defenses obsolete 11 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 12. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 12 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 13. Increased concern around empowered technologies Web 2.0 (wikis, blogs, et 40% c.) Cloud 42% computing Smartphones 54% Base: 1,025 North American and European IT Security decision-makers Source: Forrsights Security Survey, Q3 2010 13 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 14. Exponential growth in social media adoption Daily visit social networking sites (e.g. Facebook, LinkedIn) 40% 30% 20% 10% 0% 2008 2009 2010 14 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 15. Mobile subscribers and connections speeds ascend Global mobile broadband subscribers (in millions) 400 300 200 100 0 2008 2009 2010* Source: GSM Association 15 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 16. Rapid growth in cloud services Global IT market (US$ billions) $40 $30 IaaS $20 SaaS and PaaS $10 $0 2009 2010* 2011* 2012* 2013* * Forrester forecast 16 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 17. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 17 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 18. Too many things on the plate – distracted decisions Threat and vulnerability mgmt. Technical infrastructure security Data security Identity and access management Policy and risk management Application security Full Most Privacy and regulations Half Third-party security Business continuity/disaster recovery Physical security Fraud management 0% 20% 40% 60% 80% 100% 18 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 19. Reactive investment for security Maintenance/licensi ng of existing security Security technology, 22% staffing, 23% Security Upgrades to outsourcing and existing security MSSP, 12% technology, 17% Security consultants and integrators, 8% New security technology, 18% 19 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 20. Relying on vendors to answer strategic questions 20 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 21. Not having a broad scope 21 © 2010 Forrester Research, Inc. Reproduction Prohibited May 2010 “Security Organization 2.0: Building A Robust Security Organization”
  • 22. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 22 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 23. Understanding Process Maturity 23 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 24. Current state versus target Identity and access management 5 Business continuity and 4 Threat and vulnerability disaster recovery management 3 2 Application systems 1 Investigations and development records management 0 Ideal Information asset Incident Current management management Target Sourcing and vendor management Source: Output from Forrester’s Information Security Maturity Model 24 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 25. Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies 25 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 26. Technology  MSSPs can play a huge role helping you here.  You're not just building on reactive controls but preventive ones as well. – IDS to IPS – SIEM and Log management – DLP – GRC  You're not investing in the best technologies but have a holistic and layered defense. – Best of breed to easier integration and management. – Strategic security partners – Point solutions to layers of security 26 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 27. Reactionary spending versus planned allocations IAM 7% Content 7% Network Security 25% Application, 10% Risk & compliance Data security, 10 % 15 % Security Ops Client & threat 14 % mgmt. 10% Source: Forrsights Security Survey, Q3 2010 27 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • 28. Thank you Khalid Kark +1 469.221.5307 kkark@forrester.com www.forrester.com © 2009 Forrester Research, Inc. Reproduction Prohibited
  • 29. Khalid Kark www.tripwire.com Forrester Research E-mail : kkark@forrester.com

Notas del editor

  1. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  2. http://topnews.in/files/Economic-downturn.jpghttp://s3.amazonaws.com/pixmac-preview/the-3d-person-puppet-rising-under-the-yellow-diagram.jpgEconomic downturnEfficient use of existing resourcesCost cuttingEmphasis on security and riskRegulatory complianceIndustryRegionCountry (legal)New business modelsOutsourcingCloudBusiness alliances Global presence
  3. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  4. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  5. North American Technographics® Online Benchmark Survey, Q2 2010 (US)*Source: North American Technographics® Interactive Marketing Online Survey, Q2 2009**Source: North American Technographics® Media And Marketing Online Survey, Q2 2008
  6. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  7. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  8. http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php