Insert Your NameInsert Your TitleInsert DateCyber Security ManagementIn a Highly Innovative WorldDavid Etue, VP Corporate ...
AgendaAbout Me and SafeNetContextEvolving Adversaries, Evolving ThreatsEvolving Technology, Evolving DependenceSolutions a...
About David Etue @djetue• VP, Corporate Development Strategy at SafeNet• Former Cyber Security Practice Lead [PRTM Managem...
Who We AreTrusted to protect the world’s most sensitive data forthe world’s most trusted brands.We protect the mostmoney t...
Insert Your NameInsert Your TitleInsert DateContext
We Have Finite Resources…We Can Not Protect Everything!http://commons.wikimedia.org/wiki/File:Fdr_sidefront.jpgLufthansa A...
Consequences: Value & Replaceabilityhttp://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/
Misplaced Focus“With the breach-a-week over the lasttwo years, the key determinate wasnothing YOU did… but rather was WHOw...
The Control Continuum
Insert Your NameInsert Your TitleInsert DateEvolving Adversaries……Evolving Threats10
What is a “Threat”?A Threat is an Actorwith a Capabilityand a MotiveThreats Are A “Who”, Not a “What”
A Modern Pantheon ofAdversary ClassesMethods“MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware PhysicalImpac...
Methods“MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware PhysicalImpactsReputational Personal Confidentiali...
Script Kiddies (aka Casual Adversary)14“MetaSploit”, SQLi,PhishingConfidentially,ReputationCCN/FungibleProfit, PrestigeSki...
Organized CrimeMalware, Botnets,RootkitsConfidentiallyFungible, BankingProfitOrganized Crime
CustomMalware, SpearPhishing, Physical, ++Intellectual Property TradeSecrets InfrastructureConfidentially,ReputationIndust...
Hactivists Chaotic ActorsDoS, SQLi, PhishingAvailability, Confidentiality,Reputation, PersonalWebProperties, Individuals, ...
Insert Your NameInsert Your TitleInsert DateEvolving Technology……Evolving Dependence18
The Value An Organization DeliversIs Driven By Its DifferentiationSuppliers &PartnersYourOrganization CustomersDifferentia...
Competitive Differentiation is Dependenton Information and the IT InfrastructureIntellectualPropertyStrategyCoreProcessesI...
Optimizing Security ManagementIs a Multi-Faceted ChallengeCustomerNeedsBusinessNeedsRegulators(Compliance)Threats
Branch OfficeCloud, Virtualization, Mobile, andConsumerization! Oh My!22Web 2.0 ApplicationRemote Replication• Sensitive D...
Virtualization and Cloud ComputingAre Economically Compelling and Here to Stay23
What Has Changed?Perimeter Layers Collaboration IntegratedAmount ofInformationandInfrastructureAttackSurfaceCost ofFailure...
Another Change:The New Definition of Privilege25
Privileged Users Even More PowerfulIn Cloud/VIrt26Virtual Machine Virtual Machine Virtual MachineCompute Storage NetworkVi...
Insert Your NameInsert Your TitleInsert DateSolutions and Ideas27
Insert Your NameInsert Your TitleInsert DateAdversary ROI
Why Adversary ROI Adversaries want assets -vulnerabilities are a means Our attack surface isapproaching infinity Advers...
Adversary ROI Came About ByLooking at RiskA risk requires a threat and a vulnerabilitythat results in a negative consequen...
Understanding the Risk EquationRisk = Threat + VulnerabilityMost Cyber Security programs focused solely on vulnerabilityma...
Value Favors the AttackerPublic SensitiveHighly ReplicableSensitiveIrreplaceableInformation ClassificationAttackerGainsTyp...
The Adversary ROI EquationAdversary ROI =Attack ValueCost of the AttackProbabilityof SuccessDeterrenceMeasures(% Chance of...
Ability torespond andrecover keyImpacting Adversary ROIIt is typically not desirableto make your assets lessvaluableImpact...
Every Organization Should Know The KeyComponents to This ModelMethodsImpactsTarget AssetsMotivationsActor Classes
Insert Your NameInsert Your TitleInsert DateThe Control Quotient36
The Control Quotient Definition Quotient: (from http://www.merriam-webster.com/dictionary/quotient )• the number resultin...
Amazon EC2 - IaaSThe lower down the stack the Cloudprovider stops, the more security you aretactically responsible for imp...
Security Management & GRCIdentity/Entity SecurityData SecurityHostNetworkInfrastructure SecurityApplicationSecurityCSA Clo...
CSA Cloud ModelSecurity Management & GRCIdentity/Entity SecurityData SecurityHostNetworkInfrastructure SecurityApplication...
To Be Successful, We Must Focus on the ControlKept (or Gained!), NOT the Control Lost…Half Full or Half Empty?
http://www.flickr.com/photos/markhillary/6342705495 http://www.flickr.com/photos/tallentshow/2399373550More Than Just Tech...
Insert Your NameInsert Your TitleInsert DateThe Secure Breach43
Crunchy on the Outside…44http://www.flickr.com/photos/theilr/2240742119/
Time to Secure the Breach45Breach Prevention EraSecure Breach Era
Key Enablers to the Secure BreachEncryption (and Key Management)Identity and Access Management with Strong AuthenticationS...
4 Step Program For Ushering In the“Secure Breach” Era• Its time to try something new…Introspection• You can’t prevent a pe...
Insert Your NameInsert Your TitleInsert DateThank You!Any questionsDavid Etue@djetueWatch the full webcast on demand:https...
Follow SafeNet on Social Media[Blog] http://data-protection.safenet-inc.com@safenetinchttp://www.linkedin.com/company/safe...
Upcoming SlideShare
Loading in...5
×

Cyber Security Management in a Highly Innovative World

1,077

Published on

Cyber attacks are reaching pandemic levels. State-sponsored groups and organized crime are successfully stealing valuable intellectual property—including critical infrastructure and operational readiness information, businesses’ and consumers’ financial data—often without anyone realizing the attack has occurred!

But preparedness cannot be delegated solely to the IT department. The involvement of the entire enterprise, armed with an understanding of the highly dynamic landscape, is vital for warding off potential threats.
Author: David Etue, VP of CorpDev Strategy, SafeNet

Watch the webcast on demand: https://www.brighttalk.com/webcast/6319/75109

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,077
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Economics is the study of how society allocates scarce resources and goods. A well managed Info/Cyber/Security/Assurance program requires intelligent allocation of scarce resources–we can not protect everythingWe can’t build the entire airplane out of the “black box”
  • Classes of actors can be identified (and even particular actors in some cases)Capabilities can be estimated (and potentially managed by working Governments and Law Enforcement)Motive can be analyzed via “Adversary ROI”
  • Rorschach Test: http://en.wikipedia.org/wiki/Rorschach_testWe see in Anonymous what we WANT to see.. We project. Our perceptions say more about us than they do about the multitude of subgroups/causes in Anonymous.
  • http://www.vmware.com/files/pdf/solutions/Business-Value-Virtualization.pdfhttp://aws.amazon.com/free/
  • When our attack surfaces approach infinity, its easier to manage threatsCONTROL QUOTIENTMost security programs focused solely on vulnerability management, which necessary but insufficientTechnology changes at high rate of speed making vulnerability a moving targetAdversary community changes faster than defendersAttacks quickly move to the most porous layerEnd users likely to remain a significant vulnerability
  • Serenity prayer
  • Transcript of "Cyber Security Management in a Highly Innovative World"

    1. 1. Insert Your NameInsert Your TitleInsert DateCyber Security ManagementIn a Highly Innovative WorldDavid Etue, VP Corporate Development Strategy, SafeNetJune 2013© SafeNet - All Rights Reserved
    2. 2. AgendaAbout Me and SafeNetContextEvolving Adversaries, Evolving ThreatsEvolving Technology, Evolving DependenceSolutions and Ideas
    3. 3. About David Etue @djetue• VP, Corporate Development Strategy at SafeNet• Former Cyber Security Practice Lead [PRTM Management Consultants] (nowPwC)• Former VP Products and Markets [Fidelis Security Systems]• Former Manager, Information Security [General Electric Company]• Industry• Faculty: The Institute for Applied Network Security (IANS)• Certified Information Privacy Professional (CIPP/G)• Certified CISO (C|CISO)• Cyber things that interest me• Adversary innovation• Applying intelligence cycle / OODA loop in cyber• Supply chain security• Cloud and virtualization security
    4. 4. Who We AreTrusted to protect the world’s most sensitive data forthe world’s most trusted brands.We protect the mostmoney that moves inthe world, $1 trilliondaily.We protect the most digitalidentities in the world.We protect the mostsensitive informationin the world.FOUNDED1983REVENUE~330mEMPLOYEES+1,400In 25 countriesOWENERSHIPPrivateGLOBAL FOOTPRINT+25,000Customers in100 countriesACCREDITEDProducts certifiedto the highestsecurity standard
    5. 5. Insert Your NameInsert Your TitleInsert DateContext
    6. 6. We Have Finite Resources…We Can Not Protect Everything!http://commons.wikimedia.org/wiki/File:Fdr_sidefront.jpgLufthansa Airbus A380 D-AIMC with the name "Peking" at StuttgartLasse Fusshttp://commons.wikimedia.org/wiki/File:Lufthansa_A380_D-AIMC.jpg“Black Box”
    7. 7. Consequences: Value & Replaceabilityhttp://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/
    8. 8. Misplaced Focus“With the breach-a-week over the lasttwo years, the key determinate wasnothing YOU did… but rather was WHOwas after you.”
    9. 9. The Control Continuum
    10. 10. Insert Your NameInsert Your TitleInsert DateEvolving Adversaries……Evolving Threats10
    11. 11. What is a “Threat”?A Threat is an Actorwith a Capabilityand a MotiveThreats Are A “Who”, Not a “What”
    12. 12. A Modern Pantheon ofAdversary ClassesMethods“MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware PhysicalImpactsReputational Personal Confidentiality Integrity AvailabilityTarget AssetsCredit Card #sWebPropertiesIntellectualPropertyPII / IdentityCyberInfrastructureCore BusinessProcessesMotivationsFinancial Industrial Military Ideological Political PrestigeActor ClassesStates CompetitorsOrganizedCrimeScriptKiddiesTerrorists “Hactivists” Insiders Auditors
    13. 13. Methods“MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware PhysicalImpactsReputational Personal Confidentiality Integrity AvailabilityTarget AssetsCredit Card #sWebPropertiesIntellectualPropertyPII / IdentityCyberInfrastructureCore BusinessProcessesMotivationsFinancial Industrial Military Ideological Political PrestigeActor ClassesStates CompetitorsOrganizedCrimeScriptKiddiesTerrorists “Hactivists” Insiders AuditorsProfiling a Particular Actor
    14. 14. Script Kiddies (aka Casual Adversary)14“MetaSploit”, SQLi,PhishingConfidentially,ReputationCCN/FungibleProfit, PrestigeSkiddie
    15. 15. Organized CrimeMalware, Botnets,RootkitsConfidentiallyFungible, BankingProfitOrganized Crime
    16. 16. CustomMalware, SpearPhishing, Physical, ++Intellectual Property TradeSecrets InfrastructureConfidentially,ReputationIndustrial/MilitaryState/EspionageAdaptive Persistent Adversaries
    17. 17. Hactivists Chaotic ActorsDoS, SQLi, PhishingAvailability, Confidentiality,Reputation, PersonalWebProperties, Individuals, PolicyIdeological and/orLULZChaotic Actor
    18. 18. Insert Your NameInsert Your TitleInsert DateEvolving Technology……Evolving Dependence18
    19. 19. The Value An Organization DeliversIs Driven By Its DifferentiationSuppliers &PartnersYourOrganization CustomersDifferentiationIntellectualPropertyStrategyCoreProcesses
    20. 20. Competitive Differentiation is Dependenton Information and the IT InfrastructureIntellectualPropertyStrategyCoreProcessesInformation Security’s Mission Is To ProtectThese Key Digital Assets
    21. 21. Optimizing Security ManagementIs a Multi-Faceted ChallengeCustomerNeedsBusinessNeedsRegulators(Compliance)Threats
    22. 22. Branch OfficeCloud, Virtualization, Mobile, andConsumerization! Oh My!22Web 2.0 ApplicationRemote Replication• Sensitive Data on the Rise• More IT Dependency• Compliance• Variety of Threat ActorsGrowing Risk• Traditional Perimeter GONE!• SaaS, Cloud & Web 2.0 Apps• Collaboration Partners• Growing Mobile DevicesNo Physical ControlsInternetSaaS CloudExtranetWANDocsOfflineFoldersSharedFoldersDatabaseGroupwareE-MailMedia Flash-driveData CenterLaptopMobile
    23. 23. Virtualization and Cloud ComputingAre Economically Compelling and Here to Stay23
    24. 24. What Has Changed?Perimeter Layers Collaboration IntegratedAmount ofInformationandInfrastructureAttackSurfaceCost ofFailureTimeAs Organizations Have Embraced Technology, the Amount ofInformation, Attack Surface, and Cost of Failure Have AllSkyrocketed!
    25. 25. Another Change:The New Definition of Privilege25
    26. 26. Privileged Users Even More PowerfulIn Cloud/VIrt26Virtual Machine Virtual Machine Virtual MachineCompute Storage NetworkVirtualComputeCPUVirtual StorageNAS / SANManagementDatabase As-A-ServiceApplicationGuest OSApplication ApplicationGuest OSGuest OSVirtualNetworkPhysicalNetworkHypervisorServerApplicationOSCPU DiskNetworkBEFORE AFTER
    27. 27. Insert Your NameInsert Your TitleInsert DateSolutions and Ideas27
    28. 28. Insert Your NameInsert Your TitleInsert DateAdversary ROI
    29. 29. Why Adversary ROI Adversaries want assets -vulnerabilities are a means Our attack surface isapproaching infinity Adversaries have scarceresources tooAdversaries care if *they* can get a return oninvestment from an attack, not you…
    30. 30. Adversary ROI Came About ByLooking at RiskA risk requires a threat and a vulnerabilitythat results in a negative consequenceWe have finite resources, and must optimize the entirerisk equation for our success!Current StateThreatVulnerabilityConsequenceProposed State?
    31. 31. Understanding the Risk EquationRisk = Threat + VulnerabilityMost Cyber Security programs focused solely on vulnerabilitymanagement, which necessary but insufficient:• Technology changes at high rate of speed making vulnerability a movingtarget• Adversary community changes faster than defenders• Attacks quickly move to the most porous layer• End users likely to remain a significant vulnerabilityFocus of most cybersecurity programsThe Cyber Security “arms race” today focusesVulnerabilities—Its time to address other variables!
    32. 32. Value Favors the AttackerPublic SensitiveHighly ReplicableSensitiveIrreplaceableInformation ClassificationAttackerGainsTypical ITSecurityBudget(1-12% ofIT Budget)Are you prepared to address afunded nation state targetingyour highest value intellectualproperty?
    33. 33. The Adversary ROI EquationAdversary ROI =Attack ValueCost of the AttackProbabilityof SuccessDeterrenceMeasures(% Chance of Getting Caught x Cost of Getting Caught)Value of Assets Compromised +Adversary Value of Operational ImpactX-[ ] Cost ofthe Attack-( )
    34. 34. Ability torespond andrecover keyImpacting Adversary ROIIt is typically not desirableto make your assets lessvaluableImpact of getting caught istypically a government issueIncreaseadversary “WorkEffort”Ability torespond andrecover keyIncreaseadversary “WorkEffort”Adversary ROI =Attack ValueCost of the AttackProbabilityof SuccessDeterrenceMeasures(% Chance of Getting Caught x Cost of Getting Caught)Value of Assets Compromised +Adversary Value of Operational ImpactX-( ) Cost ofthe Attack-( )
    35. 35. Every Organization Should Know The KeyComponents to This ModelMethodsImpactsTarget AssetsMotivationsActor Classes
    36. 36. Insert Your NameInsert Your TitleInsert DateThe Control Quotient36
    37. 37. The Control Quotient Definition Quotient: (from http://www.merriam-webster.com/dictionary/quotient )• the number resulting from the division of one number by another• the numerical ratio usually multiplied by 100 between a test scoreand a standard value• quota, share• the magnitude of a specified characteristic or quality Control Quotient: optimization of a security control basedon the maximum efficacy within sphere of control (orinfluence or trust) of the underlying infrastructure* *unless there is an independent variable…
    38. 38. Amazon EC2 - IaaSThe lower down the stack the Cloudprovider stops, the more security you aretactically responsible for implementing &managing yourself.Salesforce - SaaSGoogle AppEngine - PaaSThe Control Quotient and the SPI StackStack by Chris Hoff -> CSA
    39. 39. Security Management & GRCIdentity/Entity SecurityData SecurityHostNetworkInfrastructure SecurityApplicationSecurityCSA Cloud ModelThe Control Quotient and the SPI Stack
    40. 40. CSA Cloud ModelSecurity Management & GRCIdentity/Entity SecurityData SecurityHostNetworkInfrastructure SecurityApplicationSecurityVirtualization, Software DefinedNetworks, and Public/Hybrid/CommunityCloud Forces a Change in How SecurityControls Are Evaluated and DeployedThe Control Quotient and the SPI Stack
    41. 41. To Be Successful, We Must Focus on the ControlKept (or Gained!), NOT the Control Lost…Half Full or Half Empty?
    42. 42. http://www.flickr.com/photos/markhillary/6342705495 http://www.flickr.com/photos/tallentshow/2399373550More Than Just Technology…
    43. 43. Insert Your NameInsert Your TitleInsert DateThe Secure Breach43
    44. 44. Crunchy on the Outside…44http://www.flickr.com/photos/theilr/2240742119/
    45. 45. Time to Secure the Breach45Breach Prevention EraSecure Breach Era
    46. 46. Key Enablers to the Secure BreachEncryption (and Key Management)Identity and Access Management with Strong AuthenticationSegmentationPrivilege User ManagementDetection and Response CapabilitiesAsset, Configuration, and Change Management46
    47. 47. 4 Step Program For Ushering In the“Secure Breach” Era• Its time to try something new…Introspection• You can’t prevent a perimeter breach…Acceptance• Know your enemies and what they are after…Understanding• Decrease adversary ROI…Action47
    48. 48. Insert Your NameInsert Your TitleInsert DateThank You!Any questionsDavid Etue@djetueWatch the full webcast on demand:https://www.brighttalk.com/webcast/6319/7510948
    49. 49. Follow SafeNet on Social Media[Blog] http://data-protection.safenet-inc.com@safenetinchttp://www.linkedin.com/company/safenethttp://youtube.com/safenetinchttp://facebook.com/safenetinchttps://plus.google.com/+safenethttp://pinterest.com/safenetinc/http://www.safenet-inc.com/rss.aspxhttp://www.slideshare.net/SafeNethttp://www.govloop.com/group/safenetgovhttp://www.brighttalk.com/channel/2037http://community.spiceworks.com/pages/safenetinc49

    ×