2. We’re on TV!
Monitoringsternthe Facebookvisited it again!”
Readinginwirelessfree “don’t
Viewing room
all
account
Giving them aDon’t trust you’vemen! doSSIDs
Seeing where these foodand
Hiding your youractivity door
Everyonesome their phone
using emails
Have talking tonext
2
4. ‘WHEN’ COULD BE HAPPENING TO YOU
66%
of breaches take months or even years
to be discovered, up from 56% in 2012
69%
of breaches are spotted by an external
party, like customers
29%
of attacks used emails, phone calls and
social networks to gain information
76%
of network intrusions exploited weak or
stolen credentials
*Data from Verizon’s 2013 Data Breach Investigations Report
4
5. APT
There are more
threats and
attack vectors
than you can
effectively
protect against
WEB CONTENT? WEB APPS?
WIRELESS ACCESS?
TCP/IP
HIJACKING
BLENDED ATTACKS
(SPEAR) PHISHING
SOCIAL
ENGINEERING
SQL INJECTION
DNS POISONING
DDoS
ATTACKS
MALWARE
WE KNOW THREATS ARE INFINITE
Threat
acceleration
5
6. WE KNOW TECHNOLOGY IS COMPLEX
SPDY & HTTP 2 INSPECTION
NEXT-GEN FIREWALLS
IDS/IPS SOLUTION
DATA LOSS PREVENTION
DDoS MITIGATION SOLUTION
WEB CONTENT FILTERING
SECURE INTERNET GATEWAY
NAC/802.1X SOLUTION
WIRELESS SECURITY
Over 40 tools
Already there
are more tools
than you can
deploy – what is
the solution?
TWO FACTOR AUTHENTICATION
6
8. INTELLIGENT SECURITY
Security is
a moving
target
Threats
keep on
coming
Visibility is
the key to
security
intelligence
We know
we have
to accept
some risk
How do we
compensate
for this?
Not more
mousetraps
- just using
them better
8
9. INTELLIGENT SECURITY
Security is
a moving
target
Threats
keep on
coming
Visibility is
the key to
security
intelligence
We know
we have
to accept
some risk
How do we
compensate
for this?
Not more
mousetraps
- just using
them better
9
11. WHY BETTER DETECTION IS CRITICAL
Budget
limitations
Change in risk
profile
Security
investment
cannot cover all
eventualities
You will be
working with
known risk and
vulnerabilities
Be proactive
Get the drop
on attackers
Don’t wait for
threats to
appear –
proactively
mitigate
Early threat
detection will
reduce known
risks
11
12. DETECTION FOCUSED SECURITY MODEL
•
•
•
•
Categorise risk – know what you must lock up, identify what
you can manage and decide what risks you can accept
Protect your most valuable assets with next-gen technologies
Ensure you deploy threat detection for known risks and
vulnerabilities
Undertake proactive threat detection to mitigate unknown risks
Feedback into risk profile
REMEDIATE
MANAGE
UNKOWN RISK
KNOWN RISK
•
ACCEPT
12
13. WHAT’S REQUIRED FOR PROPER DETECTION
Macro-level
intelligence
Proactive
security
Elastic
expertise
Cyber
intelligence
correlated from
multiple internal
and external
sources
Detect and
divert threats
before they
happen
Depth and
breadth in
security and
cloud skills and
capacity
Complete
metrics
Regular, compre
hensive security
metrics and
analysis
Agility
Quick strategic
response to
evolving threats
24x7 real-time
monitoring
Continuous,
24x7, expert
monitoring and
interpretation of
security data
13
14. HOW SECUREDATA DOES DETECTION
AffinitySECURE (Pro-active Security Monitoring)
• Early Warning System for changes in device behaviour and health
• Advance Threat Warnings
• Trend Based Analysis of system parameters
• Real-Time Granular Monitoring
• Automatic Incident logging based upon severity and threshold level
• Device Port Monitoring (ensures unknown or unauthorised services aren’t
started on a device)
Cloud SIEM Service
• Outsourced 24x7x365 Service
providing centralised real-time event
analysis for log and event information
• Single pane of glass for all network
and security incidents
• Advanced threat and security
incident detection on a 24x7x365 basis
14
16. USE SPECIALIST DETECTION SERVICES
Ensure your systems are configured correctly and
managed correctly, while freeing-up internal resources
AffinitySECURE
Managed Services
•
•
•
•
•
•
•
•
•
•
Cloud SIEM
Cloud Services
Managed
Managed
Managed
Managed
Managed
Managed
Managed
Managed
Managed
Managed
Firewalls
Next Gen Firewalls
Web Content Security
Remote Access
Two-Factor Authentication
Wireless
IDS/IDP
SIEM
Load Balancing
Switches/Routers
•
•
•
•
Cloud Internet Gateway
Cloud SIEM
Cloud Global Load Balancing
Phishing-as-a-Service
16
17. WHAT STEPS TO TAKE
Understand
where your assets
are and what needs
protection
Proactively detect
emerging threats
Apply real time
monitoring for
known threats
Deploy the right
tools to protect
critical assets
17
Walk through each stage/picture abovehttp://www.channel4.com/news/privacy-phone-wifi-gchq-mobile-data
This slide will animate to walk through the numerous threats.Key points:Threats are happening to brands you would expect to be secureExpect to be breached – it’s a question of when and not ifhttp://www.ft.com/cms/s/0/83e0aa90-417b-11e3-9073-00144feabdc0.html#axzz2l7p5jgUnhttp://uk.reuters.com/article/2013/06/21/uk-facebook-security-idUKBRE95K19120130621http://www.crn.com/news/cloud/240149905/evernote-breach-means-50-million-password-resets.htm
So if, security has moved from preventing the if to identifying the whenHow do you know when?These figures show at the moment, it suggests we are not focusing on the right areas
When is an issue for us, but *where* is also importantNew threats and attack vectors are emerging all the time, so where can we predict and detect new threats?
We know it will happen, but we’re not sure when or where from – the landscape is getting harder to controlAt the same time, we have all these point technology solutions that are layering on top of each other – there will be infinite tools to handle every emerging threat, so can we continue on this path?
Visibility – make this largeWe haven’t got ervtyhintg covered, we haven’t got it all monitored
This slide will build from pink and then around the circleKey points: security keeps on changing, threats keep emerging.As we’ve just said, complexity and scale are increasing – we know we have to accept risk So what do we do about this new risk we have introduced?Two things:We make better use of technology. We don’t need more mousetraps, just the mousetraps you’ve got focused in a better wayWe need VISIBILITY- this is the key to security now and in the futureVisibility – make this largeWe haven’t got everything covered, we haven’t got it all monitored
This slide will build from pink and then around the circleKey points: security keeps on changing, threats keep emerging.As we’ve just said, complexity and scale are increasing – we know we have to accept risk So what do we do about this new risk we have introduced?Two things:We make better use of technology. We don’t need more mousetraps, just the mousetraps you’ve got focused in a better wayWe need VISIBILITY- this is the key to security now and in the futureVisibility – make this largeWe haven’t got everything covered, we haven’t got it all monitored
The image here will change – take this as a placeholder slide!
Within this new world of threat detection, we are asking you to approach security in a different wayYou will no doubt have plenty of point security solutions, all with monitoring and dashboardsWhat’s different here is that it’s gone up on the priority agenda – that means you can’t plug in the technology and review it at the end of the weekIt needs ‘eyes on’ so you have to decide if you have the resource, if you have the expertise, if you have a plan BSome of these items you will want to keep in-house, others you can work with a partner or a combination of what works for you
What does this new model of threat detection look like?We’ve simplified it down, but essentially, You need to categorise risk – what will you accept, what can you manage and what is critical to keep locked upKnowing your assets and using the scorecards and reference models Carl mentioned will enable you to do thisThe swiss cheese approach to layering on technology to cover as many holes as possible doesn’t need to apply any longerYou can have some holes – as long as you know what they are and as long as you are detecting threats for these known vulnerabilitiesUnknown threats of course are still out there – so in addition to managing known risks, you need to be proactively undertaking threat detection
Within this new world of threat detection, we are asking you to approach security in a different wayYou will no doubt have plenty of point security solutions, all with monitoring and dashboardsWhat’s different here is that it’s gone up on the priority agenda – that means you can’t plug in the technology and review it at the end of the weekIt needs ‘eyes on’ so you have to decide if you have the resource, if you have the expertise, if you have a plan BSome of these items you will want to keep in-house, others you can work with a partner or a combination of what works for you