Trends & Futures in Information SecurityJoe GottliebVP, Marketing & Business Development, SenSage

The future of security is already being reshaped by…Metrics, but for what?Virtualization, but how?Cloud, but why?Integration & Automation, but when?Negotiations, but with whom?

theVILLAINS…Digital TheftHeterogeneityOrganizational BehaviorWeb 2.0Growth : )3

so evolves theft4As value evolves…Age ofDigital TheftAge of Physical Theft

Physical Reality (as we love it)5Server 1Server 2Physical NetworkSource: Securing Virtual Data Centers, Lynch et al, 10/9/09

Virtual Reality 1.06Physical NetworkSource: Securing Virtual Data Centers, Lynch et al, 10/9/09

eBay & VirtualizationVision One – Reduce RiskVision Two – Master Prohibitive ScaleVision Three – Leverage Cloud Computing7Source: Securing Virtual Data Centers, Lynch et al, 10/9/09

New Age Currency8Source: The McAfee Vision for Total Data Protection, Watzinger et al, 10/9/09

McAfee’s Prescription for Data Protection9Source: The McAfee Vision for Total Data Protection, Watzinger et al, 10/9/09

McAfee Data Loss Prevention:Learning through Capture10Source: Eliminating Data Amnesia, Ahuja et al, 10/9/09

“Compliance” is a loaded term…11Source: Reducing the Total Cost of Compliance, Cougias et al, 10/9/09

McAfee alone must comply with…12Source: Reducing the Total Cost of Compliance, Cougias et al, 10/9/09

Unified Compliance Framework13Source: Reducing the Total Cost of Compliance, Cougias et al, 10/9/09

Tyco International Compliance Requirements14Source: Compliance Approaches in a Down Economy, Fredriksen et al, 10/9/09

The Tyco (CISO’s Office) Response15Source: Compliance Approaches in a Down Economy, Fredriksen et al, 10/9/09

GM’s Lynn Trent: The value of control…16Source: The Value of Control, Trent, 10/09

Citrix Systems: Exciting New Challenges17Source: The True Cost of Free, La Bella et al, 10/09

Citrix Systems: Protecting the Inner Perimeter18Source: The True Cost of Free, La Bella et al, 10/09

Web 2.0: Conflict of Interest19Source: Web 2.0: Allow, Deny or Ignore?, Roddy et al, 10/09

Koobface uses Twitter to attack…20Source: Web 2.0: Allow, Deny or Ignore?, Roddy et al, 10/09

Social Networking Stats…21If access to social networking sites, such as MySpace and Facebook, is blocked, how would this impact your organization?Percentage of Company’s Bandwidth Consumed by Web 2.0 ApplicationsSource: Web 2.0: Allow, Deny or Ignore?, Roddy et al, 10/09

“Hi Mr. Credit Applicant…What is your reputation?”22Source: Intelligence to Predict, Protect, and Enable, Murphy et al, 10/09

“Hi Mr. IP Address or URL…What is your reputation?”23Source: Intelligence to Predict, Protect, and Enable, Murphy et al, 10/09

McAfee Firewall Enterprise (not your SMB UTM…)24IP & Web ReputationSmartFilterIncludes File Reputation (Artemis)Source: The Future of Network Security, Brown et al, 10/9/09

McAfee Global Threat Intelligence25

Heartland …………26Source: Data Privacy and Security: Legal Trends and Developments, Organ, 10/09

Heartland…Over 100 million consumers’ credit and debit cards were stolen.More than 650 institutions have been impacted by the Heartland data breach.The information was stolen by using malware uploaded onto Heartland’s systemsOver 30 class actions have been filed against Heartland as a result of the breachAccording to Heartland CEO Bob Carr: “In the first half of 2009, we laid out $32 million and we don’t know what will happen going forward. We are aggressively defending against litigation. That’s all I can say.”-- August 12, 2009 interview with CSO Security and Risk27Source: Data Privacy and Security: Legal Trends and Developments, Organ, 10/09

TJ Maxx…28Source: Data Privacy and Security: Legal Trends and Developments, Organ, 10/09

Is law enforcement catching up yet?29Source: Data Privacy and Security: Legal Trends and Developments, Organ, 10/09

How “optimized” is your security architecture?30Source: Fact or Fiction: Security Metrics Can Boost Compliance Efforts, Ross et al, 10/09

Cost/Benefit of the Enterprise Security Maturity Model31Source: Fact or Fiction: Security Metrics Can Boost Compliance Efforts, Ross et al, 10/09

Gartner Security Program Maturity, 200932Source: Gartner Information Security Summit, London, 9/09

The evolution of security…33ProactiveMore Talent,No MetricsTomorrow’s GRC is Proactive ScienceCompliance as Excuse, Motivationor InspirationforMETRICSScienceArtComplianceRulesProud Legacy:SmartSecurityFolksReactive

What makes a good metric?34Source: Fact or Fiction: Security Metrics Can Boost Compliance Efforts, Ross et al, 10/09

Ryder Truck…“Moved” by IT GRC 35Source: Managing Risk While Enabling Compliance with Regulatory Mandates, Holt et al, 10/09

Got heterogeneity?36Source: How Optimized Security Can Improve Your Business, Dover et al, 10/09

McAfee Security Innovation AllianceIntegration…Automation…Closed-loop Risk Management…DoDCitigroupEtc.

Best-of-breed vs. One-stop-shop Biorhythm38Security YieldOne-stop-shopDemi-trendTimeBest-of-breedDemi-trend

How much is enough Information Security?39Source: Fact or Fiction: Security Metrics Can Boost Compliance Efforts, Ross et al, 10/09

SenSage is creating a new category40Deep Security ContextSecurity IntelligenceTraditional SIEM & Log Management ProductsLow Event Data Management ScalabilityHigh Event Data Management ScalabilityGeneral Purpose Columnar DatabasesTraditional Data Warehouse ProductsNo Security Context

Do security companies exaggerate the threat?YesBut…Does your company hold digital value?Will your company’s brand suffer if you have a breach?What part of the addressable market do you represent?41

Thank Youjoe.gottlieb@sensage.com