• Share
  • Email
  • Embed
  • Like
  • Private Content
The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy
 

The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy

on

  • 844 views

The IT threat landscape has changed substantially over the last year. Attacks come from more patient, sophisticated hackers whose main goal is to remain undetected while slowly gaining access to ...

The IT threat landscape has changed substantially over the last year. Attacks come from more patient, sophisticated hackers whose main goal is to remain undetected while slowly gaining access to sensitive data. Social media and cloud services offer new ways in for attackers. The stakes are higher too, with breaches leading to disastrous consequences including business failure. In this webcast, Khalid Kark, Principal Analyst with Forrester Research, describes today’s concerning threat landscape. He also gives best practices related to people, processes, and technologies that can help avoid the disastrous consequences posed by these threats.

In this webcast, you’ll learn:

How today’s threats are evolving—the tools and methods used, new sources of vulnerability and much more

Why traditional reactive approaches and detective controls no longer afford sufficient protection
Best practices related to people, processes and technologies that help prevent disastrous impacts of threats

Statistics

Views

Total Views
844
Views on SlideShare
843
Embed Views
1

Actions

Likes
0
Downloads
16
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  • http://topnews.in/files/Economic-downturn.jpghttp://s3.amazonaws.com/pixmac-preview/the-3d-person-puppet-rising-under-the-yellow-diagram.jpgEconomic downturnEfficient use of existing resourcesCost cuttingEmphasis on security and riskRegulatory complianceIndustryRegionCountry (legal)New business modelsOutsourcingCloudBusiness alliances Global presence
  • http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  • http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  • North American Technographics® Online Benchmark Survey, Q2 2010 (US)*Source: North American Technographics® Interactive Marketing Online Survey, Q2 2009**Source: North American Technographics® Media And Marketing Online Survey, Q2 2008
  • http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  • http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php
  • http://www.istockphoto.com/stock-photo-11678211-partnership-concept.phphttp://www.istockphoto.com/stock-photo-7642635-graph-pointing-upwards-with-person-supporting-it.phphttp://www.istockphoto.com/stock-photo-13738689-3d-colourful-peopls-support-the-world.php

The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy Presentation Transcript

  • The ChangingIT Threat Landscape:Three Stepsto a ProactiveSecurity Strategy
  • Khalid KarkVice President, Research Director, Forrester ResearchDwayne Melancon, CISAProducts, Tripwire, Inc.
  • Today’s Speakers Vice President, Research Director
  • Changing Threat LandscapeEmerging trends, threats and responsesKhalid Kark, Vice President, Principal Analyst4 © 2010 Forrester Research, Inc. Reproduction Prohibited 2009
  • Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies5 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Security continues to play catch-up Economics Regulations New business models Consumerization Business partners Third-party service providers6 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies7 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • The threat landscape keeps evolving . . . Motivation Fame Financial gain Method Audacious “Low and slow” Focus Indiscriminate Targeted Tools Manual Automated Result Disruptive Disastrous Type Unique malware Variant tool kits Target Infrastructure Applications Agent Insider Third parties8 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Method – Low and Slow  Target an individual or a corporation  Take your time to get the information  Can take weeks or months  May need to stop the “attack” for extended periods  “Trickle” of information over time  Goal – not get detected  Many breaches today are discovered when something goes horribly wrong  Many don’t even know it exists9 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Tools: Automated  Web crawlers  Automated IM conversations  Escalation levels  Publically available information  Archives  Better analytics and predictions  Self learning systems - Artificial intelligence10 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Type: toolkits and variants  90K variants of Zeus malware  Mutation is standard part of writing malware today  Adaptability to defenses is key  Advanced encryption algorithms  Tool kits and “do it yourself” kits  Botnets for hire – really cheap  Cost and variation is making existing malware defenses obsolete11 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies12 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Increased concern around empowered technologies Web 2.0(wikis, blogs, et 40% c.) Cloud 42% computing Smartphones 54% Base: 1,025 North American and European IT Security decision-makers Source: Forrsights Security Survey, Q3 2010 13 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Exponential growth in social media adoption Daily visit social networking sites (e.g. Facebook, LinkedIn) 40% 30% 20% 10% 0% 2008 2009 201014 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Mobile subscribers and connections speeds ascend Global mobile broadband subscribers (in millions) 400 300 200 100 0 2008 2009 2010* Source: GSM Association15 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Rapid growth in cloud services Global IT market (US$ billions) $40 $30 IaaS $20 SaaS and PaaS $10 $0 2009 2010* 2011* 2012* 2013* * Forrester forecast16 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies17 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Too many things on the plate – distracted decisions Threat and vulnerability mgmt. Technical infrastructure security Data security Identity and access management Policy and risk management Application security Full Most Privacy and regulations Half Third-party security Business continuity/disaster recovery Physical security Fraud management 0% 20% 40% 60% 80% 100%18 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Reactive investment for security Maintenance/licensi ng of existing security Security technology, 22% staffing, 23% Security Upgrades to outsourcing and existing security MSSP, 12% technology, 17% Security consultants and integrators, 8% New security technology, 18%19 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Relying on vendors to answer strategic questions20 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Not having a broad scope21 © 2010 Forrester Research, Inc. Reproduction Prohibited May 2010 “Security Organization 2.0: Building A Robust Security Organization”
  • Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies22 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Understanding Process Maturity23 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Current state versus target Identity and access management 5 Business continuity and 4 Threat and vulnerability disaster recovery management 3 2Application systems 1 Investigations and development records management 0 Ideal Information asset Incident Current management management Target Sourcing and vendor management Source: Output from Forrester’s Information Security Maturity Model24 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Agenda 1. Threat: Changing Business Dynamics 2. Threat: Changing Threat Landscape 3. Threat: Empowered Employees 4. Best Practice: Focus Your People Controls To Maximize Impact 5. Best Practice: Manage Process Controls To Minimize Risk 6. Best Practice: Invest In Technology Controls To Gain Efficiencies25 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Technology  MSSPs can play a huge role helping you here.  Youre not just building on reactive controls but preventive ones as well. – IDS to IPS – SIEM and Log management – DLP – GRC  Youre not investing in the best technologies but have a holistic and layered defense. – Best of breed to easier integration and management. – Strategic security partners – Point solutions to layers of security26 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Reactionary spending versus planned allocations IAM 7% Content 7% Network Security 25% Application, 10% Risk & compliance Data security, 10 % 15 % Security Ops Client & threat 14 % mgmt. 10% Source: Forrsights Security Survey, Q3 201027 © 2010 Forrester Research, Inc. Reproduction Prohibited
  • Thank youKhalid Kark+1 469.221.5307kkark@forrester.comwww.forrester.com © 2009 Forrester Research, Inc. Reproduction Prohibited
  • Khalid Karkwww.tripwire.com Forrester Research E-mail : kkark@forrester.com