• Save
Information security  stki summit 2012-shahar geiger maor
Upcoming SlideShare
Loading in...5
×
 

Information security stki summit 2012-shahar geiger maor

on

  • 6,046 views

 

Statistics

Views

Total Views
6,046
Views on SlideShare
2,114
Embed Views
3,932

Actions

Likes
0
Downloads
0
Comments
0

55 Embeds 3,932

http://sigalrussin.blogspot.co.il 910
http://shaharmaor.blogspot.co.il 868
http://ronibachar.blogspot.co.il 820
http://ronibachar.blogspot.com 626
http://shaharmaor.blogspot.com 551
http://translate.googleusercontent.com 24
http://sigalrussin.blogspot.com 13
http://ronibachar.blogspot.co.uk 8
http://www.shaharmaor.blogspot.com 7
http://ronibachar.blogspot.de 7
http://shaharmaor.blogspot.de 6
http://shaharmaor.blogspot.ca 6
http://ronibachar.blogspot.in 5
http://www.linkedin.com 5
http://sigalrussin.blogspot.com.es 4
http://shaharmaor.blogspot.co.uk 4
http://shaharmaor.blogspot.in 4
http://sigalrussin.blogspot.co.uk 4
http://sigalrussin.blogspot.co.at 3
http://sigalrussin.blogspot.nl 3
http://sigalrussin.blogspot.de 3
http://sigalrussin.blogspot.ro 3
http://sigalrussin.blogspot.in 3
http://sigalrussin.blogspot.ru 3
http://shaharmaor.blogspot.com.au 3
http://ronibachar.blogspot.it 3
http://ronibachar.blogspot.com.au 3
http://shaharmaor.blogspot.mx 2
http://www.shaharmaor.blogspot.com.es 2
http://sigalrussin.blogspot.fr 2
http://ronibachar.blogspot.com.br 2
http://sigalrussin.blogspot.hu 2
http://shaharmaor.blogspot.com.es 1
http://ronibachar.blogspot.gr 1
http://ronibachar.blogspot.hu 1
http://ronibachar.blogspot.dk 1
https://www.google.co.il 1
http://inoreader.com 1
http://sigalrussin.blogspot.ae 1
http://sigalrussin.blogspot.kr 1
http://ronibachar.blogspot.nl 1
http://sigalrussin.blogspot.ch 1
http://shaharmaor.blogspot.hk 1
http://shaharmaor.blogspot.it 1
http://shaharmaor.blogspot.be 1
http://ronibachar.blogspot.fr 1
http://www.shaharmaor.blogspot.tw 1
http://www.shaharmaor.blogspot.in 1
http://ronibachar.blogspot.ru 1
http://ronibachar.blogspot.mx 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Information security  stki summit 2012-shahar geiger maor Information security stki summit 2012-shahar geiger maor Presentation Transcript

    • Trends InInformation Security Tell me and I’ll forget STKI Summit 2012Show me and I may remember Shahar Geiger Maor,Involve me and I’ll understand VP & Senior Analyst
    • AgendaEndpoints Networking Security DC Cloud Post Voice MDM PC Video Cyber 2 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Presentation Visualization MDMNetworking Security ollaboration 3 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • End-To-End Security Project Web Security Secure WAF Browsing GatewayApplicationSecurity Information DLP LaunderingDataSecurity Firewalls IPS NACNetworkSecurity Source: Taldor 4 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • TEAMS Project (A3) Source: Malam-Team 5Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • The New Training Center-IDF Source: Bynet 6Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Presentation Visualization -Security MDMNetworking Security ollaboration 7 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • STKI Index-2011 –Top Security Queries Mobile Sec., 25% Access/Authentication, 13% DB/DC Sec., 11% GRC, 9% Network Sec., 8% Sec. Policy, 6% Data Sec., 6%SIEM/SOC, 4% SIs/Vendors/Products, 4% Endpoint Sec., 4% Fraud, 3% “Cyber”, 2% Market/Trends, 2% Application Sec., 2% Miscellaneous, 1% 8 GW Sec., 1% Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Presentation Visualization-Cyber MDMNetworking Security ollaboration 9 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • New Buzz….. 10Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Your Text here Your Text here Shahar GeigerMaor’s work Copyright 2012 @STKI Do Do not remove source or attribution from any or portion of graphic of graphic Shahar Maor’s work Copyright 2012 @STKI not remove source or attribution from any graphic graphic or portion 11
    • The Cyber Triangle Cyber Warfare Cyber Terror Cyber CrimePrivate Information Command & Control Business Information Systems Source: ILITA. STKI modifications 12 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • The Cyber Triangle–Regulations Director of Security SOX of the Defense Establishment NationalISOIEC Information 27001 Security Authority Israeli Law,PCI-DSS Information and Technology Authority Bank of Israel Ministry of Finance ISOIEC ISOIEC ISOIEC ISOIEC PCI-DSS SOX PCI-DSS SOX SOX Private Information Command & Control Business Information Systems Source: ILITA. STKI modifications 13 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Generic Cyber Attacks 1. IndividualsGroups 2. CriminalNationalistic background 3. Lots of intervals 4. Lots of targets 5. Common tools 14Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Distributed Denial Of Service (DDOS) 1. Targets websites, internet lines etc. 2. Legitimate traffic 3. Many different sources 4. From all over the world 5. Perfect timing 15Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • DDOS Mitigation- Israeli Market Positioning 1Q12 Vendors to watch:Andrisoft, Cloudshield, Correro,GenieNRM, IntruGuard, Narus, RioRey, Prolexic Local Support Player Radware Worldwide Leader Arbor F5 Networks Imperva Foresight Akamai Market Presence 16 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Advanced and Persistent Threat (APT) 1. Group/ Org./ State 2. Ideological/ Nationalistic background 3. Multi-layered attack 4. Targeted 5. Variety of tools 6. Impossible to detect in real time(???) 17Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Iranian Intelligence Wants To Be Your Friend on LinkedIn Source: http://www.guym.co.il/ Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Cyber Preparedness??? Country-by-country stress tests4.5 43.5 32.5 21.5 10.5 0 Italy Mexico Spain USA Poland Denmark Estonia India China Sweden Romania Russia France Brazil The Netherlands Austria Japan Germany United Kingdom Israel Finland Australia Canada http://www.securitydefenceagenda.org/ 19 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Your Text here Your Text here Shahar GeigerMaor’s work Copyright 2012 @STKI Do Do not remove source or attribution from any or portion of graphic of graphic Shahar Maor’s work Copyright 2012 @STKI not remove source or attribution from any graphic graphic or portion 20
    • bureaucracies live forever.... Space US Roman the rearShuttle’s standard war ends ofbooster railroad chariots two warrockets gauge horses 21 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Israeli National Cyber Command (INCC)Established: 07.08.2011Goal:• To lead the nation’s cyber strategy• To establish a cyber defense policy• To promote new initiatives and technologies in regards to cyber security domains.Means:• Government budget• Industryacademic knowledge sharing 22 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • On the INCC’s Agenda• Mapping the national critical infrastructure• Gap analysis for national critical infrastructure security controls• Certifications: for vendors, for Sis, for consultants• Authorizations: for businesses, institutes and any other entity who keep privatepublic information• Proactive defense by establishing professional forums• Promotion of academic and industry research• Promotion of specific fields of expertise (e.g: SCADA security)• Establishment of national security lab• Education and public awareness 23 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Five Aspects of Government Intervention1. Multi-system and system complexity: Resource pooling and knowledge sharing2. Joint venture: Cyber defense is a “game for large players”3. National as well as International co-operation4. Governmental incentives and programs (e.g: MAGNET, Yozma initiative)5. Regulation …This is the planned State –Level Cyber Security Approach 24 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • An Example fo State-Level Cyber Security –IPv6 http://www.ccdcoe.org/publications/books/Strategic_Cyber_Security_K_Geers.PDF 25 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Your Text here Your Text here Shahar GeigerMaor’s work Copyright 2012 @STKI Do Do not remove source or attribution from any or portion of graphic of graphic Shahar Maor’s work Copyright 2012 @STKI not remove source or attribution from any graphic graphic or portion 26
    • Your Text here Your Text here Shahar GeigerMaor’s work Copyright 2012 @STKI Do Do not remove source or attribution from any or portion of graphic of graphic Shahar Maor’s work Copyright 2012 @STKI not remove source or attribution from any graphic graphic or portion 27
    • Spotting the Unknown: Finding the “God Particle” of SecurityOne possible signature of a Higgs boson from Large Hadron Collider (LHC) at CERN http://commons.wikimedia.org/wiki/LHC 28 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Big Data : Information Diet• The modern human animal spends upwards of 11 hours out of every 24 in a state of constant consumption of information from the net: • we have grown obese on sugar, fat, and flour • we become gluttons for texts, instant messages, emails, RSS feeds, downloads, videos, status updates, and tweets.• Just as too much junk food can lead to obesity, too much junk information can lead to cluelessness• Big Data “should” help a company understand this information glut and is essential in order to be smart, productive, and sane. 29 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Spotting the Unknown: Big Data At Your Service SIEM Applications Data Warehouse Business Process Management Business Intelligence Detect, analyze and respond to phenomena based on large volumes of structured and unstructured information Source: IBM30 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Spotting the Unknown: The Sandbox Approach Source: http://www.fireeye.com/ 31 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • But…”The Contact Line Will Always be Breached” Maginot Line Bar-Lev Linehttp://en.wikipedia.org/wiki/File:Maginotline_ http://en.wikipedia.org/wiki/File:1973_sinai_worganization.gif ar_maps.jpg 32 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • “Real-Time Forensic” -NetWitness http://visualize.netwitness.com/Default.aspx?name=investigationShahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 33
    • “Real-Time Forensic” -HBGary http://hbgary.com/attachments/ad-datasheet.pdf 34Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • STKI Cyber Security SurveyThis survey consists of two different parts:• First part –CISOs and Infra managers from dozens leading organizations.• Second part –the insights of 9 leading security consultants who cover most of the IT market in Israel.Important notes:• This survey refers to incidents during 2009-2011.• Unreasonable results were removed.• Results may have been subjected to wrong interpretation by the Respondents and some of the incidents may have been “dropped”. 35 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Thank You Very Much For Your Contribution! 36Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Number Of Security Incidents –Users’ Perspective Average number of significant security incidents* in the past 3 years50% Market 40% Average: 30% 2 20% incidents 10% 0% "Cyber sector"** No 1 "Soft Cyber sector"*** Incidents Incident 2-5 5-10 Incidents More Incidents Than 10 Incidents*"Significant security incident" -One that caused direct loss in working hours andor money**”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense…***”Soft cyber sector” –All the others 37 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Number Of Security Incidents –Consultants’ Perspective Average number of significant security incidents during 2011 80% 60% 40% 20% Defense & Gov. Finanace 0% Infra & Telecom No 1 Rest of Industry Incidents Incident 2-5 5-10 Incidents More Incidents Than 10 Incidents 38 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • What Kind Of Incidents? –Users’ Perspective What was the nature of security incidents in the last 3 years? Cyber sector Soft Cyber sector Inside factor (Malicious, accidental, 64% technical error) 20% Known vulnerabilitiesthreats 41% 55% No answer 40% 13%Vulnerabilitiesthreats were unknown at 39% the time 12% We still don’t know 16% 0% ”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… “Soft cyber sector” –All the others 39 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • What Kind Of Incidents? –Consultants’ Perspective What was the nature of security incidents in 2011? 6% 8% 5% Known vulnerabilitiesthreats 29% 36% Vulnerabilitiesthreats 32% 32% 35% 47% were unknown at the time 30% 29% Inside factor (Malicious, accidental, technical error) 15% We still don’t know 21% 34% 26% 15% 40 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Once Again, The Human Factor. DLP Justification? Have you encountered any malicious or non-malicious activity by employees in the last 3 years? Cyber sector Soft Cyber sector 17% No 0% 23% Yes, malicious 33% 70%Yes,non-malicious 88% ”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… “Soft cyber sector” –All the others 41 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Targeted Attacks –Users’ Perspective Have you witnessed any targeted attacks in the last 3 years? Soft Cyber sector Cyber sector 70% 66% 53% 47% 33%18% 10% 11% 10% 8%DOSDDOS Phishing Appweb attacks Malicious code No ”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… “Soft cyber sector” –All the others 42 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Targeted Attacks –Consultants’ Perspective Have you witnessed any targeted attacks toward one of your clients in 2011? (Not including Phishing and DOS attacks) 89% 56% 11%Yes, Appweb attacks Yes, malicious code No 43 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Lost of Working HoursApproximately how many working hours did your organization lose due to significant security incidents in the last 3 years? Cyber sector Soft cyber sector Don’t Less than know 50 12% Don’t 20% know More 30% than 51 Less than More than 33% 50 51 55% 50% ”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense… “Soft cyber sector” –All the others 44 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Impact on RevenueHow much money (% of total revenue, pre org. on average) has been lost due to security incidents in the last three years? Consultants Users 63% 58% 37% 13% 13% 13% 5% 0% 0% 0% Les than 1% 5%-1% 10%-5% More than 10% Don’t know 45 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Evolving to Combat Advanced Persistent ThreatsTotal Visibility Across the Enterprise:• Host-Based Visibility• Network-Based Visibility• Log Aggregation: Internal DNS Server Logs, DHCP Logs, Enhanced Microsoft Windows Event Audit Logs, Border Firewalls Logs with Ingress/Egress TCP Header• Information, External Webmail Access Logs, Internal Web Proxy Logs, VPN Logs, Netflow Logs, Full Packet Capture Logs• HIDS/HIPSActionable Threat Intelligence:• Indicators of Compromise http://www.mandiant.com/news_events/forms/m-trends_tech2011 46 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Security Fundamentals Come First! EstablishingAfter establishing a rigid and Cyber Security A newcontinuous security policy, Policy componentCheck out this diagram: Security Computer Cyber education and Emergency awareness Response Team Command Center? Internet policy Access policy System policy Standards Access configuration Operating System design management management systems Strong Patch SDLC Mobile devices authentication management system Testing Encryption(?) hardening 47 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Introducing: Cyber Command Center Cooperation Research Knowledge with nation and Sharing CC Intelligence MethodologyMission Duties & Tools Reporting responsibilities Key Drill & Legal Success simulation aspects Criteria Source: Sharon Mashhadi 48 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Presentation Visualization-MDM MDMNetworking Security ollaboration 49 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Device Management… 50 Source: Bent ObjectsShahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Critical Capabilities for Mobile Device Management Policy Security andDevice Diversity Containerization Enforcement Compliance Inventory Software Administration IT Service Management Distribution and Reporting Management Network Service Delivery Model Management http://www.gartner.com/technology/streamReprints.do?id=1-16U0UOL&ct=110801&st=sg 51 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • The Israeli Point of View In your opinion, what are the Critical Capabilities for a MDM solution?16% 12% 8% 6% 13% Source: STKI Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 52
    • MailCalendar Sync?Does your organization’s policy allow for mobile devices to be synchronized to mailcalendar? Not yet 13% Of course! 87% Source: STKI 53 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • (Don’t) Bring Your Own Device (Not yet)Does your organization’s policy allow for private mobile devices to be synchronized to mailcalendar? Yes (to all...) 13% Yes (Policy) No! 33% 54% Source: STKI 54 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • MDM StrategyWhat’s your mobile device management and security strategy? 5% Conducting a POCevaluation 8% of solutions Using an existing (non-specific)13% security methodologysolutions Its considered high priority, 53% but no actions were made yet Already implemanting a specific MDMsecurity solution 21% MDMsecurity is considered low priority at the moment Source: STKI 55 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Data Leakage From Mobile Devices How are you planning to tackle data leakage from mobile devices (multiple answers)? 43% 40% 37% 30% Our MDM Were usingwill Higher security We do not dealsolution shoud be using awareness with itbe the answer compensating security controls Source: STKI 56 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Market Status: Waiting For “Something” To Happen ~17,000 MDM licenses have been sold in the Israeli market so far… (STKI estimation, Feb 2012) 57 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • MDM Insights -There is no single end-to-end solution -Decision-maker’s position determines type of solution CxOs / Special Purpose Pure Security MDM Employees 58Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Security CxOs / Special Purpose • AGAT- Active Sync Protector • Checkpoint - Pointsec Mobile Security Pure • Juniper –Junos Security MDM Pulse Mobile Security Suite • LetMobile • Trend Micro – Mobile Security Employees 59Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Security Management -Israeli Market Positioning 1Q12 Local Support AGAT Player Checkpoint Worldwide Juniper Leader LetMobile Trend Micro Market Presence 60 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Device Management CxOs /• AirWatch Special Purpose• BoxTone• FancyFone –FAMOC• Fiberlink-MaaS360• Matrix-MMIS• McAfee -Enterprise Pure Mobility Security Management MDM• MobileIron• Symantec - Mobile Management• ZenPrise –Mobile Manager Employees 61 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Device Management -Israeli Market Positioning 1Q12 Mobile Iron Local Support Player AirWatch Worldwide FancyFone Leader McAfee Fiberlink Matrix Zenprise Symantec BoxTone Market Presence 62 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Containerization • DME-Excitor • Good Technologies • Sybase-Afaria CxOs / Special Purpose Pure Security MDM Employees 63Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Container Management -Israeli Market Positioning 1Q12 Local Support Good Player Technologies Worldwide Leader Excitor Sybase Market Presence 64 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Remote Control CxOs / Special Purpose• Callup-Xcontrol• Communitake• Pure Mformation Security• SOTI MDM Employees 65 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Mobile Remote Control-Israeli Market Positioning 1Q12 Local Support Player Mformation Communitake Worldwide Leader Xcontrol SOTI Market Presence 66 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Presentation Visualization-Cloud Security MDMNetworking Security ollaboration 67 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Cloud Flavors Source: Changewave, a service of 451 Group 68Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Super Hybrid Clouds : can IT handle it ?IT’s challenge becomes:• integration• identity management• data translation between the core and multitenant public cloud• orchestration for processes connecting private and public clouds 69 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Cloud Security is still A Major Concern Source: Changewave, a service of 451 Group 70Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Cloud Standards and Test Bed Groups• Cloud Security Alliance (CSA)• Distributed Management Task Force (DMTF)• Storage Networking Industry Association (SNIA)• Open Grid Forum (OGF)• Open Cloud Consortium (OCC)• Organization for the Advancement of Structured Information Standards (OASIS)• TM Forum• Internet Engineering Task Force (IETF)• International Telecommunications Union (ITU)• European Telecommunications Standards Institute (ETSI)• Object Management Group (OMG) http://cloud-standards.org/wiki/index.php?title=Main_Page 71 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Cloud Security Standards –Current Status ISO 27001 SSAE 16 FedRAMP (SAS 70) ILITA Cloud IAM(Israel) (access & Security federation) FISMA – CSA ATO FIPS 140- 2 72 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • ISO 27001 (2005)There is no particular focus on “cloud computing”.(Reddit, HootSuite, Quora and Foursquare have suffered outageseven though AWS is ISO 27001 certified).ISO 27001 relates to some cloud security issues:• A.6.2.1 -Identification of risks related to external parties• A.6.2.3 -Addressing security in third party agreements• A.10.5.1 -Information back-up• A.11 -Access control• A.7.2.1 -ClassificationSo, what’s the point of being ISO 27001 certified? Lower risk. ISO 27001 certification guarantees that the certified entity has undertaken a comprehensive approach to resolve major risks. 73 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • SOC 1/SSAE 16/ISAE 3402 SSAE 16 is an enhancement to the current standard for Reporting on Controls at a Service Organization (SAS70). ISAE 3402 SSAE 16 was built upon the ISAE 3402 framework. SOC 1 A SOC 1 Report (Service Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting. The SOC1 Report is what you would have previously considered to be the standard SAS70, complete with a Type I and Type II reports, but falls under the SSAE 16 guidance. http://www.ssae-16.com/ 74Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • SOC 1/SSAE 16/ISAE 3402Who Needs an SSAE 16 (SOC 1) Audit? If your Company (the ‘Service Organization’) performs outsourced services that affect the financial statements of another Company (the ‘User Organization’), you will more than likely be asked to provide an SSAE16 Type II Report, especially if the User Organization is publicly traded.Some example industries include: * Payroll Processing * Loan Servicing * Data Center/Co-Location/Network Monitoring Services * Software as a Service (SaaS) * Medical Claims Processors http://www.ssae-16.com/ 75 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • FIPS 140-2 Certification –For CSP Trust1. Federal Information Processing Standard (FIPS) Publication 140-22. Specifies the security requirements of cryptographic modules used to protect sensitive information3. Notice: There are four levels of encryption under FIPS 140-2 http://www.gore.com/en_xx/products/electronic/anti-tamper/security-standards.html 76 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • PCI DSS –Vital For Cloud Service ProvidersPCI DSS was set up by the major credit card companies to try and improve the InformationSecurity of financial transactions related to credit and debit cards. It essentially pushes theresponsibility of looking after card data onto merchants who may store, process and transmitthis type of data. Protect Cardholder Data Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy Maintain a Vulnerability Management Program http://phoenix-consultancy.com/pci_dss.html 77 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Access Control And Federation http://blogs.forrester.com/eve _maler/12-03-12- a_new_venn_of_access_contr ol_for_the_api_economy 78Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Cloud Security Alliance(Join the Israeli chapter here: http://www.linkedin.com/groups?gid=3050440&trk=hb_side_g)• Security Guidance for Critical Areas of Focus in Cloud Computing (Released November 14, 2011)• Innovation Initiative -created to foster secure innovation in information technology. (Released February 24, 2012)• GRC Stack -a toolkit to assess both private and public clouds against industry established best practices, standards and critical compliance requirements.• Consensus Assessments Initiative -Research tools to perform consistent measurements of cloud providers (Released September 1, 2011)• Cloud Controls Matrix (CCM) -Released August 26, 2011• Cloud Metrics - Metrics designed for Cloud Controls Matrix and CSA Guidance.• CloudTrust Protocol (See next slides…) 79 https://cloudsecurityalliance.org/research/ Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Cloud Trust Protocol (CTP) Transparency as a Service SAS70, SSAE 16, HIPAA, ITAR, FRCP, HITECH, GLBA, PCI DSS, CFATS, DIACAP, Responding to NIST 800-53, ISO27001, CAG, ENISA, CSA V2.3, … all elements of transparency TaaSEnterprise CSC Trusted Community Cloud Cloud Trust CTP Response Manager (CRM) TaaS Dashboard CTP TaaS CTP Private Trusted Cloud CTP CTPCloud Responding toTrust all elements ofAgent transparency CTP Using reclaimed visibility into the cloud •Downstream to confirm security and create digital •compliance trust CTP •processing Source: http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp , & CSA Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Digital Trust and Value Creationhttp://assets1.csc.com/financial_services/downloads/DigitalTrustForLifeReport.pdfShahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic 81
    • Federal Information Security Management Act (FISMA, 2002)FISMA ATO for CSP (Low, Moderate, High)• Part of NIST’s Computer Security Division• Issues an authorization to operate for cloud service providers• It doesn’t require certification of products or services. It sets security requirements for federal IT systems.U.S. Government Cloud Computing Technology Roadmap(http://www.nist.gov/itl/cloud/upload/SP_500_293_volumeI-2.pdf)Its aim is: “…to make it substantially easier to buy, sell, interconnect and use cloud environments in the government”. 82 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Federal Risk and Authorization Management ProgramFedRAMP is the result of close collaboration with cybersecurity and cloud experts from: 83 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Federal Risk and Authorization Management Program (FedRAMP)• established on December 8, 2011• The FedRAMP security controls are based on NIST SP 800-53 R3 / 53 A, controls• Establishes US Federal policy for the protection of Federal information in cloud services• Describes the key components and its operational capabilities• Defines Executive department and agency responsibilities in developing, implementing, operating, and maintaining the program• Defines the requirements for Executive departments and agencies using the program in the acquisition of cloud services 84 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • How Will Cloud Services Be Prioritized For FedRAMP Review?• “FedRAMP will prioritize the review of cloud systems withthe objective to assess and authorize cloud systems that canbe leveraged government-wide”.• FedRAMP will prioritize Secure Infrastructure as a Service(IaaS) solutions, contract vehicles for commodity services, andshared services.(1) Cloud systems with existing Federal agency’s authority-to-operates (ATOs) get first priority(2) Cloud systems without an existing Federal agency ATO getsecond priority 85 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • FedRAMP – Deliverables For Cloud Computing Service ProvidersA. Develop Plan of Action & Milestones: (POAM)B. Assemble Security authorization Package (SAP)C. Determine RiskD. Determine the Acceptability of RiskE. Obtain Security Authorization Decision (yes/no) 86 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • FedRAMP - Third Party Assessment Organizations (3PAOs)• Perform initial and periodic assessment of CSP systems per FedRAMP requirement• provide evidence of compliance, and play an on-going role in ensuring CSPs meet requirements.• FedRAMP provisional authorizations must include an assessment by an accredited 3PAO to ensure a consistent assessment process.• Independent assessors of whether a cloud service provider has met the 297 agreed upon FedRAMP security controls (604 pages) so they can get an authority to operate (ATO).• Companies cannot be 3PAOs and cloud service providers (CSP) at the same time for same contracts (MOU, etc.,) 87 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Cloud Guidelines in Israel By ILITA (Start: 19.5.2012) • Primal check of outsourcing legitimacy1 • Meticulous definition of purpose and use of outsourced data2 • Alignment of security and privacy controls in accordance to existing regulations and3 standards (ISO 27001, 357, 257) • Transparency and obedience to privacy laws4 • Defining the means of privacy enforcement and monitoring5 • Ensuring data deletion upon ending of contract6 http://www.justice.gov.il/MOJHeb/ILITA/News/mikurhuts.htm 88 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Decrease The Risk Of Cloud Computing• Do a thorough check on the potential provider – not only its performance record, but also the background of its management, have they implemented the information security and business continuity policies and procedures, financial stability, legal risks etc.• Write very specific security clauses in your agreement with the provider, where the biggest emphasis will be on issues that have raised the highest concerns during risk assessment.• Keep a backup copy of your information locally – although a cloud computing provider will (probably) do regular backup, it is always a good idea to have direct control of your information. (e.g. banking regulators in some countries have imposed regulations to local banks to keep the backup copy inside the country specifically because of this risk.)• Develop your strategy on how to return the information processing/archiving back to your company (re-insourcing) in case of problems with your cloud computing provider – you should know exactly which steps are needed, as well as which resources.• An exit strategy might also be to have an alternative cloud computing provider standing by, ready to jump in if your existing partner performs badly.• Perform regular checks of your provider to find out whether they are complying with the security clauses in the agreement Source: http://blog.iso27001standard.com/# 89 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Market Data Source: http://xkcd.com/657/large/ 90Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Information Security Staffing1 Security Personnel 25’th percentile 50’th percentile 75’th percentile Average For how many employees? 500 1167 1600 1582For how many IT staff? 33 42 61 55 For how many desktops? 397 750 1172 951 For how many endpoints? 522 1130 1779 1314 For how many WIN servers? 119 200 270 194 Source: STKI 91 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Security Consultants -Israeli Market View 1Q12 (Partial List) *DataSec, **Oasis-Tech Source: STKI 92 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Security System Integrators -Israeli Market View 1Q12 (Partial List) *Netcom, **Spider, ***We, ^Oasis-Tech, ^^Decimus Source: STKI 93 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Networking Budget ~ 10% of IT OpEx Source: The Corporate Executive Board Company 94Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Constant Staffing Mix Within IT Source: The Corporate Executive Board Company 95Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Positioning Methodology Israeli vendor rating – Market positioning is focused on the enterprise sector (not SMB)  X axis: Market penetration (sales + installed base+ clients perspective)  Y axis: localization, support, Local R&D center, number and quality of SIs, etc.  Worldwide leaders are marked based on global positioningVendors to watch: Israeli market newcomersSTKI positioning represents the current Israeli market and not necessarilywhat we recommend to our clients 96 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • xxx- Israeli Market Positioning 1Q12 Vendor B Local Support Player Worldwide Leader Vendor A Market Presence 97Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Data Leakage Prevention -Israeli Market Positioning 1Q12 Websense Local Support Symantec Player Verdasys Worldwide Fidelis Leader GTB McAfee CA Safend Checkpoint EMC Market Presence 98 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Database Protection -Israeli Market Positioning 1Q12 McAfee Local Support Player GreenSQL Imperva Worldwide Brillix Leader Informatica Oracle IBM Safenet SAP Fortinet Market Presence 99 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Network Encryption -Israeli Market Positioning 1Q12 Safenet Local Support Fortinet Player Thales Worldwide Leader Cisco Market Presence 100 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Enterprise Network Firewall -Israeli Market Positioning 1Q12 Checkpoint PaloAlto Fortinet Local Support Juniper Player Microsoft Cisco Worldwide Leader HP McAfee F5 SonicWall Barracuda Market Presence 101 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Secure Remote Access-Israeli Market Positioning 1Q12 Juniper Checkpoint Cisco Local Support Player F5 Worldwide Leader Citrix Microsoft Fortinet SonicWall Market Presence 102 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Intrusion Prevention Systems -Israeli Market Positioning 1Q12 McAfee IBM Checkpoint Local Support Juniper Radware Player PaloAlto Worldwide Barracuda Leader Fortinet Cisco HP SourceFire SonicWall Market Presence 103 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Network Access Control-Israeli Market Positioning 1Q12 Access Layers Local Support Cisco ForeScout Player Juniper Checkpoint Worldwide McAfee Leader (Insightix) HP Wise-Mon Symantec Microsoft Enterasys Market Presence 104 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Secure Web Gateway-Israeli Market Positioning 1Q12 Websense BlueCoat Local Support Mcafee Cisco Player Symantec Safenet Clear Swift Worldwide Zscaler Leader Fortinet Sonicwall Trend Micro Microsoft PineApp Barracuda Market Presence 105 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Email Security-Israeli Market Positioning 1Q12 Cisco Symantec Safenet Local Support Websense PineApp Trend Micro Player Sonicwall Worldwide Leader Microsoft Mcafee Fortinet Mirapoint Clear Swift Barracuda Market Presence 106 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Application Firewall-Israeli Market Positioning 1Q12 Imperva F5 Local Support Player Sonicwall Radware Worldwide Leader Citrix Microsoft Fortinet Applicure Barracuda Market Presence 107 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • SOA SecurityXML FW -Israeli Market Positioning 1Q12 Local Support IBM F5 Player Intel Worldwide Leader Radware Imperva CA Microdasys Layer7 Oracle Market Presence 108 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Server Security -Israeli Market Positioning 1Q12 Trend Micro McAfee Local Support CA Symantec Player Microsoft Worldwide Leader IBM VMware NetIQ Reflex Calcom Kaspersky Sophos Market Presence 109 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Endpoint Security -Israeli Market Positioning 1Q12 McAfee Trend Micro Symantec Local Support Checkpoint Player Promisec CA Microsoft Worldwide Leader Safend Cryptzone Kaspersky IBM Sophos Lumension Market Presence 110 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • “Strong” User Authentication -Israeli Market Positioning 1Q12 Vendors to watch (Biometric):ANB, Authentic, L1, Secugen, UPEK And others Safenet Cidway Local Support Player SecurEnvoy RSA Oracle Athena Worldwide Leader Vasco CA Symantec ANB ActivIdentity Quest Gemalto Market Presence 111 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Access Management & Monitoring -Israeli Market Positioning 1Q12 NetIQ (Novell) CyberArk Local Support Oracle CA Player Symantec IBM Worldwide SAP Varonis Leader Quest Xpandion Whitebox Imperva Spatiq Market Presence 112Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Security Information & Event Management (SIEM/SOC) -Israeli Market Positioning 1Q12 Symantec HP Local Support Player EMC IBM (Q1 Labs) McAfee Worldwide Leader (Nitro) NetIQ (Novell) Juniper Splunk Market Presence 113 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Governance, Risk and Compliance Suites (GRC) -Israeli Market Positioning 1Q12 Local Support SAS Orantech Checkpoint Player IBM (DynaSec) SAP Worldwide (Open Pages) Leader Bwise Oracle WCK Symantec KCS SoftwareAG EMC Market Presence 114Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic
    • Thank You! Scan Me to Your Contacts… 115Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic