More Related Content More from Skybox Security (20) Breaking Point: Why Complexity, BYOD, and Cyber Threats Spell the End of Enterprise Network Security as We Know It.1. Tech Forum 2012:
Security at the Breaking Point
a
presented by
Gidi Cohen
CEO and Founder
April 19, 2012
© 2012 Skybox Security 1
2. A Few Facts About Skybox
Pioneer in Security Risk Management
• Founded in 2002
• First risk management product in 2004
• Now - portfolio of automated security
management tools on common platform
Today
• 85% growth in 2011
• 300 Global 2000 customers
• Financial Services, Government, Defense,
Energy & Utilities, Retail, Service
Providers, Manufacturing, Tech
© 2012 Skybox Security 2
3. Let’s roll back the clock to 2002
Founded in 2002
First product in 2004
Code Red and Nimda Palm Treo 2002
are hot topics
First smartphone
Anti-virus software is worm in 2004
widely deployed
Symantec reports 2,524 new Named a “top 100” private company
vulnerabilities identified in 2002
© 2012 Skybox Security 3
4. And roll it back even farther…
1984
DNS is introduced
First domain name registered 1985
Macintosh introduced
128K RAM, GUI interface!
And Mark Zuckerberg was born
© 2012 Skybox Security 4
5. Fast Forward to 2012
Complexity is a Huge Challenge
Enterprise network
• 55,000 nodes
• 300 firewalls
• 25,000 rules
• 65 network
changes/day
• 10,000 daily reported
vulnerabilities
© 2012 Skybox Security 5
7. Vulnerabilities and Threats Abound
buffer attack blocked rules Misconfigured firewall
USBs Misconfigured firewall policy violation
missing IPS signature networks social networks
social
blocked rules asset vulnerabilities
default password threat origins Misconfigured firewall
blocked rules threat origins
access violation
blocked rules
access policy violations
buffer attack violation default password
access policy violations
access
default password Misconfigured firewall USBs USBs policy violation
social networks
blocked rulespolicy violation access violation
social networks
missing IPS signature
threat origins policy violation
social networks USBs missing IPS signature
access violation threat origins social networks
buffer attack Misconfigured firewall
social networkssocial networks
buffer attack
blocked rules
blocked rules
missing IPS signature
access violation access violation
© 2012 Skybox Security 7
8. Old Generation Technologies –
Can’t Keep Up
Vulnerability Scanners
Too much • Disruptive to the network
data • Not suitable for daily operations
• Irrelevant for the Internet of Things
Security Information & Event Management
(SIEM)
Reactive
• Too much data
• Lacks context to deal with incidents
Network Configuration Management
Limited
• Config management, not security
view
• No holistic view of network security
© 2012 Skybox Security 8
9. Security is Unmanageable
Painful, Costly, Reactive
Unable to keep pace with Damaging attacks, business
network changes, new services disruption, loss of IP
Compliance reporting Inefficient processes,
consumes scarce resources escalating management costs
© 2012 Skybox Security 9
10. It’s going to get a lot worse
(Mobile, Virtualization, Clouds)
© 2012 Skybox Security 10
11. Mobile Devices Everywhere
• Mobile data grew 2.3X
in 2011
• Entire Global internet
in 2000
75 PB
• Mobile data traffic 2011
597 PB
• Does your BYOD/mobile
strategy assume
7X growth by 2014?
© 2012 Skybox Security 11
12. Mobile Threats Took Off in Q4/11
Source: McAfee Q4 2011 Threat Report
© 2012 Skybox Security 12
13. Virtualized Servers the New Norm
% Virtualized Servers
70% • Server virtualization
forecast
hit 50% in 2011
50% • More virtualized servers
deployed in 2011 than in
2001 to 2009 combined
!
18% • Are you considering
security challenges of
virtual environments?
2009 2010 2011 2012 2013 2014
Source: Consolidated from Gartner reports
© 2012 Skybox Security 13
14. Cloud Services Use is Soaring
Source: Forrester Research, Sizing the Cloud, 2011
© 2012 Skybox Security 14
15. New Virtualization and Cloud
Security Concerns
• Complexity of hybrid environments
• physical, virtual, cloud – private, public, community
• Lack of visibility
• Novel threats and vulnerabilities
• Hypervisor level New Trend!
• Segmentation of virtual machines
• Security team losing control
• Non-IT buyer
BYOC
• Where is the data?
• What is the SLA?
• Are we in compliance?
© 2012 Skybox Security 15
16. The Security Management Gap is
Widening Fast
140
120 • Think 16X
improvement in 4
100 years
80 Security
challenges • What will you do
60
differently?
40
20 • Prioritize and plan
Ability to execute accordingly
0
2009 2010 2011 2012 2013 2014
© 2012 Skybox Security 16
17. The Missing Piece:
Security Risk Management
Holistic Visibility of the IT Infrastructure
• Networks, routers, firewalls, …
• End points – servers, desktops, virtual machines, mobile
• Cloud and virtualization infrastructure
Predictive Security Analytics
• Cyber attack simulation – APT, malicious code
• Network security analysis – firewalls, network path analysis
• Security metrics
Cost Saving - Integrated into Daily Operations
• Proactive, automated operation
• Scale to any environment
• Integrated with existing infrastructure
© 2012 Skybox Security 17
18. Automated, Proactive
Security Operations
Fix exploitable
vulnerabilities
Prevent potential attack
Maintain scenarios
continuous
compliance
Keep firewalls
configured securely
Gain network visibility
© 2012 Skybox Security 18
19. Today: Security Management
Landscape
SOC
SIEM
Event
Management
Firewall and Log Analysis
Network Device
Management
Optimization
IT GRC
Compliance
Security Risk Controls &
Change
Management Management Regulations
Patch
Management Vulnerability
Discovery
Endpoint
Control
Endpoint
Vulnerability
Compliance
Scanners
© 2012 Skybox Security 19
20. 2014: Integration is Critical
SOC
SIEM Event
Management
Log Analysis
Firewall and Situational
Network Device Awareness
Management
Optimization Security
Compliance IT GRC
Change Risk Controls &
Management Regulations
Management
Patch
Management
Vulnerability
Endpoint Discovery
Control
Endpoint Vulnerability
Compliance Scanners
© 2012 Skybox Security 20
21. Future Architecture of
Security Management
IT GRC – compliance reporting
Security Risk Security Information &
Management (SRM) Event Management
(SIEM)
Proactive, pre-attack Post-attack incident
exposure management management
Patch Management, Vulnerability Scanners, A lot of logs, events
Asset Management, Threat Intelligence, network traffic
Network & Security Configs,
Mobile Device Management
© 2012 Skybox Security 21
22. Evolution of
Security Risk Management
Today By 2014
Change management
Firewall and network Continuous monitoring
Use assessment Next gen vulnerability mgmt
Cases
Risk assessment Threat response
Discover
Visualize
Visualize Assess
Platform
Assess Plan
Plan Remediate
Track
Network Extended network
Environment Traditional firewalls, environment
network devices, assets Virtual, Cloud, Mobile
Smart Grid
© 2012 Skybox Security 22
23. Start NOW!
Set the bar high
• Unbelievable scale
• Adapt to new architectures
Reinvent security
management processes
• Integrated
• Proactive not reactive
Use the Force, Luke
• Smart analytics
• Decision support
© 2012 Skybox Security 23
24. Automate daily security tasks
Maintain compliance, prevent attacks
Visit www.skyboxsecurity.com
Thank you!
© 2012 Skybox Security 24