Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy


Published on

It’s a new era for IT security teams. Tasked with ensuring the success of business-changing IT initiatives from mobile and BYOD to virtualization and cloud services, CISOs are finding that existing security controls and processes create complexity instead of reducing risks. At the same time, highly publicized breaches and new forms of attacks have raised awareness of the business impact of cyber threats to the board level. It’s time for a hard look at your current security program. Can you demonstrate an effective security strategy that will protect your company’s vital services, systems and data?

Gidi Cohen challenges you to reinvent your security approach. More than offering just a few ideas, Cohen will examine why some popular security controls are no longer effective at minimizing risks, and explore proven next-generation techniques to increase your ability to see, measure, and gain control over business risks.

Presented by Gidi Cohen, CEO and Founder - Skybox Security at the CISO Summit in San Francisco, CA.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy

  1. 1. Out with the Old, in with the New CISO Strategy for 2013 presented by Gidi Cohen CEO and Founder, Skybox Security December 7, 2012 www.skyboxsecurity.com © 2012 Skybox Security 1
  2. 2. Skybox Security OverviewLeader in ProactiveSecurity Risk Management• Predictive risk analytics for best decision support• Designed for continuous, scalable operation• Complete portfolio on a common platformGlobal 2000 Customers• Proven effective in complex networks• Financial Services, Government, Defense, Tech, Energy, Retail, Service Providers, Manufacturing• “ This is the best tool we have for getting all of our risk information in one place.” - USAID © 2012 Skybox Security 2
  3. 3. Security Challenges in a Changing World100% Uptime BYOD DemandsRapidly Mutating BYOC (Cloud)Threats data and appsRoll-out New Services © 2012 Skybox Security 3
  4. 4. 2013 Top Goals for the CISO Protect Information Deliver Business Be a Trusted Assets Value Advisor Common thread... RISK• Identify risks • Timely, cost-effective • Communicate risks• Ensure effective risk mitigation in business language risk controls • Supports business goals (Source: Forrester, Role Job Description: CISO, March 2012) © 2012 Skybox Security 4
  5. 5. Strong Security Risk Management Program is Essential Continuous, ScalableThreats Infrastructure ImpactChange Mitigation ExecRequests Options Reports © 2012 Skybox Security 5
  6. 6. How Do You Manage Risks Today? Vulnerability Scanners ProtectInformation SIEM Assets IT GRC © 2012 Skybox Security 6
  7. 7. 2012 Skybox Survey: Vulnerability Management Challenges How often do you scan? How much coverage? 350 300 To keep pace with threats? 250 Daily updates 90%+ hosts 200 Too Little, Too Late 150 Critical systems, DMZ 100 Partner/External networks Avg. scan: 30 daysFrequency Avg. scan: 60-90 days 50-75% of hosts 50 <50% of hostsx/year 0 10% 20% 30% 40% 50% 60% 70% 80% 90% % of Network Scanned © 2012 Skybox Security 7
  8. 8. Vulnerability Assessments: Just Not Effective Reasons that respondents don’t scan more often We are concerned about disruptions from scanning 59% We don’t have the resources to analyze more frequent scan data 58% We dont have the resources to deal with Disruptive, Inaccurate Picture of Risk broader patching activity 41%Some hosts are not scannable due to their use 34% The cost of licenses is prohibitive 29% Unable to gain credentialed access to scan portions of the network 12% We just don’t need to scan more 5% © 2012 Skybox Security 8
  9. 9. Is a Vulnerability Scanner Sufficient for Security Risk Management? Updated Continuously Lacks network contextThreats Infrastructure ImpactChange Mitigation ExecRequests Options Reports © 2012 Skybox Security 9
  10. 10. SIEM – Monitoring, not Prevention Pre-event Post-event Event! Anticipate risks Monitor events Prevent attacks Incident response Reactive, Incomplete Risk Picture(Regarding SIEM) "If the question is, Does it stophackers? then the answer is no. Its not supposedto stop anything.“ Dr. Anton Chuvakin, Gartner © 2012 Skybox Security 10
  11. 11. Is a GRC Tool Sufficient for Security Risk Management? Updated Continuously Policy view only Lacks network context Threats Infrastructure ImpactChange No operationalMitigation ExecRequests guidance Options Reports © 2012 Skybox Security 11
  12. 12. “Insanity: Doing the samething over and over againand expecting differentresults." -- Albert Einstein © 2012 Skybox Security 12
  13. 13. Success Story – Global Brewing Company On the surface… • Firewall rulesets bloated • Service performance issues Dig deeper… • Unable to see infrastructure • Unable to anticipate impact of planned changes CISO’s visionary goal • Fundamentally different approachOperations on all continents to security managementMany centralized services © 2012 Skybox Security 13
  14. 14. Brewing Company – Integrated Approach for Security Management Enabled by modeling Updated Continuously and simulationThreats Infrastructure ImpactChange Change Mitigation Firewall ExecRisk OperationalRequests Planning Optimization Options Metrics Metrics Reports © 2012 Skybox Security 14
  15. 15. Brewing Company - Results Clear Visibility • Enabled clear view of the infrastructure for network architecture planning Improved Security • Able to quickly assess potential risks of changes Lower Maintenance Time • Consolidated and optimized firewalls Improved Performance • Increased use of centralized resources Better Internal Communications • Reports on operational and risk metrics © 2012 Skybox Security 15
  16. 16. Leveraging Risk Analytics, Modeling and Simulation Vulnerabilities Change Exposes • CVE 2011-203 a Vulnerability • CVE 2009-722 • CVE 2012-490IPS SignaturesNot Enabled Likely Attack Available Scenario Access Path © 2012 Skybox Security 16
  17. 17. Common Use Cases for SRM Continuous Risk Mitigation • Threat• Compliance intelligence• Change • Vulnerability • Attack prediction discovery Management • APT and• Optimization • Prioritization Malware • Remediation simulation planning Network Security Future SOC Management Enabled by Risk Analytics © 2012 Skybox Security 17
  18. 18. Blueprint for Network Security Management ITSM Integration Network Security Change ManagementCorporatePolicies Business Compliance & Risk Analytics MetricsBest PracticePolicy Operational Metrics Normalized device configuration repository Compliance Reports Firewalls Network Devices 18
  19. 19. Enabling Business Needs, Securely © 2012 Skybox Security 19
  20. 20. Continuous Risk Mitigation (Next-Gen Vulnerability Management) Most Critical ActionsVulnerabilities Threats © 2012 Skybox Security 20
  21. 21. Risk-Driven Security Operations Center IT GRC/Security Dashboard – consolidated reportingSecurity Risk Security Information &Management (SRM) Event Management (SIEM)Proactive, pre-attack Post-attack incidentrisk mitigation management © 2012 Skybox Security - Confidential 21
  22. 22. Adapt and ThriveEnable Business Needs• Support roll-out of new business services• Quantify risks and communicate optionsManage Risks Effectively• Monitor risks continuously• Include proactive risk-management in operationsTreat Security as a Business • Communicate security impact in business terms • Drive cost-efficient operations © 2012 Skybox Security 22
  23. 23. Automate daily security tasksMaintain compliance, prevent attacksThank you!www.skyboxsecurity.com © 2012 Skybox Security 23