Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Annual OktCyberfest 2019

65 views

Published on

Annual OktCyberfest 2019 Slides from our spectacular sponors.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Annual OktCyberfest 2019

  1. 1. #OktCyberfest
  2. 2. Agenda Introduction Technology Partner Presentations #1 Break 3pm Technology Partner Presentations #2 Networking & Drinks Finish 5.30pm 1.15pm 1.30pm 3.00pm 3.15pm 4.45pm 5.30pm
  3. 3. ANDREW GOGARTY Chief Security Evangelist
  4. 4. 3 Stages to Cyber Security Maturity
  5. 5. The Problem The average business does not know their cyber security vulnerabilities or if they have been attacked The cost of building and maintaining a cyber security service inhouse for the average business is too high
  6. 6. Cybersecurity Best Practice
  7. 7. Where to start? VS Opportunists Targeted Attack
  8. 8. How do we make it easy for them? Unpatched operating systems Unpatched applications (e.g Adobe etc) Legacy operating systems Standard users with priviledged accounts Out of date security tools Misconfigured Security tools (and network devices) Using Cloud applications, storage or workloads without controls in place Non savvy users in front of the keyboard Weak passwords, using same password multiple times No controls on sensitive data - DLP, Encryption, Role based access Poor backup strategy We dont know they are there until they have done their business (MONITORING)
  9. 9. Who has set up DMARC? 40% Do not have a DMARC record published 51% Do not have a DMARC quarantine/reject policy enabled Of the organisations that do have a DMARC Record Published here today Of all the attendees here today
  10. 10. Value of monitoring
  11. 11. Why the need for monitoring? ● Detect attacks: Either originating from outside the organisation or attacks as a result of deliberate or accidental user activity. ● React to attacks: An effective response to an attack depends upon first being aware than an attack has happened or is taking place. A swift response is essential to stop the attack, and to respond and minimise the impact or damage caused. ● Account for activity: You should have a complete understanding of how systems, services and information are being used by users. Failure to monitor systems and their use could lead to attacks going unnoticed and/or non-compliance with legal or regulatory requirements.
  12. 12. Always prepare for the worst
  13. 13. Do you know what to do if you get hit?
  14. 14. Have a plan! Incident Scenario definition - Define potential breach scenarios across the organisation Classification of Data review - Identify the different classes of data within your organisation and determine the response efforts and activities for each data type Performance Objectives definition - On a per data classification per scenario basis, define high-level guidelines and timelines for each incident response Key Roles & Responsibilities identification - Agree key senior executive and “war room” personnel. List key roles and individuals, including external stakeholders Possible Failure Modes - Review areas where the Incident Response Plan could break down. Build-in contingency around areas of weakness e.g. backup personnel. Tools & Documentation Review - A review of all documentation and tools including procedures, checklists, for both eradication and recovery. Response Plan Testing - Create exercise scenarios and test the plan’s effectiveness. Ongoing Maintenance and Training - Ensure an executive has overall responsibility of the plan. Integrate the maintenance of the plain into normal business processes. Ensure the plan is available to all staff and they are aware of the content
  15. 15. Lessons learnt. CYBERSECURITY BEST PRACTICE ALWAYS PREPARE FOR THE WORST VALUE OF MONITORING SECURITY IS A CONTINUOUS PROCESS - NOT SET AND FORGET!
  16. 16. GOOD FOR PEOPLE & GOOD FOR BUSINESS How to start your least privileged journey C Y B E R S E C U R I T Y T H A T ’ S Scott Shields
  17. 17. Protecting privileged accounts has the greatest impact of any cyber security strategy of cyber attacks enter through compromised endpoints 85% - SANS of breaches involve privileged credentials 80% - 2018 Forrester Wave Privileged Identity Management
  18. 18. accessing privileged accounts was the number one choice for the easiest and fastest way to get at sensitive data 32% OF HACKERS SAY
  19. 19. PRIVILEGED ACCOUNTS What is a privileged account? § Non-human or user accounts used by IT staff or applications which often have unfettered access to critical data and systems i.e. Domain Admin, root. § Exist everywhere in nearly every connected device, server, hypervisor, OS, DB, or application: on-premises & cloud. § Represent one of the most vulnerable aspects of an organization’s IT infrastructure.
  20. 20. PAM Gartner Ranks CISO’s #1 Security Priority On Gartner’s List of Top 6 Security Projects THYCOTIC ADRESSES 4 § #1 – Privilege Account Management § #3 – Anti-phishing § #4 – Application Control § #6 – Detection & Response
  21. 21. Why can Privileged Accounts be difficult to secure? Unknown: • Don’t know where service accounts are used (dependent services) • Multiple accounts used to run services, tasks, applications on multiple servers, possibly in multiple data centers Unmanaged: • Never rotating passwords = manual, tedious process • Password changes require downtime = need to be done off hours Unprotected: • No access control • No auditing
  22. 22. Secret Server Privileged Accounts MSSQL Oracle MySQL Domain Administrators Windows Local Administrators Domain Service Accounts RedHat Debian Fedora AS400 / OS390 z/OS (RACF) SSH Cisco / Juniper Checkpoint / Palo Alto Blue Coat / SonicWall VMware ESX/ESXi Dell DRAC / HP iLO SSH/Telnet Compatible Google / Office365 / Salesforce SAP / Social Media AWS / Azure Config Files Scripts DevOps
  23. 23. Two Factor SAML SSO IWA Desktop App / Smartphone Apps Web Browser API Session Launcher Session Monitoring + Workflows Alerts Distributed Engine Password Rotation Discovery+ Service Accounts Discovery+ Secret Server Secret Server MS SQL HA/Geo Replication IIS Cluster IT Admins RBAC Complete DR Time limited Access Request & Approval Requires Ticket One Time Password +
  24. 24. Why Privileged Accounts Are an Attractive Target • Privileged accounts exist everywhere and used by IT personnel to access servers, OS, routers, apps, DB…. • Privileged accounts are often unknown, unmanaged, & unprotected • Attackers target privileged accounts to gain access & cause harm • 200+ days is average time breaches go undetected 83% of cyber breaches involve privilege accounts - Verizon 2018 Report
  25. 25. MATURITYLEVEL ADAPTIVE INTELLIGENT4 SECURITYPOSTURE BEGINNERS LEADERS ANALOG1 BASIC2 High risk to architecture & operations CRITICAL RISK THRESHOLD Low risk to architecture & operations ADVANCED3 PAM Maturity Model
  26. 26. MATURITYLEVEL ADAPTIVE INTELLIGENT4 SECURITYPOSTURE BEGINNERS LEADERS ANALOG1 BASIC2 High risk to architecture & operations Low risk to architecture & operations § Paper-based password & credential tracking § Default password use § No password rotation § No or minimal password complexity requirements § Automated privileged account discovery § Password vaulting § Non-default password use § Multi-factor authentication § Automated password rotation & randomization § Password hiding § Privileged session proxying § Dual control & 4-eyes protocols § Session monitoring § Immutable privileged activity auditing § Endpoint Least Privilege & application control § Automated anomoly detection & remediation § Automated privileged account lifecycle management § DevOps workflow privileged account management FEATURES ADVANCED3 PAM Maturity Model
  27. 27. MATURITYLEVEL ADAPTIVE INTELLIGENT4 SECURITYPOSTURE BEGINNERS LEADERS ANALOG1 BASIC2 High risk to architecture & operations Low risk to architecture & operations § Paper-based password & credential tracking § Default password use § No password rotation § No or minimal password complexity requirements § Automated privileged account discovery § Password vaulting § Non-default password use § Multi-factor authentication § Automated password rotation & randomization § Password hiding § Privileged session proxying § Dual control & 4-eyes protocols § Session monitoring § Immutable privileged activity auditing § Endpoint Least Privilege & application control § Automated anomoly detection & remediation § Automated privileged account lifecycle management § DevOps workflow privileged account management FEATURES ADVANCED3 PAM Maturity Model
  28. 28. MATURITYLEVEL ADAPTIVE INTELLIGENT4 SECURITYPOSTURE BEGINNERS LEADERS ANALOG1 BASIC2 High risk to architecture & operations Low risk to architecture & operations § Paper-based password & credential tracking § Default password use § No password rotation § No or minimal password complexity requirements § Automated privileged account discovery § Password vaulting § Non-default password use § Multi-factor authentication § Automated password rotation & randomization § Password hiding § Privileged session proxying § Dual control & 4-eyes protocols § Session monitoring § Immutable privileged activity auditing § Endpoint Least Privilege & application control § Automated anomoly detection & remediation § Automated privileged account lifecycle management § DevOps workflow privileged account management FEATURES ADVANCED3 PAM Maturity Model
  29. 29. MATURITYLEVEL ADAPTIVE INTELLIGENT4 SECURITYPOSTURE BEGINNERS LEADERS ANALOG1 BASIC2 High risk to architecture & operations CRITICAL RISK THRESHOLD Low risk to architecture & operations § Paper-based password & credential tracking § Default password use § No password rotation § No or minimal password complexity requirements § Automated privileged account discovery § Password vaulting § Non-default password use § Multi-factor authentication § Automated password rotation & randomization § Password hiding § Privileged session proxying § Dual control & 4-eyes protocols § Session monitoring § Immutable privileged activity auditing § Endpoint Least Privilege & application control § Automated anomoly detection & remediation § Automated privileged account lifecycle management § DevOps workflow privileged account management FEATURES ADVANCED3 PAM Maturity Model
  30. 30. Ultimate goal No more local administrators Lightweight, clientside service -> Granular Policies -> Elevate applications, instead of users
  31. 31. THE THREAT: Local Privileged Accounts Local admin accounts on endpoints can be used to access other computers, domain resources, and critical servers unless a least privilege security model is implemented They exist everywhere because it’s easier to give standard domain user accounts more rights than they actually need, resulting in humans with privileged access. The issue is rarely addressed on employee computers, leaving companies vulnerable to privileged account escalation and pass-the- hash attacks 96% of critical vulnerabilities affecting Windows operating systems could be mitigated by removing admin rights 60% of all Microsoft vulnerabilities could be mitigated by removing admin rights According to
  32. 32. THE Microsoft Solution: UAC Microsoft recommend that no users should log in to endpoints with local admin rights. Instead they should be issued with two sets of credentials: • Standard User • Local Admin Users should log in with their standard user account and will receive a UAC prompt whenever admin privileges are required. OR Remove admin accounts from end users and keep support teams with administrative accounts Limitations of UAC • 2 sets of credentials to remember • Users just log in with the admin account or create a new account/s • Limited application support • If leaving support team with Admin accounts this puts HUGE workload on them
  33. 33. How? • Elevate (add admin rights) to specific applications (Never the User!) • Replace Windows UAC with flexible, customized messaging • Block known-bad applications outright • Whitelist known-good applications and prevent unknown applications from executing • And much more…
  34. 34. PRIVILEGED ACCOUNT MANAGEMENT SECRET SERVER ANALYTICS PRIVILEGED BEHAVIOUR ANALYTICS ENDPOINT APPLICATION CONTROL PRIVILEGE MANAGER
  35. 35. RATED #1 in GARTNER PEER REVIEWS Performance & Ease of Use We are very pleased with Secret Server performance and ease of use, especially compared to the CyberArk product it will replace.” CISO, FINANCE INDUSTRY Requires Less, Covers More Thycotic is 100% better than CyberArk at a fraction of the cost. And requires a smaller footprint and covers more compliance requirements.” IT SPECIALIST, SERVICE INDUSTRY Adoption Skyrockets Adoption has been organic without a need to strongly push the tool. It’s intuitive, requiring very little training to get our teams up and running.” INFOSEC MANAGER, SERVICE INDUSTRY
  36. 36. Free Trials Free Resources
  37. 37. THANK YOU
  38. 38. ©2018Yubico © 2018 Yubico A New Era for Authentication Bettina Vahl, EMEA Channel Sales Manager October 4th, 2019 1
  39. 39. ©2018Yubico ● 12 years of Innovation in Security ● 8 of the top 10 technology companies ● 4 of the top 10 US banks ● 2 of the top 3 global retailers ● DOD Approved 2nd Factor ● Millions of users in 160 countries 2 Yubico, Trusted Secure Authentication Trusted choice for the largest companies in the world. ● Principal Author of U2F authentication standard ● Principal Author of FIDO 2.0 WEB AuthN authentication protocol ● Board Member of FIDO Alliance
  40. 40. ©2018Yubico 3 In the News
  41. 41. 4 ©2019Yubico #1 IT Security Problem: Stolen Credentials 3.8 Billion stolen credentials reported in 2018 81% of data breaches from weak/stolen passwords $3.92M average cost of a breach ($148/ record)
  42. 42. ©2018Yubico ● Multi-Factor Authentication (MFA) device ● Provides secure login for computers, phones, online services and servers ● Protects against Phishing, MITM attacks and Credential Theft What is a Yubikey?
  43. 43. ©2019Yubico YubiKey Product LineWaterproof Crush Resistant Easy, Fast & Reliable Authentication YubiKey does not require a battery or a network connection.
  44. 44. ©2019Yubico YubiKey Product LineWaterproof Crush Resistant Easy, Fast & Reliable Authentication YubiKey does not require a battery or a network connection.
  45. 45. ©2019Yubico 7 Authenticate Anywhere...
  46. 46. 8 Faster and More Secure Registration to websites and applications Rapid onboarding of new devices and establishing trusted devices { Easy and Fast Account Recovery in the case of a lost/stolen device Portable Root of Trust High Security with Escalation of Privileges/Step-up Authentication A Portable Root of Trust Simplifies the User Experience and Increases Security
  47. 47. ©2019Yubico 9 9 Single Factor: Passwordless Replaces weak passwords with strong authentication for single factor authentication. Multi-Factor: Passwordless + PIN or Biometric Multi-factor with combination of a YubiKey with touch and a PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription Two Factor: Password + YubiKey Second factor in a two factor authentication solution FIDO2 Overview New open authentication standard offering new authentication choices
  48. 48. ©2017Yubico ● Eliminates account takeovers and delivers strong phishing defence ● Enables secure web and mobile app login across all major operating systems and all major browsers ● Secures employee-facing, in-house mobile apps e.g. Retail Point-of-Sale apps ● Secures customer-facing mobile apps e.g. mobile banking apps Passwordless Authentication Secure Login for Web and Mobile Apps
  49. 49. ©2018Yubico Google Eliminated Account Takeovers Mandated security keys for every employee and contractor. “We have mandated a hardware second factor since 2009...we have not had a single successful phishing attack against a Google employee since then.” - Niels Provos, Distinguished Engineer at Google A16z Podcast: The State of Security+50,000 employees in +70 countries
  50. 50. ©2019Yubico 12 Problem: One Time Password through Mobile Apps and SMS didn’t stop phishing Solution: Google made YubiKeys mandatory for all employees, and optional for end-users Result: Zero account takeovers 4X faster to login 92% support reduction Zero failure rates Best Total Cost of Ownership
  51. 51. ©2018Yubico 13 Ubiquitous: One Key to All IT Systems Computer Login Privileged Access CMS Remote Access & VPN Identity Access Mgmt Developer & Encryption Tools Password Mgmt Online Services
  52. 52. ©2018Yubico YubiKey: Modern Authentication at Scale
  53. 53. ©2018Yubico © 2018 Yubico 15
  54. 54. Identity & Access Management Secon OktCyberFest IAM Solution of The Year IAM Award International Contribution to Cyber Security Best Identity Management Solution Leveraging IAM to Protect Against Data Breach Threats
  55. 55. © My1Login Ltd 2007 - 2019 Nobody Wants a Data Breach on Their Watch The Problem 80% of Data Breaches are Due to Passwords* *Source : Verizon Corporate Data Breach Report Current Identity & Access Management Solutions Don’t Work with All Apps If a User Needs More than one Password then the Business doesn’t have Single Sign-On Hacking & Phishing Breaches are Growing Rapidly GDPR & Invalidation of ”Safe Harbour” compliance issues Source : Identity Theft Resource Centre
  56. 56. The Problem – Complex, Inter-connected Public/Private Environments Expenses Active Directory/ Azure AD TrainingAppraisals Unknown Apps Unknown Apps Thick Client Apps ie. RDP ie. mainframe Shadow IT Unknown Apps Unknown Apps
  57. 57. The Problem Gartner/Forrester 20% - 50% of all help desk calls are for password resets. Each call costs £20 Direct Cost Average cost of corporate data breach in the UK £3.6 million Security Vulnerabilities Ponemon Compliance Failures £Fines 4% of T/O End users need a solution for all the new passwords they have to manage Business Impact Threats Insider Threat Phishing Attacks Shadow IT Compliance Obligations PCI ICO FCA ISO GDPR
  58. 58. © My1Login Ltd 2007 - 2019 The Ideal SSO Solution What Would an Ideal Single Sign-On Solution Look Like? Client-side AES-256 Encryption ISO 27001 Compliant PCI Compliant EU vendor to avoid “safe harbour” risks* Secure & Compliant An ideal SSO would work with all applications; Public Cloud, Private Cloud, Native Mobile and Legacy (Thick-Client) Apps such as mainframes Works with ALL Apps *Safe Harbour Legislation Has Been Ruled Invalid Therefore May Also Need to Consider Sovereignty of Identity Provider & Data User Only Needs AD Login System Auto-learns User Logins Zero Training Or Behavioural Change Easy to Use Departments often adopt cloud apps outside of IT’s awareness. A key requirement for ideal SSO is for the solution to detect web applications being accessed by end users, alert IT, and automatically integrate these with the SSO to reduce resource demands on the IT team. Easy to Implement
  59. 59. © My1Login Ltd 2019 Architecture
  60. 60. © My1Login Ltd 2007 - 2019 Multi-Factor Authentication Canned & Custom Reporting Patented Technology Rapid-Deployment Using Auto-detection of Web Apps and Self-enrollment Products – Modular and Integrated IAM Privileged Password Manager • Permission-based Sharing • Automatic Secure Password Generation • Updating of User Passwords on Target Applications • SSO Without Revealing Credentials • App Specific Password Policies • Temporal (Time bound) Access to Privileged Passwords • For Web and Mobile Apps • Integrates Target Apps With Connectors (e.g. SAML) • Integrates Target Apps Without Connectors • Auto-Detects and Auto- Integrates Web Apps • Active Directory Integration • Citrix Compatible • SSO Without Revealing Credentials • AD and External Users SSO for Cloud & Mobile Multi-Factor Authentication • Google Authenticator • Yubico Devices • Universal Second Factor Device Compatible • Other Integrations Available On Request Provisioning Engine • Account Lifecycle Management linked to AD • Just-In-Time Provisioning of User Accounts on Target Apps • AD Group-based Policies can Automate User Account Provisioning Self-service Password Reset • AD Self-service Password Reset • Reset by Web or Mobile Access • Configurable Challenge Response • Integrates “fat-client” apps without connectors (password vaulting & forwarding) • Auto-integrates User’s Application Credentials • Active Directory Integration • Citrix Compatible • Mainframe Compatible • SSO Without Revealing Credentials SSO for Legacy Desktop
  61. 61. © My1Login Ltd 2007 - 2019 Anti-Phishing Client-side Encryption (most secure) Integration with Windows Desktop Apps (so all app types covered) UK Company Key Differentiators
  62. 62. © My1Login Ltd 2019 IAM Considerations Encryption Architecture is Paramount – AES 256 is great but it MUST be Client-Side IAM/IDaaS Vendor (Cloud) Enterprise Environment IAM Using Server-Side Encryption IAM Using Client-Side Encryption (My1Login’s approach)
  63. 63. © My1Login Ltd 2019 Trust & Security My1Login are an approved supplier to the UK government under the G- Cloud 8 framework. My1Login’s encrypted client data is stored in an ISO27001 environment. My1Login are Cyber Essentials certified. Cyber Essentials is a UK government-backed cyber security certification scheme designed to help organisations protect against the most-common cyber threats. Member of the UK Access Management Federation which complies with standards based software developed by the Internet 2 community to facilitate the sharing of web resources that are subject to access control. The architecture defines a way of exchanging information between an individual and a provider of digital data resources. My1Login are a member of the Cloud Security Alliance, a not-for-profit organisation with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. Cited as a Global Leader in IAM By Security Audits of My1Login applications undertaken regularly by Qualys & CREST-approved pen testers.
  64. 64. © My1Login Ltd 2019 Return On Investment Typically Delivers Breakeven in Less Than 3 Months With up to 10x ROI 0 20 40 60 80 100 120 Jan Feb Mar April May Jun Password Reset Cost User Downtime Eliminate Helpdesk Calls 20-50% of helpdesk calls are reported to be password related. Eliminate User Downtime Users spend 2-30 minutes on each password reset. Eliminate Time Logging Into Apps Users can waste up to 10 minutes per day logging into applications. Cancel Unused Software Licenses My1Login reports on applications being used enabling license pool to be reduced.
  65. 65. © My1Login Ltd 2019 Sample Report: Software License Pool Utilisation
  66. 66. © My1Login Ltd 2019 Award Winning Multi-award Winning Solution #1 Most Secure Client-side Encryption#1 Most Widely-Compatible Single Sign-on that integrates with Web Apps, Mobile Apps, Legacy Thick-client Apps, Virtualised Apps, Flash Apps #1 Best User Experience Can be Deployed in Background – Seamless UX for Users #1 Why My1Login? IAM Solution of The Year IAM Award International Contribution to Cyber Security Best Identity Management Solution
  67. 67. Thank You IAM Award International Contribution to Cyber Security IAM Solution of The Year Best Identity Management Solution
  68. 68. Paul Ducklin duck@sophos.com @duckblog
  69. 69. nakedsecurity.sophos.com @nakedsecurity
  70. 70. nakedsecurity.sophos.compodcast
  71. 71. ! Couldn’t distribute it cheaply ! Couldn’t collect the money easily ! Couldn’t keep out of sight ! Couldn’t get the crypto right
  72. 72. " Couldn’t distribute it cheaply " Couldn’t collect the money easily " Couldn’t keep out of sight " Couldn’t get the crypto right
  73. 73. " Couldn’t distribute it cheaply " Couldn’t collect the money easily " Couldn’t keep out of sight " Couldn’t get the crypto right
  74. 74. " Couldn’t distribute it cheaply " Couldn’t collect the money easily " Couldn’t keep out of sight " Couldn’t get the crypto right
  75. 75. RYUK BITPAYMER MEGA- CORTEX
  76. 76. RYUK BITPAYMER MEGA- CORTEX DRIDEX QBOTTRICKBOT
  77. 77. RYUK BITPAYMER MEGA- CORTEX DRIDEX QBOTTRICKBOT EMOTET
  78. 78. How do the malware files get in?
  79. 79. How do the malware files get in?
  80. 80. nakedsecurity.sophos.com @nakedsecurity
  81. 81. Cybersecurity evolved.
  82. 82. MANA GING T HE INSIDER THREAT: WHY VISIBILITY IS CRITICAL LE E DUF F, CS S P, TECHNICA L E X PE RT Company Confidential
  83. 83. PAGE | WM Morrisons Supermarkets 99K files AT A NEW RECORD HIGH… Amazon Punjab National Bank Allen & Hoshall $425K Google 19K Sun Trust Bank $1.5M Nuance 45K Coca Cola 8K Delta DuPont 18K Boeing Anthem 80K NSA Average days to complete investigations: 73 days Source: Ponemon study, 2018 Source: CSOOnline McKinsey 2018 study: 50% data breaches with insider threat 2016 2017 2018-19Increase in BREACHES AMSC $1B loss 700 layoffs Facebook No public data Number of files affected Value of data affected General Electric 19K files MUIA $33K
  84. 84. PAGE | INSIDER THREATS 3 When an insider intentionally or unintentionally misuses access to negatively affect the confidentiality, integrity, or availability of the organisation’s critical information or systems. COMPROMISED INSIDER CARELESS INSIDER MALICIOUS INSIDER
  85. 85. PAGE | THE VIEW FROM INSIDE TRADITIONAL DEFENCES BEFORE The NETWORK was the Perimeter TODAY The USER is the new Perimeter USER
  86. 86. PAGE | 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Seconds Minutes Hours Days Weeks Months Years Breach Discovery 1 Year (n=60) 5 Years (n=326) TIME TO DETECTION IS MONTHS OR YEARS Since insiders have fewer barriers…and…don’t require circumventing controls, the time-to- compromise and time-to-exfiltrate metrics for insider threat actions are grim ~70% of insider breaches take months / years to detect Source: Verizon Insider Threat Report 2018 Breach Time to Discovery within Insider & Privilege Misuse Breaches
  87. 87. PAGE | 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Internal Actor Varieties 1 Year (n=156) 2 Years (n=683) HIGH RISK USERS ARE BEYOND IT/ADMINS Regular users: ~60% Privileged users: <5% Regular users have access to sensitive and monetizable data and are behind most internal data breaches Source: Verizon Insider Threat Report 2018
  88. 88. PAGE | | © 2019 ObserveIT 7 SHRINKING THE “RIGHT OF BOOM” Awareness Mitigation Training Abnormal Behavior measured in sec/min/hrs/days/mo’s Reduce MTTD Reduce MTTRPop Up Alerts ObserveIT Intelligence Predictive Responsive
  89. 89. PAGE | | © 2019 ObserveIT 8 SHRINKING THE “RIGHT OF BOOM” Awareness Mitigation Training Abnormal Behavior measured in sec/min/hrs/days/mo’s Reduce MTTD Reduce MTTRPop Up Alerts ObserveIT Intelligence Predictive Responsive InvestigationOIT Alerts Alert TriageOIT Pop Ups OIT Intelligence Hard ROISoft ROI HIGHLOW
  90. 90. PAGE | OBSERVEIT INSIGHTS – TOP USED ALERTS 0 2 4 6 8 10 12 14 Exfiltrating tracked file to the web by uploading Connecting unlisted USB device Exfiltrating a file to an unlisted USB device Installing hacking or spoofing tools Opening a clear text file that potentially stores passwords Clearing browsing history in Google Chrome Running software to enable sharing and access from remote machine Searching data on monitoring or sniffing Browsing Adult sites Browsing Illegal drugs sites Connecting to a new FTP or SFTP server using FTP application Downloading file with potentially malicious extension Installing software on Server Opening cloud storage sync folder Performing large file or folder copy during irregular hours Browsing Gambling sites Clearing browsing history in IE or Firefox Installing TOR (The Onion Router) tools Searching data on password cracking Num. of Customers
  91. 91. PAGE | Wait! No ML/AI/Deep Learning/Algorithm? CERTAINTY INSIGHT “I don’t want false positives” “Give me insights to threats I wouldn’t otherwise know about” https://blogs.gartner.com/anton-chuvakin/2016/12/08/what-should-your-ueba-show-indications-or-conclusions/
  92. 92. PAGE | OBSERVEIT AT-A-GLANCE SERVING 2,000+ CUSTOMERS ACROSS ALL MAJOR VERTICALS Founded 2006 Headquarter s Boston, MA Locations Boston, Germany, London, San Francisco, Singapore, Tel Aviv, Washington, D.C Investors Market Leader • 5 of top 10 Financial Services Companies • 10 of top 20 Telecommunications Organizations • 7 of top 20 Technology Services Providers Insider Threat Management Platform Highlights • Visibility across user and data activity • Real-time detection of data exfiltration attempts • Contextual insights through timeline-based metadata views • Easy-to-use and reliable • Privacy-centric through complete anonymization of user data We empower organizations to detect, investigate and stop insider threats.
  93. 93. PAGE | THE LEADER IN INSIDER THREAT MANAGEMENT “Most breaches… are only found months or years later.” “All companies, regardless of size, have the risk of malicious insiders.” “Traditional forms of DLP are not effectively addressing insider threat detection…”
  94. 94. Secure Access For a Zero Trust world Graham Duthie EMEA Systems Engineer – gduthie@pulsesecure.net
  95. 95. Delivering secure access solutions — for people, devices, things and services.
  96. 96. Secure Remote Access User App Pulse Connect Secure REMOTE ACCESS
  97. 97. Extending Secure Remote Access User Pulse Workspace App Pulse Connect Secure REMOTE ACCESS CLOUD ACCESS MOBILE ACCESS
  98. 98. Secure Access User Pulse Workspace App Pulse Connect Secure REMOTE ACCESS CLOUD ACCESS Pulse Policy Secure NETWORK ACCESS MOBILE ACCESS
  99. 99. Multi-Cloud Secure Access Market Trends Proprietary & Confidential Security perimeter has moved to where the users and devices are – and they could be anywhere Public/Private Cloud Datacenter SaaS IoT • Multi-cloud migration Applications and Infrastructure migrating to multi-cloud • Apps accessible from anywhere No “inside” or “outside” network from user’s perspective – all apps accessible from anywhere • Expanded attack surface • Stringent Access More stringent access requirements • No trusted domains Verify everything before allowing access
  100. 100. Zero Trust Secure Access Principles Data Center SaaS Users, Devices, Things Hybrid IT, Apps IaaS Single User Client ”Zero Trust” Policy and Compliance Centralized Visibility, Management, & Analytics Flexible, Scalable, Reliable
  101. 101. Zero Trust for Hybrid IT Access Verify User • Single sign-on, Multi-factor authentication • Authenticate & authorize every user Verify Device • Host checking, Location awareness • Validate device security profile BEFORE connection Control Access • Centralized policy management & enforcement • Enable access for mobile workforce to appropriate resources only Protect Data • Always-on & on- demand VPN, Per-app VPN • Keep transactions secure, reduce data leakage & loss Pulse Secure provides a Zero Trust model today !
  102. 102. Authenticate everything before access Zero Trust Model No “inside” or “outside” distinction Trust established closest to resource Policy based access (identity & device configuration) Software Defined Perimeter
  103. 103. User Consumer App Secure Access Platform MOBILE ACCESS APP ACCESS REMOTE ACCESS CLOUD ACCESS NETWORK ACCESS Pulse Workspace Pulse vADC Pulse Connect Secure Pulse Policy Secure - SDP Gateway SDP Gateway SDP Gateway SDP Gateway SDP Client
  104. 104. Pulse Secure Zero Trust Access Portfolio Pulse Connect Secure VPN, Cloud, Endpoint Compliance Pulse SDP Software Defined Perimeter for Multi-Cloud Access Pulse Policy Secure Visibility, IoT Security, NAC Pulse Workspace Mobile VPN, Corporate Container Pulse vADC Virtual Application Delivery Control and WAF Pulse One Centralized Management, Visibility, Analytics New
  105. 105. Break 15 mins
  106. 106. Are you using DMARC Enforcement yet? Lars Postma Technical Lead, EMEA Contact me at: LPostma@agari.com E-mail Security: www.agari.com Agari Brand Protection
  107. 107. DMARC…pardon? Domain-based Message Authentication Reporting and Conformance In other words… It stops your own domains from being spoofed. basically your customers only get to receive e-mails that are actually coming from your domains with DMARC Hackers can freely impersonate your brand DMARC Record not at enforcement Vulnerable to reputation hacking & email shutdown Marketing mails likely sidelined or blocked Otherwise risk… https://tools.ietf.org/html/rfc7489
  108. 108. Are you using DMARC Enforcement yet? ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary. In case you didn’t know… - Its baseline E-mail security, essential really to stop domain abuse - Mandate by HMRC for the public sector back in October 2016 - It Prevents Attackers from Using your Brand to Phish Your Consumer. (a.k.a Spoofing your domains). 2016!
  109. 109. DMARC Adoption ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary. ….companies are not taking advantage of the protocol, despite the fact that DMARC has been around for years. This means that most companies are still vulnerable to business email compromise (BEC) attacks, phishing emails, and other types of email scams, as hackers can easily make their emails look authentic and pass their scams as legitimate communications. Source: https://www.zdnet.com/article/dmarcs-abysmal-adoption-explains-why-email-spoofing-is-still-a-thing/ ! Companies find they need help getting towards DMARC Enforcement
  110. 110. DMARC Record Not Found ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary.
  111. 111. DMARC Record Found ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary.
  112. 112. DMARC Record found for Microsoft.com ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary. Microsoft.com’s DMARC record points to Agari: • It prevents spoofing of their domain • It’s a simple DNS entry (txt record) • Enforcement is essential and turned on: p=reject • Monitoring alone isn’t enough (p=none)
  113. 113. Agari Brand Protection: In a bit more detail… Legitimate Email 3rd Party Email Spoofed Email Email Receivers/MTAs Reject by DMARC Agari Brand Protection Data Analytics Threat and infrastructure Alerts SPF DKIM DMARC Hosted Authentication DNS for Domain Your Organization Imposter DNS record changes synchronized directly from Agari Brand Protection Automation Features • Autogenerated, error-free DNS records • Automated SPF/DKIM sender detection • Automated sender authentication • One-click enforcement ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary. Others
  114. 114. OK, but…what about look-a-like domains? DMARC won't stop emails from cousin/look-alike domains though! Agari adds that, hurray! All inclusive: Active Attack Campaigns Monitors email abuse data from around the world Contextual Correlation Creates profiles of your brand based on organization knowledge, domains you own and typical patterns Brand Spoofing Alerts Identifies new brand spoofing threats Takedown integration Automatically submits new threats against your brand to your take down vendor or SOC (Rest APi) www.y0urbank.com https://www.y0urbank.com Online Banking Login ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary.
  115. 115. Intuitive Workflows, Forensics and Threat Feeds (Rest APi) 136 Agari Brand Protection Agari shows what your customers see (receiving your e-mail)
  116. 116. BIMI Adoption on the Rise ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary. 137 Brand Indicators for Message Identification (Cross E-mail Platform) Requires DMARC Enforcement turned on P=Reject
  117. 117. Losing the trust of your customers ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary. It takes years to build trusted relationships with your customers, and your email channel takes centre stage in the digital conversations with them. Cybercriminals abuse that trust, using your brand name as a disguise to trick your customers into opening their malicious emails. Start building your DMARC Policy with Agari in 3 easy steps…
  118. 118. 3 Simple Steps to kick-off and stop phishing Get a DMARC Record from Agari (Copy and paste into DNS) 1 Proof of Value (typically runs 2 weeks) 2 Receive Free Executive Results Presentation and Package 3 ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary.
  119. 119. What else? - Free Agari Email Phishing Assessments ©2019 Agari Data, Inc. All rights reserved. Confidential and Proprietary. Threats still coming through ? We provide a free phishing assessment of your e- mail environment. Including checks on the hardest threats: • Brand and Individual Display Name Imposters (BDNI) • Look-alike Domains • Domain Spoofs • Account Takeovers (ATO) Speak to: AGARI - Advanced Threat Protection offers: - Next-Generation E-mail Security - 360 Degree scanning inside your O365/Exchange/G-Suite - Insider Impersonation Protection - REST APIs to provide threat data to your SIEM/Other - Telemetry/Machine Learning Engine - Part of the Agari Secure Email Cloud™
  120. 120. Thank You Lars Postma, Technical Lead EMEA Lpostma@agari.com Assessment, Demo, DMARC? Get in touch via Secon Agari customers agari.com Thank you, prost!
  121. 121. Network at the Speed of NOW. The only SD-WAN architected for the digital business. Phil Keeling Regional Director -EMEA
  122. 122. Cato Networks The Team. The Funding. The Growth. Shlomo Kramer, CEO (Check Point, Imperva) Gur Shatz, CTO (Incapsula) $125M 350+ Enterprise Customers 100 countries 3000+Branches and cloud Instances
  123. 123. The WAN is Incompatible with Today’s Business Needs Can your network deliver optimized and secured access everywhere? DC MPLS/VPN Legacy Network Branch Cloud Global Branch Mobile UsersCostsAgility Optimization Security
  124. 124. Mobile Users Point solutions? You can’t patch your way to a better network DC Cloud Global Branch Legacy Network Branch MPLS SD-WAN Cloud Acceleration Cloud Security Mobile VPN/SDP Network Security WAN Optimization Branch Security Getting better?
  125. 125. MPLS Network Security Mobile VPN/SDP SD-WAN WAN Optimization Cloud Acceleration Cloud Security Do itYOURSELF Pay itYOURSELF “In essence, complexity is the enemy of availability, security and agility” “Avoid These 'Bottom 10' Networking Worst Practices” By: Andrew Lerner, Bill Menezes, Vivek Bhalla, Danellie Young MPLS Network Security Mobile VPN/SDP SD-WAN WAN Optimization Cloud Acceleration Cloud Security
  126. 126. Cloud-Native Convergence Drives WAN Transformation ALL-IN-1 Faster Innovation Better Service Lower Costs MPLS Network Security Mobile VPN/SDP SD-WAN WAN Optimization Cloud Acceleration Cloud Security
  127. 127. Cato Keeps it Simple Connect. Secure. Run Secure. Protect all traffic with built-in security as a service Connect. End-to-end optimized connectivity for all locations, clouds, and users Run. One console for all network and security policies and analytics BranchHQ/DC Cloud Mobile
  128. 128. Cato Cloud PoPs Global Map: 45 PoPs, Network+Security Converged
  129. 129. NG Firewall Secure Web Gateway Advanced Threat Prevention Cloud and Mobile Security Cloud Optimization WAN Optimization Global Route Optimization Self-healing Architecture Cato Cloud: the NETWORK for the digital business Branch Internet Datacenter Edge SD-WAN • Active / Active / Active • Dynamic Path Selection • Application- and User Aware QoS • Packet Loss Mitigation IPSec Internet MPLS Hybrid/Multi Cloud Agentless Mobile Client/Clientless SDP Flexible Management • Self-service • Co-managed • Fully managed PoP Converged Network & Security
  130. 130. Cato Managed Services Rapid Site Deployment • Remote site setup and configuration • On-site support available from partners Intelligent Last Mile Management • Proactive Monitoring of Last Mile ISPs • Blackout or Brownout detection • ISP resolution management (LOA is required) * Last mile provisioning is provided via partners if needed Hands-free Management • Cato service adjustments by Cato NOC • Setting, changing or removing site configuration, networking, routing, QoS, and security policies Managed Detection and Response (MDR) • Monitor the network for compromised end- points • Alert for infected machines (human verified) • Guided remediation until threat is removed
  131. 131. Cato Cloud: In Action Email from a customer’s IT manager to his team “ALL {Telco} devices need to be removed. Cisco routers (both Datanet & Flex if present), Check Point Firewalls (two at each site), Blue Coat WAN accelerator (if present). CPE device provided by local MPLS operator as well…” “You should install two Cato sockets + rack mount kit”
  132. 132. Experience WAN Transformation with Cato Networks.
  133. 133. www.egress.com © Egress Software Technologies Ltd. All rights reserved. It’s time to turn the tide on email data breaches Egress Software Technologies
  134. 134. www.egress.com © Egress Software Technologies Ltd. All rights reserved. • The insider breach problem • The hype about AI and machine learning • Prevent and protect • New ways to prevent and protect • Summary Agenda
  135. 135. Ponemon Institute: Survey of 1,700 customers • Majority cited negligent insiders (64%) vs. malicious insiders (23%) • Employee negligence cost $283,281/incident vs. malicious insider cost of $607,745 • Two month average to contain an insider incident • Only 16% contained in less than 30 days The insider breach problem 60% 44% 36% 30% 28% 27% 3% 1% 0% 20% 40% 60% 80% Employees rushing/making mistakes Lack of awareness Lack of training Employees leaking data Employees stealing data Lack of proper security systems We don't have data breaches Reasons not listed Accidental Malicious Others Insider Data Breach Survey 2019 www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  136. 136. www.egress.com © Egress Software Technologies Ltd. All rights reserved. AI and machine learning: All the hype! AI start-ups that don’t have AI: two in five AI start-up funding in 2018: $9.33 billion
  137. 137. Prevent • Ensure the right content is sent to the right person • “What is the point of sending an encrypted email to the wrong person?” Protect • Ensure that the right protection is applied to emails • ‘“What if you send an email to the right person, but it is breached?” Effective email security: Prevent and protect www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  138. 138. Use static rules to detect breaches • Manage database of rules on what users can and cannot do • Require regular maintenance and updates • Do not account for context, past behavior and relationships • Cannot prevent against misdirected emails Prevent: Older signature-based DLP systems www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  139. 139. Machine learning to prevent breaches • Use parallel processing and cloud to ingest vast quantities of data • Link relationships and past behavior to detect anomalies • Learn as they go: No need to maintain static rules Prevent: The new way www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  140. 140. • Outlook auto-complete mistakes • Mis-typing of recipients • Sending the wrong attachment to the wrong person • Sending sensitive data to the wrong domains • Ethical walls Prevent: Misdirected email use cases www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  141. 141. • Breaching ethical walls • Malicious exfiltration of data • ‘Leaver watch’ • Emailing sensitive data to personal / free mail domains • Anomalies in behavior: • Time, content, attachment types and sizes Prevent: Advanced DLP use cases www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  142. 142. • Edge-based solutions block 95% of attacks. Last 5% cause most damage • Business email compromise (BEC) scams lost over $1.6bn in 2018 • Scammer pretending to be a manager, co-worker or supplier • Google and Facebook transferred over $100m to a fake supplier • Emails do not have links or attachments Prevent: Advanced anti-phishing use cases www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  143. 143. • BEC solutions • Anomaly detection of the individual mailbox based on content and recipients • Domain type squatting detection www.britishairways.com vs. www.brtishairways.com • Display name impersonation detection Bill Gates <thefakebillgates@gmail.com> Prevent: Advanced anti-phishing use cases www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  144. 144. • Insider breaches account for the vast majority of data breaches • AI and machine learning do deliver on specific use cases • Prevent and protect go hand-in- hand for comprehensive email security Summary www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  145. 145. Thank you for your time E: info@egress.com | T: +44 (0) 2076248500 | W: www.egress.com | Twitter: @EgressSoftware Our presentations and webinars are for information only and don’t constitute advice. Professional advice should always be obtained. No liability is accepted for the use of the contents (or any errors or inaccuracies). Please read our privacy policy at www.egress.com/website-privacy. By reading this presentation or attending our webinar you confirm that you’ve read and agree to this disclaimer. All intellectual property rights in this presentation are retained by Egress Software Technologies Limited (or its licensors). This presentation or webinar was provided on behalf of: Egress Software Technologies Limited (12th Floor, The White Collar Factory, 1 Old Street Yard, London, EC1Y 8AF, UK. Registered in England and Wales, 06393598) or Egress Software Technologies Inc. (a Massachusetts corporation, 51 Melcher St, 1st Floor, Boston, MA 02210). Both are part of the Egress Software Technologies group of companies. Egress is a trademark of Egress Software Technologies Limited. www.egress.com © Egress Software Technologies Ltd. All rights reserved.
  146. 146. Andrew Thompson October, 2019 Everything You Always Wanted to Know About DevSecOps But Were Afraid To Ask.
  147. 147. / Proprietary & Confidential | All Rights Reserved | 174 Do you want to Fix or Rubber Stamp ?
  148. 148. / Proprietary & Confidential | All Rights Reserved | 175 What Is DevOps? A modern process to develop software that has 4 major disciplines: Development = Coding Continuous Integration (CI) The Orchestration Layer Continuous Delivery/Deployment (CD) Where all automated tests and the deployment processes happens Production Putting pieces of the puzzle together Where all the various technologies and components are put together to build the software Functional, Unit
  149. 149. / Proprietary & Confidential | All Rights Reserved | 176 What Is DevSecOps? A modern process to develop software that has 4 major disciplines + Security testing! Development = Coding Continuous Integration (CI) The Orchestration Layer Continuous Delivery/Deployment (CD) Where all automated tests and the deployment processes happens Production Putting pieces of the puzzle together Where all the various technologies and components are put together to build the software Functional, Unit
  150. 150. / • Education • Design • SAST • OSA • IAST / DAST • Penetration Testing Proprietary & Confidential | All Rights Reserved | 177 Automation of Software Security
  151. 151. / So what’s the problem ? Perception that Security checks will slow the delivery process False Positives
  152. 152. / Proprietary & Confidential | All Rights Reserved | 179 And the solution is… SAST best practice Learn from Deming Stop the production line [Break the build] Root cause analysis Fix the issue [Fix the vulnerability or remove the FP]
  153. 153. / Proprietary & Confidential | All Rights Reserved | 180 How is this applicable to Software ? Easy to write vulnerable software SAST highlights the vulnerable code early Developers don’t write bad code on top of bad code Less time spent on test/fix cycles Cheaper Root cause analysis – remove False Positives (and False Negatives) OSA highlights known issues in Open Source code
  154. 154. / Run Security testing as part of CI/CD Start by just initiating scans, don’t break the build Test early, test often Proprietary & Confidential | All Rights Reserved | 181 Automation is key
  155. 155. / Proprietary & Confidential | All Rights Reserved | 182 Sounds easy, what’s the catch? There’s no silver bullet … Management focus on Software Security DevSecOps is everyone’s responsibility from CEO to developer
  156. 156. / Common Misconceptions Testing is testing, the code still needs to be fixed! If I just make the tool available to Developers they will make all of our Security Issues Disappear No. Violation of a Law of Thermodynamics ‘The entropy of a system (Disorder) always increases unless outside energy is applied’ No. Violation of a Law of Physics ‘A body in motion will remain in motion unless acted upon by an outside force’ No. Violation of a Basic Law of Human Nature ‘What’s in it for me?’
  157. 157. / No such thing as a free beer Proprietary & Confidential | All Rights Reserved | 184 IDEs Source Code Management Solutions Build/CI Solutions Defect Tracking Dashboarding Dev OpsCLI, Web Services API Data Export API
  158. 158. / 4 things to remember Security is everyone’s business Automate Fix - Don’t be an Osterich Have Fun
  159. 159. Proprietary & Confidential | All Rights Reserved | 186
  160. 160. © 2019 Trend Micro Inc.188 Find out how you can protect end-of-support Windows Server 2008 and early versions.
  161. 161. Ian Heritage Cloud Security Architect
  162. 162. Copyright 2019 Trend Micro Inc.190
  163. 163. Copyright 2019 Trend Micro Inc.191
  164. 164. Copyright 2019 Trend Micro Inc.192
  165. 165. Copyright 2019 Trend Micro Inc.193
  166. 166. Copyright 2019 Trend Micro Inc.194
  167. 167. Copyright 2019 Trend Micro Inc.195
  168. 168. Copyright 2019 Trend Micro Inc.196
  169. 169. Copyright 2019 Trend Micro Inc.197 Need a new example for machine learning since this would be caught by variant protection – Jon Oliver working on this example now.
  170. 170. Copyright 2019 Trend Micro Inc.198 Opcode normalised in graph API calls – displayed in import table
  171. 171. Copyright 2019 Trend Micro Inc.199
  172. 172. Copyright 2019 Trend Micro Inc.200
  173. 173. Copyright 2019 Trend Micro Inc.201
  174. 174. Copyright 2019 Trend Micro Inc.202
  175. 175. Copyright 2019 Trend Micro Inc.203
  176. 176. Copyright 2019 Trend Micro Inc.204 Often vulnerabilities are found in unsupported software or operating systems.
  177. 177. Copyright 2019 Trend Micro Inc.205
  178. 178. Copyright 2019 Trend Micro Inc.206
  179. 179. Copyright 2019 Trend Micro Inc.207
  180. 180. Copyright 2019 Trend Micro Inc.209
  181. 181. Copyright 2019 Trend Micro Inc.211 Doing the right… • Scanning for Malware • Blocking Access to Malicious Web Sites • Filtering Traffic Using Firewall Rules • Protecting Servers From Vulnerabilities • Detecting Changes on Protected Servers • Blocking Unapproved Applications • Monitoring Logs on Protected Servers
  182. 182. Copyright 2019 Trend Micro Inc.212
  183. 183. Copyright 2019 Trend Micro Inc.213 Public Cloud Virtual Servers Physical ServersSoftware SaaS
  184. 184. Copyright 2019 Trend Micro Inc.214
  185. 185. Copyright 2019 Trend Micro Inc.215
  186. 186. Copyright 2019 Trend Micro Inc.216
  187. 187. Copyright 2019 Trend Micro Inc.217
  188. 188. Copyright 2019 Trend Micro Inc.218
  189. 189. Copyright 2019 Trend Micro Inc.219
  190. 190. Copyright 2019 Trend Micro Inc.220
  191. 191. Copyright 2019 Trend Micro Inc.221
  192. 192. Copyright 2019 Trend Micro Inc.222
  193. 193. Copyright 2019 Trend Micro Inc.223 How much money you expect to lose in a year due to a certain threat.
  194. 194. Copyright 2019 Trend Micro Inc.224 • One platform for physical, virtual & cloud environments. • Automated protection and shielding of vulnerabilities before a patch is issued. • Supports your move to the cloud • Offers protection in minutes with simplified deployment and recommendation scans. Try a free 30-day trial of Deep Security as a Service. Takeaways
  195. 195. Ian Heritage Cloud Security Architect
  196. 196. Data Protection | Web Security | CASB | NGFW | Advanced Malware Detection | Behavioral Analytics | Insider Threat | Email Security | Data Guard | Cross Domain Use more cloud with CASB Cloud security is different but not difficult with Forcepoint “#CASB Dave” Barnett Head of CASB EMEA
  197. 197. © 2019 Forcepoint
  198. 198. © 2019 Forcepoint
  199. 199. © 2019 ForcepointPublic Why Protect Data in the Cloud? of all corporate data is stored in the cloud43% of this data is not managed or controlled by IT 53% Types of Data at Risk ▸ Payment information ▸ Customer information ▸ Consumer data ▸ Employee records ▸ Email
  200. 200. © 2019 Forcepoint Challenges in Protecting Data in the Cloud Lack of Visibility Not under IT control Traditional security solutions do not extend to the cloud Public
  201. 201. © 2019 Forcepoint Understanding Cloud Risks Users oversharing data in file-sharing apps Employees, 3rd parties accessing cloud apps from their own devices The cloud becoming the new attack surface Employees finding and using their own cloud services Admins making mistakes or coming under attack Public
  202. 202. © 2019 Forcepoint
  203. 203. © 2019 Forcepoint Scenario – Users Oversharing Data Cloud Apps Collaborate via cloud apps Share data safely within Cloud Apps. Team Outsider Public Policy to exclude external users Geo-location anomaly
  204. 204. © 2019 Forcepoint Scenario – Compromised Admin Credentials Cloud Apps Stop Unauthorized Access Reduce risk while leveraging power of cloud. Admin Pretend Admin Public Behavior Analytics Step up authentication Automatic Policy Enforcement
  205. 205. © 2019 Forcepoint Scenario – Employees or Partners using Personal Devices Cloud Apps Enable BYOD Access Unleash the power of personal devices. Personal Devices Public Access apps anywhere Robust reverse proxy Seamless SSO integration F O R W A R D P R O X Y REVERSE PROXY + SSO
  206. 206. © 2019 Forcepoint Scenario – Employees using their own apps – Shadow IT Gain full visibility into Shadow IT Monitor and secure unsanctioned cloud app usage Public Visibility into unsanctioned apps Control over both unsanctioned and sanctioned apps
  207. 207. © 2019 Forcepoint Scenario – Cloud becoming the new attack surface Cloud Apps Use Cloud Apps Safely Provide frictionless cloud security easily. Public Access policy Enforcement Step-up authentication Block unauthorized access
  208. 208. © 2019 Forcepoint Forcepoint Cloud Protection Get cloud protection based on your needs. Forcepoint DLP DLP Cloud Apps Forcepoint CASB Forcepoint Web Security Cloud App Control Public
  209. 209. © 2019 Forcepoint Data protection in the cloud is becoming increasingly critical Integrated and unified solutions are key to avoid siloed security Forcepoint data protection solution can effectively extend from on-premises to the cloud Takeaways Public Let us show you a demo
  210. 210. © 2019 Forcepoint Thank you Follow us! Forcepoint LLC@Forcepoint Forcepoint @ForcepontSec @ForcepointLabs Forcepoint Public
  211. 211. Networking & Drinks 45 mins
  212. 212. Contact us Phone: +44(0)203 657 0707 Support: +44(0)1932 911 053 Email: hello@seconcyber.com

×