Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Stay Ahead of Threats with Advanced Security Protection - Fortinet


Published on

John Gleason, Systems Engineer

Published in: Technology
  • Be the first to comment

Stay Ahead of Threats with Advanced Security Protection - Fortinet

  1. 1. Stay Ahead of Threats with Advanced Security Protection John Gleason – CISSP
  2. 2. Risk - The common driver Stay ahead…. Have a goal and a plan! • Threat Landscape • Cyber Security finally reaches #1 in C-Level concerns • Security Program vs. Compliance checkboxes • Definitions are important • Security basics – blocking and tackling before technology • The end goal – Lower residual risk = Acceptable level of risk
  3. 3. Virus Lifecycle to Scale Virus.A (#1) Virus.B (#2) Virus.AA (#27) Virus.BL (#120) VendorUpdate(Virus.A) +0 +30 Sec +13 Min +1 Hour
  4. 4. Cyber Security finally reaches #1 in C-level concerns: Top 5 Business Risks - according to World Economic Forum (US, Japan, Germany, Netherlands & others) • #1 Cyber attacks • #2 Data fraud and theft • #3 Terrorist attack • #4 Fiscal crisis • #5 Asset bubble This underscores the significance of understanding the cyber threat landscape and associated insights related to intruder detection.
  5. 5. Security Program vs. Compliance checkboxes • Security/Governance Frameworks • NIST (Multiple) • COBIT • ISO 27000 • ITIL • SIGMA6 • Compliance • HIPPA / HITECH • PCI / DSS • CIPA / FERPA • GLBA • Sarbanes Oxley (SOX)
  6. 6. Security Programs address the 360 degree view • Controls – Require People, Process, and Technology • Administrative • Technical • Physical • •ISO 27002 defines information security policy in section 5 • •COBIT defines it in the section "Plan and Organize" • •Sarbanes Oxley defines it as "Internal Environment" • •HIPAA defines it as "Assigned Security Responsibility" • •PCI DSS defines it as "Maintain an Information Security Policy"
  7. 7. Definitions are important Understanding can only come through common terminology and definitions • Security Triad • Roles & Responsibilities • Data Classification • Asset Value • Threat, Threat Agent, Vulnerability, Risk, Counter measure • Controls • Residual Risk
  8. 8. Security triad Like a three legged stool - Possible Fourth = Authenticity
  9. 9. • Confidentiality - Access Control • Identification, Authentication, Authorization (Authenticity) • Least Privilege / Need to know • Integrity • Assurance, Accuracy, Reliability • Availability • Perform in a predictable manor, acceptable level of performance • Recover securely from disruption so productivity will not be negatively impacted • Single points of failure ???? (BC/DR)
  10. 10. Roles & Responsibilities
  11. 11. Roles and Responsibilities Where do you identify? Owner, GM, Coach, Lineman, Linebacker, Safety? • Data Owner • Concerned about terms like legal, regulatory, compliance, due care & due diligence, negligence, reasonable and expected. Generally not IT. • Data Custodian • Typically IT. Responsible for implementing the policies and guidelines established by the Data Owner. include physical data storage, back-up and recovery, and the operation of security and data management systems.
  12. 12. Data Classification How do you view and categories your assets? Public / Private Business & Organizations Military/Government Restricted/Confidential/Proprietary Top Secret Private Secret Sensitive Confidential Public Sensitive but Unclassified Unclassified
  13. 13. Asset Value Quantitative or Qualitative? • Cost – to Acquire or develop? Maintain & protect? Replace? • Value – to Adversaries, Intellectual Property • Operational and productivity loss when unavailable • Liability if asset is compromised – Compliance, Legal • Value of knowing your values – cost/benefit analysis, wise selection of countermeasures, risk awareness, due diligence
  14. 14. Risk Management – What (NIST Cyber Security Framework) • Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance. • Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.
  15. 15. Risk Management – Why (NIST Cyber Security Framework) • With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. • Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. • Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services
  16. 16. • Threat, Threat Agent, Vulnerability, Risk, Counter measure
  17. 17. Controls – Compensating Controls • Administrative • Technical • Physical • Preventative / Protective • Detective • Corrective / Reactive
  18. 18. Residual risk • According to ISO 27001, residual risk is “the risk remaining after risk treatment”.
  19. 19. Turning traditional risk analysis upside down • Threats of today have increased in frequency and impact • 75-90% enter via E-mail. • 10-20% compromised website • Avoiding the activity is not an option
  20. 20. Did You Know… 79,790 Number of incidents investigated by Verizon in 2015 229 Average number of days attackers were on a network before detection 70-90% Percent of time unique malware was found Gartner: All organizations should assume they are in a state of continuous compromise
  21. 21. New world strategies
  22. 22. Breaking the Kill Chain of Advanced Threats Spam Malicious Link Malware Bot Commands & Stolen Data Spam Malicious Email Malicious Link Exploit Malicious Web Site Malware Command & Control Center Bot Commands & Stolen Data Anti-spam Web Filtering Intrusion Prevention Antivirus App Control/ IP Reputation Sandbox
  23. 23. Layered Defense + Shared Intelligence Web Filter Web Filter – Known malicious site IP Reputation Botnet site Intrusion Prevention Anti-Virus/Malware Intrusion Prevention Sandbox candidate
  24. 24. Sandbox = Isolation
  25. 25. FortiGuard Labs – Augment your security staff Nearly 300 threat researchers
  26. 26. FortiGuard Labs Statistics
  27. 27. Shared threat intelligence
  28. 28. Only ATP Solution NSS Recommended Edge to Endpoint
  29. 29. Fortinet Security Fabric – Shared threat intelligence
  30. 30. Questions ?? Thank you
  31. 31. 3:00 – 3:45 PM BREAKOUT SESSIONS KONICA MINOLTA Breakout Room: Guest Locker Room “What is your Print Transformation Strategy?” Emil Enstrom, Vice President of Enterprise Accounts BARRACUDA Breakout Room: Delta 360 Club “Protecting Data Everywhere” Rod Mathews, Senior Vice President and General Manager MARCO Breakout Room: Main Field “Uncovering the Cloud: Is it Right for You?” Steve Knutson, Chief Technology Officer and Vice President of Service MITEL Breakout Room: Interview Room “Deliver a Flexible, Engaging Customer Contact Center Experience” Brian Spencer, General Manager – Contact Center