Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

La sécurité de l'emploi : protégez votre SI

1,324 views

Published on

La sécurité n’est plus un add-on au système d’information, mais doit s’intégrer à tous les niveaux, depuis son architecture jusqu’à la résolution d’incidents, en passant par l’exploitation au quotidien des centres de données. Dans un contexte de mobilité accrue et en considérant l’émergence d’un modèle d’informatique à la demande, la sécurité repose autant sur la prévention technique que sur l’éducation comportementale des utilisateurs et sur la capacité des systèmes à résister aux attaques Session présentée par le partenaire : DELL.

Speakers : Florian Malecki (DELL)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

La sécurité de l'emploi : protégez votre SI

  1. 1. La sécurité de l'emploi : protégez votre SI Florian Malecki EMEA Product & Marketing Solution Director Dell Florian_Malecki@dell.com, www.dell.com/security Sécurité
  2. 2. Donnez votre avis ! Depuis votre smartphone sur : http://notes.mstechdays.fr De nombreux lots à gagner toute les heures !!! Claviers, souris et jeux Microsoft… Merci de nous aider à améliorer les Techdays ! #mstechdays Sécurité
  3. 3. Underlying foundation of threats: Basic nature of threats is constant change Expanding complexity and reach of threats Global infrastructure • Cyber-terrorism, morphing and complex threats Regional networks • AI (learn) hacking Multiple networks • Internet • Worms • Modem Individual computers 1980 • DOS/ DDOS • Firewall 101 • Individual computers • Trojans • Security Individual networks • Physical again (Portable media) • TSRs • XSS, SQL Injection attacks • Espionage • Financial gain • Homeland security threats • Delivery via Web 2.0 and social networking sites • Viruses 1990 2000 2014
  4. 4. Threats are constantly evolving Risk of confidential data leakage is ever increasing
  5. 5. 2014 Security Trends 1. Increased Usage of SSL Encryption 2. 3. 4. 5. 6.
  6. 6. Increased Usage of SSL Encryption http://www.networkcomputing.com/next-generation-data-center/news/networking/nsa-surveillance-revives-calls-for-an-al/240165556 http://www.thewhir.com/web-hosting-news/ssl-use-among-million-busiest-sites-48-year-year-netcraft-survey
  7. 7. Increased Usage of SSL Encryption http://www.webpronews.com/yahoo-search-is-now-encrypted-by-default-2014-01 http://www.zdnet.com/twitter-enforces-ssl-encryption-for-apps-connecting-to-its-api-7000025138/ http://searchenginewatch.com/article/2309689/As-Microsoft-Moves-to-Encrypted-Search-Webmasters-Could-Lose-More-Keyword-Data http://online.wsj.com/news/articles/SB10001424052702303448204579339432277705894
  8. 8. Security Trends, 2014 1. Increased Usage of SSL Encryption 2. Ransomware Continues
  9. 9. http://www.legitreviews.com/cryptolocker-ransomware-affected-estimated-250000-computers_131647 http://www.tomsguide.com/us/cryptolocker-evolves-worm,news-18066.html
  10. 10. http://arstechnica.com/security/2014/01/researchers-warn-of-new-meaner-ransomware-with-unbreakable-crypto/ http://www.therecord.com/news-story/4334442-ransomware-attacks-are-increasing/
  11. 11. Security Trends, 2014 1. Increased Usage of SSL Encryption 2. Ransomware Continues 3. Increase in Win 7 & Win 8 Attacks
  12. 12. Increase in Win7 & Win8 Attacks http://www.independent.ie/business/technology/deadline-looms-for-xp-users-as-microsoft-shuts-system-support-29941733.html http://www.zdnet.com/at-years-end-xp-usage-plunges-as-windows-7-and-8-take-over-7000024699/
  13. 13. Increase in Win7 & Win8 Attacks http://www.independent.ie/business/technology/deadline-looms-for-xp-users-as-microsoft-shuts-system-support-29941733.html http://www.zdnet.com/at-years-end-xp-usage-plunges-as-windows-7-and-8-take-over-7000024699/
  14. 14. Security Trends, 2014 1. Increased Usage of SSL Encryption 2. Ransomware Continues 3. Increase in Win 7 & Win 8 Attacks 4. New Exploit Kits in the Wild
  15. 15. New Exploit Kits in the Wild http://threatpost.com/blackhole-and-cool-exploit-kits-nearly-extinct/103034 http://news.softpedia.com/news/BlackHole-Exploit-Kit-Author-Reportedly-Arrested-in-Russia-388949.shtml
  16. 16. New Exploit Kits in the Wild http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html http://www.scmagazineuk.com/exploit-kits-for-sale-on-a-website-near-you/article/301851/
  17. 17. Security Trends, 2014 1. Increased Usage of SSL Encryption 2. Ransomware Continues 3. Increase in Win 7 & Win 8 Attacks 4. New Exploit Kits in the Wild 5. Sophisticated Smartphone Attacks
  18. 18. Sophisticated Smartphone Attacks
  19. 19. Sophisticated Smartphone Attacks Vulnerabilities Malware Families http://gcn.com/articles/2013/04/19/iphone-vulnerabilities-android-most-attacked.aspx
  20. 20. Security Trends, 2014 1. Increased Usage of SSL Encryption 2. Ransomware Continues 3. Increase in Win 7 & Win 8 Attacks 4. New Exploit Kits in the Wild 5. Sophisticated Smartphone Attacks 6. System Hopping Malware
  21. 21. System Hopping Malware http://www.computerworld.com/s/article/9229596/Windows_malware_hides_in_iOS_app http://consumerist.com/2013/02/04/great-now-theres-android-malware-that-can-infect-your-pc-turn-it-into-a-listening-device/
  22. 22. System Hopping Malware http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/ http://www.pcworld.com/article/2090940/new-windows-malware-tries-to-infect-android-devices-connected-to-pcs.html
  23. 23. The IT journey… From mainframe to client server to distributed to risk everywhere
  24. 24. Powerful disrupters… the world is more connected than ever. Cloud Big Data Mobility Security and risk 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 35 By 2020 volume of data stored will reach 35 Zettabytes 5X Mobility source shifts from 62%/38% corporate/personal owned to 37% corporate owned and 63% personal owned 79% of surveyed companies experienced some type of significant security incident within the past year that resulted in financial and/or reputational impact
  25. 25. Unfortunately, the bad guys are more connected too. They have many names Spear-Phishers, BOTnets, DDoS, Zero-Day Threats, Insider threats & former employees They’re determined to exploit “disconnected security” Security tools, processes, user profiles and information, separated in siloes that leave dangerous gaps inbetween
  26. 26. Business can’t stop to wait for security Cloud SaaS Data growth BYOD Desire: secure How is your To embrace environment business trends with all these new initiatives Challenge: coming into Security often play? gets in the way Web 2.0 Virtualization Compliance
  27. 27. Users are Increasingly Out of Your Control More… Day Extenders Home Office Users Kiosks/Public Machine Users    Traveling Executives   Devices Saas/Hosted Apps Social Media Network environments Mobility Business Partners/ Extranet Users Saas, Web 2.0 Real-Time Apps Wireless LAN Users VOIP Users Tablets & Smart Phone Users Internal Users External Users
  28. 28. Mobile business use cases It’s not just email and calendar any more… SOURCE: Yankee Group, June 2012
  29. 29. Why mobile devices can be risky? 30
  30. 30. Every 56’’ a laptop is stolen $49,246 Average value of lost laptop1 46% Of lost laptops contained confidential data1 Data is the most important asset companies own: + Intellectual Property + Customer and employee data + Competitive information IT managers are looking for ways to: Were not protected with mobile security features1 $5.5M Average organizational cost of a data breach2 Source: 1. Poneman Institute Study Source: 2 Symantec & Poneman Institute Study: US cost of a Data Breach, 2011 Fully protect data wherever it goes without disrupting end users + Save time deploying and managing security + Ensure they remain in compliance + 57% + Flexible scale to ensure they meet the requirements of different users
  31. 31. Mobile usage – blurred lines Personal Business Email Email Calendar Calendar Internet access Intranet file share Social media Intranet business apps Increased risk of business data loss and introduction of malware
  32. 32. Today, layers and silos get the security job done but often have gaps = business risk Individual job done well in silos • Solutions often don’t work together • Solutions don’t work across the business Silos and layers add stress to your resources • Difficult to get to work together • Limited security resources Dell belief: there is a better way
  33. 33. Dell’s vision: Connected Security for a connected world Effective Security to enable business while also meeting the needs of security Connected Security is security that… • • • • Shares and applies intelligence Works with the business, end-to-end Maintains flexibility and open architecture Enables broad contextual awareness with dynamic control Protect information everywhere Efficient Work with the business
  34. 34. Securing & Monitoring Data and Access DDP| E KACE Applications SonicWALL SecureWorks Data
  35. 35. The Dell Approach is Simple and Modular with Outside in and inside out protection, from device to cloud. Data cloud Data Security Configuration & Patch Management Identity Identity & Access Management Data center Network End points Next Gen Firewall Secure Remote Access Email Security Security Services Incident Response Managed Security Services Security & Risk Consulting
  36. 36. Dell Security Service s Let good guys in Keep bad guys out Enstratius (Multi-Cloud Manager) IAM Dell Threat Intelligence Dell Incident Response Application Security Network Security Data & Endpoint Security Dell KACE Dell SonicWALL Dell SonicWALL Secure Remote Access (SRA) Mobile Connect Dell One Identity IAM Dell Security & Risk Consulting Configuration & Patch Management Dell Data Protection Encryption Dell KACE Dell SonicWALL Embedded in Dell Infrastructure & Devices Email Security Dell SonicWALL K3000 MDM Next-Gen Firewall Dell Wyse Cloud Client Manager Scalable and Mid-Market design point: endpoint to data center to cloud Endpoint Network Server Storage Cloud Did you know DELL does Security? *formerly Quest One Dell Managed Security Services
  37. 37. Better connected means better protected Connect security to infrastructure Embed: Security embedded natively into infrastructure Connect security to information Protect, Predict: Security solutions that gather, analyze, report and enable action Connect security to other security solutions Embed, Protect, Predict, Respond: Security that is no longer siloed…Data, User, Network,, Services
  38. 38. Making Dell Connected Security tangible • Encryption enforcement for Cloud Services
  39. 39. Demo: Encryption Enforcement for Cloud Services Data protection assurance… • Dell Data Protection | Encryption + • If encryption isn’t present, document cannot be posted until device is compliant with policy • Dell NextGeneration Firewall Ensures encryption is applied prior to the document being posted to a cloud service Applies company access policies to cloud service, if desired Better connected means better protected
  40. 40. Making Dell Connected Security tangible • Secure Mobile Access
  41. 41. Demo: Secure Mobile Access Dell Kace + Dell Secure Mobile Access Better connected means better protected
  42. 42. Demo: Secure Mobile Access • Quarantine systems not running the KACE agent • Redirect users to KACE User Portal • Allow KACE agent to bring endpoint to compliance Better connected means better protected
  43. 43. Demo: Secure Mobile Access Secure Mobile Access… Dell Defender + Dell Secure Mobile Access • Increased security using SSL VPN and 2 Factor Authentication solutions Better connected means better protected
  44. 44. Mobile Connect for Windows 8.1 • Microsoft ships Mobile Connect VPN plugin ‘Inbox’ in Windows 8.1 • Supports all versions of Windows 8.1 including Windows RT and (Window Phone Future) • Integrated Windows user experience with management via Windows UI, MDM solutions and PowerShell.
  45. 45. Dell security and business solutions are recognized in the Gartner Magic Quadrants 2011 to 2013 Challengers Leaders • Identity and Access Governance • Managed Security Service Providers • Unified Threat Management • User Administration and Provisioning Security Solutions Niche Players • Enterprise Network Firewalls • Secure Email Gateways • Enterprise Backup/Recovery Software Visionaries • E-Class SRA SSL VPN • Mobile Data Protection
  46. 46. Snapshot Patagonia grew out of a small company that made tools for climbers. Alpinism remains at the heart of a worldwide business that still makes clothes for climbing – as well as for skiing, snowboarding, surfing, fly fishing, paddling and trail running, and employs over 1600 employees worldwide. Challenge The company needed to update its legacy firewalls and implement a centralised management tool to make it easy to deploy and manage. Application Intelligence and Control firewall functionalities and QoS were also key requirements. Results • Fast implementation of the Dell SonicWALL E-Class NSA 5500, TZ series and Wireless Access Points at the EMEA HQs and remote locations • Better bandwidth usage and management • Efficient and cost-effective distributed network implementation • Better work-life balance thanks to secure remote access • Dell SecureWorks for 24/7 security monitoring/auditing • Dell Eco System: servers, storage, laptops/PCs Software
  47. 47. Out Connect The Threats with
  48. 48. Dell Connected Security
  49. 49. Digital is business

×