With an increasing prevalence of cloud services, end user computing and third party delivery - many organisations are having to monitor security controls at arms length where they don't have direct contact or access
2. Introductions
210/2/2013
Piers Wilson
Head of Product Management
at Tier-3
Director of IISP
Previously Senior Manager in
PricewaterhouseCoopers Cyber Security practice
Tier-3 Huntsman®
Advanced Security Incident & Event Management (SIEM)
solution
• High performance event correlation
• Behaviour Anomaly Detection (BAD 2.0)
• “Big data” analytics
• Governance, Risk, Compliance
• Cloud/multi-tenancy support
• Active response
3. Agenda and scope
• What this talk is about…
– The implications of technology
trends
– Anticipating the emergent IT and
security environment
– Monitoring security when:
• It is more important
• It is more difficult
– Approaches to dealing with this in a
constructive way
10/2/2013 3
79% of the UK population use the internet anywhere, on any
device
Ofcom, 2012
Looking ahead to 2013, we are going to see more and more
organisations seeking alternatives to on-premise deployments.
Paul Moxon, Axway (via IDG Connect)
Most significantly, we’re seeing an overriding belief that cloud is
disrupting software in fundamental and lasting ways.
Michael Skok, 2012 Future of Cloud Computing
A standard setup of computing on a business' premises — a
server in a closet or basement, and software loaded on individual
machines — is a model that's likely to drift into obsolescence
The Daily Progress, 2013
Enterprise mobility is booming; organizations must connect with
employees, customers, and partners in new ways and across new
devices and applications.
Forrester
4. Background
• Mobile apps, consumerisation and "bring your own device" are here
• Users / Customers increasingly expect to access systems via mobile /
personal devices
• Cloud computing is well along the hype curve – its use and
pervasiveness is growing
• Social media is already a more “normal” way of working than email
for many people
10/2/2013 4
6. The “Office of the Future”
This is starting to be known as the
“externalised organisation”
A greater focus and proportion of IT
delivery / use happens outside
10/2/2013 6
IT your users
control
IT your cloud
provider
controls
IT you
control
7. Conclusions...
Security teams face a real challenge
• Data isn’t where it used to be
• The network is going beyond just losing its perimeter to being completely
external
• You have a lot less control over the front and back end platforms (i.e. none)
• People are working and communicating differently (e.g. social media)
Some new approaches are necessary...
10/2/2013 7
8. More diversity and complexity in monitoring and
control
10/2/2013 8
Security Operations
• Greater visibility
• Compliance burden
• Improved response
Cyber-securityUsers
Mobile
Environment
Cloud ApplicationsPaaS
• Cyber security controls
• Threat feeds
• Social media
• End-user devices
• Social Media
• MDM
• Mobile Apps
• App backends
• Salesforce
• Etc...
• Virtualised Platforms
• Hypervisor layer
Platforms PhysicalSecurity ControlsNetworkApplications
• Windows
• Unix
• Mainframe
• Locks
• CCTV
• RFID
• Firewalls
• AV
• IDS/IPS
• ID&AM
• LAN/WAN
• VPN
• Remote Access
• Web
• Client/Server
• Databases
9. Future-proof, advanced SIEM solutions
10/2/2013 9
Cyber-security
Users
Mobile
Environment
Cloud
Applications
PaaS
• Ability to consider the platform and the hypervisor layer
• Multi-tenancy increasingly going to be demanded by platform suppliers
• Ability to monitor service levels and risk currently rare
• Everything is externalised, what log access is possible?
• Are there ways to track access, misuse, anomalous go away
• MDM platforms and staff mobility management
• Custom apps – does log data come from the user device or the back-end
• What will mobile payments mean – esp. for carriers, banks, retailers
• Activity on internal and external systems
• Social media monitoring – legality, effectiveness and feasibility
• What about the wider communications environment
• Increasingly rich market for “cyber security solutions” which add to the controls portfolio
None of this is easy
Agility within the
organisation and in its
security partners will be
key
Check suppliers have got
these trends on their
radar
Operations will require
“intelligent” SIEM
solutions to meet business
demands
11. Deciding what information to collect
and why…
Security teams are used to drawing a balance between benefit and risk
• what data we collect and its value
Industry (more widely) is starting to invest in, and discover, the value of
data analytics
In security, the wider benefits of “big data”
involves different parameters … more data means:
• Improved fraud analytic capability
• Better customer profiling
• More context
• Better diagnostics (and anticipation)
AND
• Greater visibility around security threats, risks, attacks
10/2/2013 11
Smarter data
analytics
More useful data sources
More uses / Bigger audience
12. … and then making sure we can
protect it
Growth of security/customer/fraud/business data from the mobile computing environment can:
• Challenge privacy obligations
• Give security teams another (and higher impact) data set to protect
Need to evolve security stance - even simple “big data” examples could raise the risk levels much
higher
Cloud changes the way we deliver IT
Must ensure we have the right tools and approaches to gain the maximum value from the security,
fraud, activity data available
Social media exposes users, and gives business new ways to interact
Usage and brand management need monitoring - threat awareness becomes a tangible advantage
10/2/2013 12
13. So what?
• The value of (all) data is increasing
• More mobile and app-oriented environment and wider adoption of external services
… security logs, behaviour anomaly detection, cyber threat detection and analytics more critical
… businesses increasingly looking to drive efficiencies and interaction
• We have to acknowledge these trends and ensure that we adequately protect business
information
• Gaining visibility – and keeping it – is vital
10/2/2013 13