Security as as Service: Case Study of F-Secure
•Download as PPT, PDF•
1 like•2,341 views
The presentation describes how F-Secure has transformed its business model to Security as a Service (SaaS) in telecommunication market. Security as a Service uses cloud platforms to offer security services.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Similar to Security as as Service: Case Study of F-Secure
Similar to Security as as Service: Case Study of F-Secure (20)
More from Pouria Ghatrenabi
More from Pouria Ghatrenabi (9)
Recently uploaded
Recently uploaded (20)
Security as as Service: Case Study of F-Secure
- 1. Internet Security Course Pouria Ghaternabi F-Secure Corporation: Software as a Service in the Security Solutions Market
- 2. Agenda About F-Secure Emergence of Security Software Market F-Secure & Public listing Introduction of SaaS with ISP channel Key Issues to Address Maintaining Current Success Future Challenges Developing Capabilities Conclusion Q&A Click me to see my ugly face
- 4. Evolution of F-Secure Started as a consulting and training service provider for desktop publishing, project management ,database management etc. Data Security became the focus of F-secure when Mikko Hypponen (Leading software security experts) joined the company in 1991.Cultural revolution started. F-Secure created its First Anti-Virus scanner product same year. F-Secure also dabbled and divested in file encryption and Virtual Private Network(VPN) solutions.
- 5. Emergence of Security Software Market First widely publicized computer break-in occurred in August 1986 in Lawrence Berkeley Labs in California. Next Major event happened in November 1986 when a Cornell university student injected an experimental self replicating and propagating worm into a node on the internet. F-Secure partnered with Fridrik Skulason to develop a commercial product and later released a windows version. Threats from viruses grew in the early 90s.Viruses began spreading through out the internet.
- 6. Reasons of Public Listing Only 0.5% of market share in 1999. The industry market had two major players. F-Secure had low investment in branding. In other to compete; F-Secure needed to acquire funds, and Increase visibility
- 7. Critical Turning Point Having recognized that the major players had strong reputations and where first movers in the industry which attracted many cooperate customers. F-Secure realized; It had limited sales channels There was lack of security concerns of casual users It needed a new way to compete, Thus, the ISP initiative ascended.
- 8. The SaaS & ISP Strategy Security as Service is a SaaS initiative deployed by F-Secure to deliver sets of security service functionalities to customers based on their desired need. It allows for ISPs to use sets of a vendor security software to manage customer security services. Facilitates end user service differentiation. Reliable security software updates in real-time.
- 9. Why ISP It was a competitive advantage for F-Secure. It was an unexploited market. Unattractive to major players. It offered a wide customer base access and sales channel. Addressed customer known-how issues. Valuable added services of ISPs to customer. Opportunity to utilize ISP’s existing billing system.
- 10. Success of this model In 2008, it had over 180 ISP partners scattered over 38 countries. In 2008, it realized 13.9 Billion (47%) of its total revenue through its ISP partners. F-Secure became a global market leader. F-Secure clinched a huge amount of loyal customers from the market. Offered its product at less expensive prices.
- 11. F-Secure: Key Issues to Address
- 12. Maintaining Current Success with ISP
- 13. Maintaining Current Success ISP country's specific products introduction (+1 differentiation) Subsidized prices as per country's economic condition Continue to be innovative with Research and Development of new technologies and new solutions Innovations in mobile computing and even consumer products
- 14. Future Competition & Service Delivery Mergers and acquisitions Cloud Service providers
- 15. New Battlefields & Service Areas Cloud Computing Mobile computing Pervasive computing/ internet of things Literally, all of the devices can be hacked Intentional threats getting organized
- 16. Governments are getting into the game… Ralph Langner if you have heard that the dropper of Stuxnet is complex and high-tech, let me tell you this: the payload is rocket science. It's way above everything that we have ever seen before.
- 17. Rise of New Threats, and Future of Security Mikko Hypponen F-Secure Chief Research Offices
- 18. Developing Capabilities: ISP value added services Securing Data Center by ISPs for DDoS attack for enterprises can provide unique opportunities for business growth. Volumetric DDoS attack Application layer based DDoS attack targeting specific services ISPs can provide both a network-based service component to stop volumetric DDoS attacks and a CPE-based service component to stop application-layer DDoS attacks— representing a distinct competitive advantage. Securing Data Centers: A Unique Opportunity for ISPs, White Paper, ARBOR Networks
- 19. Developing Capabilities Always be the first to detect and provide a remedy to the threat Increase visibility of the network for Mobile Networks * Critical relationship with Govt. Agencies to understand the future regulatory requirements R&D for how virus will be developed and start to impact in social media. Diversity of distribution channels The security solution will be distributed through ISPs, mobile phone providers, cloud service providers, OEMs, & direct sale. *Top Security Concerns and Threats Facing Today’s Mobile Network Operators, Highlights from Arbor Networks’ 2012 Worldwide Infrastructure Security Report
- 20. Security Market Size & Forecast Overall, the security software market is about $20 billion and growing. The consumer security software market will grow to around $6 billion by 2016 ($4.3 billion in 2012). The mobile security software market is growing at almost 40% per year over the next four years (Gartner, Jan 2013). F-Secure :ANNUAL REPORT 2013
- 21. Key Takeaways Main source of competition is from changing markets Security threats are getting new horizons Privacy is the renewed concern Cloud computing is the next frontier for security solution delivery Strong collaboration with different security solution stake holders
- 22. WELCOME TO THE PARTY YOU ARE AUTHORIZED TO ASK YOUR QUESTIONS SECURELY…
Editor's Notes
- The Brand promise is to protect customers irreplaceable digital content and online interactions.
- F. Secure had to work hard to convince some companies that viruses were even exixtant.Early sales were uninspiring.
- KGB funded German slipped through the system system security holes and was browsing sensitive databases primarily military networks The worm replicated and infected machines at the university, military sites and medical research facilities the world over costing damages ranging $ 200-$53000 per site Viruses began spreading through documents attached to emails.
- In 2006, we hit an important milestone from the perspective of computer security. And why do I say that? Because that's when implanted devices inside of people started to have networking capabilities. One thing that brings us close to home is we look at Dick Cheney's device, he had a device that pumped blood from an aorta to another part of the heart, and as you can see at the bottom there, it was controlled by a computer controller, and if you ever thought that software liability was very important, get one of these inside of you. 2:52Now what a research team did was they got their hands on what's called an ICD. This is a defibrillator, and this is a device that goes into a person to control their heart rhythm, and these have saved many lives. Well, in order to not have to open up the person every time you want to reprogram their device or do some diagnostics on it, they made the thing be able to communicate wirelessly, and what this research team did is they reverse engineered the wireless protocol, and they built the device you see pictured here, with a little antenna, that could talk the protocol to the device, and thus control it. In order to make their experience real -- they were unable to find any volunteers, and so they went and they got some ground beef and some bacon and they wrapped it all up to about the size of a human being's area where the device would go, and they stuck the device inside it to perform their experiment somewhat realistically. They launched many, many successful attacks. One that I'll highlight here is changing the patient's name. I don't know why you would want to do that, but I sure wouldn't want that done to me. And they were able to change therapies,including disabling the device -- and this is with a real, commercial, off-the-shelf device -- simply by performing reverse engineering and sending wireless signals to it. 4:06 There was a piece on NPR that some of these ICDs could actually have their performance disrupted simply by holding a pair of headphones onto them. *** So the amount of money online crime generates is significant. And that means that the online criminals can actually afford to invest into their attacks. We know that online criminals are hiring programmers, hiring testing people, testing their code, having back-end systems with SQL databases. And they can afford to watch how we work -- like how security people work -- and try to work their way around any security precautions we can build. They also use the global nature of Internet to their advantage. I mean, the Internet is international. That's why we call it the Internet. 9:14 And if you just go and take a look at what's happening in the online world, here's a video built by Clarified Networks, which illustrates how one single malware family is able to move around the world. This operation, believed to be originally from Estonia, moves around from one country to another as soon as the website is tried to shut down. So you just can't shut these guys down. They will switch from one country to another,from one jurisdiction to another -- moving around the world, using the fact that we don't have the capabilityto globally police operations like this. So the Internet is as if someone would have given free plane tickets to all the online criminals of the world. Now, criminals who weren't capable of reaching us before can reach us. 13:14 So what happens when online criminals are caught? Well in most cases it never gets this far. The vast majority of the online crime cases, we don't even know which continent the attacks are coming from. And even if we are able to find online criminals, quite often there is no outcome. The local police don't act, or if they do, there's not enough evidence, or for some reason we can't take them down. I wish it would be easier; unfortunately it isn't. http://worldmap3.f-secure.com/
- 13:39 But things are also changing at a very rapid pace. You've all heard about things like Stuxnet. So if you look at what Stuxnet did is that it infected these. That's a Siemens S7-400 PLC, programmable logic [controller].And this is what runs our infrastructure. This is what runs everything around us. PLC's, these small boxes which have no display, no keyboard, which are programmed, are put in place, and they do their job. For example, the elevators in this building most likely are controlled by one of these. And when Stuxnet infects one of these, that's a massive revolution on the kinds of risks we have to worry about. Because everything around us is being run by these. I mean, we have critical infrastructure. You go to any factory, any power plant, any chemical plant, any food processing plant, you look around -- everything is being run by computers. 14:39 Everything is being run by computers. Everything is reliant on these computers working. We have become very reliant on Internet, on basic things like electricity, obviously, on computers working. And this really is something which creates completely new problems for us. We must have some way of continuing to workeven if computers fail.
- CPE generally refers to devices such as telephones, routers, switches, residential gateways (RG), set-top boxes, fixed mobile convergence products, home networking adaptors and internet access gateways that enable consumers to access Communications Service Providers' services and distribute them around their house via a LAN
- F-secure should invest in developing infrastructure and human resources to always become first when it comes to detect new threats and providing remedy thereby. It will place F-secure in a distinct competitive position. F-secure should develop capabilities for Mobile Operators and ISPs to increase visibility in their network as number of devices having high computing power will increase day by day. Mobile Operators and ISPs need to track down those intrusion coming from the devices in their network and prevent thereby. Developing strong tie with the law enforcement agencies world wide to understand the priority for internet security that may take shape in regulatory requirements for large market. It will also help F-secure to address localized ISPs needs in advance.