Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Internet of Security Things (A Story about Change)

1,834 views

Published on

Lots of change is impacting security. This presentation looks at four key security concerns that are most impacted by application and technology trends and what we can look for in solutions to address those concerns.

Published in: Technology
  • Be the first to comment

The Internet of Security Things (A Story about Change)

  1. 1. THINGS THE INTERNET OF SECURITY @lmacvittie A story about change DATA SOURCED FROM: VERIZON, KAPERSKY, SANS, F5, GOOGLE, M-FILES, ALGOSEC, DELL, FORRESTER, ESG, PONEMON
  2. 2. { }THE MORE THINGS CHANGE the more they stay the same1- Jean-Baptiste Alphonse Karr @lmacvittie
  3. 3. What is your trouble? Mistaken identity.“ “ - Wei Wu Wei @lmacvittie
  4. 4. The top factor driving network security strategy is preventing and/or detecting malware threats Phishing still catches 45% of targets  NOWTHEN NIMDA SQL SLAMMER ZEUS CRIDEX CONFICKER DYRE E-MAIL FTP SITES E-MAIL WEB SITES M A L W A R E D I S T R I B U T I O N @lmacvittie
  5. 5. 44% of organizations say security and fear of a data breach keeps them from expanding mobile programs The Most Common Types of Incidents 82% 70% 66% 49% malware access breach false alarm DDoS attack @lmacvittie
  6. 6. 61% of breaches are caused by stolen credentials @lmacvittie
  7. 7. NEED SMARTER DECISIONS ON WHO ACCESSES WHAT FROM WHERE AND WHEN AND HOW AND … Browser / Device / Thing Fingerprinting Geolocation Malware Detection Identity Verification Contextual Security: Evaluating multiple variables to determine legitimacy of client It’s not just for banks any more @lmacvittie
  8. 8. { }2SOMETIMES THE THINGS WE CAN’T CHANGE end up changing us - Unknown @lmacvittie
  9. 9. You cannot stop an attack. You can only prevent it from having an impact. “ “ - me @lmacvittie
  10. 10. DPS of a DDoS has doubled 5 Gbps 10 Gbps 2011 2013 Leading rhetorical question: Has your bandwidth doubled too? @lmacvittie
  11. 11. More than 1/3 were hit by a DDoS attack between April 2013 and May 2014 55% of DDoS targets experienced smokescreening with nearly 50% having malware/virus installed and 26% losing customer data. @lmacvittie
  12. 12. 50% agree specialized countermeasures against DDoS attacks are an important security requirement WE HAVE TO CHANGE BECAUSE WE CAN’T CHANGE ATTACKERS 35% of organizations plan to deploy more security services in the next 12 months HYBRID DDoS PROTECTION ARCHITECTURE @lmacvittie
  13. 13. APP ATTACKS WEB doubled in frequency from under 20% in 2012 to 40% in 2013 @lmacvittie
  14. 14. More than half of organizations protect applications and data on the client, on request and on response. WE HAVE TO CHANGE BECAUSE WE CAN’T CHANGE THE APPS @lmacvittie
  15. 15. { }3THINGS CHANGE FOR THE WORSE SPONTANEOUSLY if not changed for the better purposefully - Francis Bacon @lmacvittie
  16. 16. Wearables are like your tag-along little brother. They get access because they are attached to you. “ “ - me @lmacvittie
  17. 17. 170 M wearable devices by 2017. 2 M telehealth patients by 2018. 12 percent of cars will be connected to the Internet by 2016 26.8 percent of TVs will be connected by 2018 212 B connected things, 1.4 mobile devices per capita by 2018 THINGS ARE CHANGING EVERYTHING Licensing  Activation  Remote control  Data management  Usage  Billing  Engagement Within the next five years, more than 90% of all IoT data will be hosted on service provider platforms as cloud computing reduces the complexity of supporting IoT “Data Blending”.
  18. 18. FOUR the order of magnitude difference between employees and customers needing access
  19. 19. THINGS WE CAN CHANGE PURPOSEFULLY PROGRAMMABILITY & PROVISIONING DNS IDENTITYAVAILABILITY SECURITY ACCESS ORCHESTRATION • Focus on scale of core capabilities like DNS and availability • Evaluate readiness to federate access across cloud apps • Examine state of identity and access* to manage millions of users • Strategize on automation for provisioning and auto-scale Licensing  Activation  Remote control  Data management  Usage  Billing  Engagement * This means your identity store, too. Can your LDAP/AD/SQL infra keep up? @lmacvittie
  20. 20. { }THINGS WE CAN CHANGE to improve security this year4
  21. 21. 1 3 2 4 • SCALE and SMARTS of IDENTITY and ACCESS • WEB APPLICATION SECURITY • DDoS PROTECTION APPROACHES • OPERATIONLIZE with APIs, TOOLS and FRAMEWORKS @lmacvittie
  22. 22. THANK YOU

×