Skybox Security, profile picture
Uploaded bySkybox Security
PPTX, PDF928 views

Risk Analytics: One Intelligent View

The document discusses the challenges of cybersecurity management and highlights the need for risk analytics to better understand and mitigate cyber threats. It includes statistics about cyber incidents, emphasizes the importance of visibility and compliance, and presents Skybox Security's capabilities in helping organizations manage their security risks effectively. The agenda features a live demo and concludes with insights on the integration of data for enhanced security measures.

Embed presentation

Downloaded 23 times
SIGS _ Dec 2014 Security Interest Group Switzerland
Risk Analytics – One Intelligent View Thomas Wendrich, Director CEUR, Skybox Security Simon Roe, EMEA Channel Presales Director November 2014 www.skyboxsecurity.com thomas.wendrich@skyboxsecurity.com +49 40 31979956
Agenda  Cyber Risk - The Management Challenge – Facts and Figures  Live Demo  Summary © 2014 Skybox Security Inc. 3
Lloyds Risk Index 2013 “The World Catches Up With Cyber Risk” “It appears that businesses across the world have encountered a partial reality check about the degree of cyber risk. Their sense of preparedness to deal with the level of risk, however, still appears remarkably complacent.” © 2014 Skybox Security Inc. 4
Verizon Data Breach Investigations Reports  Incidents tripled over last year’s already much increased number  97% of breaches were avoidable through simple or intermediate controls (2012) © 2014 Skybox Security Inc. 5
Security Management is Challenging Today Problems our customers face  Too much output from security tools  Lack of visibility across silos  Maintaining continuous compliance  Making agile and secure changes  Understanding risk implications  Evolving threat landscape © 2014 Skybox Security Inc. 6
Seeing the Battlefield “The battlefield is a scene of constant chaos. The winner will be the one who controls that chaos , both his own and the enemies” NAPOLEON BONAPARTE © 2014 Skybox Security Inc. 7
Risk Analytics For Cyber Security? © 2014 Skybox Security Inc. 8
Attackers Understand Your Attack Surface …You Don’t Expansion Drivers Vulnerabilities Endpoints Exploits Network access © 2014 Skybox Security Inc. 9 Contraction Drivers Network segmentation Fixing vulnerabilities Technical controls Hours to attack, months to defend
Recent Snowden Leak Backs This Up KEY OBJECTIVE! Source – TED Talk October 2013 – Mikko Hyponnen, Chief Risk Officer F-Secure © 2014 Skybox Security Inc. 10
Is there a solution? © 2014 Skybox Security Inc. 11
Use Risk Analytics to Understand Your Attack Surface—Continuously Network Visibility: Topology Routing Policies Firewalls © 2014 Skybox Security Inc. 12 Endpoints Visibility: Software Patches Vulnerabilities Classification Attack Vectors Risk Metrics Remediation Plans Network Visualization Contextual Analysis
Agenda  Live Demo – Simon Roe – Overview © 2014 Skybox Security Inc. 13
Agenda  Summary – Thomas Wendrich © 2014 Skybox Security Inc. 14
What Do You See?
Combine Data & Give It Battlefield Context √ 80+ Vendors integrated with Skybox © 2014 Skybox Security Inc. 16
Skybox – A Critical Component of Next Generation Cyber SOC Design Cyber Security Analysts IT-GRC - Integrated Security Dashboard & Reporting Risk Analytics Security intelligence to minimize risk exposure © 2014 Skybox Security Inc. 17 Security Information & Event Management Event monitoring to detect & respond to incidents
Skybox Company Snapshot Leading provider of risk analytics solutions for security management & cyber defense © 2014 Skybox Security Inc. 18 Founded 2002 Revenue Growth 50%+ Customers 400+ Countries 40 Headquarters San Jose R&D Center Israel Identify security gaps in minutes, not weeks
400+ Enterprise Customers in 40+ Countries Financial Services © 2014 Skybox Security Inc. 19 Technology Healthcare Government & Defense Consumer Service Providers Energy & Utilities
Network Security Management with Skybox © 2014 Skybox Security Inc. 20 Monitor Compliance Model Network Understand network context Analyze Firewalls Manage Changes  Rule and configuration checks  Access path analysis  Rule optimization  Change tracking  Automated audits  PCI DSS  FISMA  NERC  NIST  Custom Policies Automate security assessments Verify controls continuously Change Request Tech Details Assess Risks Make Change Reconcile Verify Optimize change process  Network topology view  Normalize data from 70+ systems  Access simulation
© 2014 Skybox Security Inc. 21
SIGS _ Dec 2014 Security Interest Group Switzerland Thomas Wendrich, Director CEUR, Skybox Security Simon Roe, EMEA Channel Presales Director November 2014 www.skyboxsecurity.com thomas.wendrich@skyboxsecurity.com +49 40 31979956

More Related Content

PPTX
What's Wrong with Vulnerability Management & How Can We Fix It
bySkybox Security
 
PPTX
Network Security Best Practices - Reducing Your Attack Surface
bySkybox Security
 
PDF
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
bySkybox Security
 
PDF
Infosec 2014: Who Is Skybox Security?
bySkybox Security
 
PDF
RSA 2014: Skybox Security Risk Analytics Overview
bySkybox Security
 
PDF
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
bySkybox Security
 
PPTX
Network Security Trends for 2016: Taking Security to the Next Level
bySkybox Security
 
PPTX
5 Steps to Reduce Your Window of Vulnerability
bySkybox Security
 
What's Wrong with Vulnerability Management & How Can We Fix It
bySkybox Security
 
Network Security Best Practices - Reducing Your Attack Surface
bySkybox Security
 
Infosec 2014: Risk Analytics: Using Your Data to Solve Security Challenges
bySkybox Security
 
Infosec 2014: Who Is Skybox Security?
bySkybox Security
 
RSA 2014: Skybox Security Risk Analytics Overview
bySkybox Security
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
bySkybox Security
 
Network Security Trends for 2016: Taking Security to the Next Level
bySkybox Security
 
5 Steps to Reduce Your Window of Vulnerability
bySkybox Security
 

What's hot

PPTX
Securing Your Public Cloud Infrastructure
byQualys
 
PPTX
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
byAlert Logic
 
PDF
Qualys Corporate Brochure
byQualys
 
PDF
Check Point vSEC for Microsoft Azure Webinar
byCheck Point Software Technologies
 
PDF
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
byQualys
 
PPTX
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
byQualys
 
PPTX
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
bySkycure
 
PDF
Journey to the Cloud: Securing Your AWS Applications - April 2015
byAlert Logic
 
PDF
Securing Your Cloud With Check Point's vSEC
byCheck Point Software Technologies
 
PDF
Best Practices for Network Security Management
bySkybox Security
 
PDF
Outpost24 webinar - Busting the myths of cloud security
byOutpost24
 
PPTX
How Aetna Mitigated 701 Malware Infections on Mobile Devices
bySkycure
 
PPTX
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
byAlgoSec
 
PPTX
2015 Security Report
byCheck Point Software Technologies
 
PDF
Top 5 Cloud Security Predictions for 2016
byAlert Logic
 
PDF
Check Point and Accenture Webinar
byCheck Point Software Technologies
 
PPTX
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
bySkybox Security
 
PDF
Are You Prepared for the Next Mobile Attack?
byCheck Point Software Technologies
 
PPTX
Shared Security Responsibility in the AWS Public Cloud
byAlert Logic
 
PDF
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
bySkybox Security
 
Securing Your Public Cloud Infrastructure
byQualys
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
byAlert Logic
 
Qualys Corporate Brochure
byQualys
 
Check Point vSEC for Microsoft Azure Webinar
byCheck Point Software Technologies
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
byQualys
 
Webcast Series #1: Continuous Security and Compliance Monitoring for Global I...
byQualys
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
bySkycure
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
byAlert Logic
 
Securing Your Cloud With Check Point's vSEC
byCheck Point Software Technologies
 
Best Practices for Network Security Management
bySkybox Security
 
Outpost24 webinar - Busting the myths of cloud security
byOutpost24
 
How Aetna Mitigated 701 Malware Infections on Mobile Devices
bySkycure
 
2019 06-26 effective multi-vendor management -fortinet algo sec webinar final
byAlgoSec
 
2015 Security Report
byCheck Point Software Technologies
 
Top 5 Cloud Security Predictions for 2016
byAlert Logic
 
Check Point and Accenture Webinar
byCheck Point Software Technologies
 
A Call to Arms: Using a Working Model of the Attack Surface to Improve Incide...
bySkybox Security
 
Are You Prepared for the Next Mobile Attack?
byCheck Point Software Technologies
 
Shared Security Responsibility in the AWS Public Cloud
byAlert Logic
 
Think Like a Hacker: Using Network Analytics and Attack Simulation to Find an...
bySkybox Security
 

Viewers also liked

PPTX
Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...
byaccenture
 
PPTX
Risk Analysis for Dummies
byWilliam L. McGill
 
PPTX
Organizational Design - HCL Technologies
byGautam Mahesh
 
PDF
HR / Talent Analytics
byAkshay Raje
 
PDF
Accenture: Analytics journey to roi Feb 2013
byBrian Crotty
 
PPTX
A Tale of Two Risk Measures: Economic Capital vs. Stress Testing and a Call f...
byXiaoling (Sean) Yu Ph.D.
 
PDF
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
byGrant Thornton LLP
 
PDF
Customer Portfolio Segmentation for Finance
byDun & Bradstreet
 
PDF
SOX 2016 - PART I - COSO 2013
byLorri Jongeneel, CPA
 
PPTX
Hcl company ppt.
byChetana's Institute of Management & Research
 
PPTX
HCL Technologies parsentation
byCBSMS
 
PDF
Market Risk
bySAS Institute India Pvt. Ltd
 
PDF
Carpe Diem: Living in a Post-Durbin World (Credit Union Conference Session Pr...
byNAFCU Services Corporation
 
PDF
Stress Testing the Loan Portfolio
byLibby Bierman
 
PPT
Stress Testing
bynikatmalik
 
PPTX
FENG CCAR DFAST BASELIII_real(2)
byKenneth A. Goodwin Jr., MBA
 
PPTX
Big Data Analytics: Ashwin Malshe Talk
byAshwin Malshe
 
Accenture 2015 Global Risk Management Study: Banking Report Key Findings and ...
byaccenture
 
Risk Analysis for Dummies
byWilliam L. McGill
 
Organizational Design - HCL Technologies
byGautam Mahesh
 
HR / Talent Analytics
byAkshay Raje
 
Accenture: Analytics journey to roi Feb 2013
byBrian Crotty
 
A Tale of Two Risk Measures: Economic Capital vs. Stress Testing and a Call f...
byXiaoling (Sean) Yu Ph.D.
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
byGrant Thornton LLP
 
Customer Portfolio Segmentation for Finance
byDun & Bradstreet
 
SOX 2016 - PART I - COSO 2013
byLorri Jongeneel, CPA
 
Hcl company ppt.
byChetana's Institute of Management & Research
 
HCL Technologies parsentation
byCBSMS
 
Market Risk
bySAS Institute India Pvt. Ltd
 
Carpe Diem: Living in a Post-Durbin World (Credit Union Conference Session Pr...
byNAFCU Services Corporation
 
Stress Testing the Loan Portfolio
byLibby Bierman
 
Stress Testing
bynikatmalik
 
FENG CCAR DFAST BASELIII_real(2)
byKenneth A. Goodwin Jr., MBA
 
Big Data Analytics: Ashwin Malshe Talk
byAshwin Malshe
 

Similar to Risk Analytics: One Intelligent View

PDF
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
byRahul Neel Mani
 
PDF
Dealing with Information Security, Risk Management & Cyber Resilience
byDonald Tabone
 
PPTX
Skybox security
byAlejandro Cadarso
 
PDF
Cyber Security
byNC Military Business Center
 
PPTX
Big Data Analytics for Cyber Security: A Quick Overview
byFemi Ashaye
 
PDF
Risk Assessments
byJoAnna Cheshire
 
PPT
Will the next systemic crisis be cyber?
byArrow Institute
 
PDF
Cyber Threat Intelligence
byseadeloitte
 
PDF
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
bySkybox Security
 
PDF
Security at the Breaking Point: Rethink Security in 2013
bySkybox Security
 
PDF
2019 10-22 axio - taking control of cyber risk - grid-seccon
byAxio
 
PDF
Cyber-Risk-Management-Assessment (1)
byOCTF Industry Engagement
 
PDF
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
bySkybox Security
 
PDF
CRI-Exec-Cyber-Briefings (1)
byOCTF Industry Engagement
 
PDF
AI-Cyber-Security-White-Papers-06-15-LR
byBill Besse
 
PDF
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
byErnst & Young
 
PDF
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
byNishantSisodiya
 
PPTX
Leveraging Compliance to “Help” Prevent a Future Breach
byKevin Murphy
 
PPTX
CRI "Lessons From The Front Lines" March 26th Dublin
byOCTF Industry Engagement
 
PDF
Technology Issues and Cybersecurity Strategies
byJack Pringle
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
byRahul Neel Mani
 
Dealing with Information Security, Risk Management & Cyber Resilience
byDonald Tabone
 
Skybox security
byAlejandro Cadarso
 
Cyber Security
byNC Military Business Center
 
Big Data Analytics for Cyber Security: A Quick Overview
byFemi Ashaye
 
Risk Assessments
byJoAnna Cheshire
 
Will the next systemic crisis be cyber?
byArrow Institute
 
Cyber Threat Intelligence
byseadeloitte
 
Infosec 2014: Tech Talk - Non-Disruptive Vulnerability Discovery
bySkybox Security
 
Security at the Breaking Point: Rethink Security in 2013
bySkybox Security
 
2019 10-22 axio - taking control of cyber risk - grid-seccon
byAxio
 
Cyber-Risk-Management-Assessment (1)
byOCTF Industry Engagement
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
bySkybox Security
 
CRI-Exec-Cyber-Briefings (1)
byOCTF Industry Engagement
 
AI-Cyber-Security-White-Papers-06-15-LR
byBill Besse
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
byErnst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
byNishantSisodiya
 
Leveraging Compliance to “Help” Prevent a Future Breach
byKevin Murphy
 
CRI "Lessons From The Front Lines" March 26th Dublin
byOCTF Industry Engagement
 
Technology Issues and Cybersecurity Strategies
byJack Pringle
 

More from Skybox Security

PDF
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
bySkybox Security
 
PPTX
Using a Network Model to Address SANS Critical Controls 10 and 11
bySkybox Security
 
PDF
RSA 2014: Firewall Change Management: Automate, Secure & Comply
bySkybox Security
 
PPTX
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
bySkybox Security
 
PDF
Infographic: Are You Keeping Pace with Security Risks?
bySkybox Security
 
PDF
Is Your Vulnerability Management Program Keeping Pace With Risks?
bySkybox Security
 
PDF
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
bySkybox Security
 
PDF
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
bySkybox Security
 
PDF
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
bySkybox Security
 
PDF
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
bySkybox Security
 
PDF
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
bySkybox Security
 
PDF
Infosec 2014: Tech Talk - Firewall Change Management
bySkybox Security
 
PDF
Is Your Vulnerability Management Program Irrelevant?
bySkybox Security
 
PPTX
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
bySkybox Security
 
PPTX
Secure Data GI - Delivering Contextual Intelligence
bySkybox Security
 
Best Practice Next-Generation Vulnerability Management to Identify Threats, ...
bySkybox Security
 
Using a Network Model to Address SANS Critical Controls 10 and 11
bySkybox Security
 
RSA 2014: Firewall Change Management: Automate, Secure & Comply
bySkybox Security
 
Anticipate and Prevent Cyber Attack Scenarios, Before They Occur
bySkybox Security
 
Infographic: Are You Keeping Pace with Security Risks?
bySkybox Security
 
Is Your Vulnerability Management Program Keeping Pace With Risks?
bySkybox Security
 
RSA 2014: Non-Disruptive Vulnerability Discovery, Without Scanning Your Network
bySkybox Security
 
Infosec 2014: Capita Customer Management: Network Visibility to Manage Firewa...
bySkybox Security
 
Transitioning to Next-Generation Firewall Management - 3 Ways to Accelerate t...
bySkybox Security
 
Infosec 2014: Intelligence as a Service: The Future of Frontline Security
bySkybox Security
 
Infosec 2014: Finding and Understanding the Risk Impact of Firewall Changes
bySkybox Security
 
Infosec 2014: Tech Talk - Firewall Change Management
bySkybox Security
 
Is Your Vulnerability Management Program Irrelevant?
bySkybox Security
 
CAPITA - Network Visibility to Manage Firewall Changes & Reduce Risk
bySkybox Security
 
Secure Data GI - Delivering Contextual Intelligence
bySkybox Security
 

Recently uploaded

PPTX
[DSC Europe 25] Jovan Bogicevic - Legacy to AI-Driven Defense: Transforming D...
byDataScienceConferenc1
 
PPTX
[DSC Europe 25] Branko Urosevic -Rethinking Financial Talent: Integrating Cod...
byDataScienceConferenc1
 
PPTX
[DSC Europe 25] Ivan Peric - Intelligence Swarm Logic and Techno-Functional M...
byDataScienceConferenc1
 
PDF
OWASP-Top-10-for-Agentic-Applications-2026.pdf
byReynir Orn Bachmann Gudmundsson
 
PPTX
Data-Mining-in-Data-Analytics-for-Cyber-Security.pptx
bySenaitDesalegn2
 
PPTX
[DSC Europe 25] Tatevik Maytesyan - How to actually use AI in marketing: gett...
byDataScienceConferenc1
 
PPTX
CMMI High Maturity (L4/L5) Consulting.pptx
bySunil Yadav
 
PPTX
IT231_Presenation-Template oftentimes-1.pptx
bygoneweldon026
 
PPTX
[DSC Europe 25] Kaja Kandare - LLM as a judge.pptx
byDataScienceConferenc1
 
PPTX
Pakistan Tableau User Group Kickoff Event: Exploring AI Powered Insights usin...
byWaqarAhmedShaikh8
 
PDF
DiaryofaWebSDKImplemenation-LaunchDebugging.pdf
bygmuir1066
 
PPTX
Data-Pre-Processing-and-Visualization-for-Machine-Learning.pptx
byMuhammad Fahad Bashir
 
PPTX
Data analysis 2 presentation at ipmc.pptx
byabdualimohammed960
 
PDF
Terminals into Throughways: Amtrak Through Service to Long Island
bykrv2009
 
PDF
Tutorial 1 Introduction to Environmental Economics.pdf
bychakmajoykumar416
 
PPT
1 PHYSIOLOGY OF THE RESPIRATORY SYSTEM.ppt
bypersonaluse5996
 
PDF
ICT Prep2 Lesson1-2 SM_251002_074210.pdf
bymhalexeg82
 
PPTX
[DSC Europe 25] Katherine Forrest - AI NOW: Understanding the Velocity of Cha...
byDataScienceConferenc1
 
PPTX
Talk on Artificial Intelligence_AI Usap Tayo.pptx
byPatrick655831
 
PPTX
Talk on Artificial Intelligence_AI Usap Tayo.pptx
byPatrick655831
 
[DSC Europe 25] Jovan Bogicevic - Legacy to AI-Driven Defense: Transforming D...
byDataScienceConferenc1
 
[DSC Europe 25] Branko Urosevic -Rethinking Financial Talent: Integrating Cod...
byDataScienceConferenc1
 
[DSC Europe 25] Ivan Peric - Intelligence Swarm Logic and Techno-Functional M...
byDataScienceConferenc1
 
OWASP-Top-10-for-Agentic-Applications-2026.pdf
byReynir Orn Bachmann Gudmundsson
 
Data-Mining-in-Data-Analytics-for-Cyber-Security.pptx
bySenaitDesalegn2
 
[DSC Europe 25] Tatevik Maytesyan - How to actually use AI in marketing: gett...
byDataScienceConferenc1
 
CMMI High Maturity (L4/L5) Consulting.pptx
bySunil Yadav
 
IT231_Presenation-Template oftentimes-1.pptx
bygoneweldon026
 
[DSC Europe 25] Kaja Kandare - LLM as a judge.pptx
byDataScienceConferenc1
 
Pakistan Tableau User Group Kickoff Event: Exploring AI Powered Insights usin...
byWaqarAhmedShaikh8
 
DiaryofaWebSDKImplemenation-LaunchDebugging.pdf
bygmuir1066
 
Data-Pre-Processing-and-Visualization-for-Machine-Learning.pptx
byMuhammad Fahad Bashir
 
Data analysis 2 presentation at ipmc.pptx
byabdualimohammed960
 
Terminals into Throughways: Amtrak Through Service to Long Island
bykrv2009
 
Tutorial 1 Introduction to Environmental Economics.pdf
bychakmajoykumar416
 
1 PHYSIOLOGY OF THE RESPIRATORY SYSTEM.ppt
bypersonaluse5996
 
ICT Prep2 Lesson1-2 SM_251002_074210.pdf
bymhalexeg82
 
[DSC Europe 25] Katherine Forrest - AI NOW: Understanding the Velocity of Cha...
byDataScienceConferenc1
 
Talk on Artificial Intelligence_AI Usap Tayo.pptx
byPatrick655831
 
Talk on Artificial Intelligence_AI Usap Tayo.pptx
byPatrick655831
 

Risk Analytics: One Intelligent View

  • 1.
    SIGS _ Dec2014 Security Interest Group Switzerland
  • 2.
    Risk Analytics –One Intelligent View Thomas Wendrich, Director CEUR, Skybox Security Simon Roe, EMEA Channel Presales Director November 2014 www.skyboxsecurity.com thomas.wendrich@skyboxsecurity.com +49 40 31979956
  • 3.
    Agenda  CyberRisk - The Management Challenge – Facts and Figures  Live Demo  Summary © 2014 Skybox Security Inc. 3
  • 4.
    Lloyds Risk Index2013 “The World Catches Up With Cyber Risk” “It appears that businesses across the world have encountered a partial reality check about the degree of cyber risk. Their sense of preparedness to deal with the level of risk, however, still appears remarkably complacent.” © 2014 Skybox Security Inc. 4
  • 5.
    Verizon Data BreachInvestigations Reports  Incidents tripled over last year’s already much increased number  97% of breaches were avoidable through simple or intermediate controls (2012) © 2014 Skybox Security Inc. 5
  • 6.
    Security Management isChallenging Today Problems our customers face  Too much output from security tools  Lack of visibility across silos  Maintaining continuous compliance  Making agile and secure changes  Understanding risk implications  Evolving threat landscape © 2014 Skybox Security Inc. 6
  • 7.
    Seeing the Battlefield “The battlefield is a scene of constant chaos. The winner will be the one who controls that chaos , both his own and the enemies” NAPOLEON BONAPARTE © 2014 Skybox Security Inc. 7
  • 8.
    Risk Analytics ForCyber Security? © 2014 Skybox Security Inc. 8
  • 9.
    Attackers Understand YourAttack Surface …You Don’t Expansion Drivers Vulnerabilities Endpoints Exploits Network access © 2014 Skybox Security Inc. 9 Contraction Drivers Network segmentation Fixing vulnerabilities Technical controls Hours to attack, months to defend
  • 10.
    Recent Snowden LeakBacks This Up KEY OBJECTIVE! Source – TED Talk October 2013 – Mikko Hyponnen, Chief Risk Officer F-Secure © 2014 Skybox Security Inc. 10
  • 11.
    Is there asolution? © 2014 Skybox Security Inc. 11
  • 12.
    Use Risk Analyticsto Understand Your Attack Surface—Continuously Network Visibility: Topology Routing Policies Firewalls © 2014 Skybox Security Inc. 12 Endpoints Visibility: Software Patches Vulnerabilities Classification Attack Vectors Risk Metrics Remediation Plans Network Visualization Contextual Analysis
  • 13.
    Agenda  LiveDemo – Simon Roe – Overview © 2014 Skybox Security Inc. 13
  • 14.
    Agenda  Summary – Thomas Wendrich © 2014 Skybox Security Inc. 14
  • 15.
  • 16.
    Combine Data &Give It Battlefield Context √ 80+ Vendors integrated with Skybox © 2014 Skybox Security Inc. 16
  • 17.
    Skybox – ACritical Component of Next Generation Cyber SOC Design Cyber Security Analysts IT-GRC - Integrated Security Dashboard & Reporting Risk Analytics Security intelligence to minimize risk exposure © 2014 Skybox Security Inc. 17 Security Information & Event Management Event monitoring to detect & respond to incidents
  • 18.
    Skybox Company Snapshot Leading provider of risk analytics solutions for security management & cyber defense © 2014 Skybox Security Inc. 18 Founded 2002 Revenue Growth 50%+ Customers 400+ Countries 40 Headquarters San Jose R&D Center Israel Identify security gaps in minutes, not weeks
  • 19.
    400+ Enterprise Customersin 40+ Countries Financial Services © 2014 Skybox Security Inc. 19 Technology Healthcare Government & Defense Consumer Service Providers Energy & Utilities
  • 20.
    Network Security Managementwith Skybox © 2014 Skybox Security Inc. 20 Monitor Compliance Model Network Understand network context Analyze Firewalls Manage Changes  Rule and configuration checks  Access path analysis  Rule optimization  Change tracking  Automated audits  PCI DSS  FISMA  NERC  NIST  Custom Policies Automate security assessments Verify controls continuously Change Request Tech Details Assess Risks Make Change Reconcile Verify Optimize change process  Network topology view  Normalize data from 70+ systems  Access simulation
  • 21.
    © 2014 SkyboxSecurity Inc. 21
  • 22.
    SIGS _ Dec2014 Security Interest Group Switzerland Thomas Wendrich, Director CEUR, Skybox Security Simon Roe, EMEA Channel Presales Director November 2014 www.skyboxsecurity.com thomas.wendrich@skyboxsecurity.com +49 40 31979956

Editor's Notes

  • #5 Der Lloyds Risk Index Report von 2013. Wo steht ‘Cyber Risk’
  • #6 Remember from 2012 report – 97% of breaches were avoidable through simple or intermediate controls
  • #7 Alternative to slide #2 Key Points: Bring in some of the issues that you see with existing customers or specific industry challenges Today’s networks are more complex than ever, and that complexity impacts how you address vulnerability and threat management, network security management
  • #8 Battle of Austerlitz ... drawing which shows Napoleon directing the battle from Zuran Hill The view of the battlefield from the Zuran Hill, which was Napoleon's command post during the early stages of the battle, are to Austerlitz what the Lion Mound is to Waterloo. An excellent viewing platform. Despite the far from perfect weather the whole of the left and centre of the battlefield was laid out before us. From the Santon on our left, to the Post House directly in front and the Pratzen Heights on our right. True the area around Telnitz on the far right were out of sight, and true also that in the early stages of the battle this was a critical area. But the main French attack would be launched on the Pratzen Heights and this was an ideal observation platform for the coming attack.
  • #9 Battle of Austerlitz ... drawing which shows Napoleon directing the battle from Zuran Hill The view of the battlefield from the Zuran Hill, which was Napoleon's command post during the early stages of the battle, are to Austerlitz what the Lion Mound is to Waterloo. An excellent viewing platform. Despite the far from perfect weather the whole of the left and centre of the battlefield was laid out before us. From the Santon on our left, to the Post House directly in front and the Pratzen Heights on our right. True the area around Telnitz on the far right were out of sight, and true also that in the early stages of the battle this was a critical area. But the main French attack would be launched on the Pratzen Heights and this was an ideal observation platform for the coming attack.
  • #11 TED Talk October 2013 – Mikko Hyponnen
  • #12 Modelling, as so many industries have embraced
  • #16 Interviewer: I understand that the merger of [Company A] and [Company B] was a massive undertaking. What was the situation in 2009? Mr. Finan: Global financial situation in 2009, led to forced merger of [Company A] and [Company B], short time-frame, government oversight. Interviewer: What was the role of your IT team in all of this? Mr. Finan: Merge the two networks, both environments of 100,000 IP nodes each. Risk committee looking for a solution to merge the two networks and reduce risk.
  • #17 Skybox is able to integrate and work with data from nearly 80 different devices and systems, giving you the widest view of your Network and potential risks. When you’re a skybox customer, one of the perks is that you’ll have the most accurate view of your network, enabling you to respond correctly when faced with some difficult security questions.
  • #18 Effectively, the Risk Analytics component is what Gartner called out (Advanced Analytics) as the next opportunity for MSSPs *Monitoring of network intrusions in the context of customer vulnerabilities, computing the attack surfaces and understanding what needs to be done to PREVENT attacks *Targeted Attacks & APTs – same issue; like vulnerability assessment, malware detection
  • #21 Access simulation Automated firewall analytics Comprehensive network model: view the network topology and see the impact of security controls Access analysis: identify access paths to critical assets Compliance monitoring: show compliance against PCI, NIST and other requirements Firewall change management Products used in this solution: Firewall Assurance, Network Assurance, Change Manager Skybox provides a “next-generation” solution for Network Security Management that solves some of the main headaches in managing firewalls and other network devices. Skybox helps achieve and demonstrate compliance – as needed, to maintain continuous compliance with compliance regulations and organizational policies. Change Manager: Skybox provides a complete secure change workflow from an initial change request to planning and executing network changes, and making sure that changes are completed as requested. Skybox is based on technology that allows security teams to see the network topology, making it easier to see and understand the interaction of network devices, security controls, information assets, and policies