In 2015 alone, over 3000 cyber attacks were reported globally – with many more never reported or even detected. Enterprises deploy security point solutions in the hopes of stopping a data breach, while savvy attackers work to exploit the whitespace between them.
In this webcast, Garrett Bekker, Senior Analyst, Enterprise Security of 451 Research and Stephen Cox, Chief Security Architect of SecureAuth explored how the Connected Security Alliance is bringing together best-of-breed cyber security vendors to close the gap between isolated security products.
Originally presented October 19, 2016.
3. Solving the Data Breach Problem with
Connected Security
Garrett A. Bekker, III, Principal Analyst, Information Security
4. A few words about me….
• Principal Analyst in 451 Research’s
Information Security Practice
• Involved in infosec since 1999
• 451 coverage areas: Identity and
Access Management (IAM), Data
Security.
• @gabekker on Twitter
• Garrett.Bekker@451Research.com
4
5. We are spending billions on cybersecurity
• Cybersecurity
M&A hit record
levels in 2015
• Cybersecurity VC:
$3.5bn in 2015
(CB Insights)
8
• (source: 451 Research 2016 M&A Outlook)
6. Security tools are multiplying like rabbits!
9
• = ~1400
vendors
• 9 new vendors
every month
7. But we’re setting records for breaches, too
• Privacy Rights Clearinghouse: from 2014 to
2015, breach volumes doubled
• Identity Theft Resource Center: data breaches
will hit 1,000 in 2016, up 22%.
• Anthem, Army National Guard, CareFirst Blue
Cross/Blue Shield, Premera Blue Cross/Blue
Shield, Harvard, Home Depot, JP Morgan,
Target, Nieman-Marcus, eBay, Heartland, TJ
Maxx, Sony, AOL, Ashley Madison, UbiSoft,
Zappos, Adobe, Evernote, Apple, Yahoo Japan,
UPS, Vodafone, Experian, Facebook….
10
Breach party!
8. Too many security point products
• Most firms can’t keep up with securing
legacy, on-prem estate:
• AV
• FW
• IPS
• DLP
• WAF
• SIEM
• IAM
11
9. Cloud, Mobile, Big Data and IoT aren’t helping
• Cloud security requires even more ‘stuff’:
• SaaS SSO/IDaaS
• SaaS encryption gateways
• CAC/CASB
• IaaS Security
• Big Data:
• Data discovery
• Access controls
• Encryption/tokenization, etc.
• IoT?
• IoT device authentication
• SSL certs
• Encryption/tokenization
• IoT firewalls
• IoT malware detection
12
11. Watch out for your third parties
• Firms are outsourcing more
non-core functions
• Cloud increases reliance on
third-parties
• Third-parties have access
privileges that can be
exploited (HVAC vendors?)
14
12. Who’s going to manage all this?
• Chronic skills shortage
• ~1mn openings?
• Interns?
15
13. The math doesn’t add up!
• ‘Triple-edged sword’:
• More resources to protect – and more coming with IoT, etc.
• More security products to manage
• More end users to worry about
• More threat actors
• More regulations
…and not enough people to help with all of this
16
14. So how to we turn the math in our favor?
• Consolidation is inevitable, but still a big backlog
• Security automation is coming
• More ‘native’ security solutions from cloud and big data providers
• AWS, Box, Salesforce, Microsoft, Cloudera, Hortonworks, VMware, etc.
• More security delivered as a service
• Traditional MSSPs, sure
• But also:
• ‘Specialist MSSPs’
• DLP, IAM, SIEM, Encryption, Key Management
• Better integration
17