Successfully reported this slideshow.

Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (RSA Conference 2016)

71

Share

Apr. 06, 2016
71 likes 12,793 views
Upcoming SlideShare
New Paradigms for the Next Era of Security
New Paradigms for the Next Era of Security
Loading in …3
×
1 of 27
1 of 27

Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (RSA Conference 2016)

Apr. 06, 2016
71 likes 12,793 views

71

Share

Technology

The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.

See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded

The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.

See the 2019 version at: http://bit.ly/cyberdefensematrixreloaded

Technology
License: CC Attribution License

Recommended

More Related Content

Viewers also liked

Corporate threat vector and landscape
yohansurya2
The Top 20 Cyberattacks on Industrial Control Systems
Muhammad FAHAD
Cyber Security protection by MultiPoint Ltd.
Ricardo Resnik
Damballa automated breach defense june 2014
Ricardo Resnik
Cybersecurity Hands-On Training
Tonex
A holistic approach to risk management 20210210 w acfe france & cyber rea...
Judith Beckhard Cardoso
Proactive cyber defence through adversary emulation for improving your securi...
idsecconf
Getting ahead of compromise
CMR WORLD TECH
Summer internship - Cybersecurity
AbhilashYadav14
Challenges2013
Lancope, Inc.
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Ahmed Al Enizi
From Business Architecture to Security Architecture
Priyanka Aash
Proactive Measures to Mitigate Insider Threat
Priyanka Aash
Intelligent Application Security
Priyanka Aash
Application Security
Reggie Niccolo Santos
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
Dragos 2019 ICS Year in Review
Dragos, Inc.
Application Security Architecture and Threat Modelling
Priyanka Aash
Cisco Addresses the Full Attack Continuum
Cisco Security

Similar to Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (RSA Conference 2016)

Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...
Symantec
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
Cloud Security Strategy by McAfee
Cristian Garcia G.
Building a Mobile Security Model
tmbainjr131
Cloud Application Security --Symantec
Abhishek Sood
CS Sakerhetsdagen 2015 IBM Feb 19
IBM Sverige
Endpoint Security & Why It Matters!
Net at Work
IT Security Trends in 2012
Icomm Technologies
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
Gartner presentation risq dec 2016 jie zhang
ColloqueRISQ
Why Passwords are not strong enough
EMC
[EB100510] Evelyn del Monte: Context-Aware and Adaptive Security
Computerworld Philippines
Intel IT Experts Tour Cyber Security - Matthew Rosenquist 2013
Matthew Rosenquist
Cio ciso security_strategyv1.1
Anindya Ghosh,
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
Yasser Mohammed
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
IBM Security
The future of cyber security
Sandip Juthani
Intelligence-Driven Fraud Prevention
EMC
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Proofpoint

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Understanding Media: The Extensions of Man Marshall McLuhan
(4/5)
Free
The Art of War Sun Tsu
(3/5)
Free
The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers Tom Standage
(3.5/5)
Free
Uncommon Carriers John McPhee
(3.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
(4.5/5)
Free

Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (RSA Conference 2016)

  1. 1. SESSION  ID: #RSAC Sounil  Yu Understanding  the  Security   Vendor  Landscape  Using  the   Cyber  Defense  Matrix PDIL-­‐W02F @sounilyu
  2. 2. #RSAC Disclaimers 2 The  views,  opinions,  and  positions  expressed  in  this  presentation   are  solely  my  own It  does  not  necessarily  represent  the  views  and  opinions  of  my   employer  and  does  not  constitute  or  imply  any  endorsement   from  or  usage  by  my  employer All  models  are  wrong,  but  some  are  useful -­‐ George  E.  P.  Box @sounilyu
  3. 3. #RSAC Our  industry  is  full  of  jargon  terms  that  make it  difficult  to  understand  what  we  are  buying   3 To  accelerate  the  maturity  of  our  practice,  we  need  a  common  language @sounilyu
  4. 4. #RSAC Our  common  language  can  be  bounded  by  five  asset   classes  and  the  NIST  Cybersecurity  Framework 4 Operational  FunctionsAsset  Classes DEVICES Workstations,  servers,  VoIP  phones,   tablets,  IoT,  storage,  network   devices,  infrastructure,  etc. The  software,  interactions,  and   application  flows  on  the  devices The  connections  and  traffic  flowing   among  devices  and  applications The  information  residing on,  traveling  through,  or  processed   by  the  resources  above The  people  using  the  resources   listed  above APPS NETWORKS 10011101010101010010 01001101010110101001 11010101101011010100 10110101010101101010 DATA USERS IDENTIFY PROTECT DETECT RESPOND RECOVER Inventorying  assets  and  vulns,   measuring  attack  surface,  baselining normal,  risk  profiling Preventing  or  limiting  impact,   patching,  containing,  isolating,   hardening,  managing  access,  vuln remediation Discovering  events,  triggering  on   anomalies,  hunting  for  intrusions,   security  analytics Acting  on  events,  eradicating  intrusion   footholds,  assessing  damage,   coordinating,  reconstructing  events   forensically Returning  to  normal  operations,   restoring  services,  documenting   lessons  learned @sounilyu
  5. 5. #RSAC Introducing  the  “Cyber  Defense  Matrix” 5 Devices Applications Networks Data Users Degree  of Dependency Identify Protect Detect Respond Recover Technology People Process @sounilyu
  6. 6. #RSAC Left  and  Right  of  “Boom” 6 Identify Protect Detect Respond Recover Technology People Process Pre-­‐Event Structural  Awareness Post-­‐Event Situational  Awareness Devices Applications Networks Data Users Degree  of Dependency @sounilyu
  7. 7. #RSAC Enterprise  Security  Market  Segments 7 Identify Protect Detect Respond Recover Technology People Process IAM Endpoint  Visibility  and  Control  / Endpoint  Threat  Detection &  Response Configuration and  Systems Management Data Labeling App  Sec (SAST,  DAST, IAST,  RASP), WAFs Phishing Simulations DDoS Mitigation Insider  Threat  / Behavioral Analytics Network Security (FW,  IPS) DRM Data Encryption, DLP IDS Netflow Full  PCAP AV,  HIPS Deep  Web, Brian  Krebs, FBI Backup Phishing Awareness Devices Applications Networks Data Users Degree  of Dependency @sounilyu
  8. 8. #RSAC We  care  about  more  than  just  the  assets  that   are  owned  and  controlled  by  the  enterprise 8 Threat  Actors Vendors Customers Employees Enterprise  Assets • Devices  -­ user  workstations,  servers,   phones,  tablets,  IoT,  peripherals,  storage,   network  devices,  web  cameras,   infrastructure  devices,  etc. • Applications -­ The  software,  interactions,   and  application  flows  on  the  devices • Network -­ The  connections  and  traffic   flowing  among  devices  and  applications • Data -­ The  information  residing on,  traveling  through,  or  processed  by  the   resources  listed  above • Users  – The  people  using  the  resources   listed  above 01001101010110101001 10110101010101101010 Operational  Functions • Identify  – inventorying  assets  and   vulnerabilities,  measuring  attack  surface,   baselining normal,  risk  profiling • Protect – preventing  or  limiting  impact,   patching,  containing,  isolating,  hardening,   managing  access,  vuln remediation • Detect – discovering  events,  triggering  on   anomalies,  hunting  for  intrusions,  security   analytics • Respond – acting  on  events,  eradicating   intrusion  footholds,  assessing  damage,   coordinating  response,  forensics • Recover – returning  to  normal  operations,   restoring  services,  documenting  lessons   learned @sounilyu
  9. 9. #RSAC Devices Applications Networks Data Users Identify Protect Detect Respond Recover Devices Applications Networks Data Users Identify Protect Detect Respond Recover Devices Applications Networks Data Users Identify Protect Detect Respond Recover Devices Applications Networks Identify Protect Detect Respond R Market  Segments  – Other  Environments 9 Threat Actor Assets Threat Data Intrusion Deception Malware Sandboxes Vendor Assets Cloud  Access Security  Brokers Vendor  Risk Assessments Customer Assets Endpoint  Fraud Detection Device Finger-­‐ printing Device Finger-­‐ printing Web  Fraud Detection Employee Assets BYOD MAM BYOD MDM @sounilyu
  10. 10. #RSAC 10011101010101010010 01001101010110101001 11010101101011010100 10110101010101101010 DEVICES Workstations,  servers,  VoIP   phones,  tablets,  IoT,  storage,   network  devices,  infrastructure,  etc. The  software,  interactions,  and   application  flows  on  the  devices The  connections  and  traffic  flowing   among  devices  and  applications The  information  residing  on,   traveling  through,  or  processed by  the  resources  above The  people  using  the resourceslisted  above APPS NETWORKS DATA USERS Security  Technologies  Mapped  by  Asset  Class 10 Disclaimer:  Vendors  shown  are   representative  only.  No  usage  or   endorsement   should   be  construed   because   they  are  shown  here. @sounilyu
  11. 11. #RSAC IDENTIFY PROTECT DETECT RESPOND RECOVER Inventorying  assets,   measuring  attack   surface,  baselining normal,  risk  profiling Preventing  or  limiting   impact,  containing,   hardening,  managing   access Discovering  events,   triggering  on   anomalies,  hunting   for  intrusions Acting  on  events,   eradicating  intrusion   footholds,  assessing   damage,   coordinating,   reconstructing   events  forensically Returning  to  normal   operations,  restoring   services,   documenting  lessons   learned Security  Technologies  Mapped  by  Operational   Functions 11 MSSPs  /  IR Disclaimer:  Vendors  shown  are   representative  only.  No  usage  or   endorsement   should   be  construed   because   they  are  shown  here. @sounilyu
  12. 12. #RSAC Security  Technologies  by  Asset  Classes  &   Operational  Functions 12 Identify Protect Detect Respond Recover Technology People Process Disclaimer:  Vendors  shown  are   representative  only.  No  usage  or   endorsement   should   be  construed   because   they  are  shown  here. Devices Applications Networks Data Users Degree  of Dependency @sounilyu
  13. 13. #RSAC Devices Applications Networks Data Users Identify Protect Detect Respond Recover Use  Case  1:  Understand  how  products  in  one   area  support  the  capabilities  of  another  area 13 Threat Actor Assets Devices Applications Networks Data Users Identify Protect Detect Respond Recover Enterprise Assets Threat  data  providers  fall   into  this  category… …  and  threat  integration  platforms  consume,   integrate,  and  drive  action  on  threat  data   through  other  products  that  are  in  these   categories @sounilyu
  14. 14. #RSAC Use  Case  2:  Define  Security  Design  Patterns (a.k.a.  Security  Bingo  Card) 14 Identify Protect Detect Respond Recover Technology People Process O O O O O O O O O O O O O O O O O O O O O O O O O Devices Applications Networks Data Users Degree  of Dependency @sounilyu
  15. 15. #RSAC Use  Case  3:  Maximizing  Your  Available   Deployment  Footprint  (What  vs  Where) 15 Devices Applications Networks Data Users Protect RASP WAF Secure Coding What:  Application  Security Anti Malware Malware Sandbox Phishing Awareness Protect What:  Endpoint  Protection Devices Applications Networks Data Users Where Where @sounilyu
  16. 16. #RSAC Use  Case  4:  The  (network)  perimeter  is  dead.   Long  live  (other)  perimeters 16 Devices Applications Networks Data Users Devices Applications Networks Data Users TO FROM Devices Apps Networks Data Users Devices • SSH   Certificates • Client-­‐sideSSL   Cert • Geofencing • Fingerprinting • NAC • Encryption   keys • ? Apps • Server-­‐Side   SSL Cert • API  Key • ? • Encryption   keys • Enhanced SSL   Certificates Networks • 802.1X   Certificate • ? • Firewall  Rules • ? • ? Data • Hashes  /   Checksums • Hashes  /   Checksums • ? • ? • Hashes  /   Checksums Users • User Creds • Biometrics • 2FA • User Creds • Biometrics • 2FA • User Creds • 2FA • User Creds • 2FA • Photo  ID • Handshake FROM TO Reduce/Eliminate  these  perimeters to  make  security  more  usable PROTECT @sounilyu
  17. 17. #RSAC Use  Case  5:  Calculate  Defense-­‐in-­‐Depth 17 Identify Protect Detect Respond Recover 0.25 0.40 0.20 0.64 0.20 0.10 0.10 0.15 0.45 0.15 0.10 0.20 0.39 0.05 0.10 0.20 0.32 0.30 0.10 0.37 0.52 0.36 0.51 0.35 0.46 44 Devices Applications Networks Data Users Defense  in Depth  Score D-­‐in-­‐D  Score (sumof columns and row *100) @sounilyu
  18. 18. #RSAC Use  Case  6:  Understand  how  to  balance your  portfolio  without  breaking  the  bank 18 Identify Protect Detect Respond Recover $50 $100 $50 $200 $50 $100 $50 $100 $300 $100 $100 $50 $250 $50 $50 $50 $150 $50 $50 $100 $200 $200 $250 $150 $200 $1000 Devices Applications Networks Data Users Total Total @sounilyu
  19. 19. #RSAC Use  Case  7:  Anticipate  the  “Effective  Half  Life”   of  People  Skills,  Processes,  and  Technologies 19 Identify Protect Detect Respond Recover Technology People Process 55 3 42 3 53 3 53 3 54 2 55 4 33 3 35 4 33 4 55 1 45 5 21 3 22 3 32 3 45 4 25 5 24 2 25 3 22 2 35 3 55 5 35 4 23 3 43 4 55 5 New  detection  technologies   may  need  to  be  rolled  out   EVERY  TWO  YEARS to  maintain   efficacy  at  50%  or  higher Staff  need  training   EVERY  YEAR to   maintain  efficacy  at   50%  or  higher Devices Applications Networks Data Users Degree  of Dependency @sounilyu
  20. 20. #RSAC Use  Case  8:  Disintermediate  Components  for   Easier  Orchestration 20 010010101001011010 010010100100110111010010010100010110110111 010010100111010101101010100 0100101001011010101010010100101010100100011101 0100101101100100100110010110010 010010101011010 0100101001011011010100101110 010101001011010 100010110110111 010101101010100 010100100011101 100110010110010 010010101011010 Common Message Fabric Vendor   Application   Protection 1011010100101110 Enterprise   Network   Detection Enterprise   Device Response Customer Device Protection Threat  Actor Application Identification Enterprise Network Identification Customer Device Identification Disclaimer:  Vendors  shown  are   representative  only.  No  usage  or   endorsement   should   be  construed   because   they  are  shown  here. @sounilyu
  21. 21. #RSAC Devices Applications Networks Data Users Degree  of Dependency Use  Case  9:  Differentiate  between  a platform  and  a  product 21 Identify Protect Detect Respond Recover Technology People Process Product Platform What  makes  a  technology  a  “platform”? 1. Enables  enterprises  to  operate  as   mechanics  and  not  just  chauffeurs 2. Exposes  all  its  functions  through  APIs   for  easier  integration  with  other   technologies  and  capabilities 3. Leverages  data  exchange  standards   that  enable  interchangeable   components @sounilyu
  22. 22. #RSAC Usually  Fighting Against Technology Usually  Fighting Against People Devices Applications Networks Data Users Degree  of Dependency Identify Protect Detect Respond Recover Technology People Process Use  Case  10:  Identifying  Opportunities  to  Accelerate   the  People>Process>Technology  Lifecycle 22 Codified  Into Playbooks  &  Checklists New   Discoveries and War  Stories! Embedded Into Technology @sounilyu
  23. 23. #RSAC ✔✔ ✔✔✔ ✔✔✔✔ ✔✔✔✔ ✔✔ ✔ ✔✔ ✔✔ ✔✔✔ ✔ ✔ ✔✔✔ ✔✔✔ ✔✔✔ ✔✔ Use  Case  11:  Identify  technology  gaps  or   overreliance  in  your  technology  portfolio 23 Identify Protect Detect Respond Recover Technology People Process Devices Applications Networks Data Users Degree  of Dependency @sounilyu
  24. 24. #RSAC Model  Shortfalls:    Where  is  analytics?    GRC?     Orchestration? This  framework  supports  the  higher  level  functions  of  orchestration,  analytics,  and   governance/risk/compliance,   but  they  are  represented  on  a  different  dimension GRC Analytics Orchestration 24@sounilyu
  25. 25. #RSAC Devices Applications Networks Data Users Identify Protect Detect Respond Recover Devices Applications Networks Data Users Identify Protect Detect Respond Recover Comparison  of  Models:  Gartner’s  Five  Styles of  Advanced  Threat  Defense 25 Source:  Gartner Time Where  to  Look Real  Time/ Near  Real  Time Post  Compromise (Days/Weeks) Network Payload Endpoint Network  Traffic Analysis Network Forensics Payload Analysis Endpoint  Behavior Analysis Endpoint Forensics Style  2Style  1 Style  5Style  4 Style  3 Enterprise Assets Style  4 Style  1 Style  5 Style  2 Threat Actor Assets Style  3 @sounilyu
  26. 26. #RSAC Applying  the  Cyber  Defense  Matrix 26 This  week Use  the  matrix  to  categorize  vendors  that  you  encounter  in  the  Expo  Hall Ask  them  where  they  fit  and  don’t  allow  them  to  be  in  multiple  shopping   aisles In  the  first  three  months  following  this  presentation  you  should: Send  me  feedback  on  how  you  have  mapped  vendors  to  it Organize  your  portfolio   of  technologies   to  see  where  you  might  have  gaps Identify  vendors  that  may  round  out  your  portfolio   based  on  your  security   design  pattern  (a.k.a.  security  bingo   card) Within  six  months  you  should: Send  me  feedback  on  how  you  used  the  Cyber  Defense  Matrix  and  improved  it @sounilyu
  27. 27. #RSAC Sounil  Yu @sounilyu

Editor's Notes

  • Approaching this from a practitioner’s view. If the market is a representation of our needs, then what are we actually seeing in the market and how does that fit into any models that we have?

    Common language = Klingon 101. Think of this as Klingon 201 or 301.

    Mention that this is intended to be shareable, you can take pictures, you can reference me, but you can’t reference Bank of America
  • Mention the difficulties of distinguishing between
    - Identify and Detect
    - What is protected vs where that protection is applied.
  • Our understanding of Threat Actor assets enables our ability to protect our internal assets and detect intrusions
  • Are there inefficiencies when what it does isn’t where it does it?
    Can we make tradeoffs to optimize our footprint and not overwhelm one part of it (e.g., endpoint)
  • Talk about functional decomposition

    • ×