Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

What makes the IT industry tick?


Published on

Keynote presentation at ISACA ISRM in Vegas 9-19-2011. How emerging threats are changing the face of IT security.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

What makes the IT industry tick?

  1. 1. What Makes the IT SecurityIndustry Tick?ISACA ISRM Las Vegas September 19, 2011Richard Stiennon, Chief Research Analyst, IT-Harvest
  2. 2. The IT-Security Industry 1,200 vendors 540 in the United States 230 in the Bay Area
  3. 3. What drives the industry?Threats Cyber war Severity Cyber crime Hacktivism Defacement Exploratory hacking Time
  4. 4. Where does GRC fit in?New threat 2 years New technology 4-10 years New compliance regime 6 mo.- 2 years New audit practice
  5. 5. 80 Security Product Categories
  6. 6. De-coupling: keep it simple A secure network assumes the host is hostile A secure host assumes the network is hostile A secure application assumes the user is hostile
  7. 7. The major segments Network IAM Gateways End point Data Protection Protection Services
  8. 8. Gateway security: NGFW = UTM
  9. 9. Three new features ingateways Application awareness Identity based policies Beaconing detection
  10. 10. Beaconing Detection
  11. 11. End point protection Signatures are getting out of control 35,000 new malware every day Average malware infects 5 devices Mobile platforms Zero days side step all protection
  12. 12. White listing has come of age Deny all but that which is explicitly allowed. False positives minimized by learning systems Metrics provided by adding back in signature based detection
  13. 13. What’s new in encryption?Key discovery, Identity based encryptioncertificatemanagement Source: Yaron Wikipedia
  14. 14. Identity and accessmanagement (IAM)Mobile authentication on a rapid rise
  15. 15. SAAS - cloud basedservices
  16. 16. Where is cyber conflicttaking the industry?
  17. 17. Take awaysSecurity industry is NOT consolidatingCompliance is NOT securityCybercrime is NOT larger than illegal drug trade