Weitere ähnliche Inhalte Ähnlich wie Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy (20) Mehr von Skybox Security (20) Kürzlich hochgeladen (20) Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy1. Out with the Old, in with the New
CISO Strategy for 2013
presented by
Gidi Cohen
CEO and Founder, Skybox Security
December 7, 2012
www.skyboxsecurity.com
© 2012 Skybox Security 1
2. Skybox Security Overview
Leader in Proactive
Security Risk Management
• Predictive risk analytics for best decision support
• Designed for continuous, scalable operation
• Complete portfolio on a common platform
Global 2000 Customers
• Proven effective in complex networks
• Financial Services, Government, Defense, Tech,
Energy, Retail, Service Providers, Manufacturing
• “ This is the best tool we have for getting all of our risk
information in one place.” - USAID
© 2012 Skybox Security 2
3. Security Challenges
in a Changing World
100% Uptime BYOD Demands
Rapidly Mutating BYOC (Cloud)
Threats data and apps
Roll-out New Services
© 2012 Skybox Security 3
4. 2013 Top Goals for the CISO
Protect Information Deliver Business Be a Trusted
Assets Value Advisor
Common thread... RISK
• Identify risks • Timely, cost-effective • Communicate risks
• Ensure effective risk mitigation in business language
risk controls • Supports business
goals
(Source: Forrester, Role Job Description: CISO, March 2012)
© 2012 Skybox Security 4
5. Strong Security Risk Management
Program is Essential
Continuous, Scalable
Threats Infrastructure Impact
Change Mitigation Exec
Requests Options Reports
© 2012 Skybox Security 5
6. How Do You Manage
Risks Today?
Vulnerability Scanners
Protect
Information SIEM
Assets
IT GRC
© 2012 Skybox Security 6
7. 2012 Skybox Survey:
Vulnerability Management Challenges
How often do you scan? How much coverage?
350
300
To keep pace with threats?
250 Daily updates
90%+ hosts
200
Too Little, Too Late
150
Critical systems, DMZ
100 Partner/External networks Avg. scan: 30 days
Frequency
Avg. scan: 60-90 days 50-75% of hosts
50 <50% of hosts
x/year
0
10% 20% 30% 40% 50% 60% 70% 80% 90%
% of Network Scanned
© 2012 Skybox Security 7
8. Vulnerability Assessments:
Just Not Effective
Reasons that respondents don’t scan
more often
We are concerned about disruptions from
scanning 59%
We don’t have the resources to analyze more
frequent scan data 58%
We don't have the resources to deal with
Disruptive, Inaccurate Picture of Risk
broader patching activity 41%
Some hosts are not scannable due to their use
34%
The cost of licenses is prohibitive
29%
Unable to gain credentialed access to scan
portions of the network 12%
We just don’t need to scan more
5%
© 2012 Skybox Security 8
9. Is a Vulnerability Scanner Sufficient
for Security Risk Management?
Updated Continuously
Lacks network
context
Threats Infrastructure Impact
Change Mitigation Exec
Requests Options Reports
© 2012 Skybox Security 9
10. SIEM – Monitoring, not Prevention
Pre-event Post-event
Event!
Anticipate risks Monitor events
Prevent attacks Incident response
Reactive, Incomplete Risk Picture
(Regarding SIEM) "If the question is, 'Does it stop
hackers?' then the answer is no. It's not supposed
to stop anything.“
Dr. Anton Chuvakin, Gartner
© 2012 Skybox Security 10
11. Is a GRC Tool Sufficient
for Security Risk Management?
Updated Continuously Policy view only
Lacks network
context
Threats Infrastructure Impact
Change No operationalMitigation Exec
Requests guidance Options Reports
© 2012 Skybox Security 11
12. “Insanity: Doing the same
thing over and over again
and expecting different
results."
-- Albert Einstein
© 2012 Skybox Security 12
13. Success Story –
Global Brewing Company
On the surface…
• Firewall rulesets bloated
• Service performance issues
Dig deeper…
• Unable to see infrastructure
• Unable to anticipate impact of
planned changes
CISO’s visionary goal
• Fundamentally different approach
Operations on all continents
to security management
Many centralized services
© 2012 Skybox Security 13
14. Brewing Company – Integrated Approach
for Security Management
Enabled by modeling
Updated Continuously and simulation
Threats Infrastructure Impact
Change Change Mitigation
Firewall ExecRisk
Operational
Requests Planning Optimization
Options Metrics
Metrics Reports
© 2012 Skybox Security 14
15. Brewing Company - Results
Clear Visibility
• Enabled clear view of the infrastructure
for network architecture planning
Improved Security
• Able to quickly assess potential risks of
changes
Lower Maintenance Time
• Consolidated and optimized firewalls
Improved Performance
• Increased use of centralized resources
Better Internal Communications
• Reports on operational and risk metrics
© 2012 Skybox Security 15
16. Leveraging Risk Analytics, Modeling
and Simulation
Vulnerabilities Change Exposes
• CVE 2011-203 a Vulnerability
• CVE 2009-722
• CVE 2012-490
IPS Signatures
Not Enabled
Likely Attack
Available Scenario
Access Path
© 2012 Skybox Security 16
17. Common Use Cases for SRM
Continuous Risk
Mitigation • Threat
• Compliance intelligence
• Change • Vulnerability • Attack prediction
discovery
Management • APT and
• Optimization • Prioritization Malware
• Remediation simulation
planning
Network Security
Future SOC
Management
Enabled by Risk Analytics
© 2012 Skybox Security 17
18. Blueprint for Network Security
Management
ITSM Integration
Network Security
Change Management
Corporate
Policies Business
Compliance & Risk Analytics Metrics
Best Practice
Policy Operational
Metrics
Normalized device
configuration repository Compliance
Reports
Firewalls Network Devices
18
20. Continuous Risk Mitigation
(Next-Gen Vulnerability Management)
Most Critical
Actions
Vulnerabilities
Threats
© 2012 Skybox Security 20
21. Risk-Driven Security Operations Center
IT GRC/Security
Dashboard – consolidated reporting
Security Risk Security Information &
Management (SRM) Event Management (SIEM)
Proactive, pre-attack Post-attack incident
risk mitigation management
© 2012 Skybox Security - Confidential 21
22. Adapt and Thrive
Enable Business Needs
• Support roll-out of new business services
• Quantify risks and communicate options
Manage Risks Effectively
• Monitor risks continuously
• Include proactive risk-management in operations
Treat Security as a Business
• Communicate security impact in business terms
• Drive cost-efficient operations
© 2012 Skybox Security 22
23. Automate daily security tasks
Maintain compliance, prevent attacks
Thank you!
www.skyboxsecurity.com
© 2012 Skybox Security 23