3. v
GARY MIGLICCO
SVP of Security, PCM Inc.
LEADINGTHEWAY 2019
INTERNAL USE ONLY – DO NOT DISTRIBUTE
4. 27% Threats from Cloud
Employees accessing cloud create high risk
8-10% of Spam is Malicious
Spam makes up 66% of all email traffic
Sophisticated Attacks Increasing
Ransomware Wanacry, Petya, Blueborne
increased sophistication
2018 CYBER SECURITY
Next Gen – Expanding Threat MatrixLEADINGTHEWAY 2019
INTERNAL USE ONLY – DO NOT DISTRIBUTE
5. 25% Traffic Avoiding Perimeter
Data Center penetration through 3rd
Parties, Printers, IOT devices, Mobile
devices
60% of Traffic Encrypted
SSL encrypted traffic passes through
legacy defenses
200,000 New Malware Daily
Zero day malware growing geometrically
2018 CYBER SECURITY
Next Gen – Expanding Threat MatrixLEADINGTHEWAY 2019
INTERNAL USE ONLY – DO NOT DISTRIBUTE
6. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019 NEXT GEN - BREACHES
Hackers gained access tokens
Facebook users:
• Vulnerability: Facebook
Developer APIs bugs
• Total users effected: 30 million
FACEBOOK- SEPT
An unauthorized party acquired the
information of users of UA’s
MyFitnessPal app:
• Vulnerability: Weak encryption
• Total users effected: 150 million
UNDER ARMOUR - MARCH EXACTIS - JUNE
Exactis left a database containing 340
million individual records unprotected
on the web:
• Vulnerability: Unsecured Database
- Misconfigurations
• Total users effected: 340 million
records exposed (2 Terabytes of
information)
BRITISH AIRWAYS - SEP
Hackers breached the mobile app and
website:
• Attack Vector: Digital Skimmers –
script injection
• Total users effected: 380,000
U.S. UNIVERSITIES -MARCH
9 Iranian hackers indicated for a series
of attacks on more than 300
universities:
• Attack Vector: Phishing emails
• Total users effected: Estimated $3
billion worth of intellectual
property
INTERNAL USE ONLY – DO NOT DISTRIBUTE
7. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019 NEXT GEN – TECHNOLOGIES
DECEPTION TECHNOLOGIES
Deception technologies become the
security enablers of IoT and OT.
AI, ML & DEEP LEARNING
Algorithms can learn from past events in
order to help predict and identify
vulnerabilities within a software system.
ZERO TRUST SECURITY
Increasingly sophisticated cyberattacks are
forcing organizations to turn to the zero trust
security model.
INTERNAL USE ONLY – DO NOT DISTRIBUTE
8. LEADINGTHEWAY 2019
Imbedding security through Security Software Development Lifecycle Best Practices will
receive more attention as software complexity grows.
NEXT GEN – SECURITY SDLC
INTERNAL USE ONLY – DO NOT DISTRIBUTE
11. LEADINGTHEWAY 2019
NEXT GEN - ZERO TRUST
Traffic is routed into ”Zero Trust
Cloud” architecture, where
appropriate enforcement of Zero
Trust Policy is enforced based on
user, application and data types.
INTERNAL USE ONLY – DO NOT DISTRIBUTE
12. LEADINGTHEWAY 2019
ALWAYS ON. ALWAYS
SECURE.
Lack of security resources across the
industry
Need for additional services extended
through the life of the incident.
Automated Response
Incident Response Management
Device Management
Governance Monitoring and Management
Dark Web Monitoring
Malware Threat Hunting
Will continue to be bundled and expand with
changing cyber security environment
MANAGED SECURITY SERVICES MODEL
REAL-TIME THREAT MONITORING
Basic Services
1
Governance Management
PLUS
Device Management
2
Vulnerability Scans
PLUS
PLUS
Incident Response
PLUS
Dark Web Monitoring
NEXT GEN - MANAGED SECURITY
INTERNAL USE ONLY – DO NOT DISTRIBUTE
13. LEADINGTHEWAY 2019 NEXT GEN - REGULATIONS
ENFORCEMENT EFFECTIVE JULY 1, 2020
UNIVERSE OF COVERAGE
Businesses with $25 million in annual revenue, or
Trade in data of 50,000 or more persons, or
50%+ of revenue from selling consumers’ personal
information
TIGHTER PRIVACY DATA CONTROL
Includes biometric data, internet activity, consumer profiles
Covers unique identifiers such as IP address, mobile device
identifiers
Applies to current and future data
PERSONAL INFORMATION DEFINED
Encompasses any information that “identifies, relates to,
describes, is capable of being associated/linked directly or
indirectly with a particular consumer or household”
Signed June 2018, amended August 2018,
Law becomes operative January 2020,
Enforcement action commencing July 2020
PROVISIONS
Right to Know – within 45 days of the request + 1
extension
Right to Access – implied duty to preserve (last 12
months)
Right to Opt Out – clear and conspicuous links
DATA BREACH NOTIFICATION
Notification within 15 days to reduce
liability and business losses
ENFORCEMENT
Damages $100 to $750 per person-incident
Up to $2,500 per person-incident
Up to $7,500 per person-incident if intentionally
not curing the issue
CA CONSUMER PRIVACY ACT 2018
INTERNAL USE ONLY – DO NOT DISTRIBUTE
14. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019
Provides Legal Defense to Data Breach
Requires Written Security Program
Allows Choice of Appropriate Industry Framework
Does Not Mandate Controls or Punish Non-Compliance
Must Show Administrative, Technical, and Physical Controls around Personal Information
Must Also Show Compliance with Sector-Specific Requirements such as PCI or HIPAA
In Effect Friday November 2, 2018
Compliance Achieves Safe Harbor
NEXT GEN – REGULATIONS ENVIRONMENT
Ohio Cybersecurity Law
INTERNAL USE ONLY – DO NOT DISTRIBUTE
15. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019
NETWORK
DATA CENTERVIRTUAL
ENVIRONMENT
VS
VS
VS
VS
VS
VS
Network
Server Storage
Desktop Servers
Trusted 3rd
Parties
Mobile
Email
Internet
Employees
Off Network
Cloud
Branch Ops
NEXT GEN – EXPANDING THREAT HORIZON
INTERNAL USE ONLY – DO NOT DISTRIBUTE
17. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019
NETWORK
DATA CENTERVIRTUAL
ENVIRONMENT
VS
VS
VS
VS
VS
VS
Network
Server Storage
Desktop Servers
Trusted 3rd
Parties
Mobile
Email
Internet
Employees
Off Network
Cloud
Branch Ops
NEXT GEN –
INTEGRATEDSECURITY
eMail Endpoint
Firewall
INTERNAL USE ONLY – DO NOT DISTRIBUTE
18. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019
NETWORK
DATA CENTERVIRTUAL
ENVIRONMENT
VS
VS
VS
VS
VS
VS
Network
Server Storage
Desktop Servers
Trusted 3rd
Parties
Mobile
Email
Internet
Employees
Off Network
Cloud
Branch Ops
Firewall
eMail Endpoint
Mobile
Network
Cloud
THREAT
INTELLIGENCE
SECURITY
ANALYTICS
NEXT GEN –
INTEGRATEDSECURITY
INTERNAL USE ONLY – DO NOT DISTRIBUTE
19. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019
NETWORK
DATA CENTERVIRTUAL
ENVIRONMENT
VS
VS
VS
VS
VS
VS
Network
Server Storage
Desktop Servers
Trusted 3rd
Parties
Mobile
Email
Internet
Employees
Off Network
Cloud
Branch Ops
Firewall
eMail Endpoint
Mobile
Network
Cloud
THREAT
INTELLIGENCE
SECURITY
ANALYTICS
IAM
SIEM
DNS
ENCRYPTION
DATA APPS
& STORAGEAutomated
Response
NEXT GEN –
INTEGRATEDPLATFORMS
INTERNAL USE ONLY – DO NOT DISTRIBUTE
23. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019
Security Incident Services
Security Integration Services
Security Vendor Intelligence
Multi-Discipline Security Systems Integrator
AREA SECURITY MANAGERS
SOLUTIONS & SERVICES
SECURITY
ARCHITECTS
SOLUTIONS
AREA DIRECTORS
SECURITY
CONSULTING
Client Area Support
SECURITY CLIENT SUPPORT
INTERNAL USE ONLY – DO NOT DISTRIBUTE
24. LEADINGTHEWAY 2019
WE WORK WITH THE TOP SECURITY VENDORS IN THE INDUSTRY
PERIMETER SECURITY – Cisco Security, Palo Alto,
Fortinet, Check Point, Barracuda, Sonic Walls
ENDPOINT SECURITY – Symantec, Sophos, Trend
Micro, McAfee, Cylance, Crowdstrike, Carbon Black
SECURITY INFORMATION EVENT MANAGEMENT –
Splunk, QRadar, LogRythym, Alien Vault, HP ArcSight
CLOUD SECURITY – Azure, AWS, Netskope, Cloud
Lock,
MOBILE – Air Watch, Mobile Iron, Citrix
AND MORE - Over 100 other Security Vendors!
THE RIGHT SOLUTION PARTNERS
INTERNAL USE ONLY – DO NOT DISTRIBUTE
25. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019
ENVISION
• Security Program Assessments
• Incident Response Readiness
• Security Strategy & Roadmap
Planning/Review
• PCI Readiness Assessment
• HIPAA Readiness Assessment
• Sox Readiness Assessment
• Security Integrated Solution
Design
TRANSACT
• Penetration Testing
• Vulnerability Scanning
• Cloud Security
• Mobile Security
• IOT Security
IMPLEMENT
• Risk Control Gap Remediation
• PCI/HIPAA Remediation
• Forensic Investigation
MANAGE
• Virtual CISO
• Risk Governance
• Incident Response
• Third Party Risk Management
ENHANCE
• Security Operations Center
• Managed Security Services
• Board Level Services
• Cyber Insurance Review
ENHANCE
MANAGE
IMPLEMENT
ENVISION
TRANSACT
PCM SECURITY
Life Cycle of Services
INTERNAL USE ONLY – DO NOT DISTRIBUTE
26. LEADINGTHEWAY 2019
GOVERNANCE RISK &
COMPLIANCE SERVICES
SECURITY
CONSULTING
SERVICES
SECURITY
PLATFORM
SERVICES
PCM SECURITY CONSULTING SERVICES
INTERNAL USE ONLY – DO NOT DISTRIBUTE
27. LEADINGTHEWAY 2019
GOVERNANCE RISK & COMPLIANCE SERVICES
REGULATORY & COMPLIANCE ASSESSMENTS
PCI Compliance Assessments
HIPAA Compliance Assessments
NIST Compliance Assessments
FISMA Compliance Assessments
FedRAMP Compliance Assessments
ISO 2700x Compliance Assessments
NYS DFS Compliance Assessments
General Data Protection Regulation
(GDPR)
2018 California Consumer Privacy Act
COMPLIANCE REMEDIATION SERVICES
PCM SECURITY SERVICES
INTERNAL USE ONLY – DO NOT DISTRIBUTE
28. LEADINGTHEWAY 2019
SECURITY CONSULTING SERVICES
Security Program Assessments
Security Integrated Platform Design &
Architecture
Security Staff Residence Services
vCISO Services
Compromise Assessments
Third Party Risk Assessments
Incident Response and Forensic
Services
PCM SECURITY SERVICES
INTERNAL USE ONLY – DO NOT DISTRIBUTE
29. LEADINGTHEWAY 2019
SECURITY PLATFORM SERVICES
Managed Security Services
Security Integration Services
Cloud Security Assessments
Splunk Consulting Services
Penetration, Phishing & Vulnerability
Test
Infrastructure Assessments
Firewall
Network
Endpoint
eMail
Mobile
PCM SECURITY SERVICES
INTERNAL USE ONLY – DO NOT DISTRIBUTE
30. LEADINGTHEWAY 2019
LEADINGTHEWAY 2019
NEXT GEN – SECURITY PARTNER
Working with industry leaders providing the right
solution for our customers.
Delivering security with multi-disciplined teams to
address infrastructure, network, storage issues.
Whether endpoint, cloud, mobile, we provide the
right expertise and the right solution.
Dedicated security consulting and resources to
provide a full range of support.
Working with over 150 security OEMs’ we are
truly agnostic, offering the right solution.
Your Security Systems Integrator
INTERNAL USE ONLY – DO NOT DISTRIBUTE