SlideShare ist ein Scribd-Unternehmen logo

Shadow IT

Risk Analysis Consultants, s.r.o.
Risk Analysis Consultants, s.r.o.

This document discusses many challenges facing security teams, including lack of visibility into all IT systems and assets ("shadow IT"), numerous vulnerabilities being discovered regularly, inability to identify attack paths, and poor communication between security and business teams. It advocates adopting a continuous monitoring approach that automates asset discovery, vulnerability assessments, log analysis and security metrics to improve visibility, prioritize risks, and demonstrate security's value to the business.

Software
1 von 38
SHADOW IT Florian Hammers
New Threats Discovered Every Day 90M network devices vulnerable HEARTBLEED 70% SHELLSHOCK of all Internet-facing machines exposed Almost every Linux system vulnerable due to glibc flaw GHOST SCADA Numerous remote code execution vulnerabilities discovered WINDOWS Numerous remote code execution vulnerabilities discovered Multiple zero days leveraged by exploit kits FLASH Billion Android devices possibly affected by major flaw in Media Library STAGEFRIGHT
VULNERABILITIES WE HAVE NAMED DRIVING AGENDAS
NOT IMPROVEMENTS KNEE JERK REACTIONS LOGOS LEAD TO
Many Old Issues Still Linger Lack of visibility due to large compound annual growth rates CAGR SHAKESPEARE Given a few tries, a chimp banging on a keyboard would guess your password Inability to identify attack path to defend against breach INVADER Communication failure between security staff and the business STUTTER ROT26 Data is not encrypted… Why is the data not encrypted?! A a Buying expensive bandaids for massive bullet holes BANDIT
Lack of visibility due to large compound annual growth rates CAGR
VISIBILITY MOST ORGANISATIONS LACK
SHADOW ITSHADOW IT Dictionary Shadow IT |ˈʃadəʊ it| noun IT systems and solutions used by employees without explicit approval by operations or security. Systems not known to the organisation through lack of visibility.
It only takes a few seconds for a new virtual machine to spin up but days, weeks or months to detect it
of workers in the US are using personal smartphones for work purposes 90%
*According to 400 respondents to the Tenable “State of Security” survey 2015 Compound annual growth rate of infrastructure*
Using a 20th Century approach to address a 21st Century problem
PERIODIC SCANNING IS NOT ENOUGH
ASSET DISCOVERY Deploy an automated asset inventory discovery tool and use it to build a preliminary asset inventory of systems connected to an organization's public and private network(s). Both active tools that scan through network address ranges and passive tools that identify hosts based on analysing their traffic should be employed. SANS CRITICAL SECURITY CONTROL #1
Takes a 21st Century Approach NESSUS® CLOUD NESSUS® VULNERABILITY SCANNER PVS™ PASSIVE VULNERABILITY SCANNER LCE™ LOG CORRELATION ENGINE SECURITYCENTER™ PVS N SC NC LCE CONTINUOUS VIEW NESSUS® AGENTS NA
Automatic Workflows NESSUS® CLOUD NESSUS® VULNERABILITY SCANNER PVS™ PASSIVE VULNERABILITY SCANNER LCE™ LOG CORRELATION ENGINE SECURITYCENTER™ CONTINUOUS VIEW NESSUS® AGENTS
What assets, data and vulnerabilities reside on the network?
Inability to identify attack path to defend against breach INVADER
Example Attack Path Foothold Found via phishing or vulnerability Evade Hide forensic footprints Explore Find data and systems of interest Profit Sell data to other 3rd parties Exfiltrate Extract customer data or IP Establish Install code for permanence
ATTACK SURFACE CONTINUOUSLY MONITOR THE
What controls should be implemented to continuously protect and monitor the assets?
CONTINUOUSLY DEPLOY&VERIFY
Buying expensive bandaids for massive bullet holes BANDIT
The Almighty Security Vendors Will Save Us!
Security isn’t about spending a portion of the annual budget on tools – it’s about doing the right activities to reduce risk
Communication failure between security staff and the business STUTTER
How can I Demonstrate I have continuous situational Awareness?
How do I communicate the effectiveness of security and demonstrate value to the business?
Bits and bytes don’t belong in the boardroom Metrics are the language of Business
CONTROL IF YOU CAN’T MEASURE YOU CAN’T
IMPROVE IF YOU CAN’T MEASURE YOU CAN’T
FUNDAMENTALS PRACTICE THE FIRST
Organisations need to stop focusing on the AND FIX THE 100DAY 0DAY
The biggest issue we face in security today isn’t IT’S APATHY APT
IN REAL-TIME Category-Defining Continuous Network Monitoring Enables Rapid Asset and Vulnerability Discovery Metrics That Matter to the Business, Easily Surfaced and Visualised. Demonstrate Value. All of your devices. All of your applications. On-premise, or in the cloud WE MONITOR YOUR SECURITY Prioritise What Needs to be Fixed First. Integrate into Third Party Processes to Communicate Needs.

Empfohlen

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Digital Bond
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16
Alexander Leonov
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
David Perkins
 
The Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityThe Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial Security
Dragos, Inc.
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Blue Coat
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration tests
Priyanka Aash
 

Empfohlen

Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Tiptoe Through The Network: Practical Vulnerability Assessments in Control Sy...
Digital Bond
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16
Alexander Leonov
 
SonicWALL Advanced Features
SonicWALL Advanced FeaturesSonicWALL Advanced Features
SonicWALL Advanced Features
David Perkins
 
The Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityThe Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial Security
Dragos, Inc.
 
Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101Advanced Threat Protection - Sandboxing 101
Advanced Threat Protection - Sandboxing 101
Blue Coat
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
Priyanka Aash
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Breaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration testsBreaking and entering how and why dhs conducts penetration tests
Breaking and entering how and why dhs conducts penetration tests
Priyanka Aash
 
VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
Shah Sheikh
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
David Perkins
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
Blue Coat
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
David Perkins
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
David Perkins
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best Practices
Heather Axworthy
 
Antispam aneb plnoleté řešení
Antispam aneb plnoleté řešeníAntispam aneb plnoleté řešení
Antispam aneb plnoleté řešení
MarketingArrowECS_CZ
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Symantec
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's Malware
David Perkins
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
MarketingArrowECS_CZ
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0
Shah Sheikh
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
GuardEra Access Solutions, Inc.
 
introtomalware
introtomalwareintrotomalware
introtomalware
Alexander Rivera
 
Carbon Black Corporate Overview 2016
Carbon Black Corporate Overview 2016 Carbon Black Corporate Overview 2016
Carbon Black Corporate Overview 2016
Exclusive Networks ME
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Dragos, Inc.
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
Aditya Jain
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
Ahmed Banafa
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
Priyanka Aash
 
'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV
OPNFV
 
Proprietary vs opensource in cloud
Proprietary vs opensource in cloudProprietary vs opensource in cloud
Proprietary vs opensource in cloud
unreasonablemen
 
How can we work smarter in security?
How can we work smarter in security?How can we work smarter in security?
How can we work smarter in security?
Tenable Network Security
 

Weitere ähnliche Inhalte

Was ist angesagt?

VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
Shah Sheikh
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Dragos, Inc.
 

Was ist angesagt? (20)

VIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS SummitVIPER Labs - VOIP Security - SANS Summit
VIPER Labs - VOIP Security - SANS Summit
 
Make Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your FavorMake Every Spin Count: Putting the Security Odds in Your Favor
Make Every Spin Count: Putting the Security Odds in Your Favor
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
 
Thinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and PreventionThinking Differently About Security Protection and Prevention
Thinking Differently About Security Protection and Prevention
 
IPS Best Practices
IPS Best PracticesIPS Best Practices
IPS Best Practices
 
Antispam aneb plnoleté řešení
Antispam aneb plnoleté řešeníAntispam aneb plnoleté řešení
Antispam aneb plnoleté řešení
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
 
Preventing Today's Malware
Preventing Today's MalwarePreventing Today's Malware
Preventing Today's Malware
 
Advanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešeníAdvanced Threat Protection – ultimátní bezpečnostní řešení
Advanced Threat Protection – ultimátní bezpečnostní řešení
 
DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0DTS Solution - Penetration Testing Services v1.0
DTS Solution - Penetration Testing Services v1.0
 
SourceFire IPS Overview
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
 
introtomalware
introtomalwareintrotomalware
introtomalware
 
Carbon Black Corporate Overview 2016
Carbon Black Corporate Overview 2016 Carbon Black Corporate Overview 2016
Carbon Black Corporate Overview 2016
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
 
Nessus-Vulnerability Tester
Nessus-Vulnerability TesterNessus-Vulnerability Tester
Nessus-Vulnerability Tester
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
 
SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.SDN and Security: A Marriage Made in Heaven. Or Not.
SDN and Security: A Marriage Made in Heaven. Or Not.
 
'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV'Moon' Security Management System for OPNFV
'Moon' Security Management System for OPNFV
 

Andere mochten auch

How can we work smarter in security?
How can we work smarter in security?How can we work smarter in security?
How can we work smarter in security?
Tenable Network Security
 
What's your advice for users of Ashley Madison?
What's your advice for users of Ashley Madison?What's your advice for users of Ashley Madison?
What's your advice for users of Ashley Madison?
Tenable Network Security
 
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
jack51706
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
Utkarsh Verma
 

Andere mochten auch (20)

Proprietary vs opensource in cloud
Proprietary vs opensource in cloudProprietary vs opensource in cloud
Proprietary vs opensource in cloud
 
How can we work smarter in security?
How can we work smarter in security?How can we work smarter in security?
How can we work smarter in security?
 
What's your advice for users of Ashley Madison?
What's your advice for users of Ashley Madison?What's your advice for users of Ashley Madison?
What's your advice for users of Ashley Madison?
 
Novinky QualysGuard 2010
Novinky QualysGuard 2010Novinky QualysGuard 2010
Novinky QualysGuard 2010
 
What should I be scared about today?
What should I be scared about today?What should I be scared about today?
What should I be scared about today?
 
Présentation NUTANIX EVENEMENT Le Datacenter "Next-Generation" - NUTANIX - AC...
Présentation NUTANIX EVENEMENT Le Datacenter "Next-Generation" - NUTANIX - AC...Présentation NUTANIX EVENEMENT Le Datacenter "Next-Generation" - NUTANIX - AC...
Présentation NUTANIX EVENEMENT Le Datacenter "Next-Generation" - NUTANIX - AC...
 
Unwelcome Network Surprises
Unwelcome Network SurprisesUnwelcome Network Surprises
Unwelcome Network Surprises
 
When your CEO asks, "Are we secure?" what do you say?
When your CEO asks, "Are we secure?" what do you say?When your CEO asks, "Are we secure?" what do you say?
When your CEO asks, "Are we secure?" what do you say?
 
Nutanix and microsoft_webinar_oct_28
Nutanix and microsoft_webinar_oct_28Nutanix and microsoft_webinar_oct_28
Nutanix and microsoft_webinar_oct_28
 
Navigating the PCI Self-Assessment questionaire
Navigating the PCI Self-Assessment questionaireNavigating the PCI Self-Assessment questionaire
Navigating the PCI Self-Assessment questionaire
 
Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]
 
BASH 漏洞深入探討
BASH 漏洞深入探討BASH 漏洞深入探討
BASH 漏洞深入探討
 
Got Your PW - 一場入門資安的微旅行
Got Your PW - 一場入門資安的微旅行Got Your PW - 一場入門資安的微旅行
Got Your PW - 一場入門資安的微旅行
 
CyberArk
CyberArkCyberArk
CyberArk
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense TechniqueDARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
DARPA CGC and DEFCON CTF: Automatic Attack and Defense Technique
 
窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf窺探職場上所需之資安專業技術與能力 Tdohconf
窺探職場上所需之資安專業技術與能力 Tdohconf
 
Harden Your Linux
Harden Your LinuxHarden Your Linux
Harden Your Linux
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
What was your worst day in IT?
What was your worst day in IT?What was your worst day in IT?
What was your worst day in IT?
 

Ähnlich wie Shadow IT

IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
Gregory Hanis
 
inSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdfinSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdf
ChristopherSumner7
 

Ähnlich wie Shadow IT (20)

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS
 
A modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systems
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Eximbank security presentation
Eximbank security presentationEximbank security presentation
Eximbank security presentation
 
Next Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA ComplianceNext Dimension and Cisco | Solutions for PIPEDA Compliance
Next Dimension and Cisco | Solutions for PIPEDA Compliance
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
A rede como um sensor de segurança
A rede como um sensor de segurança A rede como um sensor de segurança
A rede como um sensor de segurança
 
Ending the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security ToolsEnding the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security Tools
 
Ending the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security ToolsEnding the Tyranny of Expensive Security Tools
Ending the Tyranny of Expensive Security Tools
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
Trisul for Managed Security Service Providers
Trisul for Managed Security Service ProvidersTrisul for Managed Security Service Providers
Trisul for Managed Security Service Providers
 
Trisul for Managed Security Service Providers
Trisul for Managed Security Service ProvidersTrisul for Managed Security Service Providers
Trisul for Managed Security Service Providers
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
inSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdfinSOC Sales Deck Dec 2020.pdf
inSOC Sales Deck Dec 2020.pdf
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 

Mehr von Risk Analysis Consultants, s.r.o.

QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
Risk Analysis Consultants, s.r.o.
 
QualysGuard InfoDay 2014 - QualysGuard Continuous Monitoring
QualysGuard InfoDay 2014 - QualysGuard Continuous MonitoringQualysGuard InfoDay 2014 - QualysGuard Continuous Monitoring
QualysGuard InfoDay 2014 - QualysGuard Continuous Monitoring
Risk Analysis Consultants, s.r.o.
 
QualysGuard InfoDay 2013 - Případová studie ČNB - QG WAS
QualysGuard InfoDay 2013 - Případová studie ČNB - QG WASQualysGuard InfoDay 2013 - Případová studie ČNB - QG WAS
QualysGuard InfoDay 2013 - Případová studie ČNB - QG WAS
Risk Analysis Consultants, s.r.o.
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
Risk Analysis Consultants, s.r.o.
 

Mehr von Risk Analysis Consultants, s.r.o. (20)

Best practice v testování zranitelností
Best practice v testování zranitelnostíBest practice v testování zranitelností
Best practice v testování zranitelností
 
Představení nástroje Nuix
Představení nástroje NuixPředstavení nástroje Nuix
Představení nástroje Nuix
 
FTK5 - HW požadavky a instalace
FTK5 - HW požadavky a instalaceFTK5 - HW požadavky a instalace
FTK5 - HW požadavky a instalace
 
Použití EnCase EnScript
Použití EnCase EnScriptPoužití EnCase EnScript
Použití EnCase EnScript
 
RAC DEAS - Univerzální SW nástroj k zajištění digitálních stop
RAC DEAS - Univerzální SW nástroj k zajištění digitálních stopRAC DEAS - Univerzální SW nástroj k zajištění digitálních stop
RAC DEAS - Univerzální SW nástroj k zajištění digitálních stop
 
RAC DEAT - Univerální HW nástroje pro zajištění digitálních stop
RAC DEAT - Univerální HW nástroje pro zajištění digitálních stopRAC DEAT - Univerální HW nástroje pro zajištění digitálních stop
RAC DEAT - Univerální HW nástroje pro zajištění digitálních stop
 
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
QualysGuard InfoDay 2014 - QualysGuard Web Application Security a Web Applica...
 
QualysGuard InfoDay 2014 - QualysGuard Continuous Monitoring
QualysGuard InfoDay 2014 - QualysGuard Continuous MonitoringQualysGuard InfoDay 2014 - QualysGuard Continuous Monitoring
QualysGuard InfoDay 2014 - QualysGuard Continuous Monitoring
 
QualysGuard InfoDay 2014 - Asset management
QualysGuard InfoDay 2014 - Asset managementQualysGuard InfoDay 2014 - Asset management
QualysGuard InfoDay 2014 - Asset management
 
QualysGuard InfoDay 2014 - WAS
QualysGuard InfoDay 2014 - WASQualysGuard InfoDay 2014 - WAS
QualysGuard InfoDay 2014 - WAS
 
QualysGuard InfoDay 2014 - Policy compliance
QualysGuard InfoDay 2014 - Policy complianceQualysGuard InfoDay 2014 - Policy compliance
QualysGuard InfoDay 2014 - Policy compliance
 
QualysGuard InfoDay 2014 - Vulnerability management
QualysGuard InfoDay 2014 - Vulnerability managementQualysGuard InfoDay 2014 - Vulnerability management
QualysGuard InfoDay 2014 - Vulnerability management
 
Použití hashsetů v EnCase Forensic v7
Použití hashsetů v EnCase Forensic v7Použití hashsetů v EnCase Forensic v7
Použití hashsetů v EnCase Forensic v7
 
Analýza elektronické pošty v EnCase Forensic v7
Analýza elektronické pošty v EnCase Forensic v7Analýza elektronické pošty v EnCase Forensic v7
Analýza elektronické pošty v EnCase Forensic v7
 
Vybrané funkce Forensic Toolkit 5 + RAC Forensic Imager
Vybrané funkce Forensic Toolkit 5 + RAC Forensic ImagerVybrané funkce Forensic Toolkit 5 + RAC Forensic Imager
Vybrané funkce Forensic Toolkit 5 + RAC Forensic Imager
 
QualysGuard InfoDay 2013 - Případová studie ČNB - QG WAS
QualysGuard InfoDay 2013 - Případová studie ČNB - QG WASQualysGuard InfoDay 2013 - Případová studie ČNB - QG WAS
QualysGuard InfoDay 2013 - Případová studie ČNB - QG WAS
 
QualysGuard InfoDay 2013 - Qualys Questionnaire
QualysGuard InfoDay 2013 - Qualys QuestionnaireQualysGuard InfoDay 2013 - Qualys Questionnaire
QualysGuard InfoDay 2013 - Qualys Questionnaire
 
QualysGuard InfoDay 2013 - Nové funkce QG
QualysGuard InfoDay 2013 - Nové funkce QGQualysGuard InfoDay 2013 - Nové funkce QG
QualysGuard InfoDay 2013 - Nové funkce QG
 
QualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallQualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application Firewall
 
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
QualysGuard InfoDay 2013 - QualysGuard RoadMap for H2-­2013/H1-­2014
 

Kürzlich hochgeladen

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
anilsa9823
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
anilsa9823
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
MyIntelliSource, Inc.
 

Kürzlich hochgeladen (20)

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

Shadow IT

Hinweis der Redaktion

  1. When heart bleed hit, CEO’s and senior staff started to ask simple questions like “are we vulnerable to this?” and “How quickly will it be addressed?” The replies they got were often lacking.
  2. When heart bleed hit, CEO’s and senior staff started to ask simple questions like “are we vulnerable to this?” and “How quickly will it be addressed?” The replies they got were often lacking.
  3. You wouldn’t use a polaroid camera as a CCTV camera, so why do people still take the approach of snapshots in time to see how things change.
  4. And when security people are sitting in the room with senior management, they often go to their safe place and talk technology rather than higher level business goals and enabling the business to be successful.
  5. Key Points Because if you can’t measure IT then you can’t: Control it Improve it Report on it
  6. Key Points Because if you can’t measure IT then you can’t: Control it Improve it Report on it
  7. Key Points In order to improve your security, risk and compliance posture you need to focus on the critical few. It is sort of like exercise – if you tried to manage and monitor everything about your everyday fitness you’d suffer from data fatigue and it would be difficult to know if you were make improvements first. Which is why so many tools are out there to help us simplify and get better control of our life – diet plans, eat the 5 basic food groups, an apple a day keeps the doctor away, and technology advancements (wearables, iHealth, etc) {transition} let’s take Fitbit® for example….