3. Global Security Mega Trends -Threat Horizon
ď´Outside threats: Hackers and organized crime have
joined hands
ď´Inside threats: The human factor is the key
ď´Application Attacks become more prevalent
ď´There Yourno here
is Text single logical place to put a âperimeterâ
Your Text here
around the organization:
ď´ Hackers focus on new and emerging technologies
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 3
4. General Trends for 2008
ď´Virtual Machine Security Implications:
⢠Virtualization made big headlines in 2007 with major
players going public
⢠The industry hasnât fully explored the security implications
of virtual technology
Your Text here Your Text here
ď´Mobile Platforms:
⢠Interest in mobile security has never been higher
⢠Phones become more complex, more interesting and more
connected
⢠Attackers may take advantage
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 4
5. General Trends for 2008 â The Human
Factor
ď´ CISOs tend to trust products and technologies
ď´ One persons mistake can expose a well-protected
organization
ď´ Attackers know how to exploit the weaknesses of
human nature:
⢠Greed here
Your Text Your Text here
⢠âFlockquot; mentality
⢠Trust assertive figures
⢠The need to please
ď´ Human weaknesses have no airtight solution
(Training?)
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 5
6. The Relative Seriousness of IT
Security Threats
Your Text here Your Text here
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 6
7. STKI Survey 2008:
100%
90%
80%
70%
60%
50%
Israel
40%
Your Text here Your Text here
30% World
20%
10%
0%
Careless/risky behavior Lost or stolen laptops and At least 90% of
by employees is the computer media are the most employees follow
most serious internal serious technical threat security policies
security threat
Source: STKI, CIO Insight 2008
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 7
8. STKI survey results
Your Text here Your Text here
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 8
9. Am I Vulnerable?
ď´ There is no such thing as quot;securequot;
ď´ Despite the advanced systems, it's hard to know for
sure
ď´ High demand for penetration testing, risk
assessments
Your Text here Your Text here
ď´ Many organizations are realizing the importance of a
neutral party
ď´ Market is dominated by small and medium consulting
companies
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 9
10. The Cost of Security
Dollar Amount Losses by Type of Attack (Top 5,
Thousands $)
Financial Fraud
21,124,750$
)Virus (Worms/Spyware 8,391,800$
Your Text here Your Text here
System Penetration by Outsiders 6,875,000$
Theft of Confidential Data (Not Including
5,685,000$
)Mobile Devices
Laptop or Mobile Theft 3,881,150$
(Source: CSI Survey 2007)
10
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info
11. World Security Technologies Used
(By Percent of Respondents)
)Four Most Common(
Antivirus Software 98%
Firewall 97%
Your Text here VPN 84%
Your Text here
Anti-Spyware Software 80%
)Four Less Common(
Public Key Infrastucture 32%
Specialized Wireless Security Systems 28%
EPS/NAC 27%
Biometrics 18%
(Source: CSI Survey 2007)
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 11
12. What Interest Our Clients? 2007-2008
Firewall/
Miscellaneous Application
Firewall Endpoint Security
20% 11%
12%
Your Text here Mail/ Mobile
Your Text here
Market Trends Device Encryption
18% 8%
NAC
7%
IDM
6%
URL Filtering Antivirus SIEM/SOC
6% 6% 6%
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 12
13. STKI survey results
Your Text here Your Text here
All Rights Reserved @STKI Moshav Bnei Zion,
Israel +972 9 74 444 74 www.stki.info
13
15. Endpoint Security
ď´ The Endpoint is a major threat
ď´ Risk Factors:
⢠Spyware
⢠Viruses
⢠Website with malicious code
⢠External here
Your Text
devices carrying information Your Text here
ď´ Even when you have protection systems, they canât
be trusted:
â˘Users Circumvent the systems for comfort
â˘Communication problems prevent updates
â˘New stations or guests with no protection
â˘Infiltration of unprotected systems
ď´ The Solution: NACâŚ
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 15
16. Endpoint Security â Continue
ď´ Device Management is in the spotlight
ď´ Major players enter the market â McAfee, Checkpoint,
Symantec
ď´ Leading Solutions in Israel:
⢠Checkpoint -Pointsec Protector
⢠ControlGuard -Endpoint Access ManagerYour Text here
Your Text here
⢠McAfee -Host Intrusion Prevention
⢠SafeEnd -Protector
⢠Symantec -Endpoint Protection
ď´ Most of our clients use a product, or in advanced
integration stages
ď´ Device Management will become default soon
16
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info
18. Trends -Network Admission/
Access Control (NAC)
ď´ NAC was invented by Cisco, but never standardized
ď´ Standardization is expected in the coming years
ď´ Even the acronym of NAC isn't clear
ď´ Products exist, but experts can't agree on their
effectiveness
Your Text here Your Text here
ď´ There are problems with non-PC hardware
ď´ Many of our customers are interested
ď´ Majority of customers: researching or doing POC
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 18
21. Israeli NAC Players
Leading Solutions:
⢠Access Layers
⢠Cisco
⢠Enterasys
⢠ForeScout
⢠Insightix Text here
Your Your Text here
⢠McAfee
⢠Microsoft
⢠Nortel
⢠Symantec
⢠XOR
21
22. STKI Insights
ď´NAC can be deployed less expensively when it is an
embedded feature
ď´Many of the infrastructure-based solutions wonât not
work with older LAN switch product families - Some
organizations will wait for newer versions Text here
Your Text here Your
ď´Some network and security vendors already have
solutions that can be part of the NAC process (AC, IPS) â
An important starting point for market domination
ď´ First priority: implement a guest networking control
ď´NAC is a Layer 2 vs. Layer 3 match
22
24. Data Leak /Loss Prevention (DLP)
ď´ DLP is an overall framework into which different elements fit
ď´ There are three types of data that may leak:
⢠Data at rest
⢠Data in transit
⢠Data on endpoints
ď´ No single DLP focus area is foolproof, so enforcinghere three
Your Text here Your Text
all
makes problems less likely
ď´ DLP is a growing area, and vendors react accordingly
ď´ It is suggested to use full-suite vendors in order
to avoid integration problems
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 24
25. Data Leak /Loss Prevention âWorld Trends
Your Text here Your Text here
Source: Aberdeen Report 2008
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 25
26. Data Leak /Loss Prevention âEMEA Trends
Your Text here Your Text here
Source: Aberdeen Report 2008
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 26
27. DLP âMarket Status & Players
ď´World Leaders:
⢠Symantec (Acquired Vontu, 2007, 350$ M)
⢠Websense (Acquired PortAuthority 2007, 90$ M)
⢠Reconnex (Acquired by McAfee, July 2008, 46$ M)
⢠Tablus Text here
Your (Acquired by RSA, 2007, 40$ M) Your Text here
⢠Vericept ?
ď´Main drivers for DLP are:
⢠Regulations such as Payment Card Industry (PCI),
Accountability Act (HIPAA)
⢠e-mail security, instant messaging (IM) and
endpoint monitoring solutions
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 27
29. Mobile Devices Security
ď´ Mobile devices like Smartphones and PDAs are becoming
common
ď´ Price drops make the phones attractive
ď´ Now, some users sync, but it will expand, mostly at the
workplace
ď´ Rich apps are on the horizon
Your Text here Your Text here
ď´ Portable devices are prone to theft, loss and tapping (BT)
ď´ There are inadequate solutions according to Israeli users
ď´ We expect major developments and maturity
ď´ Major players enter the market
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 29
31. STKI Survey 2008:
40%
35%
30%
25%
20%
Israel
15% Your Text here Your Text here
World
10%
5%
0%
Adequate solution Inadequate Plan to install Don't know /No
in place solution in place /Currently plan to install
installing
Source: STKI, CIO Insight 2008
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 31