BUILDING THE BLUEPRINT FOR INFORMATION SECURITY · Strategy Roadmap Physical Security DR /BCP...
16
BUILDING THE BLUEPRINT FOR INFORMATION SECURITY
Transcript of BUILDING THE BLUEPRINT FOR INFORMATION SECURITY · Strategy Roadmap Physical Security DR /BCP...
BUILDING THE BLUEPRINT FOR INFORMATION SECURITY
Problem: Overload In A Growing Threat Landscape
1 in 960,000GETTING STRUCK BY LIGHTNING
1 in 220DATING A MILLIONAIRE
1 in 4EXPERIENCING A DATA BREACH
Breaches go undetected for an average of 200 days prior to discovery
*
90% of organizations monitor fewer
than 25% of incidents*
The average cost of a successful cyberattack
ranges from $2.5M - $8M, depending on
sector/industry
*
81% of those breaches are discovered by
external parties*
✓ Advanced Threat Actors
✓ Cloud Transformation
✓ Compliance Requirements
✓ Shadow IT
✓ DevOps
✓ Data Leakage
✓ Social Engineering
✓ 100M+ New Malware Samples
Per Year
✓ Alert Fatigue
✓ Limited Resources
WHAT ARE THE ODDS OF?
Security Vs. Productivity
Static
Rigid
Limited Flexible
Dynamic
Accessible
Success Criteriafor Security
Distributed
Proactive
Intelligent
NETWORK
IDEN
TITY
AC
CESS
ENDPOINTS SYSTEMS
DATA
Threat Intelligence
Intelligent Security Architecture
Threat IntelligenceLifecycle
Detect
Reduce
Enhance
Optimize
Maturity Model - Controls & Processes
Initial
Managed
Optimized
Developing
Weak processes, irregular outcomes, reactive capability
Some processes, repeatable outcomes, tactical capability
Strong processes, mature & integrated, strategic capability
Institutional processes, continual improvement, preemptive capability
Organizational Risk ControlsOrganizational Risk Controls
Firewall
Intrusion Prevention
Load Balancing
NGFW
Network Access Control
Email Gateway
Web Gateway
URL Filtering
Proxy
Email DLP
Database Security
File Encryption
Data ClassificationDNS Protection
Sharepoint Security
SIEM
File Integrity Monitoring
Vulnerability Management
Risk Analysis
Change Control
Policy Auditing
Log Management
Remediation Management
Advanced AntiMalware
Disk Encryption
Desktop Firewall
Host IPS
Antivirus / Antimalware
Mobile Device Management
Network Access Control
App Control/Whitelisting
Web Filter
Host DLP
SSL Certificate Management
DLP Reporting
Mobile Data Control
Advanced Antimalware
Antivirus / Antimalware
Virtualization Security
Host IPS
App Control/Whitelisting
Host DLP
Secure Backup
Patch Management
Multi-Factor Authentication
EDR
Adaptive Threat Prevention
Forensics
Endpoint Visibility
Network Visibility
Threat Analysis Sandbox
CASB
Secure Access Gateways
Device Controls
DLP Historical Analysis
Password Vault
Identity Access Management
Network DLP
Web DLP
© Copyright 2018 DynTek Services, Inc.
Endpoint ProtectionNetwork Protection Electronic Communication
Incident Response Data Security Compliance Server Protection
IoT/ICS/SCADA
802.1X
eDiscovery
UEBA
GRC
SDLC ITAM
Configuration Management
Lifecycle Management
High Availability / System Replication
Security Processes
Security Training - IT
Security Training - Executive
Security Training - Users
Penetration Testing
Audit Program
Incident Response Protocols
Operational Security
Strategy Roadmap
Physical Security
DR/BCP Strategy
Risk Controls –Current Inventory
Firewall
Intrusion Prevention
Load Balancing
NGFW
Network Access Control
Email Gateway
Web Gateway
URL Filtering
Proxy
Email DLP
Database Security
File Encryption
Data ClassificationDNS Protection
Sharepoint Security
SIEM
File Integrity Monitoring
Vulnerability Management
Risk Analysis
Change Control
Policy Auditing
Log Management
Remediation Management
Advanced AntiMalware
Disk Encryption
Desktop Firewall
Host IPS
Antivirus / Antimalware
Mobile Device Management
Network Access Control
App Control/Whitelisting
Web Filter
Host DLP
SSL Certificate Management
DLP Reporting
Mobile Data Control
Advanced Antimalware
Antivirus / Antimalware
Virtualization Security
Host IPS
App Control/Whitelisting
Host DLP
Secure Backup
Patch Management
Multi-Factor Authentication
EDR
Adaptive Threat Prevention
Forensics
Endpoint Visibility
Network Visibility
Threat Analysis Sandbox
CASB
Secure Access Gateways
Device Controls
DLP Historical Analysis
Password Vault
Identity Access Management
Network DLP
Web DLP
IoT/ICS/SCADA
802.1X
eDiscovery
UEBA
GRC
SDLC ITAM
Configuration Management
Lifecycle Management
High Availability / System Replication
Security Training - IT
Security Training - Executive
Security Training - Users
Penetration Testing
Audit Program
Incident Response Protocols
Operational Security
Strategy Roadmap
Physical Security
DR/BCP Strategy
Current State Posture
Optimized
Managed
Developing
Not Deployed
Initial
Risk Controls - Consolidated
Perimeter Security
DDOS Mitigation
Network Access Control
Database Security
File Encryption
Data Classification
DNS Protection
Collaboration Platform Security
SIEMFile Integrity Monitoring
Vulnerability Management
Risk Analysis
Change Control
Log Management
Disk Encryption
Endpoint Protection
Mobile Device Management
Certificate Authority
Virtualization Security
Secure Backup
Patch Management
Multi-Factor Authentication
EDR
Forensics
Network Visibility
Zero Day DefenseCloud Access
Security
Secure Remote Access
Device Controls
Privileged Access Management
Identity Access Management
Data Loss Prevention
EndpointNetwork Data Systems
IoT/ICS/SCADA
eDiscovery
Behavioral Analytics
SDLCHigh Availability / System Replication
Processes
Security Awareness
Validation Testing & Audit
Incident Response Protocols
Operational Security
DR/BCP Strategy
Mail Security
Identity Access
Endpoint Protection
EDR
Intelligence
Risk Controls - Consolidated
Current State Posture
Optimized
Managed
Developing
Not Deployed
Initial
Perimeter Security
Service Availability Controls
Network Access Control
Database Security
File Encryption
Data Classification
DNS Protection
Collaboration Platform Security
SIEMFile Integrity Monitoring
Vulnerability Management
Risk Analysis
Change Control
Log Management
Disk Encryption
Endpoint Protection
Mobile Device Management
Certificate Management
Virtualization Security
Secure Backup
Patch Management
Multi-Factor Authentication
EDR
Forensics
Network Visibility
Zero Day DefenseCloud Access
Security
Secure Remote Access
Device Controls
Privileged Access Management
Identity Access Management
Data Loss Prevention
EndpointNetwork Data Systems
IoT/ICS/SCADA
eDiscovery
Behavioral Analytics
SDLCHigh Availability / System Replication
Processes
Security Awareness
Validation Testing & Audit
Incident Response Protocols
Operational Security
DR/BCP Strategy
Mail Security
Identity Access
Endpoint Protection
EDR
Intelligence
Program Maturity –Current StateOptimized
9%
Managed22%
Developing16%Initial
20%
Absent33% Deployed
67%
Absent33%
Proposed Risk Controls – Phased Deployment
Current State Posture
Optimized
Managed
Developing
Not Deployed
Initial
Perimeter Security
Service Availability Controls
Network Access Control
Database Security
File Encryption
Data Classification
DNS Protection
Collaboration Platform Security
SIEMFile Integrity Monitoring
Vulnerability Management
Risk Analysis
Change Control
Log Management
Disk Encryption
Endpoint Protection
Mobile Device Management
Certificate Management
Virtualization Security
Secure Backup
Patch Management
Multi-Factor Authentication
EDR
Forensics
Network Visibility
Zero Day DefenseCloud Access
Security
Secure Remote Access
Device Controls
Privileged Access Management
Identity Access Management
Data Loss Prevention
EndpointNetwork Data Systems
IoT/ICS/SCADA
eDiscovery
Behavioral Analytics
SDLCHigh Availability / System Replication
Processes
Security Awareness
Validation Testing & Audit
Incident Response Protocols
Operational Security
DR/BCP Strategy
Mail Security
Identity Access
Endpoint Protection
EDR
Intelligence
1
1
1
1
2 2
2 2
3
3
3
3
1
3
2 3
2
Proposed Risk Controls – Phased Deployment
Data Classification
Vulnerability Management
Risk AnalysisEndpoint
Protection
Multi-Factor Authentication
EDR Network Visibility
Privileged Access Management
Identity Access Management
Data Loss Prevention
SDLC
Security Awareness
Validation Testing & Audit
Incident Response Protocols
Operational Security
Detect
Reduce
Enhance
Optimize
PHASE 1 PHASE 2 PHASE 3Improve Existing
Displace Existing
New Control
Proposed Risk Controls – Maturity Over Time
9%
22%33%
47%22%
22%
22%
22%
16%
16%
11%
2%
22%
11%9% 4%
31% 29% 24% 24%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Start Phase 1 Phase 2 Phase 3
Optimized Managed Developing Initial Absent
Proposed Risk Controls – Improved State
Current State Posture
Optimized
Managed
Developing
Not Deployed
Initial
Perimeter Security
Service Availability Controls
Network Access Control
Database Security
File Encryption
Data Classification
DNS Protection
Collaboration Platform Security
SIEMFile Integrity Monitoring
Vulnerability Management
Risk Analysis
Change Control
Log Management
Disk Encryption
Endpoint Protection
Mobile Device Management
Certificate Management
Virtualization Security
Secure Backup
Patch Management
Multi-Factor Authentication
EDR
Forensics
Network Visibility
Zero Day DefenseCloud Access
Security
Secure Remote Access
Device Controls
Privileged Access Management
Identity Access Management
Data Loss Prevention
IoT/ICS/SCADA
eDiscovery
Behavioral Analytics
SDLCHigh Availability / System Replication
Security Awareness
Validation Testing & Audit
Incident Response Protocols
Operational Security
DR/BCP Strategy
Mail Security
Endpoint Protection
EDR
EndpointNetwork Data Systems ProcessesIdentity Access Intelligence
