#CIO guide - IT #Security in #Cloud and #Mobile Environments
Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuania CIO Forum 2015...
-
Upload
andris-soroka -
Category
Technology
-
view
710 -
download
1
Transcript of Data Security Solutions - Cyber Security & Security Intelligence - @ Lithuania CIO Forum 2015...
Security Intelligence for business data and
IS protection
Andris Soroka10.11.2015, Vilnius
Riga, Latvia
“Data Security Solutions” business cardWhat We Do?
DSS
Cyber Security
OnlyFull IT
Security Services Lifecycle
Most Innovative Portfolio in
BalticsMember–
ships, Awareness
Rising
Technology &
Knowledge Transfer
ICT Security
Evangelists
Endpoints
Applications
Networks
Data
Identity
Mobility
Managem
ent
Cloud
DSS Global Partnerships
DSS Delivering Excellent ICT Security Operatitions to its Customers
Customer ICT Security
Operations Excellence
Cooperation with Industry
Top Technology
Leaders Recognised by Gartner, IDC,
Forester
Top level ICT
Security Professiona
ls
Selected Cutting Edge ICT Security Innovative
Technology Integration
Pan-Baltic
Projects
Particular Focus
on Securit
y
Our international cyber security conference 6th annual since 2010
70+ presentations
8 parallel sessions
700 on-site visitors
2500 online watchers
http://event.dss.lv
Remarks from Cybersecurity Month - October
Future is now. We live in future.3D Printers (Terminator 2 style)Google Glasses (..and “glassh**es)Cloud ComputingBig Data & Supercomputers (quantum)Mobile Payment & Virtual MoneyeCasino’s, eBetting, eShops, eAnythingRobotics and Intraday DeliveriesInternet of things & smart citiesAugmented RealityExtreme development of App’sDigital prototypingGadgets (devices) & MobilityTechnology replaced jobs (automation)Geo-location powerBiometricsHealth bands and mHealthElectronic carsAvegant Glymph and much, much more
Opportunity every business should see and seek
Trends of the digital future
Cyber security future is now ..
The Raise of Threats and Attacks
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015
Attack types
201240% increase
2013800,000,000+ records
2014Unprecedented impact
XSS SQLiMisconfig. Watering Hole
BruteForce
Physical Access
Heartbleed Phishing DDoS Malware Undisclosed
$6.5Maverage cost of a U.S. data breachaverage time to detect APTs
256 daysSource: 2015 Cost of Data Breach Study, Ponemon Institute
Sophisticated attacks of today’s cybercrimeTargeted professional attacksMassive Denials of ServicesWatering hole attacksAdvanced persistent threatsMobile incidentsCyber warsHacktivistsGlobal virus outbreaksShadow IT and dark netInsane data leakagesIdentity theftsCyber espionageAnd so on...
“You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in wonderland, and I show you how deep the rabbit hole goes.”
~Morpheus @Matrix
Rabbit hole versus wonderland...Blue pill option e.g. «wonderland»
Don’t invest nowBelieve in security of Your data&IS’sIgnore it all despite reality to contrary
that every business is affected
Red pill «rabbit hole»Stop functioning under illusion of
securityImplement effective and innovative
security technologiesLearn how deep rabbit hole goes...
Impact of Cyber Security Risks to «C’s»
Loss of market share and reputation
Legal exposure
Business continuity
Audit failure
Fines and enforcement impact
Financial loss
Impact to data and systems,
(confidentiality, integrity and / or availability)
Violation of employee
privacy
Loss of sensitive data
Loss of customer
trust
Loss ofbrand reputation
CEO / COO CCO / CFO CIO CHRO / CDO CMO
Your board and CEO demand a strategy
Political (external and internal)
Technological (risks, threats, fraud, attacks, leaks)
Economical (budget reality, competition, costs…)
Legal (compliances, regulations etc.)
Professional (HR, information quantity)
Psychological ( traditions / knowledge / trust)
Challenges of CIO’s & CSO’s
Security myth #2 – old security works well
Compliant and secure are two different things....
Compliance does great job to help elevate awareness of security concerns
And also help to enforce minimum baseline standards
However checking right boxes to get through every next audit leaves organization exposed to any new technologically advanced threat, sophisticated targeted attack and so on
If organization has automated risk management (GRC) solution in place that’s also significantly better than a manual teamwork (XLS’s)
Cyber Criminals Also Use BI or MIS Dashboards
Every example in main stream movies now
Summary before «silver bullet»Cybercrime is real deal, everyone is affected and it is
next door if haven’t been knocking at Yours already yet – and you do not want to get famous...
All traditional securities invented decades ago aren’t any more efficient, as well all compliances, regulas and security standards without innovative technologies and investment in cyber security always remain one step behind bad guys
World is short on enough smart good guys that know both – business and IT security – and can translate IT into business language and manage the risks with ellegance
Don’t take blue pill – that might cost lot more later
How to establish security as imune system?Security Intelligence & Integration is
mandatory
HR training / awareness raising (corporate cyber security driver’s license)
Compliance and risk management
Cyber Security as business enabler
Business partBusiness processes analysis from tech perspectiveAssessment and management of cyber security risks
Related technological part Inventory of devices and softwareSecure configuration of everything (end-users, devices)Vulnerability assessment and managementMalware defenses, application security, pen testsWifi securityMobile securityData securityContinuos skills training and learningAccess control and visibilityAudit, monitoring, analysis, incident response and more
Business & technology common risk language
Complexity of security challenges
Prevent. Detect. Respond.
LogManageme
nt
Security Intelligence
Network Activity
Monitoring
RiskManageme
nt
Vulnerability
Management
Network Forensics
SuspectedIncidents
Prioritized Incidents
Servers and mainframes
Data activity
Network and virtual activity
Application activity
Configuration information
Security devices
Users and identities
Vulnerabilities and threats
Global threat intelligence
Extensive Data Sources
AutomatedOffenseIdentification
•Massive data reduction (millions to one)
•Automated data collection, asset discovery and profiling
•Automated, real-time, and integrated analytics
•Activity baselining and anomaly detection
•Out-of-the box rules and templates
Embedded Intelligence
Security intelligence for automated offense detection
Our proposal with Security Intelligence & IntegrationAdvantages and immediate gains
Intelligence & Visibility (real time risk identification and management, continous automated audit, forensics, increased quality of services, alerts, privilleged users control, real time topology&inventory etc.)Centralized intelligent storage (of business, user, IT event data for auditors, reports, improved analysis of anythingCurrent and future costs saving (technology and HR efficiency perspective)If used now of in future as integrated solution – the whole SOC (security operations centre)
Integrated and Intelligent – IBM Security Systems
Our proposal with Security Intelligence & Integration
How we can helpAnalyze and detect risksFulfill auditBuild security action planTrain the employeesPass compliance regulationsSave from data leakageProtect critical assetsGet rid of passwordsConsult Your professionalsProtect from attacksHelp creating RFP docs
Be Your IT Security Advisor!
Business value of «Data Security Solutions»
Balancing costs and risk – floods happen..
Our vision and goal for our Customers!
Contact UsAndris [email protected] Mob. +371 29162784Riga, Latviawww.dss.lvLinkedIn: http://lv.linkedin.com/in/andsor Twitter: @andris_soroka / @dss_it_securityFacebook: http://www.facebook.com/lvdss Youtube: http://ow.ly/FAfENSlideShare: http://www.slideshare.net/andsor
Thank YouMerci
Grazie
Gracias
Obrigado
Danke
Japanese
English
French
Russian
GermanItalian
Spanish
Brazilian PortugueseArabic
Traditional Chinese
Simplified Chinese
Thai
Korean
Think Security FirstThank you