Security Intelligence for business data and

IS protection

Andris Soroka10.11.2015, Vilnius

Riga, Latvia

“Data Security Solutions” business cardWhat We Do?

DSS

Cyber Security

OnlyFull IT

Security Services Lifecycle

Most Innovative Portfolio in

BalticsMember–

ships, Awareness

Rising

Technology &

Knowledge Transfer

ICT Security

Evangelists

Endpoints

Applications

Networks

Data

Identity

Mobility

Managem

ent

Cloud

DSS Global Partnerships

DSS Delivering Excellent ICT Security Operatitions to its Customers

Customer ICT Security

Operations Excellence

Cooperation with Industry

Top Technology

Leaders Recognised by Gartner, IDC,

Forester

Top level ICT

Security Professiona

ls

Selected Cutting Edge ICT Security Innovative

Technology Integration

Pan-Baltic

Projects

Particular Focus

on Securit

y

Our international cyber security conference 6th annual since 2010

70+ presentations

8 parallel sessions

700 on-site visitors

2500 online watchers

http://event.dss.lv

Remarks from Cybersecurity Month - October

Future is now. We live in future.3D Printers (Terminator 2 style)Google Glasses (..and “glassh**es)Cloud ComputingBig Data & Supercomputers (quantum)Mobile Payment & Virtual MoneyeCasino’s, eBetting, eShops, eAnythingRobotics and Intraday DeliveriesInternet of things & smart citiesAugmented RealityExtreme development of App’sDigital prototypingGadgets (devices) & MobilityTechnology replaced jobs (automation)Geo-location powerBiometricsHealth bands and mHealthElectronic carsAvegant Glymph and much, much more

Opportunity every business should see and seek

Trends of the digital future

Cyber security future is now ..

The Raise of Threats and Attacks

Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015

Attack types

201240% increase

2013800,000,000+ records

2014Unprecedented impact

XSS SQLiMisconfig. Watering Hole

BruteForce

Physical Access

Heartbleed Phishing DDoS Malware Undisclosed

$6.5Maverage cost of a U.S. data breachaverage time to detect APTs

256 daysSource: 2015 Cost of Data Breach Study, Ponemon Institute

Sophisticated attacks of today’s cybercrimeTargeted professional attacksMassive Denials of ServicesWatering hole attacksAdvanced persistent threatsMobile incidentsCyber warsHacktivistsGlobal virus outbreaksShadow IT and dark netInsane data leakagesIdentity theftsCyber espionageAnd so on...

“You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in wonderland, and I show you how deep the rabbit hole goes.”

~Morpheus @Matrix

Rabbit hole versus wonderland...Blue pill option e.g. «wonderland»

Don’t invest nowBelieve in security of Your data&IS’sIgnore it all despite reality to contrary

that every business is affected

Red pill «rabbit hole»Stop functioning under illusion of

securityImplement effective and innovative

security technologiesLearn how deep rabbit hole goes...

Impact of Cyber Security Risks to «C’s»

Loss of market share and reputation

Legal exposure

Business continuity

Audit failure

Fines and enforcement impact

Financial loss

Impact to data and systems,

(confidentiality, integrity and / or availability)

Violation of employee

privacy

Loss of sensitive data

Loss of customer

trust

Loss ofbrand reputation

CEO / COO CCO / CFO CIO CHRO / CDO CMO

Your board and CEO demand a strategy

Political (external and internal)

Technological (risks, threats, fraud, attacks, leaks)

Economical (budget reality, competition, costs…)

Legal (compliances, regulations etc.)

Professional (HR, information quantity)

Psychological ( traditions / knowledge / trust)

Challenges of CIO’s & CSO’s

Security myth #2 – old security works well

Compliant and secure are two different things....

Compliance does great job to help elevate awareness of security concerns

And also help to enforce minimum baseline standards

However checking right boxes to get through every next audit leaves organization exposed to any new technologically advanced threat, sophisticated targeted attack and so on

If organization has automated risk management (GRC) solution in place that’s also significantly better than a manual teamwork (XLS’s)

Cyber Criminals Also Use BI or MIS Dashboards

Every example in main stream movies now

Summary before «silver bullet»Cybercrime is real deal, everyone is affected and it is

next door if haven’t been knocking at Yours already yet – and you do not want to get famous...

All traditional securities invented decades ago aren’t any more efficient, as well all compliances, regulas and security standards without innovative technologies and investment in cyber security always remain one step behind bad guys

World is short on enough smart good guys that know both – business and IT security – and can translate IT into business language and manage the risks with ellegance

Don’t take blue pill – that might cost lot more later

How to establish security as imune system?Security Intelligence & Integration is

mandatory

HR training / awareness raising (corporate cyber security driver’s license)

Compliance and risk management

Cyber Security as business enabler

Business partBusiness processes analysis from tech perspectiveAssessment and management of cyber security risks

Related technological part Inventory of devices and softwareSecure configuration of everything (end-users, devices)Vulnerability assessment and managementMalware defenses, application security, pen testsWifi securityMobile securityData securityContinuos skills training and learningAccess control and visibilityAudit, monitoring, analysis, incident response and more

Business & technology common risk language

Complexity of security challenges

Prevent. Detect. Respond.

LogManageme

nt

Security Intelligence

Network Activity

Monitoring

RiskManageme

nt

Vulnerability

Management

Network Forensics

SuspectedIncidents

Prioritized Incidents

Servers and mainframes

Data activity

Network and virtual activity

Application activity

Configuration information

Security devices

Users and identities

Vulnerabilities and threats

Global threat intelligence

Extensive Data Sources

AutomatedOffenseIdentification

•Massive data reduction (millions to one)

•Automated data collection, asset discovery and profiling

•Automated, real-time, and integrated analytics

•Activity baselining and anomaly detection

•Out-of-the box rules and templates

Embedded Intelligence

Security intelligence for automated offense detection

Our proposal with Security Intelligence & IntegrationAdvantages and immediate gains

Intelligence & Visibility (real time risk identification and management, continous automated audit, forensics, increased quality of services, alerts, privilleged users control, real time topology&inventory etc.)Centralized intelligent storage (of business, user, IT event data for auditors, reports, improved analysis of anythingCurrent and future costs saving (technology and HR efficiency perspective)If used now of in future as integrated solution – the whole SOC (security operations centre)

Integrated and Intelligent – IBM Security Systems

Our proposal with Security Intelligence & Integration

How we can helpAnalyze and detect risksFulfill auditBuild security action planTrain the employeesPass compliance regulationsSave from data leakageProtect critical assetsGet rid of passwordsConsult Your professionalsProtect from attacksHelp creating RFP docs

Be Your IT Security Advisor!

Business value of «Data Security Solutions»

Balancing costs and risk – floods happen..

Our vision and goal for our Customers!

Contact UsAndris Sorokaandris@dss.lv Mob. +371 29162784Riga, Latviawww.dss.lvLinkedIn: http://lv.linkedin.com/in/andsor Twitter: @andris_soroka / @dss_it_securityFacebook: http://www.facebook.com/lvdss Youtube: http://ow.ly/FAfENSlideShare: http://www.slideshare.net/andsor

Thank YouMerci

Grazie

Gracias

Obrigado

Danke

Japanese

English

French

Russian

GermanItalian

Spanish

Brazilian PortugueseArabic

Traditional Chinese

Simplified Chinese

Thai

Korean

Think Security FirstThank you