Developing a 360° view of risk and compliance
-
Upload
inuit-ab -
Category
Technology
-
view
357 -
download
0
description
Transcript of Developing a 360° view of risk and compliance
© 2013 Trustwave Holdings, Inc. 1
Michael Aminzade, Trustwave
Developing a 360° view of risk and compliance
© 2013 Trustwave Holdings, Inc. 2
Who We Are WHO WE ARE Company facts and figures
ESTABLISHED
TRUSTED
GLOBAL
GROWING
INNOVATING
1995
BY OVER 2.5 MILLION BUSINESSES
NOW OVER 1,200 EMPLOYEES
CUSTOMERS IN 96 COUNTIRES
OVER 50 PATENTS & COUNTING
Global Threat
Database feeds
technologies and
services with threat
intelligence
Selected by more
enterprises for
compliance – chosen
more often than the
next 10 service
providers combined
Industry’s most
holistic portfolio of
security technologies
delivered through
TrustKeeper®
*+30 patents granted; +20 patents pending
© 2013 Trustwave Holdings, Inc. 3
WHAT WE DO Data Security and Compliance
Compliance on Demand • Cloud-based Management
• Multi-compliance Framework
• Risk Assessment Services
Intelligence on Demand • Managed Security Testing (MST)
• Incident Response and Readiness
• Research & Advisory
Security on Demand • Complete Managed Service Portfolio
• Advanced Threat Correlation
• Global Operations Centers
© 2013 Trustwave Holdings, Inc. 4
AWARD-WINNING PORTFOLIO
MANAGED SECURITY SERVICES
Leader in Managed Security Services
MSSP Growth Leadership Award
Best Managed Security Service (finalist)
Best Global Security Company (finalist)
TECHNOLOGIES
Best Anti-Malware Solution
Web Content Filtering Award for Secure Web Gateway
Best Network Access Control Product
Best Network Security (Web Application Firewall) (finalist)
SECURITY MANAGEMENT
Best Enterprise Security Solution (SIEM)
Best Security Information/Event Manager Appliance
(SIEM) (finalist)
Best Integrated Security Solution (SIEM) (finalist)
INNOVATIONS
Innovation Award (Trustwave TrustKeeper)
Innovation Award (PenTest Manager)
Innovator (Data Loss Prevention)
Best Regulatory Compliance Solution (finalist)
Best Fraud Prevention (DLP, ENC, NAC, SIEM) (finalist)
© 2013 Trustwave Holdings, Inc. 5
PROMINENT THOUGHT LEADERSHIP
2013 GLOBAL SECURITY REPORT
Based on analysis of:
• More than 450 incident response
investigations and 2,500 pen tests
• More than 2 million network and
application vulnerability scans
• More than 400 Web-based data
breaches
• More than 20 billion e-mails
And contributions from law
enforcement agencies worldwide.
Download the full report: https://www.trustwave.com/2013GSR
© 2013 Trustwave Holdings, Inc. 6
UNDERSTAND
YOUR THREAT
LANDSCAPE
© 2013 Trustwave Holdings, Inc. 7
THE BIG PICTURE Trustwave proprietary data & threat intelligence
>450
>2M >9M >20B
INCIDENT
RESPONSE
& FORENSIC
INVESTIGATIONS
NETWORK & APPLICATION VULNERABILITY SCANS
WEB APPLICATION ATTACKS RESEARCHED
EMAILS COLLECTED FROM 2007 TO 2012
>2500
>5M ~400 >3M
PENETRATION TESTS
MALICIOUS WEBSITES ANALYZED
PUBLICLY DISCLOSED WEB BREACHES IN 2012 ANALYZED
REAL-WORLD PASSWORDS ANALYZED FOR USAGE & WEAKNESS TRENDS
© 2013 Trustwave Holdings, Inc. 8
THE BIG PICTURE A global problem
© 2013 Trustwave Holdings, Inc. 9
GET THERE FIRST: THREAT INTELLIGENCE Businesses slow to detect
TIMELINE: INTRUSTION TO CONTAINMENT
AVERAGE: 210 DAYS TO DETECTION
© 2013 Trustwave Holdings, Inc. 10
MOST ATTACKED: APPLICATIONS Web & Mobile applications
© 2013 Trustwave Holdings, Inc. 11
UP & COMING: MOBILE DEVICES Mobile Malware exploded
400% 2012
© 2013 Trustwave Holdings, Inc. 12
WEAKEST LINK: EMPLOYEES & USERS Top 25 passwords
© 2013 Trustwave Holdings, Inc. 13
WEAKEST LINK: EMPLOYEES & USERS Keyword usage in passwords
© 2013 Trustwave Holdings, Inc. 14
MANAGING
RISK IN YOUR
ORGANISATION
© 2013 Trustwave Holdings, Inc. 15
TODAY’S SECURITY LANDSCAPE
Web & Social
Media
Mobile &
BYOD
Web & Mobile
Applications Big Data
BUSINESS ENABLERS CYBERCRIME
REGULATIONS
BREACHES
© 2013 Trustwave Holdings, Inc. 16
HOW MUCH RISK ARE YOU WILLING TO ACCEPT?
© 2013 Trustwave Holdings, Inc. 17
360°: POTENTIAL AREAS OF RISK
Management and Governance
Your organisation Policy and Procedure
Security Maintenance
Technical Controls
Physical Security
Business Strategy
© 2013 Trustwave Holdings, Inc. 18
ARE YOU ASKING THE RIGHT QUESTIONS?
MANAGEMENT & GOVERNANCE
What is your senior
managements level of
involvement in defining your
level of risk and are the
necessary disaster recovery
measures in place?
POLICY & PROCEDURE
Do you have the structures in
place to enable your
employees to report security
incidents and are you fully
aware of your legal
responsibilities?
SECURITY MAINTENANCE
How often do you assess and
test your business critical
applications and systems and
do you have a change control
structure in place?
TECHNICAL CONTROLS
Do you have the necessary
technical solutions and
controls in place to prevent
unauthorised access to your
systems and data?
PHYSICAL SECURITY
How do you monitor and
control physical access to
your business critical
locations and data storage
centres?
BUSINESS STRATEGY
Do you store and process
sensitive data and how do you
manage access to that
information for either remote
employees or third-party
vendors?
© 2013 Trustwave Holdings, Inc. 19
RISK
MATURITY
ASSESSMENT
© 2013 Trustwave Holdings, Inc. 20
TRUSTWAVE RISK MATURITY ASSESSMENT Understand your current level of risk
WHY TAKE THE TRUSTWAVE RISK MATURITY ASSESSMENT
• A detailed report with customised recommendations to
help you identify areas of risk across your organisation
• Benchmark your organisation against industry standards
and best practices
WHAT IS THE TRUSTWAVE RISK MATURITY ASSESSMENT
• Online multiple choice questionnaire, taking no more
than 5 - 10 minutes to complete
• Developed by our experienced RISK consultants as a
result of customer feedback
Take your complimentary risk assessment today: https://www2.trustwave.com/risk-maturity-assessment.html?ls=EBF
© 2013 Trustwave Holdings, Inc. 21
WANT TO KNOW MORE?
Contact our distributor in Sweden:
Inuit AB
www.inuit.se
+46 (0)8 753 05 10
© 2013 Trustwave Holdings, Inc. 22
THANK YOU.
QUESTIONS?