Digital Guardian CISO Mentoring Webinar SeriesStories From the CISO Trenches

1

▪ Principal at Brock Cyber Security Consulting LLC

▪ Former Global Chief Information Security Officer (CISO) at DuPont (11 years)

▪ Held additional IT, Research and Marketing Positions at DuPont

▪ Information Security Officer within the U.S. Air Force. NSA

▪ Mr. Brock has BS and MS degrees in Electrical Engineering

▪ Certified Information Security Manager (CISM)

About Larry Brock

About Bill Bradley

3

Bill BradleyDirector, Product Marketing

▪ Leads Product Marketing for DLP

▪ 20 Years of Marketing & Sales Experience• Field Sales, Competitive Analysis,

Product Marketing & Management

▪ Previously at Rapid7 and General Electric

Stories From the CISO Trenches

Larry BrockPrincipal

BCS Consulting

▪The Risks and Executive Repercussions

▪Practical Protection Elements

▪ Illustrative Moments as a CISO

▪ Visibility into the Crown Jewels

▪ Changing the Tide

▪ The Importance of Prioritization

▪ Final Thoughts

Agenda

▪Trade Secrets

▪Destructive Value

▪Competitive Position

▪Customer List

▪Purchasing Contracts

▪Credit Card Information

▪Health Information

▪Employee Information

▪Customer Information

▪Cash

Where is The Value Within Your Organization?

Who Are the Typical Actors?

Source: Corruption Perceptions Index

Internal External

Mistakes By Loyal Employees Or Contractors

Careless Employees, Contractors, or Suppliers

Disgruntled Current Employees

Disgruntled Former Employees

Competitors

Hacktivists

Foreign Governments

143 Million 57 Million

3 Billion 40 Million

Cyber Attacks and Senior Executive Accountability

1. Establish A Holistic Information Protection Program

2. Ensure Adequate Funding

3. Focus On Protecting What Matters (Crown Jewels)

4. Improve Your Ability To Detect Both Insider And Cyber-attacks

5. Stringent Credential Management

6. Control What Information Leaves

7. Discover The Weaknesses In Your Security

Practical Protection Elements

7 Elements to manage risks, organize/manage objectives and reporting

(Source

1. High-Level Responsibility

2. Written Policies & Procedures

3. Care in Delegation of Authority

4. Effective Education

5. Auditing, Monitoring, Reporting

6. Consistent Enforcement

7. Response to Violations

+1. Regular Risk Assessments

Elements of a Holistic Protection Program

Leadership Must Be Engaged In Protection Program!

Ideal Intellectual Property Governance Structure

A. CEO Has Ownership With Board Routinely Engaged

▪ Actions: Data Protection Included In Routine Reviews With Businesses And Functions

B. Governance Team: Recommends Corporate Info Protection Policy

▪ Actions: Approve Program Plans, Eliminate Barriers, Influence Executive Peers…

C. Cross-Functional IP Risk Team

▪ Lead By Corporate Process Leader; Includes Leaders From Info Security , Corp Security, Compliance, Select Business Functions

D. Business & Functional IP Protection Leadership Team (Global)

▪ Leader For Every Business And Function (E.G. R&D, Engineering, Legal, HR, Ops).

▪ Actions: Education, Identification, Classification, Protection Initiatives, Business Process Changes

High-Level Responsibility

▪The Crown Jewels

▪Going Against the Tide

▪The Importance of Prioritization

Illustrative Moments

1. Intellectual Property can be hard to define

2. Efforts at the InfoSec Level

3. Make it a Business Wide Initiative

4. Make it a CEO Priority

5. Make it a Company Wide Effort

Visibility into the Crown Jewels

1. Identify And Classify Your Crown Jewels

2. Get Business Wide Buy In on Crown Jewels (and their value)

3. Establish “Secure Electronic Zones” Or Vaults

4. Implement Strong IP Protection Controls

5. Protect Content In Cloud Services (I.E. Salesforce, Dropbox)

Visibility into the Crown Jewels

▪Open and Collaborative Environment

▪ Drive Productivity, Efficiency, Innovation, and Growth

▪Visibility is Good for Security Teams; Also Good for Employees

▪ Spotted an Incident In-Process

▪ Swing the Pendulum The Other Way… Without Negative Impacts

Changing the Tide

Cannot focus on just keeping the bad guys out, must focus on keeping your valuables from leaving

▪ Consider authentication for outbound access to Internet

▪ Block/Restrict outbound protocols (FTP, SSH, Telnet)

▪ Restrict access to “uncategorized” web sites

▪ Block server access to Internet or white-list the few that need it

▪ Block HTTPS connections to sites with self-signed certificates

▪ Restrict use of file sharing sites (Dropbox), Skype and personal web-mail unless additional controls are in place

▪ Must control content when PCs or mobile devices leave corporate environment

Changing the Tide

▪ IP Heavy Organization

▪ Granted 900+ patents in 2011

▪ Over 50,000 active patents today

▪Employee Data

▪ PII, PCI, PHI

▪ Internal and External Threats

The Importance of Prioritization

▪Monitor Inbound Files For Malware

▪Monitor, Alert, And Block (When Possible) Unusual Activities

▪ Security Information & Event Management

▪ Strong Analytical Capability To Detect Anomalous Activities (C&C)

Improve Your Ability To Detect Both Insider And Cyber-attacks

▪ All Companies Should Assume Both Insider And Cyber Attacks Are Occurring

▪ No “Silver Bullet” Solutions – Requires A Comprehensive Approach

▪ Process, People, And Technology

▪ Leverage Frameworks And Standards (ITIL, ISO 27K, …)

▪ Most Advanced Cyber Attacks Involve Compromising Privileged Credentials

▪ Implementing Strong Controls For All Privileged Accounts, Including End-point Devices, Is Necessary To Have Any Chance On Defending Against Today’s Threats

▪ Classical Security Controls (AV, FW, IPS, Etc) Are Still Necessary But Insufficient For Today’s Threats

▪ Collaborate To Learn About Attackers And Best Defenses – You Cannot Fight This Alone!

▪ This Is A Long-term Issue And Requires Continuous Improvements As Adversaries Change Approaches

Final Thoughts…

Digital Guardian CISO Mentoring Webinar Series

20

Agenda

▪ Week 1 - Digital Guardian to Up Your Game

▪ Week 2 - Digital Guardian and Strategic Data Protection

▪ Week 3 - Digital Guardian and Documented Improvement

Digital Guardian and Documented ImprovementCustomer Success Stories

22

Digital Guardian Success Stories

▪ Going Rogue

▪ Visibility

▪ Consolidated

23

Identifying and Stopping Rogue a Employee

24

Evolution of an Insider Attack

MayHacker ToolDownloads

OctoberCompromised 5Hosts

AugustInstalled KeyboardLogger onPersonal PC

DecemberCompromised 3Hosts

JuneEmployeeTermination

MayEDRInstalled

EDRDetection

Business Wide Data Visibility and IP Protection

25

Consolidated EDR and DLP

26

First & Only Unified Internal & External Risk Visibility

27

Endpoint Detection

& Response

Data Loss

Prevention

User & Entity

Behavior Analytics

Single Console; Single Agent

Digital Guardian Sees All Risks to Your Data

28

A Recognized Leader.Just ask Gartner and Forrester

Digital Guardian is the only Leader in both Enterprise Data Loss Prevention and

Endpoint Detection & Response

Magic Quadrant Leader Wave Leader

Q & AThank You.

Larry BrockPrincipalBCS Consulting

Digital Guardian’s Next Webinar:

Understand, Deploy, and Hunt with MITRE’s ATT&CK FrameworkThe blueprint for repeatable threat hunting success

▪ December 12 @ 1:00 PM ET• Tim Bandos – VP Cybersecurity – Digital Guardian• Bill Bradley – Director Product Marketing - Digital Guardian

▪ Watch this webcast to learn:• The key elements of the MITRE ATT&CK framework• How to get started and operationalize a threat hunt framework• Advanced techniques to safeguard your organization and grow

your security knowledge

31

Register: https://info.digitalguardian.com/webinar-understand-deploy-hunt-with-mitre-attck-framework.html