- Security Investments - The past 5 Years: Education &

Corporate Spending

Our History

• EST. 2001

• $25 Million in Pure Security

• 300 Customers

• 10 States

• 70 School Districts

• 30% of our business is K/12 -Higher Ed

K-20 Sampling

• Edutech of ND• Omaha Public• Denver Public Schools• Lincoln Public• Colorado University• Bozeman Schools• Moore Public Schools• Union Public Schools• Academy 20 Public Schools

SecurityBuckets

Internet Citizen

SPAM

• SMTP Oldest and Easiest Vector

• Still Valid

• Image Spam is latest

• Scam Galore

• Volume based

• Constant Change

The Security Layers

• Email Gateway -AV/SPAM/PolicyControl• Desktop AV• URL Filter• IPS/IDS/HIPS• Proactive Monitoring• Data Encryption- Moving & Stored• Security Testing - VA/PEN/Applications

They Killed Kenny

Email Buying Trends

• K-12 more compliancy aware• Small Encryption Rollouts are happening• Both Inbound and Outbound Inspection • Email Archiving in the works for 2008• VMWare Images available today (ProofPoint)• 1st Step Data Loss Light

Email Case Study

• Large 10,000 Computer School• Adding 15K Student Mailboxes• Moving from Cheap Inbound protection• To -Commercial Inbound/ Outbound email

security gateways on VMWare• Will archive all Email • Will inspect messages for compliancy - HIPA,

Credit Card and Student Information• 500 Seats of Email Encryption of Staff

Email Investment

• Currently Cheap for Simple - $3K

• Move to Inbound / Outbound - About $15K for 10,000 Seats or $1.50 a yr Per Mailbox with Policy Compliance

• Encryption for Administration - $20 a Year

• Email Archiving - $8K for 2 terrabytes

Old School -HTTP

Costof Invention

HTTP Summary

• URL Blocking is a must in K12• Protect against the basic threat - Bandwidth,

Wasting time, and Malware• Bonded districts have rolled out IM,Web

Mail ,FTP, P to P, Chat Room monitoring• Higher Ed is pressured to limit music sharing

EvolutionTime Lines

Proactive Monitoring

People/Process

• Do you Policy in place? Other than for a Felony?

• Proactive monitoring -When will it be a requirement?

• Specific case building - Do you want to do it?• Once you have visibility you probably will

have to take action• Can Technology Visibility can mold policy?

Case StudyProactive Monitoring

• Large 20,000 Seat Bonded District• Review all TCP/IP • Focus on Gangs, Weapons, Drugs, Plagiarism• Use for bad apple’s - moving out, or in court

cases with parents, teachers, temp staff• Also review all Credit Card and HIPAA

Violations• After 4 years - Key piece of Security - Has

Molded Policy

EvolutionTime Lines

ProactiveMonitoring

• Full Monitoring - $35K a Year for 5000 Seats or $7 a seat

• Easier to use today• Lot of bang for the buck• Good Investigation tool• Good Case building tool• Will keep auditors happy for Credit Cards and

HIPPA as well• Keep Stock Holders happy as well

EvolutionTime Lines

IPS Review

• Why use it?

• How it fits?

• How is it different than IDS?

• K-20 Adoption Rates

• Different than Desktop

EvolutionTime Lines

IPS Today

IPS /Pro /Con

• Hardware Switches at the Core• The best in Network Security protection today• Fast and Efficient - easy to use• Pricing has come down• Master Console Concept for lots of boxes• Proven in F1000• 10GB Units shipping in 2008

IPS Pricing

• $50K for 1GB Traffic

• Gottcha is - Got to have many in big Network

• Also Need collector console if have multiple

• Small Boxes are as low as $8K to get started in small LAN

IPS Case Study

• Large Colorado Health Care

• IPS at the Core - 2GB + in Speeds

• Monitored for 30 days

• 20% of Network was “dirty”

• Had old school IDS SNORT

• Implemented in 2 weeks, in 4 Core Routes , Network is performing better!

Data at Rest

• Encrypt your Hard Drives• K-20 is doing it• Its Cheap• Over 20 Vendors • USB protection - built in to most as a add on

Security Testing

• Coming along in K20• You will need patience• If you can - do it once a month with VA

software internally on critical systems• Hire a professional testing practice for

Pen Testing, its worth it• Pen Test your Student Info Systems

that are web enabled

Security Testing Trends

• Pricing is at $700 an IP for Outside VA and Penetration

• Internal Testing includes VA Sweep, Data Leakage Review, Data at Rest and in Motion Review

• Social Engineering Drops of USB Keys

• Gap Analysis, Compliancy Alignment

Acquiring Security Testing Skills

• Focus on a Commercial Tool Budget• Focus on Critical Networks,Applications and

Data• Start with Internal Network Vulnerability• Develop baselines for the Schools• Set goals that make sense• Be patient - on the Security People and

Process

Security Investment Costs

K -20 IT Security Investment

Budget Š Per Year

Core Layers Email Policy Protection Gateways AV/SPAM Š Inbound/Outbound

$3 Per Seat

HTTP Š URL Filtering, w/ Laptop

$4 a Seat

Proactive Network Monitoring ŠAll Protocols

$7 a Seat

Intrusion Prevention $5 a Seat Desktop AV $3 a Seat Totals for all Core Layers $22.00 a Seat Moving and Stored Data Hard Drive Encryption $50 a Seat SMTP Encryption $20 a Seat Security Testing Outside Security Testing a Critical IP with Penetration

$700

Vulnerability Testing Software

$6,000 minimum

FTE TBD

Near Perfect World

Security Type

Price per Seat

# of Seats Totals

Core Layers $22.00 5000 $110,000 Data at Rest $50 500 $2,500 Data in Motion

$20 500 $1,000

Security Testing Services

$700 per IP

200 $14,000

Security Testing Software

$10 per IP 1000 $10,000

Totals $19.10

7200 $137,500

Moving Forward

• Be aware

• Be Diligent

• Fight for your Security Budgets

• Stay Paranoid

• Listen to your Security teams

• Listen to the students

Internet Citizen

Questions??

greg@dirsec.com