2 assessing the threatscape addressing compliance requirements respond, dont just report youre...

2

• Assessing the Threatscape• Addressing compliance

requirements• Respond, don’t just report• You’re already a statistic, how do

you rebound?• Q&A

YOU’RE ALREADY A STATISTIC…

3

4

• 91% of companies have experienced at least one IT security event from an external source.

• 90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders.

Security Breach Statistics*

*Statistics collected from Gartner, Forrester, Ponemon, Kaspersky, Eschelon

ASSESSING THE THREATSCAPE

5

• Due to complexity, over 70% of organizations still not adequately securing critical systems.

• The median annualized cost of breaches is $3.8 million per year, (range: $1M to $52M/yr)

Security Breach Statistics

ASSESSING THE THREATSCAPE

6

• 96% of attacks were not highly difficult

• 94% of all data compromised involved servers

• 85% of breaches took weeks or more to discover

• 92% of incidents were discovered by a third party

• 97% of breaches were avoidable• 96% of victims subject to PCI DSS

had not achieved compliance

A study conducted by the Verizon RISK Team

ASSESSING THE THREATSCAPE

7

• Data breaches• Data loss/leakage• Account/service traffic hijacking• Insecure interfaces and APIs• Denial of service• Malicious insiders• Insufficient due diligence• Technology vulnerabilities• Social Engineering• Viruses, phishing, malware, spyware • Employees exposing information • Carelessness/lax security policies

According to Cloud Security Alliance

TOP THREATS

8

Source: www.securelist.comKaspersky Bulletin

CYBER WAR HAS BEEN DECLARED

9

And then this happens….

… that becomes this

… which ultimately ends up with this

…followed by this

They all start off like this

THE CHALLENGE IS REAL

10

“I get audited. I get audited a lot.”

- Michael Tampone Chief Technology Officer Sterling Risk

THE WEIGHT OF COMPLIANCE

11

• FFIEC• PCI / DSS• CIP • Sarbanes Oxley• GLBA• FISMA• NERC• HIPAA• FERPA• SB-1386 (California)

ALPHABET SOUP OF OVERSIGHT

12

• It’s expensive• It’s time consuming• It’s resource heavy• Perceived imbalance in the

risk/reward quotient- We’ve got it covered- We haven’t been attacked/complacency- We’re too small for hackers to care/notice

• Expertise difficult to retain

…but it doesn’t have to be

THE PROBLEM IS…

MSPAlliance says: Unemployment for IT security is <1%. And once found, they’re expensive to keep. In fact their

salaries doubled in past 3 years.

13

• Preventive/Preemptive policies• Centralized control• Automation• Transaction Anomaly Prevention• Minimize end user impact• Consistency• Maintain and enforce standards• Minimizing management and

operational cost

Best practices

OVERCOMING OBSTACLES

14

• Continuous monitoring discovers red flags (via Log/SIEM) but too often reviewed days/weeks later

• Doesn’t FIX the problem• Signatures will not detect

anything unusual in a zero-day exploit

• Doesn’t maintain continuous integrity of files/apps/registry

MONITORING IS NOT ENOUGH

15

TURN BACK THE CLOCK

• Real-time configuration mgmt• Recovery back to ideal state• Automated alerts and repair• Avoid unauthorized changes that

threaten compliance• Demonstrate control of

computing environment• Change management• Reduce support incidents

16

• (3.11)Implement automated configuration monitoring system to analyze hardware and software changes, network configuration changes, and other modifications affecting the security of the system.

COMPLYING WITH SECURITY FRAMEWORKS

*Source SANS 20 Critical Controls

SANS offers 12 critical controls for implementation, automation, and measurement. Security Configuration Management applies to 8 of those guidelines, most notably

17

• Reduce, remove security threats• Reduce operational downtime• Reduce support incidents by 80%• Automate security compliance policy• Increase application availability• Reduce case resolution times and

repeat cases• Reduce on-site or remote service

requests• Integrates with existing infrastructure• Automated compliance reporting• Improve customer satisfaction

GO HOME ON TIME…REALLY!

18

Demonstration

LET ME PROVE IT

19

COMPANY OVERVIEW

Innovative Software Company◦ Over 12 years in the marketplace◦ 1,000’s of customer deployments globally◦ Proven and patented technology

IT organizations will fail to successfully manage their PC environment if they have not addressed the

biggest issue: complexity … Persystent Suite … does provide configuration drift management

functionality.

Customers

20

THANK YOU.

Bob Whirley Utopic Softwarebobwhirley@utopicsoftware.com727-512-9001

www.utopicsoftware.com