balance risk with better threat detection
TRANSCRIPT
BALANCE RISK WITH BETTER THREAT DETECTION
1
Paul RiskChief Technology Officerwww.secdata.com
Have some free foodEveryone using their phoneHiding in the room next doorDon’t trust these men!Monitoring all wireless activity and SSIDsViewing your emailsSeeing where you’ve visitedReading your Facebook accountGiving them a stern talking to “don’t do it again!”
We’re on TV!
2
3
WE KNOW THAT THREATS ARE REAL
4
‘WHEN’ COULD BE HAPPENING TO YOU
*Data from Verizon’s 2013 Data Breach Investigations Report
of breaches take months or even years to be discovered, up from 56%
in 201266%
69%of breaches are spotted by an external party, like customers
29%of attacks used emails, phone calls and social networks to gain
information
76%of network intrusions exploited weak or stolen credentials
Threat acceleration
There are more threats and
attack vectors than you can
effectively protect against
MA
LWA
RE
DD
oS A
TTA
CK
S
DN
S P
OIS
ON
ING
SQ
L IN
JEC
TIO
N
SO
CIA
L E
NG
INEE
RIN
G
BLE
ND
ED
ATTA
CK
S
TCP/IP
HIJA
CK
ING
APT
(SPE
AR
) PH
ISH
ING
5
WE KNOW THREATS ARE INFINITE
WE
B C
ON
TE
NT?
WE
B A
PPS
?
WIR
ELE
SS
AC
CE
SS
?
WE KNOW TECHNOLOGY IS COMPLEX
6
Over 40 tools
Already there are more tools
than you can deploy – what
is the solution?
NEXT-GEN FIREWALLS
WEB CONTENT FILTERING
TWO FACTOR AUTHENTICATION
IDS/IPS SOLUTION
SPDY & HTTP 2 INSPECTION
WIRELESS SECURITY
DATA LOSS PREVENTION
NAC/802.1X SOLUTION
SECURE INTERNET GATEWAY
DDoS MITIGATION SOLUTION
WE HAVE TO THINK DIFFERENTLY
8
INTELLIGENT SECURITY
Security is
a moving
target
Threats
keep on
coming
We know
we have to
accept
some risk
Not more
mousetraps -
just using
them better
Visibility is the
key to security
intelligence
How do we
compensate
for this?
9
INTELLIGENT SECURITY
Security is
a moving
target
Threats
keep on
coming
We know
we have to
accept
some risk
Not more
mousetraps -
just using
them better
Visibility is the
key to security
intelligence
How do we
compensate
for this?
DID YOU SEE IT?
11
WHY BETTER DETECTION IS CRITICAL
Budget limitations
Security investment cannot
cover all eventualities
Change in risk profile
You will be working with
known risk and
vulnerabilities
Be proactive
Don’t wait for threats to
appear – proactively mitigate
Get the drop on attackers
Early threat detection will
reduce known risks
DETECTION FOCUSED SECURITY MODEL
12
REMEDIATE
MANAGE
ACCEPT
• Categorise risk – know what you must lock up, identify what you can manage and decide what risks you can
accept
• Protect your most valuable assets with next-gen technologies
• Ensure you deploy threat detection for known risks and vulnerabilities
• Undertake proactive threat detection to mitigate unknown risks
• Feedback into risk profile
UN
KO
WN
RIS
K
KN
OW
N R
ISK
13
WHAT’S REQUIRED FOR PROPER DETECTION
Macro-level intelligence
Cyber intelligence correlated
from multiple internal and
external sources
Proactive security
Detect and divert threats
before they happen
Elastic expertise
Depth and breadth in
security and cloud skills and
capacity
Complete
metrics
Regular, comprehensive
security metrics and analysis
Agility
Quick strategic response to
evolving threats
24x7 real-time
monitoring
Continuous, 24x7, expert
monitoring and
interpretation of security
data
HOW SECUREDATA DOES DETECTION
14
AffinitySECURE (Pro-active Security Monitoring)
• Early Warning System for changes in device behaviour and health
• Advance Threat Warnings
• Trend Based Analysis of system parameters
• Real-Time Granular Monitoring
• Automatic Incident logging based upon severity and threshold level
• Device Port Monitoring (ensures unknown or unauthorised services aren’t started on a device)
Cloud SIEM Service
• Outsourced 24x7x365 Service providing centralised real-time
event analysis for log and event information
• Single pane of glass for all network and security incidents
• Advanced threat and security incident detection on a
24x7x365 basis
USE YOUR MOUSETRAPS BETTER
15
• Application Security
• DDoS
• IDS/IDP
• Remote Access
• Routing
• Security Gateway
• Security Virtualisation
• Switching
• Compliance
• Content Security
• DDoS • DLP
• Endpoint Security
• IDS / IDP
• Remote Access
• Security Gateway
• Security Virtualisation
• Acceleration
• Application Security
• Load Balancing
• Remote Access
• Security Gateway
• Acceleration
• Application Security
• Load Balancing
• Network Visibility/
• Performance Monitoring
• Content Security
• DLP
• Authentication
• IDS / IDP
• Remote Access
• Wireless Security
• DDos
• Network Visibility/
Performance Monitoring
• Acceleration
• Content Security
• DLP
• Network Visibility/
Performance Monitoring
• Remote Access
• Routing
• Security Gateway
• Switching
• Application Security
• Load Balancing
• Network Visibility/
Performance Monitoring
• Application Security
• DDoS
• SIEM
• Authentication• Authentication
• IDS/IDP
• Security Gateway
• Security Virtualisation
• Compliance
16
USE SPECIALIST DETECTION SERVICES
AffinitySECURE Cloud SIEM
Managed Services
• Managed Firewalls
• Managed Next Gen Firewalls
• Managed Web Content Security
• Managed Remote Access
• Managed Two-Factor Authentication
• Managed Wireless
• Managed IDS/IDP
• Managed SIEM
• Managed Load Balancing
• Managed Switches/Routers
Cloud Services
• Cloud Internet Gateway
• Cloud SIEM
• Cloud Global Load Balancing
• Phishing-as-a-Service
Ensure your systems are configured correctly and managed correctly, while freeing-up internal
resources
Understand
where your assets are and what
needs protection
17
WHAT STEPS TO TAKE
Apply real time monitoring for
known threats
Proactively detect emerging
threats
Deploy the right tools to
protect critical assets