Tech Forum 2012:

Security at the Breaking Point a

presented by

Gidi Cohen

CEO and Founder

April 19, 2012

© 2012 Skybox Security 1

A Few Facts About Skybox

© 2012 Skybox Security

• 85% growth in 2011

• 300 Global 2000 customers

• Financial Services, Government, Defense,

Energy & Utilities, Retail, Service

Providers, Manufacturing, Tech

Today

2

• Founded in 2002

• First risk management product in 2004

• Now - portfolio of automated security

management tools on common platform

Pioneer in Security Risk Management

Let’s roll back the clock to 2002

© 2012 Skybox Security 3

Symantec reports 2,524 new

vulnerabilities identified in 2002

Palm Treo 2002

First smartphone

worm in 2004

Named a “top 100” private company

Founded in 2002

First product in 2004

Code Red and Nimda

are hot topics

Anti-virus software is

widely deployed

And roll it back even farther…

1984

© 2012 Skybox Security 4

DNS is introduced First domain name registered 1985

And Mark Zuckerberg was born

Macintosh introduced

128K RAM, GUI interface!

Fast Forward to 2012

Complexity is a Huge Challenge

Enterprise network

• 55,000 nodes

• 300 firewalls

• 25,000 rules

• 65 network changes/day

• 10,000 daily reported vulnerabilities

© 2012 Skybox Security 5

Heterogeneous Networks

are the Norm

© 2012 Skybox Security 6

Vulnerabilities and Threats Abound

© 2012 Skybox Security

access policy violations

Misconfigured firewall

asset vulnerabilities default password

USBs

missing IPS signature blocked rules

threat origins

access violation

buffer attack

social networks

social networks

social networks

social networks

access violation

access violation

access violation

default password

blocked rules access violation

social networks

social networks

access policy violations

default password

blocked rules access violation

social networks social networks

Misconfigured firewall

policy violation

blocked rules

Misconfigured firewall

missing IPS signature

blocked rules

Misconfigured firewall

missing IPS signature

blocked rules Misconfigured firewall

missing IPS signature

blocked rules

buffer attack

policy violation

buffer attack policy violation

buffer attack policy violation

USBs

USBs

USBs

threat origins

threat origins

threat origins

7

Too much

data

Limited

view

Reactive

Old Generation Technologies –

Can’t Keep Up

• Disruptive to the network

• Not suitable for daily operations

• Irrelevant for the Internet of Things

© 2012 Skybox Security 8

Vulnerability Scanners

• Too much data

• Lacks context to deal with incidents

Security Information & Event Management

(SIEM)

• Config management, not security

• No holistic view of network security

Network Configuration Management

Security is Unmanageable Painful, Costly, Reactive

© 2012 Skybox Security

Unable to keep pace with

network changes, new services

Damaging attacks, business

disruption, loss of IP

Compliance reporting

consumes scarce resources

Inefficient processes,

escalating management costs

9

It’s going to get a lot worse

© 2012 Skybox Security 10

(Mobile, Virtualization, Clouds)

Mobile Devices Everywhere

© 2012 Skybox Security 11

• Mobile data grew 2.3X

in 2011

• Entire Global internet

in 2000

75 PB • Mobile data traffic 2011

597 PB • Does your BYOD/mobile

strategy assume

7X growth by 2014?

Mobile Threats Took Off in Q4/11

© 2012 Skybox Security 12

Source: McAfee Q4 2011 Threat Report

Virtualized Servers the New Norm

2009 2010 2011 2012 2013 2014

% Virtualized Servers

!

© 2012 Skybox Security 13

• Server virtualization

hit 50% in 2011

• More virtualized servers

deployed in 2011 than in

2001 to 2009 combined

• Are you considering

security challenges of

virtual environments?

50%

70% forecast

Source: Consolidated from Gartner reports

18%

Cloud Services Use is Soaring

© 2012 Skybox Security 14

Source: Forrester Research, Sizing the Cloud, 2011

New Virtualization and Cloud

Security Concerns

• Complexity of hybrid environments

• physical, virtual, cloud – private, public, community

• Lack of visibility

• Novel threats and vulnerabilities • Hypervisor level

• Segmentation of virtual machines

• Security team losing control • Non-IT buyer

• Where is the data?

• What is the SLA?

• Are we in compliance?

© 2012 Skybox Security 15

BYOC

New Trend!

The Security Management Gap is

Widening Fast

• Think 16X

improvement in 4

years

• What will you do

differently?

• Prioritize and plan

accordingly

© 2012 Skybox Security 16

0

20

40

60

80

100

120

140

2009 2010 2011 2012 2013 2014

Security

challenges

Ability to execute

The Missing Piece:

Security Risk Management

© 2012 Skybox Security

• Cyber attack simulation – APT, malicious code

• Network security analysis – firewalls, network path analysis

• Security metrics

• Proactive, automated operation

• Scale to any environment

• Integrated with existing infrastructure

Cost Saving - Integrated into Daily Operations

• Networks, routers, firewalls, …

• End points – servers, desktops, virtual machines, mobile

• Cloud and virtualization infrastructure

Holistic Visibility of the IT Infrastructure

Predictive Security Analytics

17

Automated, Proactive

Security Operations

© 2012 Skybox Security

Fix exploitable

vulnerabilities

Prevent potential attack

scenarios

Keep firewalls

configured securely

Maintain

continuous

compliance

Gain network visibility

18

Today: Security Management

Landscape

IT GRC

Controls &

Regulations

Endpoint

Control

Patch

Management

SIEM

Event

Management

Log Analysis

Vulnerability

Discovery

Endpoint

Compliance Vulnerability

Scanners

SOC

Firewall and

Network Device

Management

Compliance Optimization

Change

Management

Security Risk

Management

© 2012 Skybox Security 19

2014: Integration is Critical

IT GRC

Controls &

Regulations

Endpoint

Control

Patch

Management

Event

Management

Log Analysis

Vulnerability

Discovery

Endpoint

Compliance

Security

Risk

Management

Firewall and

Network Device

Management

Compliance Optimization

Change

Management

Vulnerability

Scanners

SOC

Situational

Awareness

SIEM

© 2012 Skybox Security 20

Future Architecture of

Security Management

© 2012 Skybox Security 21

IT GRC – compliance reporting

Security Risk

Management (SRM)

Proactive, pre-attack

exposure management

Security Information &

Event Management

(SIEM)

Post-attack incident

management

Patch Management, Vulnerability Scanners,

Asset Management, Threat Intelligence,

Network & Security Configs,

Mobile Device Management

A lot of logs, events

network traffic

Evolution of

Security Risk Management

Use

Cases

Network

Environment

Platform

Today By 2014

Firewall and network

assessment

Risk assessment

Visualize

Assess

Plan

Traditional firewalls,

network devices, assets

Change management

Continuous monitoring

Next gen vulnerability mgmt

Threat response

Discover

Visualize

Assess

Plan

Remediate

Track

Extended network

environment

Virtual, Cloud, Mobile

Smart Grid

© 2012 Skybox Security 22

Start NOW!

Set the bar high

• Unbelievable scale

• Adapt to new architectures

© 2012 Skybox Security 23

Reinvent security management processes

• Integrated

• Proactive not reactive

Use the Force, Luke

• Smart analytics

• Decision support

Automate daily security tasks

Maintain compliance, prevent attacks

Visit www.skyboxsecurity.com

Thank you!

© 2012 Skybox Security 24