ASSESS YOUR SECURITY
POSTURE TO ARM YOUR
DEFENCES
1
Carl Shallow
Head of Compliance & Pre-sales
www.secdata.com
LOOKING BACK…
• What were the risks when everything was centralised on mainframes?
2
Centralised data storage
Avoiding data loss
Overnight batch
processing
What was printed?
• Today, we have almost come full circle…
3
LOOKING FORWARD…
Centralised storage
Thin client access
Don’t allow data to move
• What are the concerns for companies today?
4
DEFINING THE PROBLEM
Data
• Where is it?• Who has
access to it? • How sensitive
is it? • How sensitive
will it be in a week, a month or a year?
• What rules do you have to follow to protect it?
Applications
• The dangers of downtime, ensuring availability
• Testing• Development• Protecting
sensitive application data
• Ensuring perfect performance
Physical
• Ensuring business continuity
• Robust disaster protection
• Data replication
• Physical site security
Connectivity
• Bring Your Own Device
• Secure remote access
• Cloud-based services and infrastructure
• Virtualisation• Unified
comms and collaboration
• Securing data has been a moving target for the last 20 years. Today, we’re facing:
5
STATE OF THE MARKET
Squeezed IT budgets
Changing technologyand threats
Most companies are locking the stable door after the horse has bolted!
Time constraints
• We’re seeing a proven track record that compliance gives results
• Thanks to PCI compliance, credit card fraud reached a 10 year low in 2012
6
WHERE ARE WE GOING?
Established security
frameworks
Increased compliance
requirements
Companies aligning to ISO 27001
7
WHAT CAN YOU DO?
Risk assessments
What are the acceptable risks and what are
the crucial areas to protect?
SensePost
Network
Applications
Employee training and education
Push monitoring data and
analytics to the cloud and
consume as an expert service
Assess on demand and model the potential problem
Websense, Bluecoat,
CheckPoint, SIEM, SkyBox
• Assess the unique vulnerabilities of your business• Identify the greatest risks and vulnerabilities to enable
you to implement preventative protection
Threat analysis
Security as a service
Security assessments
8
WHAT SHOULD YOU DO NEXT?
Perform a risk assessment
Prioritise the gaps
Deploy a SIEM
Implement scanning /
patch management
Then assess, assess, assess!
Assessment is the new incident response