"thinking diffrent" about your information security strategy

Jason Clark, VP Chief Strategy & Security Officer

“THINK DIFFERENT” ABOUT SECURITY STRATEGY

We need a New Strategy

2

The targets…past, present and future

© 2012 Websense, Inc. © 2012 Websense, Inc.

Evolution of the bad guys modus operandi

HARD TO PROTECT EASY TO PROTECT

The Attackers…past, present and future

5

Information Security Budget

6

Your Companies Revenue IT Budget Infosec Budget

Spend & security effectiveness mismatch

7

Firewalls, IDS,

Endpoint Security

Other 20%

80%

80% OF THE SPEND IS 30% EFFECTIVE AT SECURING THE BUSINESS.

Redirect our investments to be: Data Centric & Risk Based

© 2012 Websense, Inc. © 2012 Websense, Inc. 8

PLEASE STOP SPEAR PHISING

Have you tested your employees to Spear Phishing? Average results will show 71% of your users will click the link

Step 1: Evaluation

9

How do we increase “Security Personnel” with Zero Investment?

Do you know your breakdown? Do you know your return on investment?

Evaluate commodity spending

Step 2: Buy in

Communicate evaluation results with Everyone outside of IT • Get involved with Legal • Chief Privacy Officer/Head of HR • Audit, Engineering, Marketing, etc.

REMEMBER

As Tom August, author of the CISO Handbook, puts it…

WE SELL IDEAS!

© 2013 Websense, Inc.

Step 3: Execute

People, Process, Technology applied to Security

+ = + + = + + = + + = + + = +

People Process Technology Outcome

+ = + + = + + = +

Success Poor Adoption Inconsistent Operation Burden to Scale

Shelf-ware

Wasted Effort

No ability to execute

No Defenses

Most of the time current Technology's lead back to infrastructure centric models.

Step 4: Moving to Intelligence

From Security Operations To Security Intelligence

Value Wisdom

Knowledge

Information

Data

The Relative Value of Information

=

Step 5: Who is your enemy?

© 2013 Websense, Inc.

The Enemy is in your Blind Spots

• SSL • Spear Phishing • AD, SAM, Password extraction • Custom Encryption • Malware • Application • Complex Technical Stack (limited visibility) • Insider Threat • Obfuscation


Who Can We Trust?

15

50% of malware redirects to the United States

60% of phishing attacks are hosted in the United States

36% of malware is hosted in the United States


Next Generation Approach To Security Policy and Protection: Context Aware, Data Centric, Security

16

Who

Human Resources

Customer Service

Finance

Accounting

Legal

Sales

Marketing

Technical Support

Engineering

What

Source Code

Business Plans

M&A Plans

Employee Salary

Patient Information

Financial Statements

Customer Records

Technical Documentation

Competitive Information

Where

Benefits Provider

Personal Web Storage

Blog

Customer

USB

Malware Site

Business Partner

Competitor

Analyst

How

File Transfer

Instant Messaging

Peer-to-Peer

Print

Email

Web

Audit

Notify

Remove

Quarantine

Encrypt

Block

Removable Media

Copy/Paste

Print Screen

Action

Confirm

Threat Modeling & Attack Trees

17

Lure Redirect Exploit Kit

Dropper File

Call Home

Data Theft

Seven Stages of Advanced Threats

Recon

AWARENESS REAL-TIME ANALYSIS INLINE DEFENSES CONTAIN-MENT

IT Insider Behavior Model

21