"thinking diffrent" about your information security strategy
DESCRIPTION
A presentation I gave to a thousands of CXOsTRANSCRIPT
Jason Clark, VP Chief Strategy & Security Officer
“THINK DIFFERENT” ABOUT SECURITY STRATEGY
We need a New Strategy
2
The targets…past, present and future
© 2012 Websense, Inc. © 2012 Websense, Inc.
Evolution of the bad guys modus operandi
HARD TO PROTECT EASY TO PROTECT
The Attackers…past, present and future
5
Information Security Budget
6
Your Companies Revenue IT Budget Infosec Budget
Spend & security effectiveness mismatch
7
Firewalls, IDS,
Endpoint Security
Other 20%
80%
80% OF THE SPEND IS 30% EFFECTIVE AT SECURING THE BUSINESS.
Redirect our investments to be: Data Centric & Risk Based
© 2012 Websense, Inc. © 2012 Websense, Inc. 8
PLEASE STOP SPEAR PHISING
Have you tested your employees to Spear Phishing? Average results will show 71% of your users will click the link
Step 1: Evaluation
9
How do we increase “Security Personnel” with Zero Investment?
Do you know your breakdown? Do you know your return on investment?
Evaluate commodity spending
Step 2: Buy in
Communicate evaluation results with Everyone outside of IT • Get involved with Legal • Chief Privacy Officer/Head of HR • Audit, Engineering, Marketing, etc.
REMEMBER
As Tom August, author of the CISO Handbook, puts it…
WE SELL IDEAS!
© 2013 Websense, Inc.
Step 3: Execute
People, Process, Technology applied to Security
+ = + + = + + = + + = + + = +
People Process Technology Outcome
+ = + + = + + = +
Success Poor Adoption Inconsistent Operation Burden to Scale
Shelf-ware
Wasted Effort
No ability to execute
No Defenses
Most of the time current Technology's lead back to infrastructure centric models.
Step 4: Moving to Intelligence
From Security Operations To Security Intelligence
Value Wisdom
Knowledge
Information
Data
The Relative Value of Information
=
Step 5: Who is your enemy?
© 2013 Websense, Inc.
The Enemy is in your Blind Spots
• SSL • Spear Phishing • AD, SAM, Password extraction • Custom Encryption • Malware • Application • Complex Technical Stack (limited visibility) • Insider Threat • Obfuscation
© 2012 Websense, Inc. © 2012 Websense, Inc.
Who Can We Trust?
15
50% of malware redirects to the United States
60% of phishing attacks are hosted in the United States
36% of malware is hosted in the United States
© 2012 Websense, Inc. © 2012 Websense, Inc.
Next Generation Approach To Security Policy and Protection: Context Aware, Data Centric, Security
16
Who
Human Resources
Customer Service
Finance
Accounting
Legal
Sales
Marketing
Technical Support
Engineering
What
Source Code
Business Plans
M&A Plans
Employee Salary
Patient Information
Financial Statements
Customer Records
Technical Documentation
Competitive Information
Where
Benefits Provider
Personal Web Storage
Blog
Customer
USB
Malware Site
Business Partner
Competitor
Analyst
How
File Transfer
Instant Messaging
Peer-to-Peer
Web
Audit
Notify
Remove
Quarantine
Encrypt
Block
Removable Media
Copy/Paste
Print Screen
Action
Confirm
Threat Modeling & Attack Trees
17
Lure Redirect Exploit Kit
Dropper File
Call Home
Data Theft
Seven Stages of Advanced Threats
Recon
AWARENESS REAL-TIME ANALYSIS INLINE DEFENSES CONTAIN-MENT
© 2012 Websense, Inc. © 2012 Websense, Inc. 19
© 2012 Websense, Inc. © 2012 Websense, Inc. 20
IT Insider Behavior Model
21