1 / 8

Security Track Day 2

Security Track Day 2. Richard Stiennon Chief Research Analyst IT-Harvest Blog: ThreatChaos.com twitter.com/stiennon. Blog: www.ThreatChaos.com twitter.com/cyberwar. The Week’s Agenda. Yesterday What CXOs consistently fail to grasp about enterprise security Day 2, August 3, 2010

xenon
Download Presentation

Security Track Day 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT-Harvest Confidential Security TrackDay 2 Richard StiennonChief Research AnalystIT-Harvest Blog: ThreatChaos.com twitter.com/stiennon

  2. IT-Harvest Confidential Blog: www.ThreatChaos.com twitter.com/cyberwar

  3. IT-Harvest Confidential The Week’s Agenda • Yesterday What CXOs consistently fail to grasp about enterprise security • Day 2, August 3, 2010 Getting beyond vulnerabilities; resilience in security architectures • Day 3 Threat and risk management • Day 4 Security and ROI • Day 5 Data protection: strategies inside and outside the enterprise

  4. IT-Harvest Confidential Getting beyond vulnerabilities – Resilience in security architectures • Vulnerability management is good, but only a small piece of the puzzle • Monthly patch cycles becoming hard to maintain for Microsoft (Stuxnet) • 0-day issue. (China and Russia)

  5. IT-Harvest Confidential How your employees make VM superfluous 1. Who needs a vulnerability when your people • grant access to malicious software? 2. Malicious insiders use 3. Secure applications assume the user is hostile

  6. What are the six elements of a resilient security architecture? 1. Data protection • Encrypting data at rest • Key management 2. The cloud • Data and VM segregation • Do not extend trust to the cloud provider 3. Continuous monitoring • Applications • Networks

  7. IT-Harvest Confidential What are the six elements of a resilient security architecture? 4. Identity and Access Management (IAM) 5. Network protection • Network awareness • Complete Content Inspection 5. Application defense • Code review • Web Application Firewalls (WAF)

  8. IT-Harvest Confidential Blog: www.threatchaos.com email: richard@it-harvest.com twitter.com/cyberwar

More Related