1 / 21

Evading Death by a Silver Bullet Effective Cyber Security Strategies for Digital Transformations

Evading Death by a Silver Bullet Effective Cyber Security Strategies for Digital Transformations. 03/13/2019 Michael Gutsche – Chief Cyber Security Strategist. Our digital world is radically changing the risk landscape. External disasters and internal failures.

shaneb
Download Presentation

Evading Death by a Silver Bullet Effective Cyber Security Strategies for Digital Transformations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evading Death by a Silver BulletEffective Cyber Security Strategies for Digital Transformations 03/13/2019 Michael Gutsche – Chief Cyber Security Strategist

  2. Our digital world is radically changing the risk landscape External disasters and internal failures Cost and complexity of data protection Regulatory pressures Sophisticated cyber attacks Mobile and cloud dissolvethe “perimeter” Hyper-connected sensors and devices create new exposures Massive data growth from multiple sources Regulatory, privacy and compliance concerns

  3. Today we live in a different world of data everywhere… ConnectedCars SmartInfrastructure MobileTransactions … feeding sensitive information into data lakes

  4. Sensitive data explosion – type and scale 5200GB of data for every person by 2020! HEALTHDATA IDENTITY PERSONAL DATA HEALTHDATA ASSET DATA GOVERNMENT RECORDS COMM ACTIVITY CONTENT CONTEXT IDENTITY RELATIONSHIP ePORTFOLIO Insurance Claims Payments Coverage Personal Tracking Devices Activity Records Genetic Code Patient Prescriptions Diagnosis Device Logs Measurement Demographic Age Sex Address Profession Identifiers Name User-names e-Mail Addresses Phone Numbers Nick Names Persons Device IDs IP addresses Bluetooth IDs SSID IMEI SIM Interests Declared Llikes Favorites Preferences Insurance Claims Payments Coverage Personal Tracking Devices Activity Records Genetic Code Patient Prescriptions Diagnosis Device Logs Measurement Presence Availability Channels Text SMS IM/Chat Email Attachment Body Status Updates Social Media Videos Podcasts Photis Shared Produced Music Links Bookmarks Speech Voice Calls Voice Mails Browser Clicks Keystrokes Sites Visited Queries Bookmarks Client Apps Physical World Eating Drinking Driving Shopping Sleeping Operating System Private Documents Word Processing Spreadsheets Project Plans Presentations Consumer Media Books Photos Videos Podcasts Music Audio Books Games Software/Apps Location Current Planned Future Past People Copresent Physical World Digital World Interlaced With Events Calendar Data Event Data from Web Services Objects Copresent Physical World Digital World Interlaced With Demographic Age Sex Address Profession Identifiers Name User-names e-Mail Addresses Phone Numbers Nick Names Persons Device IDs IP addresses Bluetooth IDs SSID IMEI SIM Interests Declared Llikes Favorites Preferences Virtual Goods Identifiers Domain Names Handles (twitter etc) Objects Gifts Currencies Financial Data Income Expenses Transactions Accounts Tax Info Assets Liabilities Insurance Credit Rating Physical Goods Digital Records Real Estate Vehicles Personal Effects Art Appliances Contacts Address Book Communications Call Logs Messaging Logs Social Networks Family Geneology Academic Exams Student Projects Transcripts Degrees Employment Reviews Actions Promotions Continuing Education Citizenship Corporate Board of Directors Law Enforcement Records Public Records Legal Name Births Deaths Marriages Divorces Property Ownership Computerworld, 12/2012

  5. It’s no longer a question of if, but when your data breach will happen

  6. “Silver Bullet” Syndrome

  7. sil·verbul·let • [silver bullet] • NOUN • a bullet made of silver, used in fiction as a supposedly magical method of killing werewolves. • a simple and seemingly magical solutionto a complicated problem. Source: Oxford Dictionary

  8. Organizations continue to invest in point products *On Average, organizations have ~70 different security vendors protecting their environments *Source: ZDNet, MacLean, Asha. (2016, Nov 23) Security Landscape Plagued By Too Many Vendors

  9. The Security market continues to grow at a rapid pace • Cybersecurity has outpaced the market • Major breaches over last 5 years have driven up spending • The latest spike driven by expectations for increased government spending Source: Bessemer Venture Partners, Cyber Security Index from Jan 2011 – Feb 218; ESP Analysis

  10. Despite that growth, cyber damages continue to outpace spend Cyber damages to hit $6 trillion annually by 2021 Up from $3 trillion in 2015 Cyber security spending toexceed $1 trillion from 2017 to 2021 Cyber crime will more than triple the number of unfilled security jobs Predicted to reach 3.5 million by 2021 Human attack surface to reach6 billion peopleby 2022 Ransomware damage costs are predicted to reach $11.5 billionby 2019 CSO online: Top 5 cybersecurity facts, figures and statistics for 2018

  11. Average time bad guys are inside before detection 2017…March April May June July August September October November December 2018January February March… 90% Since 2009, time to resolve an attack has grown of breaches occur at the application layer 243+ AverageRemediation UK 30 days Global 46 days 220% days 94% 23% ROI Security Intelligence 21% ROI Encryption Technology 20% ROI Advanced controls – UTM, NGFW, IPS of breaches are reported by a 3rd party

  12. Security, Risk, & Governance Micro Focus Approach ENDPOINT SECURITY Identity Management DATA Application Security SECURITY OPERATIONS Data Discovery and Classification Data Protection

  13. Security, Risk, & Governance Micro Focus Portfolio • IDENTITY & ACCESS MANAGEMENT • NETIQ • GOVERNANCE • PIM/PAM- SSO, SSPR, MFA • ENDPOINT SECURITY • PATCH MANGEMENT • CONFIGURATION MANGEMENT • DISK ENCRYPTION • SECURITY OPERATIONS • ARCSIGHT/SENTINEL • INVESTIGATE • LOGGER • UEBA • APPLICATION SECURITY • FORIFY SCA • WEBINSPECT • APPDEFENDER • FORTIFY ON DEMAND ANALYTICS & MACHINE LEARNING VERTICA • DATA GOVERNANCE, CLASSIFICAION AND ARCHIVING • STRUCTURED DATA MANAGER • CONTENT MANGER • CONTROL POINT • DATA PROTECTION • VOLTAGE SECURE DATA • VOLTAGE SECURE MAIL • COVERTIX FOR UNSTRUCTURED DATA

  14. Thank you www.microfocus.com

  15. Data Centric Security“protecting what matters”

  16. Data Centric Security: field-level Common Threatsto Data Privacy Traditional IT Security Silo Infrastructure Ecosystem Security Gaps Voltage Applications Authentication Management Credential Compromise Security gap Networking Traffic Interceptors SSL/TLS/firewalls Security gap Databases, lakes,and warehouses Database encryption Required Coverage SQL injection End-to-end Protection Security gap File systems Fileencryption Malware Security gap Data center storage Disk encryption Insiders

  17. Voltage Secure Stateless Tokenization and FPE Field level, format-preserving encryption, reversible data de-identification SST FPE Credit card 1234 5678 8765 4321 SSN/ID 934-72-2356 Email bob@voltage.com DOB 31-07-1966 Full 8736 5533 4678 9453 347-98-8309 hry@ghohawd.jiw 20-05-1972 Partial 1234 5681 5310 4321 634-34-2356 hry@ghohawd.jiw 20-05-1972 Obvious 1234 56AZ UYTZ 4321 AZS-UD-2356 hry@ghohawd.jiw 20-05-1972

  18. Anonymize or pseudonymize—or risk it all? Clear Text(open to Breach) Pseudonymized (security with usability) Live Data Voltage Hyper Format Preserving Encryption (FPE) FPE Non-standardizedvendor methods (breach or audit flag) Non-reversiblede-identification Voltage FormatPreserving Hash Data usability Requires decryption to use(physical media, transport) Bulk storage or link encryption Fully Anonymized (severe information loss) Data security

  19. Application Security“the new perimeter”

  20. Application Security Securing the SDLC (DevSecOps) Static Code Analysis Real-time Application Self Protection Sec Static Code Analyzer (SCA) Application Defender Dev Fortify on Demand Ops Fortify on Demand Create Plan Prevent Detect Adapt Continuous Improvement Continuous Configuration Monitoring and Analytics Monitoring and Analytics Continuous Integration Continuous Monitoring Release Continuous Deployment Continuous Learning Dynamic Application Security Testing Verify Preprod Predict Respond WebInspect Continuous Delivery Fortify on Demand Source: “10 Things to Get Right for Successful DevSecOps,” Gartner, Inc., 2017

  21. Where does Security fit in DevOps? Static Code Analysis Real-time Application Self Protection On Premise SCA As a Service with Fortify on Demand Fortify Application Defender Build Server Dynamic Application Security Testing Light Weight Static Code Analysis On Premise WebInspect As a Service with Fortify on Demand Fortify Security Assistant

More Related