Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Benefits of Big Data Analytics in Security – Helping Proactivity and Value Creation
June 2015
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
The Security Landscape
Held the door to let 5 people into the data center
Uses her badge to try to get into
restricted areas
Laptop bag was stolen with badge
inside
Lost her company badge – forgot to
tell you
Shares credentials with
temp contractors
Who, Where, Why, For How Long & Who Authorized It?
Has started coming in late at night on
the weekend
Copied your sales database to a
USB drive, just in case
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Agenda
Understanding Big Data and Predictive Analytics
Proactive Risk Identification
Transforming Physical Security from Reactive to Proactive
Best Practices for Adopting Predictive Security Solutions
Q & A
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Big Data? Predictive? Behavioral? Risk-based Profiling?
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Big Data Analytics – Introduction Predictive analytics solutions evaluate patterns found in existing data
sets to predict potential future outcomes Descriptive Analysis
Ad Hoc Reports: “How many, how often, where?”
Standard Reports: “What happened?”
Predictive Analysis
Forecasting/Extrapolation: “What if these trends continue?”
Optimization: “What’s the best that can
happen?”
Descriptive Example: Which systems have the most alarms
Predictive Example:
Based on the time and frequency of the alarms, which of the doors are more
likely to need repair
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Physical Security and Predictive Data Solutions
Predictive solutions help security transition from being a reactive resource to a proactive strategic business partner
67%
33%
More than two-thirds of Security Directors consider it important to be
able to do predictive analysis to improve operational effectiveness and
reduce risk
Yet, just under one-third of Security Directors have technology in place to
capture predictive security metrics
31%
69%
According to an IDG Research survey conducted October 21-November 3, 2014.
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Why this technology and why now? - Data technology has matured - Hardware cost have made it practical - Tools that connect to systems without a
Herculean effort - Management Imperative
Proactive Risk Identification
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Examples
Credential Fraud
Policy Violations
Systems Maintenance
Managing Spending & Growth
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
What is an IOC?
• An IOC is an Indicator of Compromise that can be identified to a person, device (reader/site), application or network.
• IOCs provide early indications of bad actors, or deviation from norms that can help you identify and contain security incidents before they result in loss
Sample IOCs: • Multiple physical access
and/or logical (IT) access denied for same person.
• Same badge used at different geographical locations.
• Tailgate – derived on the basis of site/door hierarchy.
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
IOC Category #1: Credential Fraud
Why is this important? ─ Security owns credentials – need to track
─ Need to loop in employee charged with credential – “Is this you?”
─ Helps keeps employees efficient
─ Likely target for advanced adversaries
Examples: Shared Credentials
Lost/Stolen Credentials
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Badge Fishing
High-risk identity tries to access high-risk areas (badge fishing)
Actions: Automated Responses • Email - Is this you? • No response within 30 minutes, badge suspended • Automate turning badge back on
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
IOC Category #2: Policy Violations
When processes haven’t been followed risk liabilities increase
Was our audit done well? ─ How long did you spend per person
making decisions in this audit?
Examples: ─ Requesting and approving access by same
person
─ Abusing visitor system by adding same contractor day-after-day to avoid background checks
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Tailgating
Large number of people tailgating at the London location
Actions: • Remind offenders about policies • Re-train personnel
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
IOC Category #3: Systems Maintenance
Set thresholds to understand when you should repair something
Measure how failing devices affect organization
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Alarm Analytics Exceptionally high alarm count at a particular site
Actions: • Attempt to restart the device centrally • Create work order
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
IOC Category #4: Managing Spending & Growth
Letting you know about areas with high access
Capacity Low Med High
Sub-lease extra space
Shut down office
Add new office
Temp hike due to event
High personnel growth forecast
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Facility Analytics
Utilization of facilities less than 50% for each day of the week
Actions: • Generate utilization reports for the facilities team to take apt decision
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
A Smart Predictive Data Security Strategy Helps Answer:
What is the source of the next possible threat?
Which assets are most vulnerable and likely to be targeted?
Which processes need improvement?
Was our audit effective?
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Identify decisions and/or actions you intend to improve
Partner with systems vendor who brings expertise in your department and with your systems Look for extensible solutions that can contribute to the bigger picture Avoid generic “big data” solutions from vendors that don’t understand security
Best Practices for Adopting Predictive Data Solutions
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Making Security Proactive
Understand organizational risk, threats and vulnerabilities
Identify key metrics • Measure adherence to policy • Improvement to SLAs
Measure risk • Measure risks in real-time • Measure risk based on people’s actions/behavior
Use metrics to guide actions • Target programs • Spend efficiently
© 2015 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Contact Information
Don Campbell Director of Product Management
and Product Marketing [email protected]
© 2014 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
© 2014 Quantum Secure, Incorporated. All Rights Reserved. Confidential. (408) 453-1008
Thank you!