Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Operationalizing the Three Principles of Advanced Threat Detection@Zulfikar_Ramzan, Ph.D
Chief Technology Officer, RSA
California Cyber Security Symposium 2016
cyber security companies
1500M&A deals/year
125IPOs/year
5Let’s assume NO
new VC investments
0
However you work it, at least
12 years of market overhang!
So What Does This All Mean?
Current State of Security
1 RSA Cybersecurity Poverty Index 2016
2 PWC Global State of Information Security Survey 2015
3 EY Global Information Security Survey 2015
4 RSA Threat Detection Effectiveness Survey 2016
5 RSA Estimate
70%
Compromised
in the last year1
56%
Unlikely to detect
an attack3
66%
Growth in
incidents YoY2
80%
CISOs re-thinking
strategy in next
12-18 months5
90%
Are unsatisfied
with response speed4
New Threat Actor
• Pale Hippo 1
• Weight: 400 lbs
• Normally hacks from his bed,
sometimes his couch
• First intelligence reports on 26-
Sep-2016
• Politically motivated
How bad is it?
Who was it?
How did they get in?
What information was taken?
What are the legal implications?
Is it under control?
What are the damages?
What do we tell people?
B U S I N E S S R I S K
Account lockouts
Failed user access attempts
Web shell deletions
Buffer overflows
SQL injections
Cross-site scripting
Denial-of-service
IDS/IPS events
Incident level fixes
S E C U R I T Y D E T A I L