The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy

The Changing IT Threat Landscape: Three Steps to a Proactive Security Strategy

The Changing IT Threat Landscape: Three Steps to A Proactive Security Strategy

Khalid KarkVice President, Research Director, Forrester ResearchDwayne Melancon, CISAProducts, Tripwire, Inc.

IT SECURITY & COMPLIANCE AUTOMATION

Today’s Speakers

Khalid Kark

Vice President, Research Director

Forrester Research

Dwayne Melancon, CISA

Products

Tripwire, Inc.

© 2010 Forrester Research, Inc. Reproduction Prohibited4 © 2009 Forrester Research, Inc. Reproduction Prohibited

Changing Threat Landscape

Emerging trends, threats and responses

Khalid Kark, Vice President, Principal Analyst

© 2010 Forrester Research, Inc. Reproduction Prohibited5

1. Threat: Changing Business Dynamics

2. Threat: Changing Threat Landscape

3. Threat: Empowered Employees

4. Best Practice: Focus Your People Controls To Maximize Impact

5. Best Practice: Manage Process Controls To Minimize Risk

6. Best Practice: Invest In Technology Controls To Gain Efficiencies

Agenda


Security continues to play catch-up

Economics

Regulations

New business models

Consumerization

Business partners

Third-party service

providers








Agenda


The threat landscape keeps evolving . . .

Motivation

Method

Focus

Tools

Result

Type

Target

Agent

Fame

Audacious

Indiscriminate

Manual

Disruptive

Unique malware

Infrastructure

Insider

Financial gain

“Low and slow”

Targeted

Automated

Disastrous

Variant tool kits

Applications

Third parties


Method – Low and Slow

Target an individual or a corporation

Take your time to get the information

Can take weeks or months

May need to stop the “attack” for extended

periods

“Trickle” of information over time

Goal – not get detected

Many breaches today are discovered

when something goes horribly wrong

Many don’t even know it exists


Tools: Automated

Web crawlers

Automated IM conversations

Escalation levels

Publically available information

Archives

Better analytics and predictions

Self learning systems - Artificial

intelligence


Type: toolkits and variants

90K variants of Zeus malware

Mutation is standard part of writing

malware today

Adaptability to defenses is key

Advanced encryption algorithms

Tool kits and “do it yourself” kits

Botnets for hire – really cheap

Cost and variation is making existing

malware defenses obsolete








Agenda


Increased concern around empowered technologies

Base: 1,025 North American and European IT Security decision-makers

Source: Forrsights Security Survey, Q3 2010

Smartphones

Cloud computing

Web 2.0 (wikis, blogs, etc.)

54%

42%

40%


2008 2009 20100%

10%

20%

30%

40%

Daily visit social networking sites (e.g. Facebook, LinkedIn)

Exponential growth in social media adoption


Mobile subscribers and connections speeds ascend

2008 2009 2010*0

100

200

300

400

Global mobile broadband subscribers (in millions)

Source: GSM Association


2009 2010* 2011* 2012* 2013*$0

$10

$20

$30

$40

IaaS

SaaS and PaaS

* Forrester forecast

Global IT market(US$ billions)

Rapid growth in cloud services








Agenda


Fraud management

Physical security

Business continuity/disaster recovery

Third-party security

Privacy and regulations

Application security

Policy and risk management

Identity and access management

Data security

Technical infrastructure security

Threat and vulnerability mgmt.

FullMostHalf

Too many things on the plate – distracted decisions


Reactive investment for security

Security staffing; 23%

Security outsourcing and MSSP; 12%

Security consultants and integrators; 8%

New security technology; 18%

Upgrades to existing security technology;

17%

Maintenance/licensing of existing security technology; 22%


Relying on vendors to answer strategic questions

© 2010 Forrester Research, Inc. Reproduction Prohibited21May 2010 “Security Organization 2.0: Building A Robust Security Organization”

Not having a broad scope








Agenda


Understanding Process Maturity


0

1

2

3

4

5

Identity and access management

Threat and vulnerability

management

Investigations and

records management

Incident

management

Sourcing and vendor management

Information asset

management

Application systems

development

Business continuity and

disaster recovery

Source: Output from Forrester’s Information Security Maturity Model

Current state versus target

Ideal

Current

Target








Agenda


Technology

MSSPs can play a huge role helping you here.

You're not just building on reactive controls but preventive ones as well.

– IDS to IPS

– SIEM and Log management

– DLP

– GRC

You're not investing in the best technologies but have a holistic and layered

defense.

– Best of breed to easier integration and management.

– Strategic security partners

– Point solutions to layers of security


Reactionary spending versus planned allocations

Source: Forrsights Security Survey, Q3 2010

Network Security 25%

Data security, 15 %

Security Ops 14 %Client & threat

mgmt. 10%

Risk & compliance

10 %

Application, 10%

Content7 %

IAM

7%

© 2009 Forrester Research, Inc. Reproduction Prohibited

Thank you

Khalid Kark+1 469.221.5307

[email protected]

www.forrester.com

www.tripwire.comTripwire Americas: 1.800.TRIPWIRETripwire EMEA: +44 (0) 20 7382 5420Tripwire Japan: +812.53206.8610Tripwire Singapore: +65 6733 5051Tripwire Australia-New Zealand: +61 (0) 402 138 980

THANK YOU!

Khalid Kark Forrester Research

E-mail : [email protected]

http://www.twitter.com/MarkAEvertz