cybersecurity, yesterday, today, and beyond

AN IT IANSecurity:

Yesterday, Todayand Beyond

intelligent information securityANIT IAN

MEET THE SPEAKER – ANDREW PLATO• President / CEO of Anitian • Principal at TrueBit CyberPartners• 20+ years of experience in security• Discovered SQL injection in 1995• Helped develop first in-line

IPS engine (BlackICE)


Who we do it for

What we doBuild great security……Programs …Controls…Operations …Compliance …Response …Leaders

Why we do it We believe security is essential to growth, innovation, and prosperity


OVERVIEWOutline• The Fourth Dimension• The Threat Landscape Through Time • Trends for 2020 and Beyond

Intent• Discuss cybersecurity trends through time• Get you thinking about your security needs in 5-10 years


The Fourth Dimension


30 million years ago two black holes collided

Cats had just evolved on Earth, no Humans


Between 1907 and 1915 Einstein developed the theory of Special Relativity, a concept that

did not follow the “rules” of conventional scienceMany people at the time thought he was nuts.


In 2016, the LIGO observatories in

Louisiana and Washington

discovered the gravity waves from this collision proving Einstein’s theory.

He was not nuts, just ahead of his time


My story: SQL Injection 1995

Oh, did I just equate myself with Einstein?


20 Years Later…

intelligent information securityANIT IANThe present can be deceptive


How do you know what to look for?

When you do not know what it is


Welcome to the Fourth Dimension

Your ability to evaluate a threat depends on your perceptions and bias


Former Target CIO Beth Jacob was fired after a huge breach in 2014

The Target breach has become a case study in having all the tech but still could not

protect the business

We are losing the cybersecurity game

Because we keep trying to play by the rules

We must change the rules of the game into a game we can win


Threat Landscape Through Time


THE PAST• Macro viruses• Network hacks & port scanning • Spam• Market: $500M industry

• SOLUTION: Technology!!


THE PRESENT• Encrypting Ransomware• Targeted Phishing • Fileless malware• Botnets • ICS and control systems

attacks• Market: $122B

• SOLUTION: BUY EVEN MORE TECHNOLOGY…and make it all compliant


THE FUTURE• AI-based attacks • Threats at the hardware

layer • Chaos attacks • Market: $300B

• Hyper-intelligent attacks, overwhelm your defenses

• SOLUTION: TECHN…wait, maybe we should do something different?


OUR PROBLEM

We keep buying security technology… …that does not secure


our people are…

distracted

NEXT-GENERATION

SQUIRREL

they are failing to

remember the mission

… you can never hire enough of them


…and your workforce is changing


is there any hope?


YES!we must change the way we

look at cybersecurity


GET READY FOR 2020

Stop

Products

Vendors

Perimeter

Headcount

DevOps

Strength

Start

Intelligence

Relationships

Data

Resources

DevSecOps

Agility


BEYON

DCYBERSECURITY 2 0 2 0


TREND 1: THE CLOUD• This is where IT is going• Only 17% of workloads

are in the cloud• Cloud is more secure• Compliance in the cloud

is difficult • Cloud talent is extremely scarce • Train your internal people • AWS is #1 by a long shot.

intelligent information securityANIT IANWHAT’S MISSING?


Security

Compliance

Security

Compliance

Security

Compliance

Security

Compliance

YOU

M

ANAG

E

YOU

M

ANAG

E

YOU

M

ANAG

E

YOU

M

ANAG

E

OH YEAH,SECURITY AND COMPLIANCE !


TREND 2: DISPOSABLE IT Emerging new approach to cloud with huge security and compliance benefits: 1. Fully automate the build of your environment

a. System and storage instantiation b. Configuration, hardening, patchingc. Code deployment

2. On a regular basis, recreate the whole environment3. Migrate from old to new (automatically)4. Destroy the original

• Disposable IT forces formality and structure• It also has huge security benefits


TREND 3: THE SUBSCRIPTION ECONOMY• We no longer buy things,

we buy relationships• Netflix, Office365, Salesforce• Relationships have value • High-trust relationships

get you access to help, on-demand

• The “lone-wolf” approach to security is a failure

• Focus on building strong, lasting relationships with vendors, partners, and suppliers

• Stop the “race-to-the-bottom” gladiatorial approach


TREND 4: SECURITY ANALYTICS• Point security solutions are

useless• Integrated “fabrics” that can

react at multiple levels• Fusion of detection, prevention,

logging, and response technologies

• You will never react fast enough…Get your people out of the reaction mode, into the analysis mode

• Automation and orchestration can do that


TREND 5: THE NEW NORMAL• People become indifferent to breaches• Privacy is gone, we expect our data to be stolen• Value of data declines • Automation allows for rapid detection, response, and repair• The security bubble pops, a lot of vendors implode

• Security shifts to stability and assurance duties• Breaches have minimal impact • Spending and headcount decrease• Cybersecurity skills shift from hacking, to relationship building• Everything is in the cloud, everything is rebuildable at a

moment’s notice


FINAL THOUGHTS• It is not strength that wins, its agility • It is not technology that protects you, its intelligence • It is not compliance that assures, it is discipline • It is not what you know, its what you do not know that makes a

difference • It is not skill that makes somebody qualified, it is behavior

• Do not let your current perceptions, affect your future security


Andrew Plato, [email protected]

LinkedIn: http://bit. ly/l i-andrewplato

T H A N K Y O U