Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
How Silicon Valley startups are approaching security differently
a.k.a. The New Security Stack
Scott CressmanSenior Product Manager, OpenDNS
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org @scott_cressman
</me>
• BEng, Computer
• Early experience in Support & Professional Services
• Over 12 years in security doing Product Management
• Regularly work with security thought leaders of Fortune 500, Bay Area “startups”
<me>
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Agenda
@scott_cressman
• Baseline• Who are these “Silicon Valley startups?”• How do they approach security differently?• Bringing it all together• What can you do?
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
BASELINEWhy we’re here. Why they’re adapting.
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Last 20 years of security:
Got a problem?BUY A BOX
FIREWALL
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
VPN
EMAIL GATEWAY
WEB PROXY
DLP
NEW OFFICE
REPLACEMENT BOX
Another problem?ANOTHER BOX! Keep Stacking…
SANDBOX
FASTER ROUTER
FIREWALL
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
BUT, your users have left the building…
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
AND, your apps are in the Cloud…
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
DarkHotel Attack
OFF NETWORK AND SUPPLIERS
BRANCH OFFICE/STORE/CLINIC
HQ
Attackers are Targeting the Weakest Links
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
WHO ARE THESE “STARTUPS”?How they’re different
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Who are they?
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
How do they work?
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
What do they value?
@scott_cressman
Productivity over obstruction
Mobility over control
Visibility over prevention
Automation over repetition
Outsourcing over distraction
Partnership over dictatorship
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
HOW ARE THEY DOING IT?Differently…
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
A lighter touch
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org @scott_cressman
Mostly Microsoft
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org @scott_cressman
Content filtering focus
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org @scott_cressman
Traditional Web Proxy
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org @scott_cressman
Heavyweight endpoint agents
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org @scott_cressman
Off-network security VPN dependence
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Focus on mobility
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Off-network devices
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Maintain security without violating privacy
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Federate Identity
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Federated Identity is a prerequisite
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Identity always, everywhere
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
The device is expendable
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Optimize for productivity
@scott_cressman
+
=
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Invest in security teams & automation
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Internal focus on simplification & discovery
@scott_cressman
• “Internal” focus• Shift to discovery from prevention• Simplification of their “protection ecosystem”
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Demand openness from their vendors
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Analysts actually doing security
@scott_cressman
• Analysts spending time on analysis• Run security drills• Threat Intelligence sharing (STIX/TAXII)• Consumption of threat intel (e.g. FBI Flash
bulletins, FS-ISAC, etc.)
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Operationalize their intelligence
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Threat Intelligence Platforms
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
BRINGING IT ALL TOGETHERThe new Security Stack & Protection Ecosystem
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
The Shifting Security Stack
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org @scott_cressman
UMBRELLAEnforcementInstant protection on- and off-network.
ReportingNear real-time visibility on- and off-network of all DNS traffic.
INVESTIGATEIntelligenceEnrich threat intel and assist with investigations and IR (incident response).
context on domains,
IPs, or ASNs
GETInternal Systems
logs
SECURITY INCIDENT &
EVENT MANAGEMENT
THREAT INTEL
PLATFORM
logsGET
POSTevents
Example security lifecycle
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
WHAT CAN YOU DO?Today and in the coming months & years
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Revisit your priorities
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Demand more of your vendors
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Invest in (cloud) identity management
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
Invest in your security team & automation
@scott_cressman
Celebrating a decadeof guiding securityprofessionals.
@Secure360 or #Sec360 www.Secure360.org
OPEN CONVERSATIONQuestions & commentary
@scott_cressman