![Page 1: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/1.jpg)
Out with the Old, in with the New
CISO Strategy for 2013
Gidi Cohen CEO and Founder, Skybox Security
December 7, 2012
www.skyboxsecurity.com © 2012 Skybox Security 1
presented by
![Page 2: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/2.jpg)
• Proven effective in complex networks
• Financial Services, Government, Defense, Tech,
Energy, Retail, Service Providers, Manufacturing
• “ This is the best tool we have for getting all of our risk
information in one place.” - USAID
Global 2000 Customers
• Predictive risk analytics for best decision support
• Designed for continuous, scalable operation
• Complete portfolio on a common platform
Leader in Proactive
Security Risk Management
© 2012 Skybox Security 2
Skybox Security Overview
![Page 3: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/3.jpg)
© 2012 Skybox Security 3
100% Uptime BYOD Demands
BYOC (Cloud)
data and apps
Rapidly Mutating
Threats
Security Challenges
in a Changing World
Roll-out New Services
![Page 4: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/4.jpg)
(Source: Forrester, Role Job Description: CISO, March 2012)
© 2012 Skybox Security 4
Protect Information
Assets
• Identify risks
• Ensure effective
risk controls
Deliver Business
Value
Be a Trusted
Advisor
• Timely, cost-effective
risk mitigation
• Supports business
goals
• Communicate risks
in business language
Common thread... RISK
2013 Top Goals for the CISO
![Page 5: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/5.jpg)
© 2012 Skybox Security 5
Threats Infrastructure Impact
Change
Requests Exec
Reports
Mitigation
Options
Continuous, Scalable
Strong Security Risk Management
Program is Essential
![Page 6: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/6.jpg)
Protect
Information
Assets
© 2012 Skybox Security 6
How Do You Manage
Risks Today?
Vulnerability Scanners
SIEM
IT GRC
![Page 7: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/7.jpg)
0
50
100
150
200
250
300
350
10% 20% 30% 40% 50% 60% 70% 80% 90%
Fre
quency
x/y
ear
% of Network Scanned
To keep pace with threats?
Daily updates
90%+ hosts
Partner/External networks
Avg. scan: 60-90 days
<50% of hosts
Critical systems, DMZ
Avg. scan: 30 days
50-75% of hosts
© 2012 Skybox Security 7
How often do you scan? How much coverage?
2012 Skybox Survey:
Vulnerability Management Challenges
Too Little, Too Late
![Page 8: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/8.jpg)
We just don’t need to scan more
Unable to gain credentialed access to scanportions of the network
The cost of licenses is prohibitive
Some hosts are not scannable due to their use
We don't have the resources to deal withbroader patching activity
We don’t have the resources to analyze more frequent scan data
We are concerned about disruptions fromscanning 59%
58%
41%
34%
29%
12%
5%
© 2012 Skybox Security 8
Reasons that respondents don’t scan
more often
Disruptive, Inaccurate Picture of Risk
Vulnerability Assessments:
Just Not Effective
![Page 9: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/9.jpg)
Updated Continuously
© 2012 Skybox Security 9
Is a Vulnerability Scanner Sufficient
for Security Risk Management?
Threats Infrastructure Impact
Lacks network
context
Change
Requests Exec
Reports
Mitigation
Options
![Page 10: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/10.jpg)
(Regarding SIEM) "If the question is, 'Does it stop
hackers?' then the answer is no. It's not supposed
to stop anything.“ Dr. Anton Chuvakin, Gartner
© 2012 Skybox Security 10
Monitor events
Incident response
Anticipate risks
Prevent attacks
Pre-event Post-event
SIEM – Monitoring, not Prevention
Reactive, Incomplete Risk Picture
Event!
![Page 11: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/11.jpg)
© 2012 Skybox Security 11
Is a GRC Tool Sufficient
for Security Risk Management?
Updated Continuously
Threats Infrastructure Impact
Policy view only
Change
Requests Exec
Reports
Mitigation
Options
No operational
guidance
Lacks network
context
![Page 12: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/12.jpg)
© 2012 Skybox Security 12
“Insanity: Doing the same
thing over and over again
and expecting different
results."
-- Albert Einstein
![Page 13: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/13.jpg)
On the surface…
• Firewall rulesets bloated
• Service performance issues
Dig deeper…
• Unable to see infrastructure
• Unable to anticipate impact of
planned changes
CISO’s visionary goal
• Fundamentally different approach
to security management
© 2012 Skybox Security 13
Operations on all continents
Many centralized services
Success Story –
Global Brewing Company
![Page 14: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/14.jpg)
© 2012 Skybox Security 14
Change
Planning
Brewing Company – Integrated Approach
for Security Management
Updated Continuously
Threats Infrastructure Impact
Enabled by modeling
and simulation
Change
Requests Exec
Reports
Mitigation
Options Firewall
Optimization
Operational
Metrics
Risk
Metrics
![Page 15: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/15.jpg)
Improved Security
• Able to quickly assess potential risks of
changes
© 2012 Skybox Security 15
Brewing Company - Results
Clear Visibility
• Enabled clear view of the infrastructure
for network architecture planning
Lower Maintenance Time
• Consolidated and optimized firewalls
Improved Performance
• Increased use of centralized resources
Better Internal Communications
• Reports on operational and risk metrics
![Page 16: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/16.jpg)
© 2012 Skybox Security 16
Available
Access Path
IPS Signatures
Not Enabled
Change Exposes
a Vulnerability
Likely Attack
Scenario
Leveraging Risk Analytics, Modeling
and Simulation
Vulnerabilities • CVE 2011-203
• CVE 2009-722
• CVE 2012-490
![Page 17: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/17.jpg)
• Compliance
• Change Management
• Optimization
• Vulnerability discovery
• Prioritization
• Remediation planning
• Threat intelligence
• Attack prediction
• APT and Malware simulation
© 2012 Skybox Security 17
Common Use Cases for SRM
Continuous Risk
Mitigation
Future SOC Network Security
Management
Enabled by Risk Analytics
![Page 18: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/18.jpg)
Best Practice
Policy
Network Devices Firewalls
Business
Metrics
Operational
Metrics
Corporate
Policies
Compliance
Reports
Normalized device
configuration repository
Network Security
Change Management
Compliance & Risk Analytics
ITSM Integration
Blueprint for Network Security
Management
18
![Page 19: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/19.jpg)
© 2012 Skybox Security 19
Enabling Business Needs, Securely
![Page 20: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/20.jpg)
© 2012 Skybox Security 20
Continuous Risk Mitigation
(Next-Gen Vulnerability Management)
Most Critical
Actions
Vulnerabilities
Threats
![Page 21: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/21.jpg)
IT GRC/Security
Dashboard – consolidated reporting
Security Risk
Management (SRM)
Proactive, pre-attack
risk mitigation
Security Information &
Event Management (SIEM)
Post-attack incident
management
© 2012 Skybox Security - Confidential 21
Risk-Driven Security Operations Center
![Page 22: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/22.jpg)
Manage Risks Effectively
• Communicate security impact in business terms
• Drive cost-efficient operations
Treat Security as a Business
• Support roll-out of new business services
• Quantify risks and communicate options
Enable Business Needs
© 2012 Skybox Security 22
• Monitor risks continuously
• Include proactive risk-management in operations
Adapt and Thrive
![Page 23: Out With the Old, In With the New – Reinvent and Justify Your 2013 Security Strategy](https://reader033.vdocuments.site/reader033/viewer/2022051611/54b6b3784a7959f7308b4596/html5/thumbnails/23.jpg)
Automate daily security tasks
Maintain compliance, prevent attacks
Thank you!
www.skyboxsecurity.com
© 2012 Skybox Security 23