out with the old, in with the new – reinvent and justify your 2013 security strategy
DESCRIPTION
It’s a new era for IT security teams. Tasked with ensuring the success of business-changing IT initiatives from mobile and BYOD to virtualization and cloud services, CISOs are finding that existing security controls and processes create complexity instead of reducing risks. At the same time, highly publicized breaches and new forms of attacks have raised awareness of the business impact of cyber threats to the board level. It’s time for a hard look at your current security program. Can you demonstrate an effective security strategy that will protect your company’s vital services, systems and data? Gidi Cohen challenges you to reinvent your security approach. More than offering just a few ideas, Cohen will examine why some popular security controls are no longer effective at minimizing risks, and explore proven next-generation techniques to increase your ability to see, measure, and gain control over business risks. Presented by Gidi Cohen, CEO and Founder - Skybox Security at the CISO Summit in San Francisco, CA.TRANSCRIPT
Out with the Old, in with the New
CISO Strategy for 2013
Gidi Cohen CEO and Founder, Skybox Security
December 7, 2012
www.skyboxsecurity.com © 2012 Skybox Security 1
presented by
• Proven effective in complex networks
• Financial Services, Government, Defense, Tech,
Energy, Retail, Service Providers, Manufacturing
• “ This is the best tool we have for getting all of our risk
information in one place.” - USAID
Global 2000 Customers
• Predictive risk analytics for best decision support
• Designed for continuous, scalable operation
• Complete portfolio on a common platform
Leader in Proactive
Security Risk Management
© 2012 Skybox Security 2
Skybox Security Overview
© 2012 Skybox Security 3
100% Uptime BYOD Demands
BYOC (Cloud)
data and apps
Rapidly Mutating
Threats
Security Challenges
in a Changing World
Roll-out New Services
(Source: Forrester, Role Job Description: CISO, March 2012)
© 2012 Skybox Security 4
Protect Information
Assets
• Identify risks
• Ensure effective
risk controls
Deliver Business
Value
Be a Trusted
Advisor
• Timely, cost-effective
risk mitigation
• Supports business
goals
• Communicate risks
in business language
Common thread... RISK
2013 Top Goals for the CISO
© 2012 Skybox Security 5
Threats Infrastructure Impact
Change
Requests Exec
Reports
Mitigation
Options
Continuous, Scalable
Strong Security Risk Management
Program is Essential
Protect
Information
Assets
© 2012 Skybox Security 6
How Do You Manage
Risks Today?
Vulnerability Scanners
SIEM
IT GRC
0
50
100
150
200
250
300
350
10% 20% 30% 40% 50% 60% 70% 80% 90%
Fre
quency
x/y
ear
% of Network Scanned
To keep pace with threats?
Daily updates
90%+ hosts
Partner/External networks
Avg. scan: 60-90 days
<50% of hosts
Critical systems, DMZ
Avg. scan: 30 days
50-75% of hosts
© 2012 Skybox Security 7
How often do you scan? How much coverage?
2012 Skybox Survey:
Vulnerability Management Challenges
Too Little, Too Late
We just don’t need to scan more
Unable to gain credentialed access to scanportions of the network
The cost of licenses is prohibitive
Some hosts are not scannable due to their use
We don't have the resources to deal withbroader patching activity
We don’t have the resources to analyze more frequent scan data
We are concerned about disruptions fromscanning 59%
58%
41%
34%
29%
12%
5%
© 2012 Skybox Security 8
Reasons that respondents don’t scan
more often
Disruptive, Inaccurate Picture of Risk
Vulnerability Assessments:
Just Not Effective
Updated Continuously
© 2012 Skybox Security 9
Is a Vulnerability Scanner Sufficient
for Security Risk Management?
Threats Infrastructure Impact
Lacks network
context
Change
Requests Exec
Reports
Mitigation
Options
(Regarding SIEM) "If the question is, 'Does it stop
hackers?' then the answer is no. It's not supposed
to stop anything.“ Dr. Anton Chuvakin, Gartner
© 2012 Skybox Security 10
Monitor events
Incident response
Anticipate risks
Prevent attacks
Pre-event Post-event
SIEM – Monitoring, not Prevention
Reactive, Incomplete Risk Picture
Event!
© 2012 Skybox Security 11
Is a GRC Tool Sufficient
for Security Risk Management?
Updated Continuously
Threats Infrastructure Impact
Policy view only
Change
Requests Exec
Reports
Mitigation
Options
No operational
guidance
Lacks network
context
© 2012 Skybox Security 12
“Insanity: Doing the same
thing over and over again
and expecting different
results."
-- Albert Einstein
On the surface…
• Firewall rulesets bloated
• Service performance issues
Dig deeper…
• Unable to see infrastructure
• Unable to anticipate impact of
planned changes
CISO’s visionary goal
• Fundamentally different approach
to security management
© 2012 Skybox Security 13
Operations on all continents
Many centralized services
Success Story –
Global Brewing Company
© 2012 Skybox Security 14
Change
Planning
Brewing Company – Integrated Approach
for Security Management
Updated Continuously
Threats Infrastructure Impact
Enabled by modeling
and simulation
Change
Requests Exec
Reports
Mitigation
Options Firewall
Optimization
Operational
Metrics
Risk
Metrics
Improved Security
• Able to quickly assess potential risks of
changes
© 2012 Skybox Security 15
Brewing Company - Results
Clear Visibility
• Enabled clear view of the infrastructure
for network architecture planning
Lower Maintenance Time
• Consolidated and optimized firewalls
Improved Performance
• Increased use of centralized resources
Better Internal Communications
• Reports on operational and risk metrics
© 2012 Skybox Security 16
Available
Access Path
IPS Signatures
Not Enabled
Change Exposes
a Vulnerability
Likely Attack
Scenario
Leveraging Risk Analytics, Modeling
and Simulation
Vulnerabilities • CVE 2011-203
• CVE 2009-722
• CVE 2012-490
• Compliance
• Change Management
• Optimization
• Vulnerability discovery
• Prioritization
• Remediation planning
• Threat intelligence
• Attack prediction
• APT and Malware simulation
© 2012 Skybox Security 17
Common Use Cases for SRM
Continuous Risk
Mitigation
Future SOC Network Security
Management
Enabled by Risk Analytics
Best Practice
Policy
Network Devices Firewalls
Business
Metrics
Operational
Metrics
Corporate
Policies
Compliance
Reports
Normalized device
configuration repository
Network Security
Change Management
Compliance & Risk Analytics
ITSM Integration
Blueprint for Network Security
Management
18
© 2012 Skybox Security 19
Enabling Business Needs, Securely
© 2012 Skybox Security 20
Continuous Risk Mitigation
(Next-Gen Vulnerability Management)
Most Critical
Actions
Vulnerabilities
Threats
IT GRC/Security
Dashboard – consolidated reporting
Security Risk
Management (SRM)
Proactive, pre-attack
risk mitigation
Security Information &
Event Management (SIEM)
Post-attack incident
management
© 2012 Skybox Security - Confidential 21
Risk-Driven Security Operations Center
Manage Risks Effectively
• Communicate security impact in business terms
• Drive cost-efficient operations
Treat Security as a Business
• Support roll-out of new business services
• Quantify risks and communicate options
Enable Business Needs
© 2012 Skybox Security 22
• Monitor risks continuously
• Include proactive risk-management in operations
Adapt and Thrive
Automate daily security tasks
Maintain compliance, prevent attacks
Thank you!
www.skyboxsecurity.com
© 2012 Skybox Security 23