you can't teach an old dog new tricks
TRANSCRIPT
You Can’t Teach an Old Dog New Tricks
The fallacy of the ‘Secure Perimeter’ approach
Webinar, Tuesday June 23rd 2015
2WEBINAR: "You Can’t Teach an Old Dog New Tricks"
Introductions & “House Rules” Effective Data Protection Requires Change Tackle the compromised security perimeter via Data-centric information security RightsWATCH Live Demo Questions & Answers
Tuesday June 23rd 2015
Agenda
3WEBINAR: "You Can’t Teach an Old Dog New Tricks"
Eric HanselmanEric is the Chief Analyst at 451 Research. He has an extensive, hands-on understanding of a broad range of IT subject areas, having direct experience in the areas of networks, virtualization, security and semiconductors. He coordinates industry analysis across the broad portfolio of 451 research disciplines.
Rui Melo BiscaiaRui serves as the Director of Product Management for Watchful Software, and is responsible for the company's product direction and go-to-market
Tuesday June 23rd 2015
Introductions
4WEBINAR: "You Can’t Teach an Old Dog New Tricks"
You are muted centrally. You don’t need to mute/unmute yourself This webinar is being recorded. The recording will be available tomorrow at
www.watchfulsoftware.com The Q&A session will be at the end You are welcomed to enter questions anytime, using the Chat feature in the
GoToWebinar Control Panel
Some “House Rules”
Tuesday June 23rd 2015
5WEBINAR: "You Can’t Teach an Old Dog New Tricks"
Introductions & “House Rules” Effective Data Protection Requires Change Tackle the compromised security perimeter via Data-centric information security RightsWATCH Live Demo Questions & Answers
Tuesday June 23rd 2015
Agenda
You Can't Teach an Old Dog New TricksEffective Data Protection Requires ChangeEric Hanselman, Chief Analyst
Security Protections are More Critical Than EverToo many examples of data breaches▪ The world has changed▪ Protections have to change▪ Data is the most valuable asset and the easiest to lose
7
We’re Still Buying Lots of SecurityBudgets and purchasing expectations are up
Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 20148
But We’re Changing What We BuyChasing effective mitigations
Source: 451 Research's Customer Insight, TheInfoPro Information Security 2H 2014Q. How will your spending on this technology change in 2015 as compared to 2014? n=210 to 213. Data from respondents not using the technology or that don't know about spending are hidden.
Threat Intelligence
Patch Management
Anti-spam/Email Security
Antivirus/Endpoint Security
Anti-DDoS
Web Application Firewall
Network Data-loss Prevention Solutions
IT Sec Training/Edu/Awareness
Endpoint Data-loss Prevention Solutions
Event Log Management System
NIDS/NIPS
Security Information Event Management
Application-aware/Next-gen Firewall
Mobile Device Management
2%
3%
6%
4%
1%
2%
1%
1%
1%
5%
10%
4%
8%
3%
28%
74%
73%
77%
28%
26%
20%
47%
25%
47%
53%
40%
28%
41%
9%
9%
9%
11%
12%
15%
17%
18%
20%
25%
27%
27%
27%
31%
Less Spending About the Same More Spending
9
Focusing On Data for Effective ControlsEncryption has to be applied effectively▪ Integrating encryption into use▪ Becoming transparent to users▪ Scalable policy controls
▪ Long standing data classification complexity▪ Delegating policy elements
▪ Dealing with transition▪ Protections for existing data
10
Utilization of Encryption in Organizations
Q. Since you are using encryption, where is encryption used within your organization? Check all that apply. n=169. Source: Information Security Wave 17 © 2015 451 Research LLC. 11
To be Effective, There Has to be VisibilityTraditional tools are challenged▪ Fewer points to observe
▪ Increasing encryption use▪ Mobile users are beyond view and controls▪ Activity-based controls face user resistance
We have to look to different ideas for protection
12
Introductions & “House Rules” Effective Data Protection Requires Change Tackle the compromised security perimeter via Data-centric information security RightsWATCH Live Demo Questions & Answers
Tuesday June 23rd 2015 13
Agenda
WEBINAR: "You Can’t Teach an Old Dog New Tricks"
Tackle the compromised security perimeter via Data-centric information security
Rui Melo Biscaia, Director of Product Management
WEBINAR: "You Can’t Teach an Old Dog New Tricks"
• Accidental disclosure (e.g., via the internet)
• Malicious code• Improper or
accidental disposal of records or portable equipment
Insider Threat
It’s not a matter of ‘if’ but ‘when’
It’s not really about databases
anymore
Hackers aren’t the greatest threat
This doesn’t have to keep happening
Tuesday June 23rd 2015 15
Well IntentionedInsider
MaliciousInsider
• Disgruntled employee
• Profit-seeking employee
• A Former employee
WEBINAR: "You Can’t Teach an Old Dog New Tricks"
Data-centric Security
16Tuesday June 23rd 2015
GOVERNANCE
PROTECTION
LOSSPREVENTIONCLASSIFICATION
WEBINAR: "You Can’t Teach an Old Dog New Tricks"
Data-centric Security
17Tuesday June 23rd 2015
GOVERNANCE
PROTECTION
LOSSPREVENTIONCLASSIFICATION
to enhance compliance
to apply policies
to decrease liability
to uphold policies
WEBINAR: "You Can’t Teach an Old Dog New Tricks"
New Perimeter Spectrum
18Tuesday June 23rd 2015
Introductions & “House Rules” Effective Data Protection Requires Change Tackle the compromised security perimeter via Data-centric information security RightsWATCH Live Demo Questions & Answers
Tuesday June 23rd 2015 19
Agenda
WEBINAR: "You Can’t Teach an Old Dog New Tricks"
WEBINAR: "You Can’t Teach an Old Dog New Tricks"
RightsWATCH Live Demo
20Tuesday June 23rd 2015
Introductions & “House Rules” Effective Data Protection Requires Change Tackle the compromised security perimeter via Data-centric information security RightsWATCH Live Demo Questions & Answers
Tuesday June 23rd 2015 21
Agenda
WEBINAR: "You Can’t Teach an Old Dog New Tricks"
You Can’t Teach an Old Dog New Tricks
Questions & Answers
Webinar, Tuesday June 23rd 2015
You Can’t Teach an Old Dog New Tricks
The fallacy of the ‘Secure Perimeter’ approach
Webinar, Tuesday June 23rd 2015