Addressing Security in the 21st Century

1. Addressing Securityin the21st Century  Susan Crinnian, CISSP VP, Business Development PGI Solutions LLC.

2. Agenda Paradigm shift of compliance and security protection The need for a pre-emptive strategy Understanding �knowledge power� allows one to be a master of their network Network forensics

3. Compliance, Security, Forensics Compliance is the leading driver of current investment in security and compliance initiatives. Another driver, in the light of data theft and public disclosure, is to protect the organization and its brand - which brings into focus security and forensics. Today - while tactical deployment of point solutions for addressing compliance and security on an when-needed basis is currently the most prevalent approach, the trend is to view compliance and security as an on-going, strategic, and flexible program rather than a one-time event. These new types of solutions can readily adapt to change which occurs with networks and compliance regulations. This active management that we call Active Network Intelligence, which is proactive and real time, allows these organizations to lower operational costs, support higher scale, reduce security risk, maintain consistent security policy, and address breaches with data that is guaranteed to be untouched. This leads to operational and management efficiencies which lead one to be �Master of their Network� through �Knowledge Power�. Today - while tactical deployment of point solutions for addressing compliance and security on an when-needed basis is currently the most prevalent approach, the trend is to view compliance and security as an on-going, strategic, and flexible program rather than a one-time event. These new types of solutions can readily adapt to change which occurs with networks and compliance regulations. This active management that we call Active Network Intelligence, which is proactive and real time, allows these organizations to lower operational costs, support higher scale, reduce security risk, maintain consistent security policy, and address breaches with data that is guaranteed to be untouched. This leads to operational and management efficiencies which lead one to be �Master of their Network� through �Knowledge Power�.

4. Organizations who have pre-emptivesecurity policy Decrease the number of non-compliance incidents, number of security-related incidents, and the number of false positives. Decrease in the time required to complete a compliance related-audit Increase the number of systems requiring updates, patches, and configuration changes actively being managed, and increase the number of systems generating logs actively being managed. Aberdeen Group, 2007 Organizations who earn best-in-class status according to Aberdeen Group have been able to accomplish these items. Today the trends are for more systems to be monitored via logs.Organizations who earn best-in-class status according to Aberdeen Group have been able to accomplish these items. Today the trends are for more systems to be monitored via logs.

5. Technologies deployed in support of security and compliance Network behavior analysis Network access control Security Event Management Security information management Log Management Database Monitoring and Auditing Unified Threat Management