220 likes | 335 Views
You’re already a statistic…. Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A. Assessing the threatscape. Security Breach Statistics*.
E N D
You’re already a statistic… • Assessing the Threatscape • Addressing compliance requirements • Respond, don’t just report • You’re already a statistic, how do you rebound? • Q&A
Assessing the threatscape Security Breach Statistics* • 91% of companies have experienced at least one IT security event from an external source. • 90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders. *Statistics collected from Gartner, Forrester, Ponemon, Kaspersky, Eschelon
Assessing the threatscape Security Breach Statistics • Due to complexity, over 70% of organizations still not adequately securing critical systems. • The median annualized cost of breaches is $3.8 million per year, (range: $1M to $52M/yr)
ASsessing the threatscape • 96% of attacks were not highly difficult • 94% of all data compromised involved servers • 85% of breaches took weeks or more to discover • 92% of incidents were discovered by a third party • 97% of breaches were avoidable • 96% of victims subject to PCI DSS had not achieved compliance A study conducted by the Verizon RISK Team
Top threats According to Cloud Security Alliance • Data breaches • Data loss/leakage • Account/service traffic hijacking • Insecure interfaces and APIs • Denial of service • Malicious insiders • Insufficient due diligence • Technology vulnerabilities • Social Engineering • Viruses, phishing, malware, spyware • Employees exposing information • Carelessness/lax security policies
cyber war has been declared Source: www.securelist.com Kaspersky Bulletin
The weight of compliance “I get audited. I get audited a lot.” - Michael TamponeChief Technology Officer Sterling Risk
Alphabet soup of oversight • FFIEC • PCI / DSS • CIP • Sarbanes Oxley • GLBA • FISMA • NERC • HIPAA • FERPA • SB-1386 (California)
until Root Cause is discovered & Fixed YOUR ASSETS ARE VULNERABLE
The problem is… • It’s expensive • It’s time consuming • It’s resource heavy • Perceived imbalance in the risk/reward quotient • We’ve got it covered • We haven’t been attacked/complacency • We’re too small for hackers to care/notice • Expertise difficult to retain MSPAlliance says: Unemployment for IT security is <1%. And once found, they’re expensive to keep. In fact their salaries doubled in past 3 years. …but it doesn’t have to be
Overcoming obstacles Best practices • Preventive/Preemptive policies • Centralized control • Automation • Transaction Anomaly Prevention • Minimize end user impact • Consistency • Maintain and enforce standards • Minimizing management and operational cost
Complying with Security frameworks SANS offers 12 critical controls for implementation, automation, and measurement. Security Configuration Management applies to 8 of those guidelines, most notably • (3.11)Implement automated configuration monitoring system to analyze hardware and software changes, network configuration changes, and other modifications affecting the security of the system. *Source SANS 20 Critical Controls
Monitoring is not enough • Continuous monitoring discovers red flags (via Log/SIEM) but too often reviewed days/weeks later • Doesn’t FIX the problem • Signatures will not detect anything unusual in a zero-day exploit • Doesn’t maintain continuous integrity of files/apps/registry
Turn back the clock • Improve the success rate of patching • XP Migration • Avoid unauthorized changes that threaten compliance • Real-time configuration mgmt • Prevent & recover back to ideal state • Reduce support incidents • Demonstrate control of computing environment
Go home on time…really! • Reduce, remove security threats • Reduce operational downtime • Reduce support incidents by 80% • Automate security compliance policy • Increase application availability • Reduce case resolution times and repeat cases • Reduce on-site or remote service requests • Integrates with existing infrastructure • Automated compliance reporting • Improve customer satisfaction
Let Me PROVE IT Demonstration
Company Overview • Innovative Software Company • Over 12 years in the marketplace • 1,000’s of customer deployments globally • Proven and patented technology Customers IT organizations will fail to successfully manage their PC environment if they have not addressed the biggest issue: complexity … Persystent Suite … does provide configuration drift management functionality.
THANK YOU. Bob Whirley Utopic Softwarebobwhirley@utopicsoftware.com727-512-9001 www.utopicsoftware.com