340 likes | 490 Views
THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY. 11 December 2013. Agenda. Objectives About ISE I. Security Separated from Functionality II. Black Box vs. White Box III. Secure Assets, Not Perimeters IV. “Build It In,” Not “Bolt It On” V. Security as Ongoing Process Q&A.
E N D
THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY 11 December 2013 ISE Confidential - not for distribution
Agenda • Objectives • About ISE • I. Security Separated from Functionality • II. Black Box vs. White Box • III. Secure Assets, Not Perimeters • IV. “Build It In,” Not “Bolt It On” • V. Security as Ongoing Process • Q&A ISE Confidential - not for distribution
Objectives • Analyze trending best practices • Keep pace with the rapidly evolving adversaries • Streamline resource and financial investment ISE Confidential - not for distribution
About ISE ISE Confidential - not for distribution
About ISE Analysts • Computer Scientists • Ethical Hackers Customers • Fortune 500 Enterprises • Media & Entertainment, Security Software, Healthcare, etc Perspective • White box Research • Recent: Browsers; Routers • Upcoming: Digital Cinema; Hospital Pilot ISE Confidential - not for distribution
I. Security Separated From Functionality ISE Confidential - not for distribution
I. Security Separated From Functionality CONFLICT IS GOOD! There, I said it. ISE Confidential - not for distribution
I. Security Separated From Functionality ISE Confidential - not for distribution
I. Security Separated From Functionality I.T. ISE Confidential - not for distribution
I. Security Separated From Functionality ISE Confidential - not for distribution
I. Security Separated From Functionality ISE Confidential - not for distribution
I. Security Separated From Functionality ISE Confidential - not for distribution
I. Security Separated From Functionality • Objective of Conflict • Facilitate dialogue amongst teams to arrive at a usable system, on deadline, that entails an acceptable level of security protocols. ISE Confidential - not for distribution
II. Black Box vs. White Box ISE Confidential - not for distribution
II. Black Box vs. White Box • Evaluation Types • Penetration Test • Vulnerability Assessment • Methodologies • Black Box • White Box ISE Confidential - not for distribution
II. Black Box vs. White Box Black Box Perspective ISE Confidential - not for distribution
II. Black Box vs. White Box White Box Perspective ISE Confidential - not for distribution
II. Black Box vs. White Box ISE Confidential - not for distribution
III. Secure Assets, Not Perimeters ISE Confidential - not for distribution
III. Secure Assets, Not Perimeters Traditional Attacks Traditional Defenses 20
III. Secure Assets, Not Perimeters Modern Attacks 21
IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution
IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution
IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution
IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution
IV. “Build It In,” Not “Bolt It On” ISE Confidential - not for distribution
V. Security as Ongoing Process ISE Confidential - not for distribution
V. Security as Ongoing Process ISE Confidential - not for distribution
V. Security as Ongoing Process ISE Confidential - not for distribution
V. Security as Ongoing Process ISE Confidential - not for distribution
V. Security as Ongoing Process ISE Confidential - not for distribution
Recap I. Security Separated from Functionality II. Black Box vs. White Box III. Secure Assets, Not Perimeters IV. “Build It In”, Not “Bolt It On” V. Security as Ongoing Process Whitepaper forthcoming ISE Confidential - not for distribution
Questions? Ted Harrington Executive Partner ted.harrington@securityevaluators.com ISE Confidential - not for distribution