360 likes | 472 Views
Data protection in the “new threat” age. John Kindervag, Principal Analyst. 21 June 2013. Agenda. Threats are mutating and ubiquitous Targeting Data Understanding APT Can DLP save the day ? Rethinking DLP Summary. Agenda. Threats are mutating and ubiquitous Targeting Data
E N D
Data protection in the “new threat” age John Kindervag, Principal Analyst 21 June 2013
Agenda • Threats are mutating and ubiquitous • Targeting Data • Understanding APT • Can DLP save the day? • Rethinking DLP • Summary
Agenda • Threats are mutating and ubiquitous • Targeting Data • Understanding APT • Can DLP save the day? • Rethinking DLP • Summary
The MutatingThreat Landscape Hacktivism Blended Surgical Cooperative Devastating The tool box Strategic Assets Organized Groups
The Times They Are a-Changin' Mobility Cloud Adoption Advanced Threats
Web 2.0 adds new security challenges Attack surface is expanding. Other measures must augment site reputation Users are behaving carelessly.
Immediate threat is to end-users Potential to infect or disrupt the corporate network Browser-based attacks Clickjacking Cross Site Request Forgery Greater Potential Data Leakage User blogs Social Networks Web 2.0 Security Concerns
Agenda • Threats are mutating and ubiquitous • Targeting Data • Understanding APT • Can DLP save the day? • Rethinking DLP • Summary
I need RDP UK US Germany To buy NOW VIA WMZ wana buy 9 Selling (Worldwide Cvvs, Worldwide Fullz, UK, Usa Logins Worldwide Dumps, UK, UsaPaypal, Ebay Accounts...) GOOD OFFER SELLING hacked RDP GURANTED 24HOURS UP TIME ONLY 10$ Selling fresh verginwordwidecvv
Two types of data 1 • Data that someone wants to steal 2 • Everything else . . . they won’t steal it.
PCI PHI PII IP Remember the four P’s 75% of DLP Use Cases 3P + IP = TD
Data Security And Control Framework Source: January 2012 “The Future Of Data Security And Privacy: Controlling Big Data”
Agenda • Threats are mutating and ubiquitous • Breaches happen • Understanding APT • Can DLP save the day? • Rethinking DLP • Summary
Advanced Persistent Threat
Advanced – attack methodologies are complex and hard to detect. Stuxnet = $100 Million to create and deploy Often a large team sponsored by a nation state Persistent – attacker is patient and will not give up. Thwarted attack vectors lead to new avenues of attack. Advanced malware and 0-Day attacks may be used but do not equal an APT APT is about Objectives APT – What is it?
Frequency of data breaches 25% of companies have experienced a breach during the last 12 months that they know of Base: 1319 IT security decision-makers; Source: Forrsights Security Survey, Q3 2012
Breaches Happen “How many times do you estimate that your firm's sensitive data was potentially compromised or breached in the past 12 months?" Base = 1,319 North American and European enterprise security decision-makers responsible for network or data security at companies that have had a breach in the past 12 months Source: Forrsights Security Survey, Q2 2012
Agenda • Threats are mutating and ubiquitous • Breaches happen • Understanding APT • Can DLP save the day? • Rethinking DLP • Summary
AV Catch Rate Patch Status Device Access (NAC) Malware Sandboxing Input Metrics are Ineffective
Has your networks or systems been infiltrated by malicious actors? (Intrusion) Has your toxic data been exfiltrated from your networks or systems into the hands of malicious actors? (Breach) Situational Awareness Effective Metrics Output Metrics
Agenda • Threats are mutating and ubiquitous • Breaches happen • Security Priorities and Trends • Can DLP save the day? • Rethinking DLP • Summary
Enterprise DLP Adoption is low “What are your firm’s plans to adopt the following email security and web security technologies? Advanced content-based email filtering (DLP technologies)" Base = 1,293 North American and European IT security decision-makers Source: Forrsights Security Survey, Q2 2012
Endpoint Email Web Network/NAV Gateway Forrester has defined five types of DLP
Forrester’s DLP Maturity Grid DLP is a feature, not a product
The Maturity Grid breaks DLP up into 25 distinct and manageable projects. More Mature Less Mature
More Mature Less Mature
Agenda • Threats are mutating and ubiquitous • Breaches happen • Security Priorities and Trends • Can DLP save the day? • Rethinking DLP • Summary
Threats are constantly changing New threats will target everything Effective security will be as much about the process as the product Focus on Data Exfiltration and Output Metrics Summary
Thank you John Kindervag +1 469.221.5372 jkindervag@forrester.com Twitter: @Kindervag www.forrester.com