1 / 36

- Security Investments - The past 5 Years: Education & Corporate Spending

- Security Investments - The past 5 Years: Education & Corporate Spending. Our History. EST. 2001 $25 Million in Pure Security 300 Customers 10 States 70 School Districts 30% of our business is K/12 -Higher Ed. K-20 Sampling. Edutech of ND Omaha Public Denver Public Schools

lyle
Download Presentation

- Security Investments - The past 5 Years: Education & Corporate Spending

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. - Security Investments - The past 5 Years: Education & Corporate Spending

  2. Our History • EST. 2001 • $25 Million in Pure Security • 300 Customers • 10 States • 70 School Districts • 30% of our business is K/12 -Higher Ed

  3. K-20 Sampling • Edutech of ND • Omaha Public • Denver Public Schools • Lincoln Public • Colorado University • Bozeman Schools • Moore Public Schools • Union Public Schools • Academy 20 Public Schools

  4. SecurityBuckets

  5. Internet Citizen

  6. SPAM • SMTP Oldest and Easiest Vector • Still Valid • Image Spam is latest • Scam Galore • Volume based • Constant Change

  7. The Security Layers • Email Gateway -AV/SPAM/PolicyControl • Desktop AV • URL Filter • IPS/IDS/HIPS • Proactive Monitoring • Data Encryption- Moving & Stored • Security Testing - VA/PEN/Applications

  8. They Killed Kenny

  9. Email Buying Trends • K-12 more compliancy aware • Small Encryption Rollouts are happening • Both Inbound and Outbound Inspection • Email Archiving in the works for 2008 • VMWare Images available today (ProofPoint) • 1st Step Data Loss Light

  10. Email Case Study • Large 10,000 Computer School • Adding 15K Student Mailboxes • Moving from Cheap Inbound protection • To -Commercial Inbound/ Outbound email security gateways on VMWare • Will archive all Email • Will inspect messages for compliancy - HIPA, Credit Card and Student Information • 500 Seats of Email Encryption of Staff

  11. Email Investment • Currently Cheap for Simple - $3K • Move to Inbound / Outbound - About $15K for 10,000 Seats or $1.50 a yr Per Mailbox with Policy Compliance • Encryption for Administration - $20 a Year • Email Archiving - $8K for 2 terrabytes

  12. Old School -HTTP

  13. Costof Invention

  14. HTTP Summary • URL Blocking is a must in K12 • Protect against the basic threat - Bandwidth, Wasting time, and Malware • Bonded districts have rolled out IM,Web Mail ,FTP, P to P, Chat Room monitoring • Higher Ed is pressured to limit music sharing

  15. EvolutionTime Lines

  16. Proactive Monitoring

  17. People/Process • Do you Policy in place? Other than for a Felony? • Proactive monitoring -When will it be a requirement? • Specific case building - Do you want to do it? • Once you have visibility you probably will have to take action • Can Technology Visibility can mold policy?

  18. Case StudyProactive Monitoring • Large 20,000 Seat Bonded District • Review all TCP/IP • Focus on Gangs, Weapons, Drugs, Plagiarism • Use for bad apple’s - moving out, or in court cases with parents, teachers, temp staff • Also review all Credit Card and HIPAA Violations • After 4 years - Key piece of Security - Has Molded Policy

  19. EvolutionTime Lines

  20. ProactiveMonitoring • Full Monitoring - $35K a Year for 5000 Seats or $7 a seat • Easier to use today • Lot of bang for the buck • Good Investigation tool • Good Case building tool • Will keep auditors happy for Credit Cards and HIPPA as well • Keep Stock Holders happy as well

  21. EvolutionTime Lines

  22. IPS Review • Why use it? • How it fits? • How is it different than IDS? • K-20 Adoption Rates • Different than Desktop

  23. EvolutionTime Lines

  24. IPS Today

  25. IPS /Pro /Con • Hardware Switches at the Core • The best in Network Security protection today • Fast and Efficient - easy to use • Pricing has come down • Master Console Concept for lots of boxes • Proven in F1000 • 10GB Units shipping in 2008

  26. IPS Pricing • $50K for 1GB Traffic • Gottcha is - Got to have many in big Network • Also Need collector console if have multiple • Small Boxes are as low as $8K to get started in small LAN

  27. IPS Case Study • Large Colorado Health Care • IPS at the Core - 2GB + in Speeds • Monitored for 30 days • 20% of Network was “dirty” • Had old school IDS SNORT • Implemented in 2 weeks, in 4 Core Routes , Network is performing better!

  28. Data at Rest • Encrypt your Hard Drives • K-20 is doing it • Its Cheap • Over 20 Vendors • USB protection - built in to most as a add on

  29. Security Testing • Coming along in K20 • You will need patience • If you can - do it once a month with VA software internally on critical systems • Hire a professional testing practice for Pen Testing, its worth it • Pen Test your Student Info Systems that are web enabled

  30. Security Testing Trends • Pricing is at $700 an IP for Outside VA and Penetration • Internal Testing includes VA Sweep, Data Leakage Review, Data at Rest and in Motion Review • Social Engineering Drops of USB Keys • Gap Analysis, Compliancy Alignment

  31. Acquiring Security Testing Skills • Focus on a Commercial Tool Budget • Focus on Critical Networks,Applications and Data • Start with Internal Network Vulnerability • Develop baselines for the Schools • Set goals that make sense • Be patient - on the Security People and Process

  32. Security Investment Costs

  33. Near Perfect World

  34. Moving Forward • Be aware • Be Diligent • Fight for your Security Budgets • Stay Paranoid • Listen to your Security teams • Listen to the students

  35. Internet Citizen

  36. Questions?? greg@dirsec.com

More Related