240 likes | 393 Views
Effective Threat Protection Strategies. [Name / Title] [Date]. Agenda The Business Challenge Changing Threat Landscape Effective Threat Protection Strategy The Four Principles Getting It Right. Agenda The Business Challenge Changing Threat Landscape Effective Threat Protection Strategy
E N D
Effective Threat Protection Strategies [Name / Title] [Date]
Agenda • The Business Challenge • Changing Threat Landscape • Effective Threat Protection Strategy • The Four Principles • Getting It Right
Agenda • The Business Challenge • Changing Threat Landscape • Effective Threat Protection Strategy • The Four Principles • Getting It Right
The business challenges • Increase in usage of internet means greater exposure to threats • Growing number of threats from cybercriminals • Costs of security breaches • Protecting business continuity • Maintaining regulatory compliance
Organizations are still getting infected Source: Ponemon Institute Security, Mega trends survey 2009
The cost Average cost of a data breach $204 per record compromised Average loss due to security incident • $234,244 per respondent
Agenda • The Business Challenge • Changing Threat Landscape • Effective Threat Protection Strategy • The Four Principles • Getting It Right
Changing threat landscape • The paths to threat exposure are also multiplying: • Social network use by businesses, customers and employees • Infected web pages • Email and IM spam
Regulatory and compliance risk • Comply with a growing body of government regulations and industry standards, such as: • National and state regulations • Payment Card Industry Data Security Standard • Health Insurance Portability and Accountability Act
Agenda • The Business Challenge • Changing Threat Landscape • Effective Threat Protection Strategy • The Four Principles • Getting It Right
Effective threat protection strategy • Balancing business needs with threats and regulations • Protecting against the threats • Enabling your business to operation efficiently • Four key principles • Prevention • Proactive • Performance and productivity • Simplicity
Agenda • The Business Challenge • Changing Threat Landscape • Effective Threat Protection Strategy • The Four Principles • Getting It Right
1. Prevention • Close the security gaps by addressing the sources of infection,preventing threats from getting in, and creating a secure IT environment • Look at implementing interlocking layers of protection • Firewall - secure the computers perimeter • Application Control - prevent unwanted applications • Device Control – allow on clean authorized devices • Network Access Control – ensure computers comply with policy • Email filtering – keep email free of spam and malware • Web security - protect users from accessing malicious websites • Patch management – keep computers protected with latest patches
2. Proactive • Protect against previously unseen attacks before a signature is available • Technologies that deliver: • Behaviour-based detection – stopping code from performing suspicious actions • Host-based Intrusion Prevention Systems (HIPS) • Buffer Overflow Protection Systems (BOPS) • Cloud-based reputation protection – providing latest information online • Live Anti-Virus • Live URL Filtering
3. Performance... and productivity • IT security should help protect productivity • Users will turn off security software if it slows down the performance • A security solution should not get in the way of business itself • Balance protection with productivity
4. Simplicity Security safeguards have to be simple and manageable to get the job done • Understand the incremental benefit over the security already in place • Assess the effect of proposed threat protection measures • Do as much as you can with the smallest number of products • Avoid products that require an expert to manage • Account for the cost of maintaining security products
Agenda • The Business Challenge • Changing Threat Landscape • Effective Threat Protection Strategy • The Four Principles • Getting It Right
The Sophos Approach Security solutions with the greatest business flexibility, least operational effort and lowest investment Comprehensive security & control Simplicity & manageability Pre-packaged intelligence Unrivalled support Security that frees IT managers to concentrate on their business.
Simplicity and manageability Best security with least investment Simplification Manageability • Single agent • Widest platform support • Integrated management • Intelligent policy updating • Appliance monitoring • Delivers consistent protection • Puts our expertise in your hands • Reduces agent pollution • Eliminates end user impact • Ensures lowest operating costs • Automatic protection • Easy to use management • Integrated data protection • Remote monitoring • Anonymizing proxy detection
Pre-packaged intelligence from SophosLabs™ Unrivalled visibility Integrated expertise Automated analysis Monitored regulations Reduces need for specialist security expertise
Unrivalled support and services Breadth ofknowledge,cross platformissue resolution Penalty backedSLAs 24 / 7 support as standard Exceptionalservice levels Our staffinour offices Worldwidecoverage Direct access toexperts speakinglocal language “Overall, Sophos, which places customer support as the cornerstone of its business, was the best. We were greatly impressed by the troubleshooting skills of its technicians, whose knowledge about their product and Windows is solid.” Infosecurity Magazine Scorecard: AV Vendors Tech Support , Ed Skoudis • "I have always received outstanding attention from your support team.” Sal Serafino, Cold Spring Harbor Laboratory, US • "Sophos has continually demonstrated dedication to both technical support and customer service."Neil Barnes, calfordseaden, UK Enhancedsupport servicesto maximise ROI
Summary • Review your current security against your business needs • Deploy layers of protection to close the security gaps • Measure each technology choice against the four principles