1 / 20

Assessing the Threatscape Addressing compliance requirements Respond, don’t just report

You’re already a statistic…. Assessing the Threatscape Addressing compliance requirements Respond, don’t just report You’re already a statistic, how do you rebound? Q&A. Assessing the threatscape. Security Breach Statistics*.

lynde
Télécharger la présentation

Assessing the Threatscape Addressing compliance requirements Respond, don’t just report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. You’re already a statistic… • Assessing the Threatscape • Addressing compliance requirements • Respond, don’t just report • You’re already a statistic, how do you rebound? • Q&A

  2. Assessing the threatscape Security Breach Statistics* • 91% of companies have experienced at least one IT security event from an external source. • 90% of all cyber crime costs are those caused by web attacks, malicious code and malicious insiders. *Statistics collected from Gartner, Forrester, Ponemon, Kaspersky, Eschelon

  3. Assessing the threatscape Security Breach Statistics • Due to complexity, over 70% of organizations still not adequately securing critical systems. • The median annualized cost of breaches is $3.8 million per year, (range: $1M to $52M/yr)

  4. ASsessing the threatscape • 96% of attacks were not highly difficult • 94% of all data compromised involved servers • 85% of breaches took weeks or more to discover • 92% of incidents were discovered by a third party • 97% of breaches were avoidable • 96% of victims subject to PCI DSS had not achieved compliance A study conducted by the Verizon RISK Team

  5. Top threats According to Cloud Security Alliance • Data breaches • Data loss/leakage • Account/service traffic hijacking • Insecure interfaces and APIs • Denial of service • Malicious insiders • Insufficient due diligence • Technology vulnerabilities • Social Engineering • Viruses, phishing, malware, spyware • Employees exposing information • Carelessness/lax security policies

  6. cyber war has been declared Source: www.securelist.com Kaspersky Bulletin

  7. … that becomes this They all start off like this And then this happens…. …followed by this … which ultimately ends up with this The challenge is real

  8. The weight of compliance “I get audited. I get audited a lot.” - Michael TamponeChief Technology Officer Sterling Risk

  9. Alphabet soup of oversight • FFIEC • PCI / DSS • CIP • Sarbanes Oxley • GLBA • FISMA • NERC • HIPAA • FERPA • SB-1386 (California)

  10. The problem is… • It’s expensive • It’s time consuming • It’s resource heavy • Perceived imbalance in the risk/reward quotient • We’ve got it covered • We haven’t been attacked/complacency • We’re too small for hackers to care/notice • Expertise difficult to retain MSPAlliance says: Unemployment for IT security is <1%. And once found, they’re expensive to keep. In fact their salaries doubled in past 3 years. …but it doesn’t have to be

  11. Overcoming obstacles Best practices • Preventive/Preemptive policies • Centralized control • Automation • Transaction Anomaly Prevention • Minimize end user impact • Consistency • Maintain and enforce standards • Minimizing management and operational cost

  12. Monitoring is not enough • Continuous monitoring discovers red flags (via Log/SIEM) but too often reviewed days/weeks later • Doesn’t FIX the problem • Signatures will not detect anything unusual in a zero-day exploit • Doesn’t maintain continuous integrity of files/apps/registry

  13. Turn back the clock • Real-time configuration mgmt • Recovery back to ideal state • Automated alerts and repair • Avoid unauthorized changes that threaten compliance • Demonstrate control of computing environment • Change management • Reduce support incidents

  14. Complying with Security frameworks SANS offers 12 critical controls for implementation, automation, and measurement. Security Configuration Management applies to 8 of those guidelines, most notably • (3.11)Implement automated configuration monitoring system to analyze hardware and software changes, network configuration changes, and other modifications affecting the security of the system. *Source SANS 20 Critical Controls

  15. Go home on time…really! • Reduce, remove security threats • Reduce operational downtime • Reduce support incidents by 80% • Automate security compliance policy • Increase application availability • Reduce case resolution times and repeat cases • Reduce on-site or remote service requests • Integrates with existing infrastructure • Automated compliance reporting • Improve customer satisfaction

  16. Let Me PROVE IT Demonstration

  17. Company Overview • Innovative Software Company • Over 12 years in the marketplace • 1,000’s of customer deployments globally • Proven and patented technology Customers IT organizations will fail to successfully manage their PC environment if they have not addressed the biggest issue: complexity … Persystent Suite … does provide configuration drift management functionality.

  18. THANK YOU. Bob Whirley Utopic Softwarebobwhirley@utopicsoftware.com727-512-9001 www.utopicsoftware.com

More Related