Upload
secureauth
View
170
Download
3
Embed Size (px)
Citation preview
A CISOs Guide to Cyber Liability InsuranceJuly 21, 2016
2Copyright SecureAuth Corporation 2016
Today’s Speakers
Dawn-Marie HutchinsonExecutive Director, Office of the CISO
Optiv Security
Tim ArvanitesVice President, Technical Services
SecureAuth
3Copyright SecureAuth Corporation 2016
Agenda
+ Creating Confidence; Reducing Risk: Navigating Cyber Liability Insurance – Dawn-Marie Hutchinson, Optiv
+ Mitigating Risk with Adaptive Access Control – Tim Arvanites, SecureAuth
+ Q&A
Proprietary and Confidential. Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved.
Creating Confidence; Reducing Risk
Navigating Cyber Liability Insurance
5Copyright SecureAuth Corporation 2016
Are you Insurable?
6Copyright SecureAuth Corporation 2016
Premiums at a premium
7Copyright SecureAuth Corporation 2016
Economics Lesson
“One of the most important simple truths in this technological war is that you simply cannot AFFORD to prevent a successful attack.” –Tyler Wrightson
8Copyright SecureAuth Corporation 2016
AD HOCINFRASTRUCTUREBASED
COMPLIANCEBASED
THREATBASED
RISK BASED/DATA CENTRIC BUSINESS
ALIGNEDXShortcut =
FailuretoPass
The Security JourneyBusiness Aligned Strategy: Create a security program that enables your organization by understanding the business objectives, compliance objectives, threats and material risks..
9Copyright SecureAuth Corporation 2016
System security
Network security
Endpoint security
Data security
Security management
User security
Application security
Secure infrastructure
10Copyright SecureAuth Corporation 2016
The 5 Key Questions of Cyber Liability Insurance+ If a breach were to occur, what quantifiable direct impact would it have on
business, customers and the supply chain?
+ Is there an established framework the insurance provider uses to assess security readiness?
+ What does the provider expect you to do to qualify for a suitable policy?
+ Will they be satisfied with the documentation you provide or will they require a thorough audit of policies and practices?
+ Who will you engage in the conversation to reduce cost and manage risk?
11Copyright SecureAuth Corporation 2016
The 5 Key Post Breach Activities
+ If a breach were to occur, do you know what the coverage levels and limits are?
+ Are you following an established program for responding to an incident?
+ What does the provider expect you to do to upon identification of an incident?
+ Will they be satisfied with the documentation you provide or will they require a third party assessment?
+ Who will you engage to manage the incident?
12Copyright SecureAuth Corporation 2016
Mitigating Risk with Adaptive Access Control Tim Arvanites, VP of Technical Services, SecureAuth
14Copyright SecureAuth Corporation 2016
Data Breaches: A Global Epidemic
781 publicly reported data breaches in 2015Billion+ identities compromised
15Copyright SecureAuth Corporation 2016
Anatomy of a Data Breach
Initial Penetration
EstablishFoothold
EscalatePrivileges
CompleteMission
LateralMovement
Majority of the breaches in the enterprises start with social engineering and phishing
Intruders gained access through a Citrix remote access portal set up for use by employees. {Home Depot Breach}
"The hackers acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom built malware on its self check out systems in the U.S. and Canada.” – eWeek
16Copyright SecureAuth Corporation 2016
Why Adaptive Access Control to Mitigate Risk?+ Traditional security infrastructures are routinely circumvented
– Billions spent annually on Endpoint and Network security, yet breaches persist
+ Both the FBI & White House’s under the new Cybersecurity National Action Plan recommend the use of multi-factor authentication.
+ The right level of security controls can help reduce your Cyber Liability Insurance premium and strengthen your security posture.
17Copyright SecureAuth Corporation 2016
Why SecureAuth?
SecureAuth acts as a central authentication point, controlling access to all on-premises and cloud-based applications:
Pre-authentication capabilities protect
against APT and prevent unauthorized
users from gaining access to your critical
networks and applications.
Continuous authentication provides
early detection and insight into your overall
network and application traffic.
Flexible workflows allow you to quickly
respond to attacks by leveraging step-up
authentication during a major security incident.
18Copyright SecureAuth Corporation 2016
Risk LayersDynamic Adaptive Authentication
• Layered Risk Analysis = Stronger Security
• No User Experience Impact
• Only present multi-factor authentication when needed
Device Recognition
Threat Service
Directory Lookup
Geo-Location
Geo-Velocity
Behavioral Biometrics
19Copyright SecureAuth Corporation 2016
Device Recognition
+ First time authentication: register the endpoint device+ Subsequent authentications: validate the endpoint device+ Device recognition can include:
– web browser configuration – device IP address
– language – screen resolution
– installed fonts – browser cookies settings
– browser plugin – time zone
20Copyright SecureAuth Corporation 2016
IP Reputation Data
21Copyright SecureAuth Corporation 2016
Identity Store Lookup
+ Compare and filter based on information in the store+ Can be based on any attribute of the user
22Copyright SecureAuth Corporation 2016
Geo-Location
+ Compare the users current geographic location against good or bad locations
23Copyright SecureAuth Corporation 2016
Geo-Velocity
+ Compare current location and login history to determine whether an improbable travel event has occurred
24Copyright SecureAuth Corporation 2016
+ Analyze behavior that can be used to verify a person+ Gather and store characteristics about the way the user
interacts with a device such as:– Keystroke dynamics– Mouse movements– Gesture patterns– Motion patterns
Behavioral Biometrics
25Copyright SecureAuth Corporation 2016
Cyber Crime
Hacktivism
Anonymous Proxy
Advanced Persistent Threat (APT)
SecureAuth Threat Service
Threat Intelligence
Threat Information
Black/White Lists
Threat ServiceCombining Threat Intelligence & Threat Information for Best-in-Class Security
26Copyright SecureAuth Corporation 2016
Putting it all together
Device Recognition
IP Reputation
Identity Store Lookup
Geo-Location
Geo-Velocity
Behavioral Biometrics
Threat Service
Device RecognitionDecision
Allow Access
Require MFA
Redirect
Deny AccessUser
Pre-Auth Analysis
27Copyright SecureAuth Corporation 2016
In Summary
+ Cyber Liability Insurance is no substitute for good security and practices
– Write and put in place a data breach response plan– Conduct an external penetration test to highlight potential
areas to address– Keep all your systems and software patched up.– Have adaptive access controls in place that can reduce your
Cyber Insurance premium and strengthen your security posture.
Q&A
Thank You! For more information visit www.secureauth.com