A CISOs Guide to Cyber Liability InsuranceJuly 21, 2016

2Copyright SecureAuth Corporation 2016

Today’s Speakers

Dawn-Marie HutchinsonExecutive Director, Office of the CISO

Optiv Security

Tim ArvanitesVice President, Technical Services

SecureAuth

3Copyright SecureAuth Corporation 2016

Agenda

+ Creating Confidence; Reducing Risk: Navigating Cyber Liability Insurance – Dawn-Marie Hutchinson, Optiv

+ Mitigating Risk with Adaptive Access Control – Tim Arvanites, SecureAuth

+ Q&A

Proprietary and Confidential. Do Not Distribute. © 2016 Optiv Inc. All Rights Reserved.

Creating Confidence; Reducing Risk

Navigating Cyber Liability Insurance

5Copyright SecureAuth Corporation 2016

Are you Insurable?

6Copyright SecureAuth Corporation 2016

Premiums at a premium

7Copyright SecureAuth Corporation 2016

Economics Lesson

“One of the most important simple truths in this technological war is that you simply cannot AFFORD to prevent a successful attack.” –Tyler Wrightson

8Copyright SecureAuth Corporation 2016

AD HOCINFRASTRUCTUREBASED

COMPLIANCEBASED

THREATBASED

RISK BASED/DATA CENTRIC BUSINESS

ALIGNEDXShortcut =

FailuretoPass

The Security JourneyBusiness Aligned Strategy: Create a security program that enables your organization by understanding the business objectives, compliance objectives, threats and material risks..

9Copyright SecureAuth Corporation 2016

System security

Network security

Endpoint security

Data security

Security management

User security

Application security

Secure infrastructure

10Copyright SecureAuth Corporation 2016

The 5 Key Questions of Cyber Liability Insurance+ If a breach were to occur, what quantifiable direct impact would it have on

business, customers and the supply chain?

+ Is there an established framework the insurance provider uses to assess security readiness?

+ What does the provider expect you to do to qualify for a suitable policy?

+ Will they be satisfied with the documentation you provide or will they require a thorough audit of policies and practices?

+ Who will you engage in the conversation to reduce cost and manage risk?

11Copyright SecureAuth Corporation 2016

The 5 Key Post Breach Activities

+ If a breach were to occur, do you know what the coverage levels and limits are?

+ Are you following an established program for responding to an incident?

+ What does the provider expect you to do to upon identification of an incident?

+ Will they be satisfied with the documentation you provide or will they require a third party assessment?

+ Who will you engage to manage the incident?

12Copyright SecureAuth Corporation 2016

Mitigating Risk with Adaptive Access Control Tim Arvanites, VP of Technical Services, SecureAuth

14Copyright SecureAuth Corporation 2016

Data Breaches: A Global Epidemic

781 publicly reported data breaches in 2015Billion+ identities compromised

15Copyright SecureAuth Corporation 2016

Anatomy of a Data Breach

Initial Penetration

EstablishFoothold

EscalatePrivileges

CompleteMission

LateralMovement

Majority of the breaches in the enterprises start with social engineering and phishing

Intruders gained access through a Citrix remote access portal set up for use by employees. {Home Depot Breach}

"The hackers acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom built malware on its self check out systems in the U.S. and Canada.” – eWeek

16Copyright SecureAuth Corporation 2016

Why Adaptive Access Control to Mitigate Risk?+ Traditional security infrastructures are routinely circumvented

– Billions spent annually on Endpoint and Network security, yet breaches persist

+ Both the FBI & White House’s under the new Cybersecurity National Action Plan recommend the use of multi-factor authentication.

+ The right level of security controls can help reduce your Cyber Liability Insurance premium and strengthen your security posture.

17Copyright SecureAuth Corporation 2016

Why SecureAuth?

SecureAuth acts as a central authentication point, controlling access to all on-premises and cloud-based applications:

Pre-authentication capabilities protect

against APT and prevent unauthorized

users from gaining access to your critical

networks and applications.

Continuous authentication provides

early detection and insight into your overall

network and application traffic.

Flexible workflows allow you to quickly

respond to attacks by leveraging step-up

authentication during a major security incident.

18Copyright SecureAuth Corporation 2016

Risk LayersDynamic Adaptive Authentication

• Layered Risk Analysis = Stronger Security

• No User Experience Impact

• Only present multi-factor authentication when needed

Device Recognition

Threat Service

Directory Lookup

Geo-Location

Geo-Velocity

Behavioral Biometrics

19Copyright SecureAuth Corporation 2016

Device Recognition

+ First time authentication: register the endpoint device+ Subsequent authentications: validate the endpoint device+ Device recognition can include:

– web browser configuration – device IP address

– language – screen resolution

– installed fonts – browser cookies settings

– browser plugin – time zone

20Copyright SecureAuth Corporation 2016

IP Reputation Data

21Copyright SecureAuth Corporation 2016

Identity Store Lookup

+ Compare and filter based on information in the store+ Can be based on any attribute of the user

22Copyright SecureAuth Corporation 2016

Geo-Location

+ Compare the users current geographic location against good or bad locations

23Copyright SecureAuth Corporation 2016

Geo-Velocity

+ Compare current location and login history to determine whether an improbable travel event has occurred

24Copyright SecureAuth Corporation 2016

+ Analyze behavior that can be used to verify a person+ Gather and store characteristics about the way the user

interacts with a device such as:– Keystroke dynamics– Mouse movements– Gesture patterns– Motion patterns

Behavioral Biometrics

25Copyright SecureAuth Corporation 2016

Cyber Crime

Hacktivism

Anonymous Proxy

Advanced Persistent Threat (APT)

SecureAuth Threat Service

Threat Intelligence

Threat Information

Black/White Lists

Threat ServiceCombining Threat Intelligence & Threat Information for Best-in-Class Security

26Copyright SecureAuth Corporation 2016

Putting it all together

Device Recognition

IP Reputation

Identity Store Lookup

Geo-Location

Geo-Velocity

Behavioral Biometrics

Threat Service

Device RecognitionDecision

Allow Access

Require MFA

Redirect

Deny AccessUser

Pre-Auth Analysis

27Copyright SecureAuth Corporation 2016

In Summary

+ Cyber Liability Insurance is no substitute for good security and practices

– Write and put in place a data breach response plan– Conduct an external penetration test to highlight potential

areas to address– Keep all your systems and software patched up.– Have adaptive access controls in place that can reduce your

Cyber Insurance premium and strengthen your security posture.

Q&A

Thank You! For more information visit www.secureauth.com