1

ADAPT OR DIE:THE EVOLUTION OF ENDPOINT SECURITY

TODAY’S PRESENTERS

ERIC OGRENSenior Security Analyst, 451 GroupEric Ogren is a Senior Analyst with the Information Security team at 451 Research. Eric has extensive experience in software development, technology marketing, and as a security industry analyst.

GAJRAJ SINGHVP of Product Marketing, TripwireGajraj Singh is an accomplished marketing and product executive with extensive experience in various leadership positions including marketing, product management, and profit center management.

@EricOgrenEric.Ogren@451Research.com

@gajrajs gsingh@tripwire dot com

3

• Evolution of endpoint security• What you can do today to improve the effectiveness of your

endpoint security program• How to gain sufficient endpoint visibility to effectively reduce

breaches• The likely evolution of endpoints and how technology is

adapting to protect them• How these changes will impact security investment decisions

AGENDA

Security M&A now growing fast

4

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015$0.0bn

$2.0bn

$4.0bn

$6.0bn

$8.0bn

$10.0bn

$12.0bn

$14.0bn

$16.0bn

0

20

40

60

80

100

120

140

160

4551 54

8275 76

66 6981 81

7378

107

134

Enterprise Security M&A Activity 2002–2015

Deal volume Deal value*

*Includes all disclosed and estimated deal values Source: The 451 M&A KnowledgeBase

INFORMATION SECURITY Q3 2015

Source: 451 Research, Voice of the Enterprise: Information Security, Q3 2015

Q1. Which of the following types of information security technologies, if any, does your organization currently use?

5

Endpoint Security

Vulnerability Assessment

Security Information and Event Management (SIEM)

Dynamic and/or Static Application Security Tools (DAST/SAST)

None of the Above

84.5%

70.4%

56.0%

31.4%

3.3%

Percent of Sample

n = 910

Usage of Information Security TechnologiesAll Respondents

Endpoint security touches us all

INFORMATION SECURITY Q3 2015

Source: 451 Research, Voice of the Enterprise: Information Security, Q3 2015

Q15. What information security threat do you think is inadequately covered today by your organization that worries you most going forward?

6

Hackers/Crackers with Malicious Intent

Preventing/Detecting Insider Espionage

Cyber-warfare

Industry Specific Compliance (e.g. PCI, HIPAA)

Internal Audit Deficiencies Based on Findings

Compliance Requirements (e.g. Due Care)

Service of Performance Degradation Due to Compliance with Security Policies and Standards

Complying with External Customer/Client Requirements (Due Diligence Exercises)

Risk of Lawsuit Due to Poor Security Controls

Government Regulatory/Legal Compliance (e.g. GLBA, FISMA)

Complying with External Partner/Supplier Requirements (Due Diligence Exercises)

Other

21.5%

17.9%

11.7%

7.0%

7.0%

6.0%

5.9%

5.9%

4.2%

3.3%

3.1%

6.3%

Percent of Sample

n = 898

Most Important Security Concern - FutureAll Respondents

This is what we want to be doing…

Prevention Correction

Compliance

Compliance muscles in on endpoint security

8

INFORMATION SECURITY Q3 2015

Source: 451 Research, Voice of the Enterprise: Information Security, Q3 2015

Q13. Of the top concerns you selected, which is your primary concern?

Hackers/Crackers with Malicious Intent

Industry Specific Compliance (e.g. PCI, HIPAA)

Government Regulatory/Legal Compliance (e.g. GLBA, FISMA)

Complying with External Customer/Client Requirements (Due Diligence Exercises)

Compliance Requirements (e.g. Due Care)

Internal Audit Deficiencies Based on Findings

Cyber-warfare

Preventing/Detecting Insider Espionage

Risk of Lawsuit Due to Poor Security Controls

Complying with External Partner/Supplier Requirements (Due Diligence Exercises)

Service of Performance Degradation Due to Compliance with Security Policies and Standards

Other

21.3%

15.9%

11.3%

10.9%

10.2%

9.4%

5.0%

5.0%

3.6%

2.7%

1.6%

3.2%

Percent of Samplen = 894

Most Important Security Concern - Past 90 DaysAll Respondents

...managing compliance posture is important too!

Endpoint security winners align with the business

10

GROWTH

COMPETITIVENESS

OPS EFFICIENCY

CUSTOMER EXPERIENCE

BUSINESS AGILITY

CYBER RESILIENCE

VISIBILITY

ADAPTIVENESS

RESPONSIVENESS

CONTROL

Confidentiality

Safety

Availability Integrity

Safety

Digital

Physical

DIGITAL BUSINESS – ENABLE AND PROTECT

11

450M

Over 390K malicious programs discovered

every day

78%

% of Boards concerned withcybersecurity

$445B

Estimated financial loss per year

SOURCE: Joint study from ISACA and RSA

SOURCE: Strategic and Int’l Studies

SOURCE: AV-Test.org

12

DEFEND AND PROTECT EVERY ENDPOINT

1. BE PROACTIVE – NAIL THE BASICS, GET AHEAD

2. DETECTION – VISIBILITY, CONTINUOUS

3. RESPONSIVENESS – CONTAIN THE LOSS AND REMEDIATE

How to Improve the Effectiveness of Your Endpoint Security Program

Discover Endpoints

Discover S/W & OS

Inventory& Profile

Monitor Endpoints

CAN YOU SEE IT?

BE PROACTIVE – NAIL THE BASICSGET AHEAD OF THE HACKERS!

DETECTION – CYBER ATTACKVISIBILITY

DetectionThreat?Breach?

1. IOC2. ANOMALY3. BEHAVIOR4. POLICY VIOLATION

ENDPOINTSTATE• PROCESS• ACTIVITY• OBJECT

THREATINTELLIGENCE

CONTAIN REMEDIATE

• TRAFFIC• PROCESS

• ROLLBACK• REPAIR• REMOVE • BLOCK

ASSETCONTEXT

THREATCONTEXT A

NA

LYZ

E

RESPONSIVENESS – CONTAIN THE LOSSAND REMEDIATE

Root Cause

Discover Endpoints

Discover S/W & OS

Inventory& Profile

Monitor Endpoints

Detection Threat?Breach?

CONTAIN REMEDIATE

PROACTIVEDETECTION &RESPONSE

Root Cause

Something about the future of Endpoint Security

IT adopts a diagnostic and fix service model

Security

QA

Networking

Applications TeamsEndpoints

Users

M a n a g e m e n t

• Prevention, correction, compliance remain focal points

• Behavioral detection/analytics will be its own sustaining category

• Endpoints will collaborate with network + cloud

• IT comes to Security for operational intelligence

What would the new wave of endpoint security look like?

21

1. BE PROACTIVE Discover, inventory, assess and monitor

2. FOCUS ON DETECTION & RESPONSEDetect, investigate, analyze changes in near real-time

3. COLLABORATE, INTEGRATE & AUTOMATEFaster detection and response, and IT agility

ADDITIONAL RESOURCES

www.tripwire.com/register/edr-for-dummies/

Sneak Peek: This is a sneak peek of EDR For Dummies that includes the first chapter of the book. All downloaders will be emailed a full copy of the ebook once it's released on March 8th. You can also pick up a free copy of the physical book at our booth at RSA Conference, February 29 through March 4.