Upload
tripwire
View
6.137
Download
0
Embed Size (px)
Citation preview
1
ADAPT OR DIE:THE EVOLUTION OF ENDPOINT SECURITY
TODAY’S PRESENTERS
ERIC OGRENSenior Security Analyst, 451 GroupEric Ogren is a Senior Analyst with the Information Security team at 451 Research. Eric has extensive experience in software development, technology marketing, and as a security industry analyst.
GAJRAJ SINGHVP of Product Marketing, TripwireGajraj Singh is an accomplished marketing and product executive with extensive experience in various leadership positions including marketing, product management, and profit center management.
@gajrajs gsingh@tripwire dot com
3
• Evolution of endpoint security• What you can do today to improve the effectiveness of your
endpoint security program• How to gain sufficient endpoint visibility to effectively reduce
breaches• The likely evolution of endpoints and how technology is
adapting to protect them• How these changes will impact security investment decisions
AGENDA
Security M&A now growing fast
4
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015$0.0bn
$2.0bn
$4.0bn
$6.0bn
$8.0bn
$10.0bn
$12.0bn
$14.0bn
$16.0bn
0
20
40
60
80
100
120
140
160
4551 54
8275 76
66 6981 81
7378
107
134
Enterprise Security M&A Activity 2002–2015
Deal volume Deal value*
*Includes all disclosed and estimated deal values Source: The 451 M&A KnowledgeBase
INFORMATION SECURITY Q3 2015
Source: 451 Research, Voice of the Enterprise: Information Security, Q3 2015
Q1. Which of the following types of information security technologies, if any, does your organization currently use?
5
Endpoint Security
Vulnerability Assessment
Security Information and Event Management (SIEM)
Dynamic and/or Static Application Security Tools (DAST/SAST)
None of the Above
84.5%
70.4%
56.0%
31.4%
3.3%
Percent of Sample
n = 910
Usage of Information Security TechnologiesAll Respondents
Endpoint security touches us all
INFORMATION SECURITY Q3 2015
Source: 451 Research, Voice of the Enterprise: Information Security, Q3 2015
Q15. What information security threat do you think is inadequately covered today by your organization that worries you most going forward?
6
Hackers/Crackers with Malicious Intent
Preventing/Detecting Insider Espionage
Cyber-warfare
Industry Specific Compliance (e.g. PCI, HIPAA)
Internal Audit Deficiencies Based on Findings
Compliance Requirements (e.g. Due Care)
Service of Performance Degradation Due to Compliance with Security Policies and Standards
Complying with External Customer/Client Requirements (Due Diligence Exercises)
Risk of Lawsuit Due to Poor Security Controls
Government Regulatory/Legal Compliance (e.g. GLBA, FISMA)
Complying with External Partner/Supplier Requirements (Due Diligence Exercises)
Other
21.5%
17.9%
11.7%
7.0%
7.0%
6.0%
5.9%
5.9%
4.2%
3.3%
3.1%
6.3%
Percent of Sample
n = 898
Most Important Security Concern - FutureAll Respondents
This is what we want to be doing…
Prevention Correction
Compliance
Compliance muscles in on endpoint security
8
INFORMATION SECURITY Q3 2015
Source: 451 Research, Voice of the Enterprise: Information Security, Q3 2015
Q13. Of the top concerns you selected, which is your primary concern?
Hackers/Crackers with Malicious Intent
Industry Specific Compliance (e.g. PCI, HIPAA)
Government Regulatory/Legal Compliance (e.g. GLBA, FISMA)
Complying with External Customer/Client Requirements (Due Diligence Exercises)
Compliance Requirements (e.g. Due Care)
Internal Audit Deficiencies Based on Findings
Cyber-warfare
Preventing/Detecting Insider Espionage
Risk of Lawsuit Due to Poor Security Controls
Complying with External Partner/Supplier Requirements (Due Diligence Exercises)
Service of Performance Degradation Due to Compliance with Security Policies and Standards
Other
21.3%
15.9%
11.3%
10.9%
10.2%
9.4%
5.0%
5.0%
3.6%
2.7%
1.6%
3.2%
Percent of Samplen = 894
Most Important Security Concern - Past 90 DaysAll Respondents
...managing compliance posture is important too!
Endpoint security winners align with the business
10
GROWTH
COMPETITIVENESS
OPS EFFICIENCY
CUSTOMER EXPERIENCE
BUSINESS AGILITY
CYBER RESILIENCE
VISIBILITY
ADAPTIVENESS
RESPONSIVENESS
CONTROL
Confidentiality
Safety
Availability Integrity
Safety
Digital
Physical
DIGITAL BUSINESS – ENABLE AND PROTECT
11
450M
Over 390K malicious programs discovered
every day
78%
% of Boards concerned withcybersecurity
$445B
Estimated financial loss per year
SOURCE: Joint study from ISACA and RSA
SOURCE: Strategic and Int’l Studies
SOURCE: AV-Test.org
12
DEFEND AND PROTECT EVERY ENDPOINT
1. BE PROACTIVE – NAIL THE BASICS, GET AHEAD
2. DETECTION – VISIBILITY, CONTINUOUS
3. RESPONSIVENESS – CONTAIN THE LOSS AND REMEDIATE
How to Improve the Effectiveness of Your Endpoint Security Program
Discover Endpoints
Discover S/W & OS
Inventory& Profile
Monitor Endpoints
CAN YOU SEE IT?
BE PROACTIVE – NAIL THE BASICSGET AHEAD OF THE HACKERS!
DETECTION – CYBER ATTACKVISIBILITY
DetectionThreat?Breach?
1. IOC2. ANOMALY3. BEHAVIOR4. POLICY VIOLATION
ENDPOINTSTATE• PROCESS• ACTIVITY• OBJECT
THREATINTELLIGENCE
CONTAIN REMEDIATE
• TRAFFIC• PROCESS
• ROLLBACK• REPAIR• REMOVE • BLOCK
ASSETCONTEXT
THREATCONTEXT A
NA
LYZ
E
RESPONSIVENESS – CONTAIN THE LOSSAND REMEDIATE
Root Cause
Discover Endpoints
Discover S/W & OS
Inventory& Profile
Monitor Endpoints
Detection Threat?Breach?
CONTAIN REMEDIATE
PROACTIVEDETECTION &RESPONSE
Root Cause
Something about the future of Endpoint Security
IT adopts a diagnostic and fix service model
Security
QA
Networking
Applications TeamsEndpoints
Users
M a n a g e m e n t
• Prevention, correction, compliance remain focal points
• Behavioral detection/analytics will be its own sustaining category
• Endpoints will collaborate with network + cloud
• IT comes to Security for operational intelligence
What would the new wave of endpoint security look like?
21
1. BE PROACTIVE Discover, inventory, assess and monitor
2. FOCUS ON DETECTION & RESPONSEDetect, investigate, analyze changes in near real-time
3. COLLABORATE, INTEGRATE & AUTOMATEFaster detection and response, and IT agility
ADDITIONAL RESOURCES
www.tripwire.com/register/edr-for-dummies/
Sneak Peek: This is a sneak peek of EDR For Dummies that includes the first chapter of the book. All downloaders will be emailed a full copy of the ebook once it's released on March 8th. You can also pick up a free copy of the physical book at our booth at RSA Conference, February 29 through March 4.