Professional Documents
Culture Documents
ERepublic Hawaii DGS 14 Presentation Information Security Threatscape - Mario Balakgie
ERepublic Hawaii DGS 14 Presentation Information Security Threatscape - Mario Balakgie
Mario Balakgie
Director Cybersecurity
World Wide Technology, Inc
Todays Threats
THE VICTIM
THE CULPRIT
THE TARGET
THE ATTACK
THE CHASE
2000
FIREWALL
ANTI-VIRUS
CERTIFICATE MGMT
TIMELINE OF SECURITY CAPABILITIES
INTRUSION DETECTION
NETWORK ACCESS CTRL
APPLICATION CONTROL
2014
100%
Valid credentials used
243
40
63%
Average # of systems
accessed
Victims notified by
external entity
ZERO DAY
EXPLOITS
SPEAR
PHISHING
TARGETED
ATTACKS
TIMED
ATTACKS
LURES AND
REDIRECTS
SOCIAL MEDIA
We must change
the way we view
detection of
threats
FULL IDENTITY
MANAGEMENT
BIG DATA
ANALYTICS
Full context of
network traffic
Analyze large
amounts of data
TODAYS
PLATFORM
Mobile Cloud
PC
Mobile Devices
IT CONTROLLED
PERIMETER-BOUND
USER-CENTRIC
BORDERLESS
PREVENTION
SIGNATURE-BASED
DETECTION
INTELLIGENCE-DRIVEN
*Source: RSA
Response
5%
Monitoring
33%
Response
33%
Prevention
80%
Prevention
33%
Todays
Priorities
Intelligence-Driven
Security
*Source: RSA
LEVEL 2
LEVEL 3
LEVEL 4
LEVEL 5
SECURITY CAPABILITIES
OPTIMIZED
MANAGED
DEFINED
REPEATABLE
INITIAL
Informal roles
Security practices
present but not
formalized
Established policies
Roles defined
Some accountability
present
Compliance focused
Risks measured
Governance and
process defined
Information centric
approach
Metrics defined
Risk-aware culture
Continuous risk improvements
Business owners
Proactive approach to changes
in business, technology and
compliance
CYBER ANALYTICS
HIDS/IPS/IDS
App Whitelisting
Anti-virus
Sandboxing
MONITOR
REPORT
Firewalls
Correlate
Correlate
Access Control
Tune
Tune
Application Control
Threat Intelligence
Data Loss
NextGen Firewall
PACKET
CAPTURE
Anomaly Detection
SITUATIONAL AWARENESS
AWARENESS
ANALYTICS
RESPONSE
MANAGEMENT
SENSORS
INFRASTRUCTURE
IT Infrastructure monitors
enterprise networks
Improving the
Analytics Cycle
Prepare Enterprise;
Advance Analytics
BEFORE
OPTIMIZED
MANAGED
DEFINED
REPEATABLE
INITIAL
Adapt;
Remediate;
Tune
ADAPT
DURING
AFTER
Analyze Anomalies;
Forensic Analysis
Reduce Attacker
Free Time;
Predictive
Analytics
USE CASE
BIG DATA & ADVANCED
ANALYTICS
Security Event
Stratification
What are the most important events?
Which events can I ignore?
Which events are actionable?
What actions should be taken?
USE CASE
BIG DATA & ADVANCED
ANALYTICS
Malware Forecasting,
Analysis and Impact
What malware currently exists?
Which of my systems are vulnerable?
Which immediate patches or upgrades?
Prioritized risk scoring of malware
USE CASE
BIG DATA & ADVANCED
ANALYTICS
USE CASE
BIG DATA & ADVANCED
ANALYTICS
Insider Threat
What employees are at a security risk?
Who has access to sensitive data?
Are they exhibiting anomalous behavior?
Where and when are they accessing the
system?
USE CASE
BIG DATA & ADVANCED
ANALYTICS
Enterprise Risk
Management
What assets are non-compliant?
What threats exist against those assets?
What has changed in the environment?
Where is the sensitive data and who has
access?
USE CASE
BIG DATA & ADVANCED
ANALYTICS
Incident Management
and Forensics
Where did the attacker go?
What was the timeline of the breach?
What was taken?
What was left behind, if anything?
USE CASE
BIG DATA & ADVANCED
ANALYTICS
Fraud Detection:
ECommerce Customers
Who is a normal user?
What is abnormal behavior?
How do they interact with the system?
Where and when are they accessing the
system?
Summary
Cyber Analytics provides:
Multi-vendor integrated architecture for defense,
detection, response, and continuous improvement
Individuals products can be changed
Core functions remain constant
Aligns Enterprise IT, Security and Big Data
Flexibility in Use Case Design and Implementation
Thank You!
End-to-End Expertise
PUBLIC SECTOR
SERVICE PROVIDER
COMMERCIAL
NETWORK
SECURITY
COLLABORATION
DATA CENTER
SUPPLY CHAIN
Enterprise Campus/Branch
Data Center Networking
High-End Routing & Optical
Wireless & Mobility
Software-Defined
Networking
Access Control
Network & Data Protection
Security Management &
Analysis
Risk & Compliance
Unified Communications
Video
Conferencing & Client
Experience
Contact Center
Facilities
Information Storage & Backup
Compute & Virtualization
Data Center Transformation
Big Data
ATC Vision
To create a collaborative ecosystem to
design, build, educate, demonstrate
and deploy innovative technology
products and integrated architectural
solutions for our customers, partners
and employees around the globe.