infosec 2014: intelligence as a service: the future of frontline security
DESCRIPTION
Featuring Marty Legg, Cloud Services Director SecureData Security technology continues to change with expanding perimeters, massive data, and siloed solutions causing an all-out asymmetric battle! In the middle of it all, large organizations must ensure the highest security while up against ever changing technology, complex regulations, and the need for more specialists and more skills training across the board. Today’s security landscape causes a strategic security conundrum. Security spend continues to rise … $9.6B in 2006; $22B in 2012; and by 2017 it’s estimated to hit more than $30B. And yet … 621 breaches were reported in the last 12 months, up 23 percent over the past 3 years. So why are we not winning the battle?TRANSCRIPT
1
Marty Legg
Director of Cloud Services
The complete security services provider
THREAT INTELLIGENCE A NEW APPROACH TO COMBATING CYBERCRIME
SecureData
www.secdata.com | +44 (0) 1622 723400
2
THE CURRENT SECURITY LANDSCAPE
EXPANDING PERIMETER
SILOED SOLUTIONS
DROWNING IN DATA
ASYMETRIC BATTLE
MORE TECHNOLOGY
COMPLEX REGULATIONS
MORE SPECIALISTS
MORE SKILLS TRAINING
THE SECURITY CONUNDRUM
3
SECURITY
SPEND
CONTINUES
TO RISE
$30.1 billion spend by 2017 Up from $9.6 billion in 2006
BUT SO
DOES THE
NUMBER OF
BREACHES
621 reported in the last 12 months Up 23% over three years
WE ARE NOT
WINNING
THE BATTLE
Organisations on the front line need a new approach
4
A NEW APPROACH
5
COMPLETE SECURITY PROCESS
REMEDIATION
CONTEXTUAL RISK PROFILE
CORRELATED THREAT AND
SECURITY INTELLIGENCE
EARLY THREAT
DETECTION
REAL-TIME RISK
ASSESSMENT
AUTOMATED
NETWORK
PROTECTION
THREAT PREVENTION
EXPERTISE AND
PROCESS
RAPID AND EXPERIENCED
RESPONSE
WHICH PRESENTS NEW CHALLENGES
6
MORE HARDWARE
MORE COMPLEXITY
MORE RESOURCES
DIVERSE SKILLS
MORE COSTS
CLOUD SERVICES CHANGE THE GAME
7
GLOBAL CONTEXT
LEVERAGE HARDWARE
IMPROVE SPEED TO REMEDIATE
LOWER COST
IMPROVE THREAT DETECTION
LEVERAGE PEOPLE
WE CAN ABSTRACT INTELLIGENCE
CENTRAL BRAIN
AND DELIVER IT AS A SERVICE
INFRASTRUCTURE CUSTOMER OPERATIONS
SECUREDATA SOC
8
INTELLIGENCE AS A SERVICE
ACCESS AS A SERVICE
SECURITY AS A SERVICE
CLOUD SECURITY ARCHITECTURES
EXPERT INTERPRETATION
Over 500 customers 24x 7 SOC Cyber Threat Special Opps Unit SensePost world class consultancy
9
CUSTOMER ENVIRONMENT All logs from your existing network and security devices
CONTEXTUAL ENVIRONMENT Relevant feeds of macro security data
SINGLE SOURCE OF CONTEXTUAL THREAT INTELLIGENCE
FASTER ADVANCED THREAT DETECTION
RAPID INCIDENT RESPONSE
CRUNCHES & CORRELATES
DATA
THREAT INTELLI-GENCE FEEDS
OPEN SOURCE
DATA
OUR SECURITY EXPERTISE
CRITICAL SYSTEM DATA
KEY SERVICE COMPONENTS
ASSESSES
RISK
APPLIES
PROTECTION
DETECTS THREATS
RESPONDS & REMEDIATES
UNIQUE,
POWERFUL
CLOUD BRAIN Best in class hardware Proprietary software Big Data analytics engine Management tools
SECURITY BIG
DATA Collection Unification Correlation Link analysis
OUTPUTS Custom, complete, contextual security intelligence Real time Actionable
HUNDREDS OF SECURITY INCIDENTS IDENTIFIED
10
SIEM PLATFORM Class Leading
24 x 7 SOC Management & response
REMEDIATION
SENSEPOST Advanced Intelligence White Glove Response
HARDWARE TECHNOLOGY
SOFTWARE ALGORITHM
ANALYTICS
Risk Mgmt Tool
AFFINITY SECURE
MALTEGO Big Data Analytics
SDN Network Management Tools
EXPERT PEOPLE
MILLIONS OF LOGS COLLECTED AND ANALYSED
TENS OF ALERTS INVESTIGATED
INDIVIDUAL THREATS WITH ACTIONABLE INTELLIGENCE
REVIEW
THREAT FEEDS Contextual Threat Intelligence
CU
STO
MER
EN
VIR
ON
MEN
T
CU
STO
MER
EN
VIR
ON
MEN
T
EXTERN
AL
LAN
DSCAPE
CU
STO
MER
VULNERABILITY Scanning
INTELLIGENT BRAIN FUNCTION
WHAT INTELLIGENCE AS A SERVICE DELIVERS
11
REAL T
IME
RIS
K P
RO
FIL
ING
ASSU
RED
CO
MPLIA
NCE
EARLIE
R T
HREAT
DETECTIO
N
BIG
DATA
VALU
E C
REATIO
N
RESO
URCE
EFIC
IEN
CY
FASTER
REM
ED
IATIO
N
RED
UCED
D
ISRU
PTIO
N
STRATEGIC REQUIREMENTS: COMPLETE END-TO-END SECURITY APPROACH
REAL-TIME RISK ASSESSMENT
CONTEXTUAL RISK PROFILE
CORRELATED THREAT
INTELLIGENCE
EARLY THREAT DETECTION
AUTOMATED NETWORK
PROTECTION
THREAT PREVENTION
EXPERTISE AND PROCESS
RAPID AND EXPERIENCED
RESPONSE
CORE SECURITY FUNCTIONS: UNDERTAKES (REPLACES OR COMPLEMENTS) KEY FUNCTIONS
DELIVERY MODEL
12
Our beliefs
MONITOR
Affinity Secure Operational monitoring, trend analysis, and alerting
LOG MANAGEMENT
Collection of logs from multiple customer systems for Event and Incident Management
COMPLIANCE
& REPORTING
Produce PCI or other compliance reports on a regular basis
CORRELATION
Allows full scope of reporting and alarms on multiple events correlated with time.
ADVANCED INTELLIGENCE
Allows time-bound correlation of events on multiple platforms
Threat Analytics
Big Data threat analytics with customised transforms
Remediation
Forensic threat inspection and remediation
1 2 3 4 5 BASE CUSTOM
MATURITY / PHASE
SENSE POST WHITE GLOVE SERVICE
VULNERABILITY SCANNING
RISK CONTROL
SECURE DATA SOC MANAGED SERVICES
THREAT MANAGER
ADDITIONAL SERVICES
13
summary
CURRENT
MODEL IS
BROKEN
Defence in depth with siloed point solutions
WE NEED A
COMPLETE
SECURITY
PROCESS
ADPR must underpin all solutions
LEVERAGE
SOLUTIONS
AND PEOPLE
IN THE
CLOUD
Scale, Expertise and lower cost
GLOBALISED
THREAT INTELLIGENCE Centralised database of threat intelligence and analytics
EARLIER
THREAT
DETECTION /
REMEDIATION Contextualised actionable threat intelligence
LOWER
COST No hardware, no software, less resource consumable service
14
THANK YOU
Marty Legg
Director of Cloud Services
SecureData
The complete security services provider
www.secdata.com | +44 (0) 1622 723400