Reinvent Your 2013 Security Management Strategy

Transcription

1 Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone: laurent.boutet@skyboxsecurity.com

2 What are Your Key Objectives for 2013? PROTECT Information Assets SUPPORT Business Initiatives INFLUENCE Business Decisions Common thread... Control RISK Identify risks Ensure effective risk controls Timely, costeffective risk mitigation Enable business changes Offer trusted advice aligned to business risk objectives Source: Forrester, Role Job Description: CISO, March Skybox Security Inc. 2

3 Strong Security Risk Management Program Is Essential Business Requests Enable while minimizing risks UNDERSTAND THREATS EXAMINE INFRASTRUCTURE ASSESS IMPACT Change Planning Decision Support 2013 Skybox Security Inc. 3 Exec Reports

4 Skybox Security Overview Leader in Proactive Security Risk Management Global 2000 Customers Predictive risk analytics for best decision support Complete portfolio on a common platform Designed for continuous, scalable operations Skybox considers risk to systems by taking into consideration the network topology, and prioritizes vulnerabilities for remediation. Gartner Network-Aware Firewall Policy Assessment (2011) Proven effective in complex networks Financial Services, Government, Defense, Tech, Energy, Retail, Service Providers, Manufacturing This is the best tool we have for getting all of our risk information in one place. USAID 2013 Skybox Security Inc. 4

5 What does Skybox do? We provide the most powerful risk analytics for cyber security. We give security teams the intelligence they need to eliminate attack vectors, respond to threats, and automate complex security processes. Our solutions are used for enterprise-scale vulnerability and threat management, firewall management, and compliance monitoring Skybox Security Inc. 5

6 High Performing Organizations Choose Skybox Security Financial Services Service Providers Energy & Utilities Government & Defense Others 2013 Skybox Security Inc. 6

7 Common Use Cases for Skybox Vulnerability Management Firewall Compliance Configuration management Change management Network visibility Vulnerability discovery Risk assessment Prioritization Remediation planning Continuous Monitoring Security Intelligence Attack prevention Risk reports Network Security Management Enabled by Risk Analytics Cyber Threat Management 2013 Skybox Security Inc. 7

8 Network Security Management Next-gen firewall and device management Maintain secure configurations Compliance Reports Change Control Network Visibility 4 3 Request Change 5 Compliant Non-compliant Unanalyzed Assess Risks Plan Changes PCI DSS FISMA NERC NISTI Custom Policy Provision Verify Closure Perform ondemand audits 2013 Skybox Security Inc. 8 See business impacts

9 Wk 1 Wk 2 Wk 3 Wk 4 Wk 5 Wk 6 Vulnerability Management Continuous process to eliminate vulnerabilities Prioritize critical vulnerabilities Vulnerability Assessment Risk Analysis Remediation Critical High Medium Low Very Low 37% 50% VLI Hosts % Asia-Pac Operations Europe Operations US Headquarters Monitor daily Show progress 2013 Skybox Security Inc. 9

10 Cyber Threat Management Proactive, risk-based decision support Avoid incidents Proactive Monitoring Attack Prevention Risk Dashboards and Reports Network Controls Risks Threats Security Status Continuously available 2013 Skybox Security Inc. 10 Justify security investments

11 Product Overview 2013 Skybox Security Inc. 11

12 Skybox Product Portfolio Firewall Assurance Firewall configuration analysis and audits Change Manager Complete firewall change workflow Network Assurance Network compliance, visibility and path analysis Risk Control Vulnerability discovery, prioritization and attack simulation Threat Manager Workflow to address new threats 2013 Skybox Security Inc. 12

13 Leveraging Risk Analytics, Modeling and Simulation Found exploitable vulnerabilities CVE CVE Change will cause compliance and availability risk Firewall allows access to risky or out-ofpolicy services 2013 Skybox Security Inc. 13 Found available access path from Partner to Internal zone New threat introduces attack scenario

14 Network Security Management Challenges TECHNICAL CHALLENGES Network size and complexity Hard to troubleshoot access paths Multi-vendor environment PROCESS CHALLENGES Frequent firewall rule and configuration changes Security resources consumed by time-consuming audits Migration process to next-gen user and application policies 2013 Skybox Security Inc. 14

15 Network Security Management with Skybox Corporate Policies Best Practice Policy Change Management Workflow Compliance & Risk Analytics Normalized device configuration repository Business Metrics Operational Metrics Compliance Reports Firewalls / IPS Network Devices 2013 Skybox Security Inc. 15

16 Network Security Management Business Value Reduced Risk Repeatable Processes Improved Communications Reduce risk of attack or data breach Avoid compliance violations Reduce firewall management time 80% Troubleshoot availability issues in minutes Show blocked paths and access violations Consistent reports to guide staff Save $100K+ in management time Bottom Line 1 Cut internal compliance management costs 90% Save $800 per incident on troubleshooting 1 Source: ROI for 50-firewall environment 2013 Skybox Security Inc. 16

17 Vulnerability Management Challenges Network context often overlooked Difficult to find alternatives to patching Discovery Analysis Prioritization Mitigation Lots of data collected infrequently Not prioritized by business impact 2013 Skybox Security Inc. 17

18 Vulnerability Management with Skybox Non-invasive Vulnerability Detector Traditional Scan Data Vuln Content Dictionary Vulnerability Analysis Attack Simulation Remediation Options Workflow and Tickets Reports 2013 Skybox Security Inc. 18

19 Vulnerability Management Business Value Reduced Risk Repeatable Processes Improved Communications <24 hour exposure time for critical risks Best practice VM for PCI, NIST, FISMA Focus on most urgent 1-2% of vulnerabilities Non-disruptive Daily process Consistent and timely measurements of risk Relay remediation options to IT operations Reduce risk assessment time 90% Bottom Line 2 Reduce patching work by 75%+ Increase VM coverage while reducing costs 2 Source: Skybox customer case studies 2013 Skybox Security Inc. 19

20 Cyber Threat Management Challenges Incident Manager Incident Response Event Monitoring Threat Management Missing context Network topology, security controls, attack scenarios Reactive Cannot predict threats accurately or quickly 2013 Skybox Security Inc. 20

21 Cyber Threat Management with Skybox Asset Data Vulnerability Data Threat Intelligence Attack Simulation Threat Correlation Network Modeling Attack Scenarios Prioritized Threats Remediation Options Threat Reports Firewalls / IPS Network Devices 2013 Skybox Security Inc. 21

22 Cyber Threat Management The Best Practice Approach Cyber Security Analysts Integrated Security Dashboard & Reporting Security Risk Management (SRM) Proactive, pre-attack exposure management Security Information & Event Management (SIEM) Post-attack incident management 2013 Skybox Security Inc. 22

23 Cyber Threat Management Business Value Reduced Risk Repeatable Processes Improved Communications Prevent cyber attacks Fast impact analysis for new threats Complete workflow from new threat to mitigation Prioritize resources based on risk level Communicate best remediation options to response team Avoid costly damage and fines of breaches 3 Source: Skybox customer case studies Bottom Line 3 Reduce costs of incident response Increase effectiveness, value of existing controls 2013 Skybox Security Inc. 23

24 Architecture & Deployment 3-tier architecture Manager-Server-Collector Integrates with existing infrastructure Automated data collection Normalized data model No agent software, no impact to live network Built-in ticketing system APIs for integration with third-party systems Vulnerability Scanner Manager Manager Collector Server Manager Collector Manager Firewall Load Bal IPS Router Content Dictionaries Patch system Open Integrated Flexible 2013 Skybox Security Inc. 24

25 Unique Skybox Advantages Complete Portfolio Non-intrusive Advanced Analytics Enterprise Class Performance and Scalability Extensive Integration Addresses broad range of security risk management challenges Modeling and simulation technology delivers daily assessments without disruption Network path analysis, network and security modeling, multi-step attack simulation, risk KPI metrics Daily risk management effective in large-scale and complex environments Consistent feature set supports 72 network devices and security management systems 2013 Skybox Security Inc. 25

26 Thank you Skybox Security Inc. 26