Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Challenges and Strategies for 2007+ Mark Bouchard, CISSP Missing Link Security Services, LLC

Similar presentations


Presentation on theme: "Information Security Challenges and Strategies for 2007+ Mark Bouchard, CISSP Missing Link Security Services, LLC"— Presentation transcript:

1 Information Security Challenges and Strategies for Mark Bouchard, CISSP Missing Link Security Services, LLC

2 Missing Link Security Services TM 2Agenda Enterprise IT  What’s hot, what’s not, and what could be Enterprise Security  Threat and Vulnerability Trends  Communications vs. Content  Countermeasures: what’s hot, what’s not In Focus: Threat & Vulnerability Management  Bits and pieces  The emergence of the Enterprise TVM System Summary & Conclusions  Call to action data center AB D

3 Missing Link Security Services TM 3 Enterprise IT – Part 1 Virtualization  Objective: efficient resource utilization  Implication: complicates monitoring VoIP  Objective: reduced costs  Implication: more stuff to secure SOA / Web services  Objective: flexible, re-usable modules  Implication: less structured comms Software-as-a-Service (SaaS)  Objective: faster; lower TCO  Implication: more/bigger Internet connections 61% security breaches 55% acts of terrorism 40% corp. malfeasance 21% product recalls 19% workforce violence Executive Concerns (Source: Harris Interactive, n= 197)

4 Missing Link Security Services TM 4 Enterprise IT – Part 2 What’s Not Hot  Budgets Flat to slightly positive; but also focusing on cost cutting  RFID Pockets only  Vista (and Office 2007) ~64% say “not in 2007” (source: Deutsche Bank Equity Research) What Could Be Hot  Think consumer/personal crossovers Video (e.g., in retail banking) 3D Graphics (e.g., in education) Intranet blogging, etc  WAN optimization Computerized stereolithograph skull of a 2000 year old Egyptian mummy

5 Missing Link Security Services TM 5Agenda Enterprise IT  What’s hot, what’s not, and what could be Enterprise Security  Threat and Vulnerability Trends  Communications vs. Content  Countermeasures: what’s hot, what’s not In Focus: Threat & Vulnerability Management  Bits and pieces  The emergence of the Enterprise TVM System Summary & Conclusions  Call to action data center AB D

6 Missing Link Security Services TM 6 The Threat Landscape Greater volume of threats  Change in hacker motivation  Exploit development tools  Modularity of threats Faster creation of threats  V-to-E window is shrinking Fast propagation of threats  Stable, but still not great More elusive than ever!  Blended becoming status quo  Greater variety of threat types  Attacking higher up the stack  Increasingly targeted < '01'02'03'04'05 (Approximate. Various sources.) Vulnerability to Exploit (avg. in days) 2006: <3 days

7 Missing Link Security Services TM 7 The Vulnerability Landscape Greater volume of vulns  2,249 new vulns in 1H06; up 18%  80% are “easily exploitable” Vuln drivers  Expanding/complex tech portfolio  Adoption of mobility solutions  More web applications  Window of exposure  Availability of fuzzing tools Implications  Better asset management  Greater efficiency in mature areas  More flexible security solutions Average Days From Vulnerability to Patch (Source: Symantec ISTR Vol. IX) H041H052H

8 Missing Link Security Services TM 8 Communications vs. Content OSI Reference Model (Layers 1-7) Comms Services Content & Biz Logic Physical Data Link Network Transport Session Presentation Application Utility App Business App Data Additional ‘Real-World’ Layers (i.e., > 7) There are many tools that provide “app layer” protection  Deep inspection firewalls  Intrusion prevention systems But what does “app layer” really mean?  Layer 7 = application “services”  Layer 7 ≠ utility app logic  Layer 7 ≠ business app logic  Layer 7 ≠ data Better model/approach  Communications protection  Content protection

9 Missing Link Security Services TM 9 Layer 8+ Security Solutions Web application firewalls  Mostly covering layer 9  Mostly positive model  Challenging to implement  Do not alleviate need for TVM  PCI DSS v1.1, Requirement 6.6 Database “firewalls”  Mostly covering layer 10 (?) SQL injection attacks  Shouldn’t be necessary Other protection features tip the scale  Examples: Application Security, Guardium, Imperva

10 Missing Link Security Services TM 10 Data (Layer 10) Security Solutions Information leak prevention  Driven by privacy and compliance  Multi-channel issue Dubious breakdown/stats  Low effectiveness, very high cost Disk encryption  Response to laptop loss/theft  Not just file  Intersection of two themes Mobile/endpoint security  One of the weakest links  Configuration mgmt vs security  Microsoft is rising fast Key ILP Contenders

11 Missing Link Security Services TM 11 Not So Hot Network Admission Control  Cluttered market  Slow roller  Is it what you really want? Identity Management  Becoming background “noise”  Policy/authorizations bigger deal Compliance  Fatigue  Foundations are in place De-perimeterization  Poor term for relatively good ideas  Pervasive perimeterization instead NAC: Network Admission Confusion

12 Missing Link Security Services TM 12Agenda Enterprise IT  What’s hot, what’s not, and what could be Enterprise Security  Threat and Vulnerability Trends  Communications vs. Content  Countermeasures: what’s hot, what’s not In Focus: Threat & Vulnerability Management  Bits and pieces  The emergence of the Enterprise TVM System Summary & Conclusions  Call to action data center AB D

13 Missing Link Security Services TM 13 Evolution of Threat & Vuln Mgmt - 1 Threat Management  Hot: better visibility  Med: policy enforcement  Cold (still): automated response Vulnerability Management  Hot: remediation  Med: penetration integration  Cold (still): asset integration Log management  Why is it so hot? The emergence of TVM  Lifecycle approach  Systems approach  Services approach After Attack Before Attack During Attack Time/Value of Impact Analyze Recover Respond Police Protect Detect Interdict Must Have Full Coverage

14 Missing Link Security Services TM 14 Evolution of Threat & Vuln Mgmt - 2 Vuln. Detection Context Threat Detection Analyzers Vuln. Knowledge Threat Knowledge Remediation Policy Enforcement Interdiction Forensics Environment Behavior Identity Active Passive Pen. Test SignaturesHeuristics Anomalies

15 Missing Link Security Services TM 15Agenda Enterprise IT  What’s hot, what’s not, and what could be Enterprise Security  Threat and Vulnerability Trends  Communications vs. Content  Countermeasures: what’s hot, what’s not In Focus: Threat & Vulnerability Management  Bits and pieces  The emergence of the Enterprise TVM System Summary & Conclusions  Call to action data center AB D

16 Missing Link Security Services TM 16 Summary & Conclusions Call to Action  Be prepared to account for and secure other IT initiatives  Be prepared for threat and vulnerability trends by establishing: Comprehensive functional coverage Comprehensive logical coverage Comprehensive physical coverage  Plan to embrace the most promising countermeasures Web app firewalls, disk encryption, network behavior analysis Others: unified threat management, managed security services  Be wary of less mature (/more complex) “solutions” NAC, information leak prevention, de-perimiterization  Embrace the concept of a TVM System Components first; integrated system soon


Download ppt "Information Security Challenges and Strategies for 2007+ Mark Bouchard, CISSP Missing Link Security Services, LLC"

Similar presentations


Ads by Google