Cyber Security for the real world Tim Brown Dell Fellow and CTO Dell Security Solutions

“May you live in interesting times.” –Chinese Curse I always thought it was a blessing!

10 Steps to manage security in this new world 1.Change the conversation from security to risk 2.Understand the adversaries focus and their attack model –Utilize external sources and partners for information –What components will be under attack? –Why? How? By whom? 3.Understand your crown jewels –Focus security efforts on the most important areas –Data, Brand, Privacy, Applications, People

10 Steps to manage security in this new world 4.Take care of good Hygiene –Keep current on patches –Utilize the network as an inspection, data gathering and control point. Not just a port blocker –Manage Identities, especially the privileged users they are your weakest link –Utilize stronger authentication and adaptive authentication –Move from Roles to Rules and develop a dynamic approach to identity management –Schedule annual big picture security reviews –Develop strong remediation plans and have appropriate resources on retainer

10 Steps to manage security in this new world 5.Reduce the attack aperture –Design patterns to minimize trust boundaries –Isolate solutions when possible and created trust zones in untrusted environments 6.Utilize encryption –As a regulatory enabler –As an access enabler –As a privacy enabler 7.Decrypt as necessary and inspect critical data –Dell Threat report shows 64.6 % of web traffic now SSL/TLS –The adversaries are using this to their advantage

10 Steps to manage security in this new world 8.Utilize intelligent solutions that off load work and use intelligence of others –No matter your size you can not do everything on your own –Look for strong research teams and autonomous updates 9.Don’t just enable collection of data. Enable intelligence gathering and knowledge –Turn data into actionable knowledge –Model the behavior of the system and understand deviations 10.Move towards Security analytics, make data available and accessible for analysis –IOT, Insider threat detection move us to a new era of security and also a new era of privacy concerns

How to select the correct vendor/partner Security vendor landscape is crowded and growing –551 Vendors at RSA this year over 30,000 Attendees –100’s of new vendors and startups Everyone wants your time and to sell you the greatest new thing Look for vendors –That will be your partner or have a strong eco system of partners –That understand the critical nature of your business –That don’t just want to sell you a product but want to provide you a solution –That provide ideas and guidance not silver bullets Look for products –That have intelligence and research behind them that protect you automatically and grow with you –That solve security problems while enabling you to do more with your business –That provide appropriate risk reduction vs cost –That have appropriate teams surrounding them –That show innovation and have a path to the future

The Future Prescriptive Analytics Dynamic Identity and Risk Analysis Insider Threat Advanced Malware detection and personalization Advanced Data Protection and Classification Human-Centric Security Security Intelligence R&D IOT Security Security Orchestration

Network Deep protection and control without impacting network performance Next Gen Firewall Secure Mobile Access Security Dell SonicWALL Server, Data, Endpoints Protect data wherever it goes Encryption Configuration and Patch Management Secure Cloud Client Protected Workspace DDPE (Credant), Dell KACE, Windows Mgmt User Identity and access mgmt for the real world Identity Governance Privileged Management Access Management Compliance and IT Governance Dell One Identity Solutions Services Protect, predict and respond to threats Incident Response Managed Security Services Security and Risk consultation Threat Intelligence Dell SecureWorks Dell’s Security Portfolio Our approach allows customers to align security strategy to business needs.

Q&A