1. Nate Olson-Daniel Director of Strategic Development & Principal Engineer The Inevitable Attack

2. Early days, isolated networks Only concerned with internal & physical security. IT Security

3. Connecting to the Internet was awesome but fraught with risks that were not well understood – Email viruses: easy to distribute malicious code globally – Brute force attacks on vulnerable targets: Why patching is critical – DOS/DDOS: modernized snowball fights – Bots/Malware: the mode of choice for digital warfare IT Security

4. Attacks are now about money (Cybercrime) Current State of IT Security

5. CryptoLocker ($30M-$40M estimated lost in ransoms) Copycat programs on the rise (over half of incidents in last 6 mo are ransomware) Current State of IT Security

6. Zeus/Zbot (old but widely used to steal information on local machine or install additional malware) Current State of IT Security

7. High profile mass Identity thefts (Target, TJ Max, Home Depot, various Universities, etc) 2014: ITRC reports 546 breaches effecting ~19M records – Identity Theft Resource Center Current State of IT Security

8. SPAM is a fact of life but generally under control AntiVirus/Malware risk is rampant especially with BYOD trends Patching is still a huge issue in the SMB space Typical business doesn’t separate Users from Servers let alone servers from each other. Most businesses have at least a Stateful firewall, UTM is financially in reach now and 60% of Enterprises have deployed Critical Websites deploy Firewall, UTM, and WAF Most businesses still have no dedicated security staff Forbes Magazine states corporate network security is an over $60 billion industry. Current State of Internet Security

9. And it is getting worse…

10. 200 Security Engineers ~250,000 AV Signatures per week 100 new IPS Signatures per week 1 Million URLs rated per week 60 Million SPAM Signatures per week 3000+ Application signatures developed and growing Industry Info: FortiGuard Labs

11. So how do we protect ourselves?

12. Packet Filters: 1988 Host-based AntiVirus: ~1987 Stateful Software Firewalls: Checkpoint firewalls: 1989-1990 Stateful Firewalls with ASICs: Netscreen 1997 IDS: NetRanger 1995 SPAM Filtering Application Layer Gateways (Basic, RFC Compliance, parameter policies) Inline AntiVirus IPS Application Layer Firewalls (Modern deep inspection, WAF) DLP Tools SIEM: Event Correlation like Cisco MARS, Solutionary ActiveGuard, etc. Brief Evolution of IT Security Tools

13. It is: No one solution solves the issue. ISO 27001 and 27002 provide great roadmap for security planning. Engage a reputable partner. Determine what risks your organization is exposed to. Identify the costs associated with those risks Balance your mitigation strategy against the identified risks Implement an ongoing security program to assess and modify your mitigation strategy. Sound Complicated?

14. ISO 20000 Certification (IT Service Delivery process and controls) SSAE-16 SOC 1 Type II Completed (Annually since 2008) Managed Security (Managed Firewall and UTM appliances from Fortinet and Cisco) since 2000 Managed SIEM Services Security Assessment and Professional Services customized to your needs. LightEdge Can Help

15. Nate Olson-Daniel Principal Engineer & Director of Strategic Development LightEdge Solutions, Inc. 515.471-1241 Nolson-Daniel@lightedge.com Thank you!