a data centric approach to endpoint security
play

A Data-Centric Approach to Endpoint Security September 28, 2017 - PowerPoint PPT Presentation

Jan 20, 2023 •236 likes •648 views

A Data-Centric Approach to Endpoint Security September 28, 2017 Eric Ogren Bill Bradley Senior Analyst, Security Director of Product Marketing 451 Research Digital Guardian About Eric Ogren Eric Ogren is a Senior Analyst with the

  1. A Data-Centric Approach to Endpoint Security September 28, 2017 Eric Ogren Bill Bradley Senior Analyst, Security Director of Product Marketing 451 Research Digital Guardian

  2. About Eric Ogren • Eric Ogren is a Senior Analyst with the Information Security team. Eric has extensive experience in software development, technology marketing, and as a security Eric Ogren Senior ¡Analyst, ¡Security ¡ industry analyst. ¡ ¡ • Eric contributes pragmatic perspectives for security clients ¡ on emerging market trends, company and product strategies, differentiated vendor messaging and positioning, and meeting enterprise solution purchase criteria. • Prior to joining 451 Research, Eric held marketing leadership positions with security vendors such as RSA Security and OKENA, and technology vendors such as Digital Equipment. 2

  3. About Bill Bradley § Leads Product Marketing Data Loss Prevention Bill Bradley Director, ¡Product ¡Marke6ng ¡ § 20 Years of Marketing & Sales Experience ¡ ¡ • Field Sales, Competitive Analysis, ¡ Product Marketing & Management § Previously at Rapid7 and General Electric 3

  4. Basic structure for today’s conversation State of enterprise The information Evolving to data- security security debt centric approaches Transforming security with the infrastructure 4

  5. Average Size and Ratio of Security Team – By Company Size INFORMATION SECURITY: ORGANIZATIONAL Information Security Respondents DYNAMICS 2017 Average Number of Employees in Information Security Average Ratio of Security Employees to IT employees 25.0% 60 54 50 20.0% 40 14.1% 15.0% 30 11.1% 10.0% 7.6% 20 5.0% 9 10 5 0 0.0% 1-999 employees 1,000-9,999 10,000+ employees 1-999 employees 1,000-9,999 10,000+ employees employees employees Q11. How many full time employees (FTEs) does your IT organization currently employ? Q12. How many full time employees (FTEs) does your organization currently employ that are dedicated to information 5 security tasks? Source: 451 Research, Voice of the Enterprise: Information Security, Organizational Dynamics 2017

  6. INFORMATION SECURITY: ORGANIZATIONAL DYNAMICS 2017 14.7% Services Average Ratio of Security 14.2% B2B Software, IT and Computer Services Employees to IT 11.9% Retail employees – By Industry 10.8% Healthcare Information Security Respondents 10.8% Govt/Educ 10.7% Manufacturing 10.5% Finance 9.7% Telecommunications 6.1% Communications, Media and Publishing 4.1% Utilities Source: 451 Research, Voice of the 8.0% Enterprise: Information Security, Other Organizational Dynamics 2017 Mean 6

  7. INFORMATION SECURITY: ORGANIZATIONAL DYNAMICS 2017 46.6% CIO, Head of Information Technology 43.2% Information Security 21.9% Reporting Chain CEO 20.1% Respondents with a Single 5.2% Information Security Executive CTO 8.3% Leader in Their Organizations 5.2% Board of Directors 7.9% Q40. Who does the head of Information Security report to? 4.4% COO 7.0% 3.3% CFO 4.8% 3.8% Chief Risk Officer 2.6% 9.6% Other 6.1% Source: 451 Research, Voice of the Percent of Sample Q2 2016 Q2 2017 Enterprise: Information Security, (n=479) (n=229) Organizational Dynamics 2017 7

  8. How did we get here? It all starts with your business Your Business 8

  9. How did we get here? Need to bolt on security! Your Business 9

  10. How did we get here? New threats? New products! Your Business 10

  11. We’re catching on to the problems with this picture An attack can go anywhere once inside security defenses Security teams get bogged down managing all those products and all the data they produce Security teams get isolated from the rest of IT and special skills keep us isolated 11

  12. INFORMATION SECURITY: ORGANIZATIONAL DYNAMICS 2017 Hackers/Crackers with Malicious Intent 52.5% Top Information Security Compliance 49.1% Concerns – Past 90 Days Information Security Respondents Internal Audit Deficiencies Based on Findings 31.7% Q3. What were your top general information security concerns during the last 90 days? Please Preventing/Detecting Insider Espionage 19.8% select all that apply. Cyber-Warfare 19.6% Other 7.3% Source: 451 Research, Voice of the Percent of Sample Enterprise: Information Security, Organizational Dynamics 2017 n = 495 12

  13. INFORMATION SECURITY: ORGANIZATIONAL DYNAMICS 2017 Risk Assessment 21.6% Compliance Requirement 21.4% Reasons for Implementing Business Requirement 11.1% Security Projects Information Security Respondents Championed by a Senior Leader (e.g., Sacred Cow) 9.9% Q2. For the top information Driven by Due Diligence (e.g., Customer Requirement) 9.1% security projects currently being implemented within your Audit Response 8.9% organization, what was the key determinant in their approval? Reputational/Brand Risk 8.7% 5.5% Return on Investment (ROI) 3.8% Other Source: 451 Research, Voice of the Percent of Sample Enterprise: Information Security, Organizational Dynamics 2017 n = 495 13

  14. INFORMATION SECURITY: ORGANIZATIONAL DYNAMICS 2017 34.1% User Behavior 21.0% Organizational Politics/Lack of Attention to Information Security 20.6% Staffing Information Security 20.4% Lack of Budget 19.0% Security Awareness Training (Ineffectiveness or Difficulty) Top Security Pain Points 18.4% Accurate, Timely Monitoring of Security Events Information Security Respondents 17.2% Endpoint Security Q1. What are your 17.0% Malicious Software (Malware) organization’s top information 16.6% Cloud Security security pain points? Please 16.0% Application Security select up to three. 14.7% Data Loss/Theft 12.1% Mobile Security 11.9% Ransomware 11.7% Third-Party/Supplier Security 11.5% Keeping Up with New Technology 9.3% Firewall/Edge Network Security Source: 451 Research, Voice of the 4.6% Other Enterprise: Information Security, Percent of Sample Organizational Dynamics 2017 n = 495 14

  15. INFORMATION SECURITY: ORGANIZATIONAL DYNAMICS 2017 53.0% Security Incidents Resolved 47.5% 42.8% Tickets Resolved (e.g., ‘Trouble Tickets’) 39.0% Metrics To Manage 44.9% Audit Issues Resolved Security 34.4% Information Security Respondents 34.2% Application Availability (e.g., Uptime/Downtime) 34.2% Q44. Which of the following 34.4% Project Completion 32.3% metrics does your organization use/track for information 31.2% Time to Recovery/Restore from an Outage 29.2% security staff? Please select all 32.4% that apply. Lack of Data Breaches 28.3% 21.9% We Don’t Use Metrics 21.9% 2.2% Other 4.0% Source: 451 Research, Voice of the Percent of Sample Enterprise: Information Security, Q2 2016 Q2 2017 (n=837) (n=421) Organizational Dynamics 2017 15

  16. Security Analytics INFORMATION SECURITY: ORGANIZATIONAL DYNAMICS 2017 Information Security Respondents Key Benefit of Security Analytics Security Analytics Status 24.5% Better Able To Detect and Address External Attacks 38.7% In Use 23.9% Better Anomaly Detection on Our Network Improved Incident Response/Forensics Evidence Data 14.5% Capture We’re Detecting Security Incidents Not Previously 13.8% Captured 34.7% Planned for the Next 12 Months Better Ability To Understand and Respond to Anomalous 11.3% User Behavior 6.3% Better Able To Detect and Address Internal Attacks 2.5% No Benefit 26.5% Not In Plan 3.1% Other Percent of Sample Percent of Sample n = 159 n = 426 Q16. What’s the status of the use of security analytics in your information security program? Q17. What has been the key benefit of your use of security analytics? 16 Source: 451 Research, Voice of the Enterprise: Information Security, Organizational Dynamics 2017

  17. Security analytics dimensions User Data Network Business 17

  18. What are CISOs doing about it? Consolidating product portfolios Investing in security analytics Shifting attention to operations 18

  19. INFORMATION SECURITY: ORGANIZATIONAL DYNAMICS 2017 49.6% Significant Project(s) Driving Additional Demand 48.7% 49.1% New Skills Are Required 45.1% Staff Increase Reasons Respondents with Increasing Security 44.2% Overall Business Growth Staff 40.0% Q15. What are the key reasons 25.3% IT Organizational Changes (e.g., Restructuring teams) for increasing information 25.1% security focused staff? Please 9.0% Company Merger/Acquisition select all that apply. 7.7% 10.5% Information Security Functions being In-Sourced from a Third-Party Provider or Managed Security Service Provider (MSSP) 7.7% 7.2% Other 12.3% Source: 451 Research, Voice of the Percent of Sample Enterprise: Information Security, Q2 2016 Q2 2017 Organizational Dynamics 2017 (n=391) (n=195) 19

  20. Thank You! 20

  21. Smart Consolidation on the Endpoint Digital Guardian for Data Protection

  22. Triad of Roles InfoSec Analyst Threat Incident Hunter Responder 22

  23. Triad of Needs Data Threat Response 23

  24. Myriad Solutions at the Endpoint 24

  25. Myriad Solutions at the Endpoint 25

  26. Myriad Solutions at the Endpoint 26

  27. WELCOME TO The Convergence of DLP & EDR STOP DATA THEFT DETECT THREATS From Insiders & Ransomware, Malware Outside Attackers and Non-Malware Based 27

  28. WELCOME TO The Convergence of DLP & EDR STOP DATA THEFT DETECT THREATS From Insiders & Ransomware, Malware Outside Attackers and Non-Malware Based 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X

Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X

Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks are from within the

937 views • 29 slides
Data Centric Security and Data Protection Manuela Cianfrone Bologna 29/10/2016 Speaker Manuela

Data Centric Security and Data Protection Manuela Cianfrone Bologna 29/10/2016 Speaker Manuela

Data Centric Security and Data Protection Manuela Cianfrone Bologna 29/10/2016 Speaker Manuela Cianfrone EMEA Solution Architect @ Protegrity USA Implement Data Centric Security Design Data Security Solutions Agenda Using Walls to

877 views • 34 slides
Simulation-based optimization of information security controls: An adversary-centric approach

Simulation-based optimization of information security controls: An adversary-centric approach

Simulation-based optimization of information security controls: An adversary-centric approach Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strau, Christian Stummer December 9, 2013; Washington, DC Funded by the Austrian

1.01k views • 88 slides
Activated Charcoal Making Sense of Endpoint Data Company Confidential Greg Foss Sarah Miller

Activated Charcoal Making Sense of Endpoint Data Company Confidential Greg Foss Sarah Miller

Powered by Activated Charcoal Making Sense of Endpoint Data Company Confidential Greg Foss Sarah Miller Head of Global Security Operations Threat Intelligence Analyst LogRhythm Carbon Black The Endpoint is the new Perimeter The easiest

828 views • 62 slides
A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural

A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural

A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural Access Control Access Control Jie Ren Department of Informatics University of California, Irvine Outline Overview Architecture and

917 views • 74 slides
1 Panda Endpoint Protection Suites Index: A New Endpoint Environment A New Endpoint

1 Panda Endpoint Protection Suites Index: A New Endpoint Environment A New Endpoint

1 Panda Endpoint Protection Suites Index: A New Endpoint Environment A New Endpoint Solution t A New Endpoint Environment i i t E E d A N The New Endpoint Reality Increasing Malware Risk 2M malware signatures identified

515 views • 14 slides
Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product

Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product

Neutralize Data Breaches Using data-centric security on NonStop Prashanth Kamath U Sr. Product Manager NonStop Enterprise Division Forward-looking statements This is a rolling (up to three year) Roadmap and is subject to change without

400 views • 26 slides
Active Data A Data-Centric Approach to Data Life-Cycle Management Anthony Simonet 1 Gilles Fedak 1

Active Data A Data-Centric Approach to Data Life-Cycle Management Anthony Simonet 1 Gilles Fedak 1

Introduction Active Data Discussion Conclusion Active Data A Data-Centric Approach to Data Life-Cycle Management Anthony Simonet 1 Gilles Fedak 1 Matei Ripeanu 2 Samer Al-Kiswany 2 1 Inria, ENS Lyon, University of Lyon 2 University of British

473 views • 30 slides
Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University Overview How do you configure endpoints for better security? 1. Updates 2. Correct settings 3. Reduce attack surface 4. Limit privilege 5.

477 views • 19 slides
April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are

April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are

April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are delivered } A modular, enterprise-wide approach } Moving from a program-centric approach to a person-centric approach } Changing the approach on

424 views • 16 slides
Data-centric Profiling Working Group Outbrief Basic Concept Associating performance data with

Data-centric Profiling Working Group Outbrief Basic Concept Associating performance data with

Data-centric Profiling Working Group Outbrief Basic Concept Associating performance data with data objects (arrays), beyond code contexts (loops, procedures) PMU support data-centric attribution use of data-centric profiling

456 views • 6 slides
Data- -Centric Query in Sensor Networks II Centric Query in Sensor Networks II Data Jie Gao

Data- -Centric Query in Sensor Networks II Centric Query in Sensor Networks II Data Jie Gao

Data- -Centric Query in Sensor Networks II Centric Query in Sensor Networks II Data Jie Gao Computer Science Department Stony Brook University 1 Papers Papers Rik Sarkar, Xianjin Zhu, Jie Gao, Double Rulings for Information Brokerage in

562 views • 45 slides
Data Data- -Centric Query in Sensor Networks Centric Query in Sensor Networks Jie Gao Jie Gao

Data Data- -Centric Query in Sensor Networks Centric Query in Sensor Networks Jie Gao Jie Gao

Data Data- -Centric Query in Sensor Networks Centric Query in Sensor Networks Jie Gao Jie Gao Computer Science Department Stony Brook University 1 Papers Papers [Intanagonwiwat00] Chalermek Intanagonwiwat, Ramesh Govindan and Deborah

983 views • 60 slides
Data- -Centric Query in Sensor Centric Query in Sensor Data Networks Networks Jie Gao

Data- -Centric Query in Sensor Centric Query in Sensor Data Networks Networks Jie Gao

Data- -Centric Query in Sensor Centric Query in Sensor Data Networks Networks Jie Gao Computer Science Department Stony Brook University 10/27/05 Jie Gao, CSE590-fall05 1 Papers Papers Chalermek Intanagonwiwat, Ramesh Govindan and

681 views • 46 slides
Evaluating Effectiveness of an Embedded System Endpoint Security Technology on EDS Michael

Evaluating Effectiveness of an Embedded System Endpoint Security Technology on EDS Michael

Evaluating Effectiveness of an Embedded System Endpoint Security Technology on EDS Michael Siegel, Gregory Falco, Keman Huang, Weilian Chu, Elizabeth Reilly, Mayukha Vadari 1 Digitization of Industrial Sector Increased demand on

392 views • 15 slides
Data- -Centric Query in Sensor Networks Centric Query in Sensor Networks Data Jie Gao Computer

Data- -Centric Query in Sensor Networks Centric Query in Sensor Networks Data Jie Gao Computer

Data- -Centric Query in Sensor Networks Centric Query in Sensor Networks Data Jie Gao Computer Science Department Stony Brook University 1 Papers Papers Chalermek Intanagonwiwat, Ramesh Govindan and Deborah Estrin, Directed diffusion:

732 views • 38 slides
Platform Industrie 4.0 Industry Innovation meets Politics Presentation of Henning Banthien,

Platform Industrie 4.0 Industry Innovation meets Politics Presentation of Henning Banthien,

Platform Industrie 4.0 Industry Innovation meets Politics Presentation of Henning Banthien, Secretary General of the Platform Industrie 4.0 Project Office Conference From Industry 4.0 to Digitising Manufacturing An End User

259 views • 14 slides
Paper No. SPE 166315 Improving EH&S Practices during Turnarounds in Facilities and Plants: A

Paper No. SPE 166315 Improving EH&S Practices during Turnarounds in Facilities and Plants: A

Paper No. SPE 166315 Improving EH&S Practices during Turnarounds in Facilities and Plants: A Process of Knowledge Capture and Transfer worth Implementing Darrell Dowd Slide 2 Introduction Projects of all types represent an increasingly

745 views • 16 slides
Esri Training & Workforce Development Tamara Adamson | Training Consultant Partner with

Esri Training & Workforce Development Tamara Adamson | Training Consultant Partner with

Esri Training & Workforce Development Tamara Adamson | Training Consultant Partner with Training Training Solution A people-centric approach to achieving business objectives A knowledgeable staff is better equipped to recognize

321 views • 19 slides
Knowledge & Innovation Research in Strategic Management A preliminary mapping of the domain

Knowledge & Innovation Research in Strategic Management A preliminary mapping of the domain

Page 1 Knowledge & Innovation Research in Strategic Management A preliminary mapping of the domain and research priorities Siegfried P. Gudergan, UTS Ellen Enkel, HSG Thomas Durand, ECP SIG, SMS 2004 Page 2 Knowledge & Innovation

315 views • 16 slides
In Your Own Words Women in Leadership in Theological Education Deborah H.C. Gin & Jo Ann

In Your Own Words Women in Leadership in Theological Education Deborah H.C. Gin & Jo Ann

In Your Own Words Women in Leadership in Theological Education Deborah H.C. Gin & Jo Ann Deasy ATS WIL 20 th Anniversary Celebration March 1, 2018 Pittsburgh, PA S ample Survey Interviews N = 573 N = 30 WIL

478 views • 35 slides
The Unique Role of a Multi-manager Administrative Assistant Intro Learning Objectives

The Unique Role of a Multi-manager Administrative Assistant Intro Learning Objectives

The Unique Role of a Multi-manager Administrative Assistant Intro Learning Objectives Understand each managers unique work style. Treat each manager fairly and with respect, despite your personal preference. Recognize some of

253 views • 21 slides
The socio-political participation index (SPI): What it is and how to use it By: Damien Hazard, of

The socio-political participation index (SPI): What it is and how to use it By: Damien Hazard, of

The socio-political participation index (SPI): What it is and how to use it By: Damien Hazard, of Brazilian organization Vida Brasil Salvador de Bahia (Brazil), November 2015 This article comprises the following sections: 1- Historical overview

304 views • 8 slides
Clubs Resource Centre Renovation and Enhancement Project AMS Council Consultation for CPF

Clubs Resource Centre Renovation and Enhancement Project AMS Council Consultation for CPF

SCD016-20 Clubs Resource Centre Renovation and Enhancement Project AMS Council Consultation for CPF Proposal - May 29th, 2019 Cole Evans - Vice President Administration Simran Sidhu - CRC Manager Project Background The Clubs Resource Centre

837 views • 51 slides

More recommend