Mentoring Webinar Series Stories From the CISO Trenches 1 About - PowerPoint PPT Presentation

Digital Guardian CISO Mentoring Webinar Series Stories From the CISO Trenches 1

About Larry Brock ▪ Principal at Brock Cyber Security Consulting LLC ▪ Former Global Chief Information Security Officer (CISO) at DuPont (11 years) ▪ Held additional IT, Research and Marketing Positions at DuPont ▪ Information Security Officer within the U.S. Air Force. NSA ▪ Mr. Brock has BS and MS degrees in Electrical Engineering ▪ Certified Information Security Manager (CISM)

About Bill Bradley ▪ Leads Product Marketing for DLP Bill Bradley ▪ 20 Years of Marketing & Sales Director, Product Experience Marketing • Field Sales, Competitive Analysis, Product Marketing & Management ▪ Previously at Rapid7 and General Electric 3

Stories From the CISO Trenches Larry Brock Principal BCS Consulting

Agenda ▪ The Risks and Executive Repercussions ▪ Practical Protection Elements ▪ Illustrative Moments as a CISO ▪ Visibility into the Crown Jewels ▪ Changing the Tide ▪ The Importance of Prioritization ▪ Final Thoughts

Where is The Value Within Your Organization? ▪ Trade Secrets ▪ Health Information ▪ Destructive Value ▪ Employee Information ▪ Competitive Position ▪ Customer Information ▪ Customer List ▪ Cash ▪ Purchasing Contracts ▪ Credit Card Information

Who Are the Typical Actors? Internal External Foreign Mistakes By Loyal Governments Employees Or Contractors Hacktivists Careless Employees, Contractors, or Suppliers Competitors Disgruntled Disgruntled Current Employees Former Employees Source: Corruption Perceptions Index

Cyber Attacks and Senior Executive Accountability 40 Million 3 Billion 143 Million 57 Million

Practical Protection Elements 1. Establish A Holistic Information Protection Program 2. Ensure Adequate Funding 3. Focus On Protecting What Matters (Crown Jewels) 4. Improve Your Ability To Detect Both Insider And Cyber-attacks 5. Stringent Credential Management 6. Control What Information Leaves 7. Discover The Weaknesses In Your Security

Elements of a Holistic Protection Program 7 Elements to manage risks, organize/manage objectives and reporting 1. High-Level Responsibility 2. Written Policies & Procedures 3. Care in Delegation of Authority 4. Effective Education 5. Auditing, Monitoring, Reporting 6. Consistent Enforcement 7. Response to Violations +1. Regular Risk Assessments (Source

High-Level Responsibility Leadership Must Be Engaged In Protection Program! Ideal Intellectual Property Governance Structure A. CEO Has Ownership With Board Routinely Engaged ▪ Actions: Data Protection Included In Routine Reviews With Businesses And Functions B. Governance Team: Recommends Corporate Info Protection Policy ▪ Actions: Approve Program Plans, Eliminate Barriers, Influence Executive Peers… C. Cross-Functional IP Risk Team ▪ Lead By Corporate Process Leader; Includes Leaders From Info Security , Corp Security, Compliance, Select Business Functions D. Business & Functional IP Protection Leadership Team (Global) ▪ Leader For Every Business And Function (E.G. R&D, Engineering, Legal, HR, Ops). ▪ Actions: Education, Identification, Classification, Protection Initiatives, Business Process Changes

Illustrative Moments ▪ The Crown Jewels ▪ Going Against the Tide ▪ The Importance of Prioritization

Visibility into the Crown Jewels 1. Intellectual Property can be hard to define 2. Efforts at the InfoSec Level 3. Make it a Business Wide Initiative 4. Make it a CEO Priority 5. Make it a Company Wide Effort

Visibility into the Crown Jewels 1. Identify And Classify Your Crown Jewels 2. Get Business Wide Buy In on Crown Jewels (and their value) 3. Establish “Secure Electronic Zones” Or Vaults 4. Implement Strong IP Protection Controls 5. Protect Content In Cloud Services (I.E. Salesforce, Dropbox)

Changing the Tide ▪ Open and Collaborative Environment ▪ Drive Productivity, Efficiency, Innovation, and Growth ▪ Visibility is Good for Security Teams; Also Good for Employees ▪ Spotted an Incident In-Process ▪ Swing the Pendulum The Other Way… Without Negative Impacts

Changing the Tide Cannot focus on just keeping the bad guys out, must focus on keeping your valuables from leaving ▪ Consider authentication for outbound access to Internet ▪ Block/Restrict outbound protocols (FTP, SSH, Telnet) ▪ Restrict access to “uncategorized” web sites ▪ Block server access to Internet or white-list the few that need it ▪ Block HTTPS connections to sites with self-signed certificates ▪ Restrict use of file sharing sites (Dropbox), Skype and personal web-mail unless additional controls are in place ▪ Must control content when PCs or mobile devices leave corporate environment

The Importance of Prioritization ▪ IP Heavy Organization ▪ Granted 900+ patents in 2011 ▪ Over 50,000 active patents today ▪ Employee Data ▪ PII, PCI, PHI ▪ Internal and External Threats

Improve Your Ability To Detect Both Insider And Cyber-attacks ▪ Monitor Inbound Files For Malware ▪ Monitor, Alert, And Block (When Possible) Unusual Activities ▪ Security Information & Event Management ▪ Strong Analytical Capability To Detect Anomalous Activities (C&C)

Final Thoughts… ▪ All Companies Should Assume Both Insider And Cyber Attacks Are Occurring ▪ No “Silver Bullet” Solutions – Requires A Comprehensive Approach ▪ Process, People, And Technology ▪ Leverage Frameworks And Standards (ITIL, ISO 27K, …) ▪ Most Advanced Cyber Attacks Involve Compromising Privileged Credentials ▪ Implementing Strong Controls For All Privileged Accounts, Including End-point Devices, Is Necessary To Have Any Chance On Defending Against Today’s Threats ▪ Classical Security Controls (AV, FW, IPS, Etc) Are Still Necessary But Insufficient For Today’s Threats ▪ Collaborate To Learn About Attackers And Best Defenses – You Cannot Fight This Alone! ▪ This Is A Long-term Issue And Requires Continuous Improvements As Adversaries Change Approaches

Digital Guardian CISO Mentoring Webinar Series 20

Agenda ▪ Week 1 - Digital Guardian to Up Your Game ▪ Week 2 - Digital Guardian and Strategic Data Protection ▪ Week 3 - Digital Guardian and Documented Improvement

Digital Guardian and Documented Improvement Customer Success Stories 22

Digital Guardian Success Stories ▪ Going Rogue ▪ Visibility ▪ Consolidated 23

Identifying and Stopping Rogue a Employee Evolution of an Insider Attack May October May Hacker Tool Compromised 5 EDR EDR Downloads Hosts Installed Detection August December June Installed Keyboard Compromised 3 Employee Logger on Hosts Termination Personal PC 24

Business Wide Data Visibility and IP Protection 25

Consolidated EDR and DLP 26

First & Only Unified Internal & External Risk Visibility User & Entity Endpoint Detection Data Loss Behavior Analytics & Response Prevention Single Console; Single Agent 27

Digital Guardian Sees All Risks to Your Data 28

A Recognized Leader. Just ask Gartner and Forrester Digital Guardian is the only Leader in both Enterprise Data Loss Prevention and Endpoint Detection & Response Magic Quadrant Leader Wave Leader

Q & A Thank You. Larry Brock Principal BCS Consulting

Digital Guardian’s Next Webinar: Understand, Deploy, and Hunt with MITRE’s ATT&CK Framework The blueprint for repeatable threat hunting success ▪ December 12 @ 1:00 PM ET • Tim Bandos – VP Cybersecurity – Digital Guardian • Bill Bradley – Director Product Marketing - Digital Guardian ▪ Watch this webcast to learn: • The key elements of the MITRE ATT&CK framework • How to get started and operationalize a threat hunt framework • Advanced techniques to safeguard your organization and grow your security knowledge Register: https://info.digitalguardian.com/webinar-understand-deploy-hunt-with-mitre-attck-framework.html 31