[PPT] - Mentoring Webinar Series Stories From the CISO Trenches 1 About PowerPoint Presentation

SLIDE 1

Digital Guardian CISO Mentoring Webinar Series

Stories From the CISO Trenches

1

SLIDE 2

▪ Principal at Brock Cyber Security Consulting LLC ▪ Former Global Chief Information Security Officer (CISO) at DuPont (11 years) ▪ Held additional IT, Research and Marketing Positions at DuPont ▪ Information Security Officer within the U.S. Air Force. NSA ▪ Mr. Brock has BS and MS degrees in Electrical Engineering ▪ Certified Information Security Manager (CISM)

About Larry Brock

SLIDE 3

About Bill Bradley

3

Bill Bradley

Director, Product Marketing

▪ Leads Product Marketing for DLP ▪ 20 Years of Marketing & Sales Experience

Field Sales, Competitive Analysis,

Product Marketing & Management

▪ Previously at Rapid7 and General Electric

SLIDE 4

Stories From the CISO Trenches

Larry Brock Principal BCS Consulting

SLIDE 5

▪The Risks and Executive Repercussions ▪Practical Protection Elements ▪Illustrative Moments as a CISO

▪ Visibility into the Crown Jewels ▪ Changing the Tide ▪ The Importance of Prioritization

▪Final Thoughts

Agenda

SLIDE 6

▪Trade Secrets ▪Destructive Value ▪Competitive Position ▪Customer List ▪Purchasing Contracts ▪Credit Card Information ▪Health Information ▪Employee Information ▪Customer Information ▪Cash

Where is The Value Within Your Organization?

SLIDE 7

Who Are the Typical Actors?

Source: Corruption Perceptions Index

Internal External

Mistakes By Loyal Employees Or Contractors Careless Employees, Contractors, or Suppliers Disgruntled Current Employees Disgruntled Former Employees Competitors Hacktivists Foreign Governments

SLIDE 8

143 Million 57 Million 3 Billion 40 Million

Cyber Attacks and Senior Executive Accountability

SLIDE 9

1. Establish A Holistic Information Protection Program
2. Ensure Adequate Funding
3. Focus On Protecting What Matters (Crown Jewels)
4. Improve Your Ability To Detect Both Insider And Cyber-attacks
5. Stringent Credential Management
6. Control What Information Leaves
7. Discover The Weaknesses In Your Security

Practical Protection Elements

SLIDE 10

7 Elements to manage risks, organize/manage objectives and reporting

(Source

1. High-Level Responsibility
2. Written Policies & Procedures
3. Care in Delegation of Authority
4. Effective Education
5. Auditing, Monitoring, Reporting
6. Consistent Enforcement
7. Response to Violations

+1. Regular Risk Assessments

Elements of a Holistic Protection Program

SLIDE 11

Leadership Must Be Engaged In Protection Program! Ideal Intellectual Property Governance Structure A. CEO Has Ownership With Board Routinely Engaged

▪ Actions: Data Protection Included In Routine Reviews With Businesses And Functions

B. Governance Team: Recommends Corporate Info Protection Policy

▪ Actions: Approve Program Plans, Eliminate Barriers, Influence Executive Peers…

C. Cross-Functional IP Risk Team

▪ Lead By Corporate Process Leader; Includes Leaders From Info Security , Corp Security, Compliance, Select Business Functions

D. Business & Functional IP Protection Leadership Team (Global)

▪ Leader For Every Business And Function (E.G. R&D, Engineering, Legal, HR, Ops). ▪ Actions: Education, Identification, Classification, Protection Initiatives, Business Process Changes

High-Level Responsibility

SLIDE 12

▪The Crown Jewels ▪Going Against the Tide ▪The Importance of Prioritization

Illustrative Moments

SLIDE 13

1. Intellectual Property can be hard to define
2. Efforts at the InfoSec Level
3. Make it a Business Wide Initiative
4. Make it a CEO Priority
5. Make it a Company Wide Effort

Visibility into the Crown Jewels

SLIDE 14

1. Identify And Classify Your Crown Jewels
2. Get Business Wide Buy In on Crown Jewels

(and their value)

3. Establish “Secure Electronic Zones” Or Vaults
4. Implement Strong IP Protection Controls
5. Protect Content In Cloud Services (I.E.

Salesforce, Dropbox)

Visibility into the Crown Jewels

SLIDE 15

▪Open and Collaborative Environment

▪ Drive Productivity, Efficiency, Innovation, and Growth

▪Visibility is Good for Security Teams; Also Good for Employees ▪Spotted an Incident In-Process ▪Swing the Pendulum The Other Way… Without Negative Impacts

Changing the Tide

SLIDE 16

Cannot focus on just keeping the bad guys out, must focus on keeping your valuables from leaving ▪ Consider authentication for outbound access to Internet ▪ Block/Restrict outbound protocols (FTP, SSH, Telnet) ▪ Restrict access to “uncategorized” web sites ▪ Block server access to Internet or white-list the few that need it ▪ Block HTTPS connections to sites with self-signed certificates ▪ Restrict use of file sharing sites (Dropbox), Skype and personal web-mail unless additional controls are in place ▪ Must control content when PCs or mobile devices leave corporate environment

Changing the Tide

SLIDE 17

▪IP Heavy Organization

▪ Granted 900+ patents in 2011 ▪ Over 50,000 active patents today

▪Employee Data

▪ PII, PCI, PHI

▪Internal and External Threats

The Importance of Prioritization

SLIDE 18

▪Monitor Inbound Files For Malware ▪Monitor, Alert, And Block (When Possible) Unusual Activities ▪Security Information & Event Management ▪Strong Analytical Capability To Detect Anomalous Activities (C&C)

Improve Your Ability To Detect Both Insider And Cyber-attacks

SLIDE 19

▪ All Companies Should Assume Both Insider And Cyber Attacks Are Occurring ▪ No “Silver Bullet” Solutions – Requires A Comprehensive Approach

▪ Process, People, And Technology ▪ Leverage Frameworks And Standards (ITIL, ISO 27K, …)

▪ Most Advanced Cyber Attacks Involve Compromising Privileged Credentials

▪ Implementing Strong Controls For All Privileged Accounts, Including End-point Devices, Is Necessary To Have Any Chance On Defending Against Today’s Threats

▪ Classical Security Controls (AV, FW, IPS, Etc) Are Still Necessary But Insufficient For Today’s Threats ▪ Collaborate To Learn About Attackers And Best Defenses – You Cannot Fight This Alone! ▪ This Is A Long-term Issue And Requires Continuous Improvements As Adversaries Change Approaches

Final Thoughts…

SLIDE 20

Digital Guardian CISO Mentoring Webinar Series

20

SLIDE 21

Agenda

▪ Week 1 - Digital Guardian to Up Your Game ▪ Week 2 - Digital Guardian and Strategic Data Protection ▪ Week 3 - Digital Guardian and Documented Improvement

SLIDE 22

Digital Guardian and Documented Improvement

Customer Success Stories

22

SLIDE 23

Digital Guardian Success Stories

▪ Going Rogue ▪ Visibility ▪ Consolidated

23

SLIDE 24

Identifying and Stopping Rogue a Employee

24

Evolution of an Insider Attack

May

Hacker Tool Downloads

October

Compromised 5 Hosts

August

Installed Keyboard Logger on Personal PC

December

Compromised 3 Hosts

June

Employee Termination

May

EDR Installed EDR Detection

SLIDE 25

Business Wide Data Visibility and IP Protection

25

SLIDE 26

Consolidated EDR and DLP

26

SLIDE 27

First & Only Unified Internal & External Risk Visibility

27

Endpoint Detection & Response Data Loss Prevention User & Entity Behavior Analytics

Single Console; Single Agent

SLIDE 28

Digital Guardian Sees All Risks to Your Data

28

SLIDE 29

A Recognized Leader. Just ask Gartner and Forrester

Digital Guardian is the only Leader in both Enterprise Data Loss Prevention and Endpoint Detection & Response

Magic Quadrant Leader Wave Leader

SLIDE 30

Q & A

Thank You.

Larry Brock Principal BCS Consulting

SLIDE 31

Digital Guardian’s Next Webinar:

Understand, Deploy, and Hunt with MITRE’s ATT&CK Framework

The blueprint for repeatable threat hunting success

▪ December 12 @ 1:00 PM ET

Tim Bandos – VP Cybersecurity – Digital Guardian
Bill Bradley – Director Product Marketing - Digital Guardian

▪ Watch this webcast to learn:

The key elements of the MITRE ATT&CK framework
How to get started and operationalize a threat hunt framework
Advanced techniques to safeguard your organization and grow

your security knowledge

31

Register: https://info.digitalguardian.com/webinar-understand-deploy-hunt-with-mitre-attck-framework.html