microfocuscybersummit
play

#MicroFocusCyberSummit Preparing for When Your Organization Will be - PowerPoint PPT Presentation

Jul 30, 2023 •129 likes •501 views

#MicroFocusCyberSummit Preparing for When Your Organization Will be Breached: Prioritizing and Protecting Paulo Veloso Shogo Cottrell #MicroFocusCyberSummit Whats happening in the market? Approximately 40,000 Tesco Bank accounts were

  1. #MicroFocusCyberSummit

  2. Preparing for When Your Organization Will be Breached: Prioritizing and Protecting Paulo Veloso Shogo Cottrell #MicroFocusCyberSummit

  3. What’s happening in the market? “Approximately 40,000 Tesco Bank accounts were compromised in a cyberattack” November 2016 98% companies were victims of cyber attack in the year 2016. Ponemon Institute Study 66% of consumers will stop doing business with a company that has suffered a cyber breach. Study by Centrify 3

  4. The World is Feeling the Economic Pressures World Economic Forum – 2018 Global Risk Report Top 10 risks in terms of likelihood #3 – Cyber attacks 2015 2016 Today Attack on Ukraine’s power SWIFT attack led to the European Aviation Safety grid shut down 30 theft of US$81 million from Agency has stated their substations , interrupting the central bank of systems are subject to an power to 230,000 people Bangladesh average of 1,000 attacks each month Global interconnectedness continues to expand the attack surface 4

  5. What is the Impact? Cost of breach as 40% increase in high as data breach last year $74 million - Identity Theft Resource Center - Ponemon Institute study 90 % CFOs claim cyber-security concerns as the primary reason to implement new software security tools BDO Survey, 2015 5

  6. Cyber Risk Increased The new battlefield Patch or perish Monetization of malware Vanishing perimeter Back to the basics Ransomware Perimeter in your pocket Unintended consequences ATM-malware Defending interactions Vendor transparency Banking Trojans between users, apps, and data 6

  7. Cycle of Security – Breaking the Cyber Kill Chain

  8. 8

  9. Security Focus Areas – IDENTITY What to Prioritize and Protect & ACCESS • Adaptive Identity governance • Adaptive access management • Adaptive privileged users APP ENDPOINT SECURITY SECURITY • Lifecycle management • Static, Dynamic, & Runtime • Patching & containerization application testing • Application virtualization • Application security-as-a- • Mobile & server management service ANALYTICS & MACHINE LEARNING DATA SECURITY SECURITY OPERATIONS • Data de-identification • Real-time detection (encryption/tokenization) • Workflow automation • Key management • Open source data ingestion • Hardware-based trust assurance • Hunt and investigation GOVERNANCE, • Messaging security RISK & COMPLIANCE • eDiscovery & Classification • Information Management 9

  10. Security Focus Areas – What to Prioritize and Protect IDENTITY & ACCESS • Adaptive Identity governance • Adaptive access management • Adaptive privileged users APP ENDPOINT SECURITY SECURITY • Lifecycle management • Static, Dynamic, & Runtime • Patching & containerization application testing • Application virtualization • Application security-as-a- • Mobile & server management service ANALYTICS & MACHINE LEARNING DATA SECURITY SECURITY OPERATIONS • Data de-identification • Real-time detection (encryption/tokenization) • Workflow automation • Key management • Open source data ingestion • Hardware-based trust assurance • Hunt and investigation • Messaging security 10

  11. Identity Powers the Future of IT Cloud Identity Access Insight Users Salesforce Workday Office365 SAP … Devices Hybrid Azure AWS Things …  Governance  Risk Based Access  SIEM On-Premise  Provisioning  SSO  File Integrity  Privileged Identity  Privileged Access  Privileged Monitoring  Self Service  Federation  Configuration Services Monitoring  Social Registration  Multi-Factor  Change Monitoring  Unified Identity  Mobile  Analytics  Roles  Social Access  Data Security  Analytics  Analytics  Data Security  Data Security

  12. Identity Self Services Self Service Identity Management Password Reset Identity Manager Identity, Governance & Administration Identity Governance Identity Governance & Compliance Powered Security

  13. WebAccess Access Manager Access Enterprise Access Identity Secure Login Powered Security

  14. Identity Powered Security Authentication Advanced Authentication

  15. Identity Powered Security Privileged Accounts Privileged Account Manager Security Directory & Resource Administrator Secure Administration Group Policy Administrator

  16. Identity Powered Security SIEM Sentinel Change Guardian Reporting and Logging Activity Monitoring

  17. Identity Self Services Self Service WebAccess Identity Management Password Reset Identity Manager Access Manager Identity, Governance & Administration Access Identity Enterprise Access Governance Identity Governance & Secure Compliance Login Powered Security Privileged Accounts Authentication Privileged Account Advanced Manager Authentication SIEM Security SIEM Directory & Resource Administrator Secure Administration Reporting and Logging Group Policy Administrator Activity Monitoring

  18. Security Focus Areas – What to prioritize and protect IDENTITY & ACCESS • Adaptive Identity governance • Adaptive access management • Adaptive privileged users APP ENDPOINT SECURITY SECURITY • Lifecycle management • Static, Dynamic, & Runtime • Patching & containerization application testing • Application virtualization • Application security-as-a- • Mobile & server management service ANALYTICS & MACHINE LEARNING DATA SECURITY SECURITY OPERATIONS • Data de-identification • Real-time detection (encryption/tokenization) • Workflow automation • Key management • Open source data ingestion • Hardware-based trust assurance • Hunt and investigation • Messaging security 18

  19. Best Approach: Build It In The only way to keep up is to build security into your processes and tools Key Concerns  Business requires an increasing number of applications and faster release cycles – hard for security to keep up  Development and security teams are not integrated  Tools across different teams are not standardized Percentage of security incidents from exploits 90 90 % against defects in the design or code of software. 1 80 80 % Percentage of applications containing at least one critical or high vulnerability. 2 Source: 1 U.S. Department of Homeland Security’s U.S. Computer Emergency Response Team (US -CERT) 19 2 2017 Application Security Research Update” by the HPE Software Security Research team, 2017

  20. Best Approach: Build It In The only way to keep up is to build security into your processes and tools Solution Discussion  The average cost of a security breach is $3.62M 1  The key to effective application security is to build it in to the development process − Vulnerabilities found in the production/post-release phase are 30 times more costly to fix than vulnerabilities found earlier in the lifecycle. 2 Source: 1 2017 Ponemon Institute Cost of Data Breach Study 20 2 National Institute of Standards & Technology (NIST)

  21. The Only Way to Keep Up is to “Build It In” DevSecOps Static Code Analysis Real-time Application Static Code Analyzer (SCA) Self Protection Dev Ops Create Plan Prevent Detect Continuous Continuous Improvement Configuration Monitoring Monitoring Continuous Continuous and and Integration Monitoring Analytics Analytics Continuous Continuous Deployment Learning Verify Preprod Predict Respond Dynamic Application Continuous Delivery Security Testing Source: “10 Things to Get Right for Successful DevSecOps ,” Gartner, Inc., 2017 21 21

  22. Implementing an End-to-End AppSec Strategy Static Code Analysis Web Dynamic Testing Runtime Protection (SAST) (DAST) (RASP) Management Console Static Code Analyzer (SCA) WebInspect App Defender Test, Design Code Integration & Production Staging Application Development IT Operations 22

  23. Security Focus Areas – What to prioritize and protect IDENTITY & ACCESS • Adaptive Identity governance • Adaptive access management • Adaptive privileged users APP ENDPOINT SECURITY SECURITY • Lifecycle management • Static, Dynamic, & Runtime • Patching & containerization application testing • Application virtualization • Application security-as-a- • Mobile & server management service ANALYTICS & MACHINE LEARNING DATA SECURITY SECURITY OPERATIONS • Data de-identification • Real-time detection (encryption/tokenization) • Workflow automation • Key management • Open source data ingestion • Hardware-based trust assurance • Hunt and investigation • Messaging security 23

  24. Endpoint Security Securing the digital workspace USER WORKSPACE Automation | User configuration self-services Configuration Management, Endpoint Security, Mobile Workspace, Service Desk, Patch Management, Desktop Service Desk, Mobile Workspace, Desktop Containers Containers, Asset Management Self-services Self-services Data Devices Data Devices User Based Single pane of glass Compliance Asset Management, Patch Management, FDE, The ZENworks Control Center / Common End Endpoint Security BYOD Apps BYOD Apps User Portal Security Full Disk Encryption, Endpoint Security, Mobile Workspace, Desktop Containers, Patch Management 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

#MicroFocusCyberSummit ZENworks Keynote Session Gil Cattelain Jason Blackett

#MicroFocusCyberSummit ZENworks Keynote Session Gil Cattelain Jason Blackett

#MicroFocusCyberSummit ZENworks Keynote Session Gil Cattelain Jason Blackett #MicroFocusCyberSummit Business Challenges Our Products How We Solve Challenges Roadmap Solution and Vision Any Questions Secure Unified Endpoint Management

878 views • 69 slides
#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and

#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and

#MicroFocusCyberSummit Shifting Security Left Bringing security into continuous integration and delivery Brenton Scott Witonski <>< , Acxiom Brandon Spruth, Target Lucas von Stockhausen, Fortify #MicroFocusCyberSummit WHY ARE YOU

711 views • 44 slides
#MicroFocusCyberSummit Data Simplicity: ArcSight Data Platform enhances enterprise data via the

#MicroFocusCyberSummit Data Simplicity: ArcSight Data Platform enhances enterprise data via the

#MicroFocusCyberSummit Data Simplicity: ArcSight Data Platform enhances enterprise data via the Common Event Format Peter Titov Micro Focus #MicroFocusCyberSummit Agenda Usage What do we ask of our data? Ingestion How do we get our data

217 views • 20 slides
#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent

#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent

#MicroFocusCyberSummit Access Management: The Glue between Business Value and Security Kent Purdy Chan Yoon Product Marketing Manager Director of Product Management #MicroFocusCyberSummit security leaders regard achieving and 68 %

700 views • 26 slides
#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason

#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason

#MicroFocusCyberSummit Securing Your Devices and Data with ZENworks Darrin VandenBos Jason Blackett #MicroFocusCyberSummit Agenda Security threats in todays world How do you protect your endpoints? Key takeaways 3 Security Threats in

797 views • 23 slides
#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for

#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for

#MicroFocusCyberSummit Automate Static and Dynamic Scans, CI/CD Integrations and Auditing for Fast, Reliable Results Rick Smith, Senior Product Manager Jimmy Rabon, Senior Product Manager #MicroFocusCyberSummit Automation Static Analysis

583 views • 22 slides
#MicroFocusCyberSummit Voltage Data Security Product Direction Reiner Kappenberger Director of

#MicroFocusCyberSummit Voltage Data Security Product Direction Reiner Kappenberger Director of

#MicroFocusCyberSummit Voltage Data Security Product Direction Reiner Kappenberger Director of Product Management #MicroFocusCyberSummit The Challenges of Innovation Threats Regulations Data Breaches CCPA Big Data Malicious Insiders

429 views • 15 slides
#MicroFocusCyberSummit Regulatory Change in GDPR and the U.S. Moderated session with product

#MicroFocusCyberSummit Regulatory Change in GDPR and the U.S. Moderated session with product

#MicroFocusCyberSummit Regulatory Change in GDPR and the U.S. Moderated session with product leaders Nathan Turajski - Moderator Joe Garber Luther Martin Rob Roy #MicroFocusCyberSummit Max Averbukh Moderated Session with Product Leaders

340 views • 10 slides
#MicroFocusCyberSummit Global Protection and Awareness through Data Analytics, Threat Detection

#MicroFocusCyberSummit Global Protection and Awareness through Data Analytics, Threat Detection

#MicroFocusCyberSummit Global Protection and Awareness through Data Analytics, Threat Detection and Pattern Recognition Charles Clawson, ArcSight Marketing Manager Steven Riley, ArcSight Technical Marketing Manager #MicroFocusCyberSummit

1.09k views • 64 slides
#MicroFocusCyberSummit SecureData Sentry Accelerate your migration to cloud workloads Alistair

#MicroFocusCyberSummit SecureData Sentry Accelerate your migration to cloud workloads Alistair

#MicroFocusCyberSummit SecureData Sentry Accelerate your migration to cloud workloads Alistair Rigg & Phil Sewell #MicroFocusCyberSummit Enterprise Cloud Trends and Risks Cloud Trends Security Risks and Concerns An average of Cloud is

905 views • 34 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Yes it is Possible Jamie Manuel Product Marketing Manager #MicroFocusCyberSummit At Micro

Yes it is Possible Jamie Manuel Product Marketing Manager #MicroFocusCyberSummit At Micro

Deliver Strong Governance and Administration and Deliver Business Value ... Yes it is Possible Jamie Manuel Product Marketing Manager #MicroFocusCyberSummit At Micro Focus, we believe IDENTITY Analytics Role Self-Service Management

363 views • 17 slides
#MicroFocusCyberSummit ArcSight is an Open Architecture for SecOps Marius Iversen KPN ZM OPS

#MicroFocusCyberSummit ArcSight is an Open Architecture for SecOps Marius Iversen KPN ZM OPS

#MicroFocusCyberSummit ArcSight is an Open Architecture for SecOps Marius Iversen KPN ZM OPS TRS Security Services Contents Introduction Business Use Cases 01 05 What makes API Important? Open Source Initiatives 02 06 ArcSight Logger

228 views • 22 slides
Strong Privilege Management #MicroFocusCyberSummit What are the crown jewels for IT? Email

Strong Privilege Management #MicroFocusCyberSummit What are the crown jewels for IT? Email

Protecting the Crown Jewels through Strong Privilege Management #MicroFocusCyberSummit What are the crown jewels for IT? Email People Customer Data 3 How will you do it? 4 Role of IT in 2018 To securely build and deliver reliable,

242 views • 20 slides
Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit

Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit

Using Automatic and Manual Tests for Static, Dynamic, and Mobile with Fortify on Demand Rick Smith Product Manager #MicroFocusCyberSummit Agenda Identifying the cost Identifying the tool A quick case study 2 Thinking about the cost 3

261 views • 25 slides
On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman #MicroFocusCyberSummit Primary

On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman #MicroFocusCyberSummit Primary

The Hybrid Enterprise: Working Across On-premises, IaaS, PaaS and SaaS Rob Aragao & Stan Wisseman #MicroFocusCyberSummit Primary Goal of Businesses Today Drive Digital Transformation !! 2 For Most Organizations, Digital Transformation =

613 views • 25 slides
Security Presentation 1 School-based Security Staffing Security assistants are assigned to

Security Presentation 1 School-based Security Staffing Security assistants are assigned to

MCPS School Safety and Security Presentation 1 School-based Security Staffing Security assistants are assigned to every secondary school. Security team leaders are assigned to every high school and work often with feeder schools.

583 views • 27 slides
Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is access control? Access control is the part of security that constrains the actions that are performed in a system based on access control rules .

1.4k views • 113 slides
Corporate presentation Rhea - Because Data Matters Legacy and Self-Service Applications High

Corporate presentation Rhea - Because Data Matters Legacy and Self-Service Applications High

Corporate presentation Rhea - Because Data Matters Legacy and Self-Service Applications High maintenance cost A legacy application is like an antique car it may continue to operate, but every additional year of usage makes it more fragile

382 views • 21 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN SAFER By DESIGN PRESENTED BY GREG PERKINS

CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN SAFER By DESIGN PRESENTED BY GREG PERKINS

LIAHONA SECURITY CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN SAFER By DESIGN PRESENTED BY GREG PERKINS RELATIONSHIP BETWEEN PEOPLE & PLACES People live in the built environment, & the built environment influences how people

642 views • 27 slides
COMPACFLT - EDAC Enterprise Dynamic Access Control (EDAC) Point of Contact: Richard Fernandez

COMPACFLT - EDAC Enterprise Dynamic Access Control (EDAC) Point of Contact: Richard Fernandez

COMPACFLT - EDAC Enterprise Dynamic Access Control (EDAC) Point of Contact: Richard Fernandez fernandr@spawar.navy.mil Approved for public release; distribution is unlimited. "The United States Government has certain intellectual property

533 views • 40 slides
Releases Christopher McIntosh Lead Market Simulation Coordinator Independent 2017 Releases

Releases Christopher McIntosh Lead Market Simulation Coordinator Independent 2017 Releases

Market Simulation Independent 2017 Releases Christopher McIntosh Lead Market Simulation Coordinator Independent 2017 Releases Market Simulation September 11, 2017 Agenda ISO Market Simulation Support Market Simulation Issue

374 views • 13 slides
FF Group ANPR App on Hanwha cameras f o r s a l e s a n d p r o d u c t m a n a g e r s PL

FF Group ANPR App on Hanwha cameras f o r s a l e s a n d p r o d u c t m a n a g e r s PL

FF Group ANPR App on Hanwha cameras f o r s a l e s a n d p r o d u c t m a n a g e r s PL PL LV LV PL PL IRL FIN PL IRL FIN GEO GEO GEO GEO H H H H IRL IRL IRL IRL LV H LV H FIN FIN PL PL LV LV PL PL PL

385 views • 17 slides

More recommend