Date post: | 15-Jan-2015 |
Category: |
Technology |
Upload: | skybox-security |
View: | 1,087 times |
Download: | 3 times |
Tech Forum 2012:
Security at the Breaking Point a
presented by
Gidi Cohen
CEO and Founder
April 19, 2012
© 2012 Skybox Security 1
A Few Facts About Skybox
© 2012 Skybox Security
• 85% growth in 2011
• 300 Global 2000 customers
• Financial Services, Government, Defense,
Energy & Utilities, Retail, Service
Providers, Manufacturing, Tech
Today
2
• Founded in 2002
• First risk management product in 2004
• Now - portfolio of automated security
management tools on common platform
Pioneer in Security Risk Management
Let’s roll back the clock to 2002
© 2012 Skybox Security 3
Symantec reports 2,524 new
vulnerabilities identified in 2002
Palm Treo 2002
First smartphone
worm in 2004
Named a “top 100” private company
Founded in 2002
First product in 2004
Code Red and Nimda
are hot topics
Anti-virus software is
widely deployed
And roll it back even farther…
1984
© 2012 Skybox Security 4
DNS is introduced First domain name registered 1985
And Mark Zuckerberg was born
Macintosh introduced
128K RAM, GUI interface!
Fast Forward to 2012
Complexity is a Huge Challenge
Enterprise network
• 55,000 nodes
• 300 firewalls
• 25,000 rules
• 65 network changes/day
• 10,000 daily reported vulnerabilities
© 2012 Skybox Security 5
Heterogeneous Networks
are the Norm
© 2012 Skybox Security 6
Vulnerabilities and Threats Abound
© 2012 Skybox Security
access policy violations
Misconfigured firewall
asset vulnerabilities default password
USBs
missing IPS signature blocked rules
threat origins
access violation
buffer attack
social networks
social networks
social networks
social networks
access violation
access violation
access violation
default password
blocked rules access violation
social networks
social networks
access policy violations
default password
blocked rules access violation
social networks social networks
Misconfigured firewall
policy violation
blocked rules
Misconfigured firewall
missing IPS signature
blocked rules
Misconfigured firewall
missing IPS signature
blocked rules Misconfigured firewall
missing IPS signature
blocked rules
buffer attack
policy violation
buffer attack policy violation
buffer attack policy violation
USBs
USBs
USBs
threat origins
threat origins
threat origins
7
Too much
data
Limited
view
Reactive
Old Generation Technologies –
Can’t Keep Up
• Disruptive to the network
• Not suitable for daily operations
• Irrelevant for the Internet of Things
© 2012 Skybox Security 8
Vulnerability Scanners
• Too much data
• Lacks context to deal with incidents
Security Information & Event Management
(SIEM)
• Config management, not security
• No holistic view of network security
Network Configuration Management
Security is Unmanageable Painful, Costly, Reactive
© 2012 Skybox Security
Unable to keep pace with
network changes, new services
Damaging attacks, business
disruption, loss of IP
Compliance reporting
consumes scarce resources
Inefficient processes,
escalating management costs
9
It’s going to get a lot worse
© 2012 Skybox Security 10
(Mobile, Virtualization, Clouds)
Mobile Devices Everywhere
© 2012 Skybox Security 11
• Mobile data grew 2.3X
in 2011
• Entire Global internet
in 2000
75 PB • Mobile data traffic 2011
597 PB • Does your BYOD/mobile
strategy assume
7X growth by 2014?
Mobile Threats Took Off in Q4/11
© 2012 Skybox Security 12
Source: McAfee Q4 2011 Threat Report
Virtualized Servers the New Norm
2009 2010 2011 2012 2013 2014
% Virtualized Servers
!
© 2012 Skybox Security 13
• Server virtualization
hit 50% in 2011
• More virtualized servers
deployed in 2011 than in
2001 to 2009 combined
• Are you considering
security challenges of
virtual environments?
50%
70% forecast
Source: Consolidated from Gartner reports
18%
Cloud Services Use is Soaring
© 2012 Skybox Security 14
Source: Forrester Research, Sizing the Cloud, 2011
New Virtualization and Cloud
Security Concerns
• Complexity of hybrid environments
• physical, virtual, cloud – private, public, community
• Lack of visibility
• Novel threats and vulnerabilities • Hypervisor level
• Segmentation of virtual machines
• Security team losing control • Non-IT buyer
• Where is the data?
• What is the SLA?
• Are we in compliance?
© 2012 Skybox Security 15
BYOC
New Trend!
The Security Management Gap is
Widening Fast
• Think 16X
improvement in 4
years
• What will you do
differently?
• Prioritize and plan
accordingly
© 2012 Skybox Security 16
0
20
40
60
80
100
120
140
2009 2010 2011 2012 2013 2014
Security
challenges
Ability to execute
The Missing Piece:
Security Risk Management
© 2012 Skybox Security
• Cyber attack simulation – APT, malicious code
• Network security analysis – firewalls, network path analysis
• Security metrics
• Proactive, automated operation
• Scale to any environment
• Integrated with existing infrastructure
Cost Saving - Integrated into Daily Operations
• Networks, routers, firewalls, …
• End points – servers, desktops, virtual machines, mobile
• Cloud and virtualization infrastructure
Holistic Visibility of the IT Infrastructure
Predictive Security Analytics
17
Automated, Proactive
Security Operations
© 2012 Skybox Security
Fix exploitable
vulnerabilities
Prevent potential attack
scenarios
Keep firewalls
configured securely
Maintain
continuous
compliance
Gain network visibility
18
Today: Security Management
Landscape
IT GRC
Controls &
Regulations
Endpoint
Control
Patch
Management
SIEM
Event
Management
Log Analysis
Vulnerability
Discovery
Endpoint
Compliance Vulnerability
Scanners
SOC
Firewall and
Network Device
Management
Compliance Optimization
Change
Management
Security Risk
Management
© 2012 Skybox Security 19
2014: Integration is Critical
IT GRC
Controls &
Regulations
Endpoint
Control
Patch
Management
Event
Management
Log Analysis
Vulnerability
Discovery
Endpoint
Compliance
Security
Risk
Management
Firewall and
Network Device
Management
Compliance Optimization
Change
Management
Vulnerability
Scanners
SOC
Situational
Awareness
SIEM
© 2012 Skybox Security 20
Future Architecture of
Security Management
© 2012 Skybox Security 21
IT GRC – compliance reporting
Security Risk
Management (SRM)
Proactive, pre-attack
exposure management
Security Information &
Event Management
(SIEM)
Post-attack incident
management
Patch Management, Vulnerability Scanners,
Asset Management, Threat Intelligence,
Network & Security Configs,
Mobile Device Management
A lot of logs, events
network traffic
Evolution of
Security Risk Management
Use
Cases
Network
Environment
Platform
Today By 2014
Firewall and network
assessment
Risk assessment
Visualize
Assess
Plan
Traditional firewalls,
network devices, assets
Change management
Continuous monitoring
Next gen vulnerability mgmt
Threat response
Discover
Visualize
Assess
Plan
Remediate
Track
Extended network
environment
Virtual, Cloud, Mobile
Smart Grid
© 2012 Skybox Security 22
Start NOW!
Set the bar high
• Unbelievable scale
• Adapt to new architectures
© 2012 Skybox Security 23
Reinvent security management processes
• Integrated
• Proactive not reactive
Use the Force, Luke
• Smart analytics
• Decision support
Automate daily security tasks
Maintain compliance, prevent attacks
Visit www.skyboxsecurity.com
Thank you!
© 2012 Skybox Security 24