origone disrupting cyber crime - … % of enterprises have difficulty finding the security skills...
Post on 28-Mar-2018
213 Views
Preview:
TRANSCRIPT
ORIGONEDISRUPTINGCYBERCRIME Using ORISECURE
Jonathan Partouche, CEO of ORIGONE 17th MAY 2017, IOThings MILANjpartouche@orisecure.com
ADVANCED ATTACKS INSIDERS INNOVATION COMPLIANCE
FROM_______________________________________________________________________________
► Broad threats► Individual hackers
► Disgruntled employees ► Technology and linear driven security strategy
► Checking the box► PCI compliance
TO_________________________________________________________________________________► Targeted and organized crime (i.e., ransomware)
► Outsiders and partnersbecoming insiders
► Agile security that moves with the business
► Continuous risk analysis► GDPR
Cybercrime will become a
$2.1 trillion problem by 2019
2016 insider attacks were
58 percent42% outsider attacks
By 2020, there will be
20.8 billionconnected “things”
GDPR fines can cost
billionsfor large global companies
- Juniper Research - 2017 IBM X-Force Report - Gartner - SecurityIntelligence.com
WHY SECURITY?
THE CYBERCRIMINAL ECOSYSTEM IS REAL AND SUCCESSFUL
Useful tip: Report (available here) that outlines how cyber criminals are organized, their methods & how their activities are monetized.
SECURITY INCIDENTS REMAIN ON THE INCREASE…
Saudi Arabia Says Aramco Cyberattack Came From Foreign States
– Bloomberg, Dec 2012
How to Hack Facebook In 60 Seconds– InformationWeek, June 2013Hackers in China Attacked The Times
for the Last 4 Months– The New York Times, Jan 2013
Fed Acknowledges Cybersecurity Breach– The Wall Street Journal, Feb 2013
South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised
– CNN, Oct 2012
Facebook hacked in 'sophisticated attack'– The Guardian, Feb 2013
Adobe Systems Reports Attack on Its Computer Network
– The Wall Street Journal, Oct 2013
Apple Hacked: Company Admits Development Website Was Breached
– Huffington Post, July 2013
Health insurer Anthem hacked (80 million patient and employee records affected)
– CRN, July 2015
Since 2013:. 23% increase in total cost of data breach. 12% percent increase in per capita costSource: 2015 Cost of Data Breach Study, Ponemon Institute
Source: PWC
Organizations Remain Unprepared to Respond to Cyberattacks
IBM and Ponemon Study Reveals Organizations Remain Unprepared to Respond to Cyberattacks
- Two-Year Study Shows Decline in Cyber Resilience in 2016
- Sixty-Six Percent Not Confident in Their Organization’s Ability to Recover from Cyberattacks
For the second straight year, the study showed that challenges with incident response (IR) are hindering Cyber Resilience. 70% of respondents admit they do not
have a formal cyber security incident response plan that is applied consistently across the organization. Of those with a CSIRP in place, 52% have either not
reviewed or updated the plan since it was put in place, or have no set plan for doing so. Additionally, 41% say the time to resolve a cyber incident has increased
in the past 12 months, compared to only 31% who say it has decreased.
Executive Summary available @ http://info.resilientsystems.com/ponemon-institute-study-the-2016-cyber-resilient-organization
Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015
Attack types
201240% increase
2013800,000,000+ records
2014Unprecedented impact
XSS SQLiMisconfig. Watering
Hole
Brute
Force
Physical
Access
Heartbleed Phishing DDoS Malware Undisclosed
$3.8Maverage cost of a data breachAverage consolidated total cost of a data breach (benchmark study of 350 companies spanning 11 countries), a 23 percent increase since 2013.
average time to detect APTs Malicious attacks can take an average of 256 days to identify
256 days
Source: 2015 Cost of Data Breach Study, Ponemon Institute
Because conventional safeguards are not working
Organizations Need to Speed Up Breach Detection
83%
of enterprises have difficultyfinding the security skills they need
2012 ESG Research
85 security tools from
45 vendorsIBM client example
Traditional security practices are unsustainable
of security executives havecloud and mobile concerns2013 IBM CISO Survey
70%Mobile malware growth
in just one year2012-2013 Juniper Mobile Threat Report
614%
Because new technologies introduce new risks
Because of the Cyber Security Skills Crisis
Enterprises are under siege from a rising volume of cyberattacks. At the same time, the global demand for skilled professionals sharply outpaces supply.
Escalating Attacks Increasing Complexity Resource Constraints
• Increasingly sophisticated attack methods
• Disappearing perimeters• Accelerating security breaches
• Constantly changing infrastructure• Too many products from multiple
vendors; costly to configure and manage
• Inadequate and ineffective tools
• Struggling security teams• Too much data with limited skills*
& manpower to manage it all• Managing & monitoring increasing
compliance demands
Spear Phishing
Persistence
Backdoors
Designer Malware
* Even when security projects are successfully funded, many CISOs encounter roadblocks to implementation, especially when it comes to finding the right skills.
Source: IBM 2015 CISO Report «From checkboxes to frameworks»
Because of those challenges
Securing today’s businesses requires a new approach & a new set of capabilities.
Securing IOT is a major challenge!
SECURITY HAS TO BE ESTABLISHED AS AN IMMUNE SYSTEM
• Security has to be established as an Immune System to help
• Optimize the Customer’s Security Programs (to move from Compliance to Risk Management)
• Stop Advanced Threats
• Protect Critical Assets
• Safeguard Cloud & Mobile
https://www-01.ibm.com/common/ssi/cgi-
bin/ssialias?htmlfid=SEL03111USEN&#
Executive Report
Cybersecurity in the cognitive eraPriming your digital immune system
A SECURITY IMMUNE SYSTEM
Criminal detection
Fraud protection
Workloadprotection
Cloud accesssecurity broker
Access managementEntitlements and roles
Privileged identity management
Identity management
Data access control
Application security managementApplication scanning
Data monitoring
Device management
Transaction protection
Content security
Malware protection
Endpoint detectionand response
Endpoint patching and management
Virtual patching
Firewalls
Network forensics and threat management
Sandboxing
Network visibility and segmentation
Indicators of compromise
IP reputation Threat sharing
Vulnerability management Incident response
User behavior analysis
Threat hunting & investigationCognitive security
Threat and anomaly detection
A SECURITY IMMUNE SYSTEM
Criminal detection
Fraud protection
Workloadprotection
Cloud accesssecurity broker
Access managementEntitlements and roles
Privileged identity management
Identity management
Data access control
Application security managementApplication scanning
Data monitoring
Device management
Transaction protection
Content security
Malware protection
Endpoint detectionand response
Endpoint patching and management
Virtual patching
Firewalls
Network forensics and threat management
Sandboxing
Network visibility and segmentation
Indicators of compromise
IP reputation Threat sharing
Vulnerability management Incident response
User behavior analysis
Threat hunting & investigationCognitive security
Threat and anomaly detection
WHERE SHOULD IOT
SECURITY BE?
SECURITY TRANSFORMATION SERVICESManagement consulting | Systems integration | Managed security
Mobile Trust IOT Mobile
IOT Rapport
IOT Pinpoint
INFORMATION RISKAND PROTECTION
AppScan
SDS
Cloud Security
Privileged Identity Manager
Identity Governance and Access
Cloud Identity ServiceKey Manager
Protect ID
THE ORISECURE IMMUNE SYSTEM
WEBINT Dark/Deep/Open
Incident Forensics
Guarded ID Network Security
Mobile Trust App SDK
SECURITY OPERATIONSAND RESPONSE
Vulnerability / Risk Manager Resilient Incident Response
User Behavior Analytics
Enterprise Visibility Analysis Advisor with Watson
Ecosystem Partners
IOT SECURITY
17
Our History
Copyrighted and Confidential
Created 2014
Employees/Consultants
25
Clients 100+
HQ Oxford, UK
Awards EIT Digital (Commission EU)
Investment Roadmap 2M£ from corporate VCsCES 2017, Las Vegas (USA)Startup Grind, San Francisco (USA)
Patents from military and académicresearch (UK, France, USA, Israel)
ORISECURE is built through extensions of partnership developments with
royalties and concessions around the world (Universities, Laboratoiries: militairy, private & public) by the
founders of ORIGONE
+15
top related