ORIGONEDISRUPTINGCYBERCRIME Using ORISECURE

Jonathan Partouche, CEO of ORIGONE 17th MAY 2017, IOThings MILANjpartouche@orisecure.com

ADVANCED ATTACKS INSIDERS INNOVATION COMPLIANCE

FROM_______________________________________________________________________________

► Broad threats► Individual hackers

► Disgruntled employees ► Technology and linear driven security strategy

► Checking the box► PCI compliance

TO_________________________________________________________________________________► Targeted and organized crime (i.e., ransomware)

► Outsiders and partnersbecoming insiders

► Agile security that moves with the business

► Continuous risk analysis► GDPR

Cybercrime will become a

$2.1 trillion problem by 2019

2016 insider attacks were

58 percent42% outsider attacks

By 2020, there will be

20.8 billionconnected “things”

GDPR fines can cost

billionsfor large global companies

- Juniper Research - 2017 IBM X-Force Report - Gartner - SecurityIntelligence.com

WHY SECURITY?

UNFORTUNATELY, WE ARE NOT THERE YET!!!

UNFORTUNATELY, WE ARE NOT THERE YET!!!

THE CYBERCRIMINAL ECOSYSTEM IS REAL AND SUCCESSFUL

Useful tip: Report (available here) that outlines how cyber criminals are organized, their methods & how their activities are monetized.

SECURITY INCIDENTS REMAIN ON THE INCREASE…

Saudi Arabia Says Aramco Cyberattack Came From Foreign States

– Bloomberg, Dec 2012

How to Hack Facebook In 60 Seconds– InformationWeek, June 2013Hackers in China Attacked The Times

for the Last 4 Months– The New York Times, Jan 2013

Fed Acknowledges Cybersecurity Breach– The Wall Street Journal, Feb 2013

South Carolina taxpayer server hacked, 3.6 million Social Security numbers compromised

– CNN, Oct 2012

Facebook hacked in 'sophisticated attack'– The Guardian, Feb 2013

Adobe Systems Reports Attack on Its Computer Network

– The Wall Street Journal, Oct 2013

Apple Hacked: Company Admits Development Website Was Breached

– Huffington Post, July 2013

Health insurer Anthem hacked (80 million patient and employee records affected)

– CRN, July 2015

Since 2013:. 23% increase in total cost of data breach. 12% percent increase in per capita costSource: 2015 Cost of Data Breach Study, Ponemon Institute

Source: PWC

Organizations Remain Unprepared to Respond to Cyberattacks

IBM and Ponemon Study Reveals Organizations Remain Unprepared to Respond to Cyberattacks

- Two-Year Study Shows Decline in Cyber Resilience in 2016

- Sixty-Six Percent Not Confident in Their Organization’s Ability to Recover from Cyberattacks

For the second straight year, the study showed that challenges with incident response (IR) are hindering Cyber Resilience. 70% of respondents admit they do not

have a formal cyber security incident response plan that is applied consistently across the organization. Of those with a CSIRP in place, 52% have either not

reviewed or updated the plan since it was put in place, or have no set plan for doing so. Additionally, 41% say the time to resolve a cyber incident has increased

in the past 12 months, compared to only 31% who say it has decreased.

Executive Summary available @ http://info.resilientsystems.com/ponemon-institute-study-the-2016-cyber-resilient-organization

Source: IBM X-Force Threat Intelligence Quarterly – 1Q 2015

Attack types

201240% increase

2013800,000,000+ records

2014Unprecedented impact

XSS SQLiMisconfig. Watering

Hole

Brute

Force

Physical

Access

Heartbleed Phishing DDoS Malware Undisclosed

$3.8Maverage cost of a data breachAverage consolidated total cost of a data breach (benchmark study of 350 companies spanning 11 countries), a 23 percent increase since 2013.

average time to detect APTs Malicious attacks can take an average of 256 days to identify

256 days

Source: 2015 Cost of Data Breach Study, Ponemon Institute

Because conventional safeguards are not working

Organizations Need to Speed Up Breach Detection

83%

of enterprises have difficultyfinding the security skills they need

2012 ESG Research

85 security tools from

45 vendorsIBM client example

Traditional security practices are unsustainable

of security executives havecloud and mobile concerns2013 IBM CISO Survey

70%Mobile malware growth

in just one year2012-2013 Juniper Mobile Threat Report

614%

Because new technologies introduce new risks

Because of the Cyber Security Skills Crisis

Enterprises are under siege from a rising volume of cyberattacks. At the same time, the global demand for skilled professionals sharply outpaces supply.

Escalating Attacks Increasing Complexity Resource Constraints

• Increasingly sophisticated attack methods

• Disappearing perimeters• Accelerating security breaches

• Constantly changing infrastructure• Too many products from multiple

vendors; costly to configure and manage

• Inadequate and ineffective tools

• Struggling security teams• Too much data with limited skills*

& manpower to manage it all• Managing & monitoring increasing

compliance demands

Spear Phishing

Persistence

Backdoors

Designer Malware

* Even when security projects are successfully funded, many CISOs encounter roadblocks to implementation, especially when it comes to finding the right skills.

Source: IBM 2015 CISO Report «From checkboxes to frameworks»

Because of those challenges

Securing today’s businesses requires a new approach & a new set of capabilities.

Securing IOT is a major challenge!

SECURITY HAS TO BE ESTABLISHED AS AN IMMUNE SYSTEM

• Security has to be established as an Immune System to help

• Optimize the Customer’s Security Programs (to move from Compliance to Risk Management)

• Stop Advanced Threats

• Protect Critical Assets

• Safeguard Cloud & Mobile

https://www-01.ibm.com/common/ssi/cgi-

bin/ssialias?htmlfid=SEL03111USEN&#

Executive Report

Cybersecurity in the cognitive eraPriming your digital immune system

A SECURITY IMMUNE SYSTEM

Criminal detection

Fraud protection

Workloadprotection

Cloud accesssecurity broker

Access managementEntitlements and roles

Privileged identity management

Identity management

Data access control

Application security managementApplication scanning

Data monitoring

Device management

Transaction protection

Content security

Malware protection

Endpoint detectionand response

Endpoint patching and management

Virtual patching

Firewalls

Network forensics and threat management

Sandboxing

Network visibility and segmentation

Indicators of compromise

IP reputation Threat sharing

Vulnerability management Incident response

User behavior analysis

Threat hunting & investigationCognitive security

Threat and anomaly detection

A SECURITY IMMUNE SYSTEM

Criminal detection

Fraud protection

Workloadprotection

Cloud accesssecurity broker

Access managementEntitlements and roles

Privileged identity management

Identity management

Data access control

Application security managementApplication scanning

Data monitoring

Device management

Transaction protection

Content security

Malware protection

Endpoint detectionand response

Endpoint patching and management

Virtual patching

Firewalls

Network forensics and threat management

Sandboxing

Network visibility and segmentation

Indicators of compromise

IP reputation Threat sharing

Vulnerability management Incident response

User behavior analysis

Threat hunting & investigationCognitive security

Threat and anomaly detection

WHERE SHOULD IOT

SECURITY BE?

SECURITY TRANSFORMATION SERVICESManagement consulting | Systems integration | Managed security

Mobile Trust IOT Mobile

IOT Rapport

IOT Pinpoint

INFORMATION RISKAND PROTECTION

AppScan

SDS

Cloud Security

Privileged Identity Manager

Identity Governance and Access

Cloud Identity ServiceKey Manager

Protect ID

THE ORISECURE IMMUNE SYSTEM

WEBINT Dark/Deep/Open

Incident Forensics

Guarded ID Network Security

Mobile Trust App SDK

SECURITY OPERATIONSAND RESPONSE

Vulnerability / Risk Manager Resilient Incident Response

User Behavior Analytics

Enterprise Visibility Analysis Advisor with Watson

Ecosystem Partners

IOT SECURITY

17

Our History

Copyrighted and Confidential

Created 2014

Employees/Consultants

25

Clients 100+

HQ Oxford, UK

Awards EIT Digital (Commission EU)

Investment Roadmap 2M£ from corporate VCsCES 2017, Las Vegas (USA)Startup Grind, San Francisco (USA)

Patents from military and académicresearch (UK, France, USA, Israel)

ORISECURE is built through extensions of partnership developments with

royalties and concessions around the world (Universities, Laboratoiries: militairy, private & public) by the

founders of ORIGONE

+15