mentoring webinar series
play

Mentoring Webinar Series Stories From the CISO Trenches 1 About - PowerPoint PPT Presentation

Digital Guardian CISO Mentoring Webinar Series Stories From the CISO Trenches 1 About Larry Brock Principal at Brock Cyber Security Consulting LLC Former Global Chief Information Security Officer (CISO) at DuPont (11 years) Held


  1. Digital Guardian CISO Mentoring Webinar Series Stories From the CISO Trenches 1

  2. About Larry Brock ▪ Principal at Brock Cyber Security Consulting LLC ▪ Former Global Chief Information Security Officer (CISO) at DuPont (11 years) ▪ Held additional IT, Research and Marketing Positions at DuPont ▪ Information Security Officer within the U.S. Air Force. NSA ▪ Mr. Brock has BS and MS degrees in Electrical Engineering ▪ Certified Information Security Manager (CISM)

  3. About Bill Bradley ▪ Leads Product Marketing for DLP Bill Bradley ▪ 20 Years of Marketing & Sales Director, Product Experience Marketing • Field Sales, Competitive Analysis, Product Marketing & Management ▪ Previously at Rapid7 and General Electric 3

  4. Stories From the CISO Trenches Larry Brock Principal BCS Consulting

  5. Agenda ▪ The Risks and Executive Repercussions ▪ Practical Protection Elements ▪ Illustrative Moments as a CISO ▪ Visibility into the Crown Jewels ▪ Changing the Tide ▪ The Importance of Prioritization ▪ Final Thoughts

  6. Where is The Value Within Your Organization? ▪ Trade Secrets ▪ Health Information ▪ Destructive Value ▪ Employee Information ▪ Competitive Position ▪ Customer Information ▪ Customer List ▪ Cash ▪ Purchasing Contracts ▪ Credit Card Information

  7. Who Are the Typical Actors? Internal External Foreign Mistakes By Loyal Governments Employees Or Contractors Hacktivists Careless Employees, Contractors, or Suppliers Competitors Disgruntled Disgruntled Current Employees Former Employees Source: Corruption Perceptions Index

  8. Cyber Attacks and Senior Executive Accountability 40 Million 3 Billion 143 Million 57 Million

  9. Practical Protection Elements 1. Establish A Holistic Information Protection Program 2. Ensure Adequate Funding 3. Focus On Protecting What Matters (Crown Jewels) 4. Improve Your Ability To Detect Both Insider And Cyber-attacks 5. Stringent Credential Management 6. Control What Information Leaves 7. Discover The Weaknesses In Your Security

  10. Elements of a Holistic Protection Program 7 Elements to manage risks, organize/manage objectives and reporting 1. High-Level Responsibility 2. Written Policies & Procedures 3. Care in Delegation of Authority 4. Effective Education 5. Auditing, Monitoring, Reporting 6. Consistent Enforcement 7. Response to Violations +1. Regular Risk Assessments (Source

  11. High-Level Responsibility Leadership Must Be Engaged In Protection Program! Ideal Intellectual Property Governance Structure A. CEO Has Ownership With Board Routinely Engaged ▪ Actions: Data Protection Included In Routine Reviews With Businesses And Functions B. Governance Team: Recommends Corporate Info Protection Policy ▪ Actions: Approve Program Plans, Eliminate Barriers, Influence Executive Peers… C. Cross-Functional IP Risk Team ▪ Lead By Corporate Process Leader; Includes Leaders From Info Security , Corp Security, Compliance, Select Business Functions D. Business & Functional IP Protection Leadership Team (Global) ▪ Leader For Every Business And Function (E.G. R&D, Engineering, Legal, HR, Ops). ▪ Actions: Education, Identification, Classification, Protection Initiatives, Business Process Changes

  12. Illustrative Moments ▪ The Crown Jewels ▪ Going Against the Tide ▪ The Importance of Prioritization

  13. Visibility into the Crown Jewels 1. Intellectual Property can be hard to define 2. Efforts at the InfoSec Level 3. Make it a Business Wide Initiative 4. Make it a CEO Priority 5. Make it a Company Wide Effort

  14. Visibility into the Crown Jewels 1. Identify And Classify Your Crown Jewels 2. Get Business Wide Buy In on Crown Jewels (and their value) 3. Establish “Secure Electronic Zones” Or Vaults 4. Implement Strong IP Protection Controls 5. Protect Content In Cloud Services (I.E. Salesforce, Dropbox)

  15. Changing the Tide ▪ Open and Collaborative Environment ▪ Drive Productivity, Efficiency, Innovation, and Growth ▪ Visibility is Good for Security Teams; Also Good for Employees ▪ Spotted an Incident In-Process ▪ Swing the Pendulum The Other Way… Without Negative Impacts

  16. Changing the Tide Cannot focus on just keeping the bad guys out, must focus on keeping your valuables from leaving ▪ Consider authentication for outbound access to Internet ▪ Block/Restrict outbound protocols (FTP, SSH, Telnet) ▪ Restrict access to “uncategorized” web sites ▪ Block server access to Internet or white-list the few that need it ▪ Block HTTPS connections to sites with self-signed certificates ▪ Restrict use of file sharing sites (Dropbox), Skype and personal web-mail unless additional controls are in place ▪ Must control content when PCs or mobile devices leave corporate environment

  17. The Importance of Prioritization ▪ IP Heavy Organization ▪ Granted 900+ patents in 2011 ▪ Over 50,000 active patents today ▪ Employee Data ▪ PII, PCI, PHI ▪ Internal and External Threats

  18. Improve Your Ability To Detect Both Insider And Cyber-attacks ▪ Monitor Inbound Files For Malware ▪ Monitor, Alert, And Block (When Possible) Unusual Activities ▪ Security Information & Event Management ▪ Strong Analytical Capability To Detect Anomalous Activities (C&C)

  19. Final Thoughts… ▪ All Companies Should Assume Both Insider And Cyber Attacks Are Occurring ▪ No “Silver Bullet” Solutions – Requires A Comprehensive Approach ▪ Process, People, And Technology ▪ Leverage Frameworks And Standards (ITIL, ISO 27K, …) ▪ Most Advanced Cyber Attacks Involve Compromising Privileged Credentials ▪ Implementing Strong Controls For All Privileged Accounts, Including End-point Devices, Is Necessary To Have Any Chance On Defending Against Today’s Threats ▪ Classical Security Controls (AV, FW, IPS, Etc) Are Still Necessary But Insufficient For Today’s Threats ▪ Collaborate To Learn About Attackers And Best Defenses – You Cannot Fight This Alone! ▪ This Is A Long-term Issue And Requires Continuous Improvements As Adversaries Change Approaches

  20. Digital Guardian CISO Mentoring Webinar Series 20

  21. Agenda ▪ Week 1 - Digital Guardian to Up Your Game ▪ Week 2 - Digital Guardian and Strategic Data Protection ▪ Week 3 - Digital Guardian and Documented Improvement

  22. Digital Guardian and Documented Improvement Customer Success Stories 22

  23. Digital Guardian Success Stories ▪ Going Rogue ▪ Visibility ▪ Consolidated 23

  24. Identifying and Stopping Rogue a Employee Evolution of an Insider Attack May October May Hacker Tool Compromised 5 EDR EDR Downloads Hosts Installed Detection August December June Installed Keyboard Compromised 3 Employee Logger on Hosts Termination Personal PC 24

  25. Business Wide Data Visibility and IP Protection 25

  26. Consolidated EDR and DLP 26

  27. First & Only Unified Internal & External Risk Visibility User & Entity Endpoint Detection Data Loss Behavior Analytics & Response Prevention Single Console; Single Agent 27

  28. Digital Guardian Sees All Risks to Your Data 28

  29. A Recognized Leader. Just ask Gartner and Forrester Digital Guardian is the only Leader in both Enterprise Data Loss Prevention and Endpoint Detection & Response Magic Quadrant Leader Wave Leader

  30. Q & A Thank You. Larry Brock Principal BCS Consulting

  31. Digital Guardian’s Next Webinar: Understand, Deploy, and Hunt with MITRE’s ATT&CK Framework The blueprint for repeatable threat hunting success ▪ December 12 @ 1:00 PM ET • Tim Bandos – VP Cybersecurity – Digital Guardian • Bill Bradley – Director Product Marketing - Digital Guardian ▪ Watch this webcast to learn: • The key elements of the MITRE ATT&CK framework • How to get started and operationalize a threat hunt framework • Advanced techniques to safeguard your organization and grow your security knowledge Register: https://info.digitalguardian.com/webinar-understand-deploy-hunt-with-mitre-attck-framework.html 31

Recommend


More recommend