Is technology ubiquity a chance to re-connect security?

greenpepperwhinnySecurity

Nov 3, 2013 (3 years and 9 months ago)

57 views

Is technology ubiquity a chance to re
-
connect security?

Greg Day


Director of Security Strategy

The changing technology landscape



Circa 50%

Source: Citi Investment Research and Analysis (support iPads)




150m a year (2015)

Source: Ovum





Q3
-


14.1m





12.1m




Source:
http://gizmodo.com/5667042/apple
-
sells
-
more
-
ipads
-
than
-
macs
-
on
-
the
-
way
-
to
-
record
-
20
-
billion
-
revenue



Circa 50%

Source: IDC, Data is freely intermingle
d


Computing Cycles in Perspective

(from Morgan Stanley)

Devices/Users (MM in Log Scale)

1,000,00
0

100,000

10,000

1,000

100

10

1

1960

1980

2000

2020

Mobile
Internet

Desktop
Internet

PC

Minicomputer

Mainframe

10B+
Units??

1B+ Units/
Users

100M
Units

10M Units

1M Units

What risks do they really bring?


Banking services already targeted


Authentication


Vulnerabilities in the apps



Heavily used for social networking



Apps stores add revenue


10,000,000,000+ downloads to date!


Worth billions per year!



Less than 1000 viruses today due to diversity


Enterprise and
LOB Apps

Web and

Social Media

Basic
Services

Customer Facing

Apps

Mobile Enterprise Apps are Rapidly Evolving

What are your long term goals?

Approaches to Security on Smart Devices


Segregate data (inc wipe)



Secure 3
rd

party apps



Security controls





Sandbox



Full device



Mitigate on device attacks



Integration of Smart devices to your existing
security strategy
-

Enterprise Mobile Manager

Database

Files

Directory

Applications

Certificate
Services

Messaging

Enterprise Environment

Windows

Mobile

Symbian

Android

webOS

iPhone

iPad

McAfee

EMM

IT Ops

Support

Provisioning

Compliance

Policy

Management

Security &

Authentication

Mobile

Device
Management

Virtualization Enables technology ubiquity


Expect 50% of the enterprise data centers workloads to be virtualized by the
end of 2012 (Gartner)


Go green, decrease datacenter footprint, improve utilization


Enables faster response reducing application deployment and migration times


But Gartner report that


Through 2012, 60% of virtualized servers will be less secure than the physical
servers they replace, dropping to 30% by YE15


40% of virtualization deployment projects were undertaken without involving the
information security team in the initial architecture and planning


Hypervisor

VM

VM

VM

Is your security utilizing the advantages of technology?

MOVE (McAfee Optimized Virtual Environments )


Move security processing out of each VM


Offloading


Optimized with the Hypervisor to address scalability


Enables planned capacity ~60% more VDI density


Integrated management, responsive user experience, supporting persistent
and non
-
persistent desktops

Hypervisor

VM

VM

VM

MOVE
Virtual
Appliance

MOVE
Server

McAfee EPO

Cache Synchronization Protocol

Cloud

Threat Intel
(GTI)

Scan
Engine

Changing the way we apply security in the future

Application Control



Dynamic
whitelisting


Trusted applications


Trusted sources


Memory Protection


No Updates

Change Control


Change configuration audit


File Integrity Monitoring and Change
Prevention


Prevents “compliance drift”


Keep the bad stuff out


Stop unauthorized apps

“Greater protection, faster time to compliance, lower cost”


Deny unauthorized changes


Enforce change policy

Integrity Control = Application Control + Change Control


Security Management

The Problem

Security Dashboard

Modestly Helpful


Decision
-
making still manual


Based on human correlation of
available information

Net Result



Dramatic increase in Information Risk
and Costs to secure

Security Purchases

are Tactical


Patchwork of independent products


Requiring separate management

Threats Overwhelm

Existing Approach


Many product types and security
layers


Can’t continue to add resources to
manage new events, products

Leads to Proliferation of Security Management

Consoles and Reporting Tools

Anti
-
virus

Management Tools

1

Network

Access Control

Management Tools

8

Anti
-
spyware

Management Tools

2

Host Intrusion

Prevention

Management Tools

7

Desktop Firewall

Management Tools

3

Data Protection

(DLP,
Encryption
, etc.)

Management Tools

6

Policy Auditing

Management Tools

4

Web Security

Management Tools

5

Security

Landscape

A Re
-
connection strategy:

Security Connected

Optimizing a Security Architecture Requires

/

Centralized security management

Open platform for centralized management and maximum
interoperability

/

Real
-
time Threat Intelligence
Actionable protection with the delivery of correlated threat
intelligence and immediate visibility into enterprise
-
wide security
posture

/

Multi
-
layered protection

Effective and efficient

defense in depth provided by multi
-
layered
security approach

/

Automated compliance

Compliance
-
ready solutions which streamline prioritization of threat
responses, reporting, policy and risk management

McAfee Global Threat intelligence
-

Intelligent
Connected Security via the Cloud

Email

Firewall

IPS

DLP

Web

AWL

ePO

AV

File Reputation

Web Reputation Web
Categorization

Network Connection
Reputation

Message Reputation

Vulnerability Information

Threat Intelligence Feeds

Other feeds

& analysis

Servers

Firewalls

Endpoints

Appliances

Mobile

PROTECTION

REAL TIME THREAT
FEEDS (GTI)

ACTIONABLE
INFORMATION

SECURITY
METRICS

ePO

DLP

Web

IPS

SIA

Endpoint

White

Listing

Encrypt.

Risk

Mgmt

Email

Firewall

Security Optimization

Security Management Platform: ePO

Executive

Security

Admin

IT
Architect

Security
Management
Platform

McAfee’s Open Platform for Security Risk Management

Industry Leadership to Drive Better Protection, Greater Compliance and Lower TCO

SIA Associate Partner

SIA Technology Partner (McAfee Compatible)

Cost Model of Enterprise Security

19

RISK

OPTIMIZATION

Optimized
spend ~4%
with very

low risk

Compliant/Proactive

spend ~8% of IT

budget on security


Medium risk

Reactive

spend ~3% of IT
budget on security

High risk

Why has it been so challenging to reduce risk?

DYNAMIC

Predictive and agile, the enterprise
instantiates policy, illuminates
events and helps the operators
find, fix and target for response.

Tools Based

Applying tools and technologies to
assist people in reacting faster

REACTIVE & Manual

People only. No tools or
processes. “Putting out fires”.

Greg Day

Director of Security Strategy
, EME
A

Greg_Day@McAfee.com



McAfeeGregDay