operationalizing dynamic defensemo cashman director, security architecture global defense and...
Post on 10-Aug-2020
0 Views
Preview:
TRANSCRIPT
Mo CashmanDirector, Security ArchitectureGlobal Defense and Central Governments
OPERATIONALIZINGDYNAMIC DEFENSE
Dynamic Defense is Operationalized Security
Cyber WarfareCyber Terrorism
Cyber Espionage
Cyber Crime
MATURITY
TH
RE
AT
EE
CC
DD
AABB
CAPABILITY
COST
• Intelligence• Readiness• Defense• Response
What builds dynamic defense capability?
• Consolidation• Integration• Automation
What drives down cost?
Why Operationalize?
Pre-Intrusion
� Intelligence – know the threat
� Readiness – preparation & status
� Defense – technology & training
Post-Intrusion� Intelligence – learn from threat
� Response – detect and react
Why Operationalize?
PREPAREPREPARE
RECOVERY COST
GetWorried
ATTACKER STAGES
INFECTINFECT
INTERACTINTERACT
Unauthorized Access
Loss of Trust
EXPLOITEXPLOIT Mission Compromise
ATTACKIMPACT
Minimal to None
Cleanup
Cleanup and Forensics
Rebuild Reputation
Most are from the outside
Getting started with Intelligence
Majority is low - moderate*
Exploit Time = minutesReaction Time = days to years
THREATACTORS
SOPHISTICATION
TIMELINES
VECTORS > 90% use the web
Operationalize Dynamic Defense
Where are the Fingerprints?
�System Changes
�Web Vector – In, Out & SSL
�Monitor databases
Defend the Right Vectors
Operationalize Dynamic Defense
Why?
� Defense is Multi-Technology
� Cost saver & Force Multiplier
� Add business capability easier
Endpoint Framework
Anti-MalwareIntrusion
Prevention
EventReporting Intelligence
Config Status Device Control
Base Capability
NAC Encryption
Incident Response
ApplicationControl
Custom Database Security
• Endpoint framework reduces per desktop cost
• Faster operationalization reduces backend contract and training cost
• Focusing on attack vectors increases detection capability
Consolidation
Endpoint Framework
Attack Vectors
Data Repositories
Security Operations
� Reduces Real Cost
� Avoids Future Cost
� Improves Quality
Dynamic Defense Capability
Operationalize Dynamic Defense
Information is Power!
� Asset & Event Awareness
� Exposure Level
� Threat Intelligence
Readiness Assessment
Automation
Status &Event
Collection
ReadinessAssessment
EmbedIntelligence
IncidentResponse
� Reduce Real Cost
� Avoid Future Cost
� Improve Quality
• Automated status collection reduces manpower needs
• Enterprise incident response capability reduces recovery costs
• Embedded intelligence in sensors improves detection ability
Dynamic Defense Capability
Operationalize Dynamic Defense
Critical Components!� Indicators of Compromise
� Enterprise data collection
� Rapid file analysis
Building a Response Capability
Operationalize Dynamic Defense
So What’s Needed?
� Automated assetstatus
� Enterprise data collection
� Decisions based on intelligence
Intelligence in Context
Integration
Intelligencein Context
ResponseCapability
DefensiveArchitecture
DataStrategy
� Reduce Real Cost
� Avoid Future Cost
� Improve Quality
• Data strategy eliminates duplicate investments and reduces travel cost
• Intelligence in context speeds decision and reduces recovery costs
• Data strategy reduces travel and increases scope for readiness assessments
Dynamic Defense Capability
Dynamic Defense
•Speed of Reaction
•Speed of Decision
THANK YOU !
Mo Cashmanmaurice_cashman@mcafee.com
OPERATIONALIZINGDYNAMICDEFENSE
top related