data protection in the “new threat” age

Making Leaders Successful Every Day

© 2009 Forrester Research, Inc. Reproduction Prohibited

Data protection in the “new threat” age

John Kindervag, Principal Analyst

21 June 2013

3© 2012 Forrester Research, Inc. Reproduction Prohibited

AgendaThreats are mutating and ubiquitousTargeting DataUnderstanding APTCan DLP save the day?Rethinking DLPSummary

The Mutating Threat LandscapeHacktivism

Blended

Surgical

Cooperative

Devastating

The tool box

Strategic Assets

Organized Groups


The Times They Are a-Changin'Mobility Cloud Adoption Advanced Threats

Web 2.0 adds new security challenges

Users are behaving carelessly.

Other measures must augment site reputation

Attack surface is expanding.

Users Self-Provision

Web 2.0 Security ConcernsImmediate threat is to end-usersPotential to infect or disrupt the corporate

networkBrowser-based attacks

ClickjackingCross Site Request Forgery

Greater Potential Data LeakageUser blogsSocial Networks


Data is the new oil

I need RDP UK US Germany To buy NOW VIA WMZ wana buy 9

Selling (Worldwide Cvvs, Worldwide Fullz, UK, Usa Logins Worldwide Dumps, UK, Usa Paypal, Ebay Accounts...)

GOOD OFFER SELLING hacked RDP GURANTED 24HOURS UP TIME ONLY 10$Selling fresh vergin wordwide cvv

2 Everything else

. . . they won’t steal it.

Two types of data

1 Data that someone wants to steal

Remember the four P’s• PCI• PHI• PII• IP

3P + IP = TD

75% of DLP Use Cases

Data Security And Control Framework

Source: January 2012 “The Future Of Data Security And Privacy: Controlling Big Data”


AgendaThreats are mutating and ubiquitousBreaches happenUnderstanding APTCan DLP save the day?Rethinking DLPSummary

ADVANCEDPERSISTENTTHREAT

APT – What is it?Advanced – attack methodologies are complex

and hard to detect.Stuxnet = $100 Million to create and deployOften a large team sponsored by a nation state

Persistent – attacker is patient and will not give up. Thwarted attack vectors lead to new avenues of attack.

Advanced malware and 0-Day attacks may be used but do not equal an APT

APT is about Objectives

Frequency of data breaches

Don't know

Cannot disclose

No breaches in the past 12 months

More than 25 times in the past 12 months

11 to 25 times

Six to 10 times

Three to five times

Twice

Once

5%

15%

56%

1%

1%

3%

7%

6%

7%

How many times do you estimate that your firm's sensitive data was potentially compromised or breached in the past 12 months?

25% of companies have experienced a breach during the last 12 months that they know of

Base: 1319 IT security decision-makers; Source: Forrsights Security Survey, Q3 2012

Base = 1,319 North American and European enterprise security decision-makers responsible for network or data security at companies that have had a breach in the past 12 months Source: Forrsights Security Survey, Q2 2012

“How many times do you estimate that your firm's sensitive data was potentially compromised or breached in the past 12 months?"

Don't know

Cannot disclose

No breaches in the past 12 months

More than 25 times in the past 12 months

11 to 25 times

Six to 10 times

Three to five times

Twice

Once

5%

15%

56%

1%

1%

3%

7%

6%

7%

Breaches Happen


AgendaThreats are mutating and ubiquitousBreaches happenUnderstanding APTCan DLP save the day?Rethinking DLPSummary

Input Metrics are IneffectiveAV Catch RatePatch StatusDevice Access (NAC)Malware Sandboxing

23

Effective MetricsHas your networks or systems been infiltrated by

malicious actors? (Intrusion)Has your toxic data been exfiltrated from your

networks or systems into the hands of malicious actors? (Breach)

Situational Awareness

Output Metrics


AgendaThreats are mutating and ubiquitousBreaches happenSecurity Priorities and TrendsCan DLP save the day?Rethinking DLPSummary

Base = 1,293 North American and European IT security decision-makers

Source: Forrsights Security Survey, Q2 2012

“What are your firm’s plans to adopt the following email security and web security technologies?

Advanced content-based email filtering (DLP technologies)"

25% 30% 6% 7% 14% 6% 11%

Not interested Interested but no plansPlanning to implement in a year or more Planning to implement in the next 12 monthsImplemented, not expanding Expanding/ upgrading implementationDon't know

Enterprise DLP Adoption is low

Forrester has defined five types of DLP• Endpoint• Email• Web• Network/NAV• Gateway


Forrester’s DLP Maturity GridDLP is a feature, not a product

Discover Classify Consolidate Design Enforce

Endpoint

Email

Web

Network/NAV

Gateway

Less Mature More Mature

The Maturity Grid breaks DLP up into 25 distinct and manageable projects.

Forrester Maturity Level Definitions

Discover Classify Consolidate Design Enforce

Endpoint

Email

Web

Network/NAV

Gateway

Less Mature More Mature


AgendaThreats are mutating and ubiquitousBreaches happenSecurity Priorities and TrendsCan DLP save the day?Rethinking DLPSummary

SummaryThreats are constantly changingNew threats will target everythingEffective security will be as much about the

process as the productFocus on Data Exfiltration and Output Metrics


Thank youJohn Kindervag+1 [email protected]: @Kindervag

www.forrester.com

data protection in the “new threat” age

Documents