data protection in the “new threat” age
DESCRIPTION
Data protection in the “new threat” age. John Kindervag, Principal Analyst. 21 June 2013. Agenda. Threats are mutating and ubiquitous Targeting Data Understanding APT Can DLP save the day ? Rethinking DLP Summary. Agenda. Threats are mutating and ubiquitous Targeting Data - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/1.jpg)
Making Leaders Successful Every Day
![Page 2: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/2.jpg)
© 2009 Forrester Research, Inc. Reproduction Prohibited
Data protection in the “new threat” age
John Kindervag, Principal Analyst
21 June 2013
![Page 3: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/3.jpg)
3© 2012 Forrester Research, Inc. Reproduction Prohibited
AgendaThreats are mutating and ubiquitousTargeting DataUnderstanding APTCan DLP save the day?Rethinking DLPSummary
![Page 4: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/4.jpg)
4© 2012 Forrester Research, Inc. Reproduction Prohibited
AgendaThreats are mutating and ubiquitousTargeting DataUnderstanding APTCan DLP save the day?Rethinking DLPSummary
![Page 5: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/5.jpg)
The Mutating Threat LandscapeHacktivism
Blended
Surgical
Cooperative
Devastating
The tool box
Strategic Assets
Organized Groups
![Page 6: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/6.jpg)
© 2009 Forrester Research, Inc. Reproduction Prohibited
The Times They Are a-Changin'Mobility Cloud Adoption Advanced Threats
![Page 7: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/7.jpg)
Web 2.0 adds new security challenges
Users are behaving carelessly.
Other measures must augment site reputation
Attack surface is expanding.
![Page 8: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/8.jpg)
Users Self-Provision
![Page 9: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/9.jpg)
Web 2.0 Security ConcernsImmediate threat is to end-usersPotential to infect or disrupt the corporate
networkBrowser-based attacks
ClickjackingCross Site Request Forgery
Greater Potential Data LeakageUser blogsSocial Networks
![Page 10: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/10.jpg)
10© 2012 Forrester Research, Inc. Reproduction Prohibited
AgendaThreats are mutating and ubiquitousTargeting DataUnderstanding APTCan DLP save the day?Rethinking DLPSummary
![Page 11: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/11.jpg)
© 2012 Forrester Research, Inc. Reproduction Prohibited
Data is the new oil
![Page 12: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/12.jpg)
I need RDP UK US Germany To buy NOW VIA WMZ wana buy 9
Selling (Worldwide Cvvs, Worldwide Fullz, UK, Usa Logins Worldwide Dumps, UK, Usa Paypal, Ebay Accounts...)
GOOD OFFER SELLING hacked RDP GURANTED 24HOURS UP TIME ONLY 10$Selling fresh vergin wordwide cvv
![Page 13: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/13.jpg)
2 Everything else
. . . they won’t steal it.
Two types of data
1 Data that someone wants to steal
![Page 14: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/14.jpg)
Remember the four P’s• PCI• PHI• PII• IP
3P + IP = TD
75% of DLP Use Cases
![Page 15: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/15.jpg)
Data Security And Control Framework
Source: January 2012 “The Future Of Data Security And Privacy: Controlling Big Data”
![Page 16: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/16.jpg)
16© 2012 Forrester Research, Inc. Reproduction Prohibited
AgendaThreats are mutating and ubiquitousBreaches happenUnderstanding APTCan DLP save the day?Rethinking DLPSummary
![Page 17: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/17.jpg)
APT
![Page 18: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/18.jpg)
ADVANCEDPERSISTENTTHREAT
![Page 19: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/19.jpg)
APT – What is it?Advanced – attack methodologies are complex
and hard to detect.Stuxnet = $100 Million to create and deployOften a large team sponsored by a nation state
Persistent – attacker is patient and will not give up. Thwarted attack vectors lead to new avenues of attack.
Advanced malware and 0-Day attacks may be used but do not equal an APT
APT is about Objectives
![Page 20: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/20.jpg)
Frequency of data breaches
Don't know
Cannot disclose
No breaches in the past 12 months
More than 25 times in the past 12 months
11 to 25 times
Six to 10 times
Three to five times
Twice
Once
5%
15%
56%
1%
1%
3%
7%
6%
7%
How many times do you estimate that your firm's sensitive data was potentially compromised or breached in the past 12 months?
25% of companies have experienced a breach during the last 12 months that they know of
Base: 1319 IT security decision-makers; Source: Forrsights Security Survey, Q3 2012
![Page 21: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/21.jpg)
Base = 1,319 North American and European enterprise security decision-makers responsible for network or data security at companies that have had a breach in the past 12 months Source: Forrsights Security Survey, Q2 2012
“How many times do you estimate that your firm's sensitive data was potentially compromised or breached in the past 12 months?"
Don't know
Cannot disclose
No breaches in the past 12 months
More than 25 times in the past 12 months
11 to 25 times
Six to 10 times
Three to five times
Twice
Once
5%
15%
56%
1%
1%
3%
7%
6%
7%
Breaches Happen
![Page 22: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/22.jpg)
22© 2012 Forrester Research, Inc. Reproduction Prohibited
AgendaThreats are mutating and ubiquitousBreaches happenUnderstanding APTCan DLP save the day?Rethinking DLPSummary
![Page 23: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/23.jpg)
Input Metrics are IneffectiveAV Catch RatePatch StatusDevice Access (NAC)Malware Sandboxing
23
![Page 24: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/24.jpg)
Effective MetricsHas your networks or systems been infiltrated by
malicious actors? (Intrusion)Has your toxic data been exfiltrated from your
networks or systems into the hands of malicious actors? (Breach)
Situational Awareness
Output Metrics
![Page 25: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/25.jpg)
25© 2012 Forrester Research, Inc. Reproduction Prohibited
AgendaThreats are mutating and ubiquitousBreaches happenSecurity Priorities and TrendsCan DLP save the day?Rethinking DLPSummary
![Page 26: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/26.jpg)
Base = 1,293 North American and European IT security decision-makers
Source: Forrsights Security Survey, Q2 2012
“What are your firm’s plans to adopt the following email security and web security technologies?
Advanced content-based email filtering (DLP technologies)"
25% 30% 6% 7% 14% 6% 11%
Not interested Interested but no plansPlanning to implement in a year or more Planning to implement in the next 12 monthsImplemented, not expanding Expanding/ upgrading implementationDon't know
Enterprise DLP Adoption is low
![Page 27: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/27.jpg)
Forrester has defined five types of DLP• Endpoint• Email• Web• Network/NAV• Gateway
![Page 28: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/28.jpg)
© 2012 Forrester Research, Inc. Reproduction Prohibited
Forrester’s DLP Maturity GridDLP is a feature, not a product
![Page 29: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/29.jpg)
Discover Classify Consolidate Design Enforce
Endpoint
Web
Network/NAV
Gateway
Less Mature More Mature
The Maturity Grid breaks DLP up into 25 distinct and manageable projects.
![Page 30: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/30.jpg)
Forrester Maturity Level Definitions
![Page 31: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/31.jpg)
Discover Classify Consolidate Design Enforce
Endpoint
Web
Network/NAV
Gateway
Less Mature More Mature
![Page 32: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/32.jpg)
32© 2012 Forrester Research, Inc. Reproduction Prohibited
AgendaThreats are mutating and ubiquitousBreaches happenSecurity Priorities and TrendsCan DLP save the day?Rethinking DLPSummary
![Page 33: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/33.jpg)
SummaryThreats are constantly changingNew threats will target everythingEffective security will be as much about the
process as the productFocus on Data Exfiltration and Output Metrics
![Page 34: Data protection in the “new threat” age](https://reader036.vdocument.in/reader036/viewer/2022062222/5681613d550346895dd0a081/html5/thumbnails/34.jpg)
© 2009 Forrester Research, Inc. Reproduction Prohibited
Thank youJohn Kindervag+1 [email protected]: @Kindervag
www.forrester.com