how silicon valley startups are approaching security differently

Celebrating a decadeof guiding securityprofessionals.

@Secure360 or #Sec360 www.Secure360.org

How Silicon Valley startups are approaching security differently

a.k.a. The New Security Stack

Scott CressmanSenior Product Manager, OpenDNS

@scott_cressman


@Secure360 or #Sec360 www.Secure360.org @scott_cressman

</me>

• BEng, Computer

• Early experience in Support & Professional Services

• Over 12 years in security doing Product Management

• Regularly work with security thought leaders of Fortune 500, Bay Area “startups”

<me>



Agenda

@scott_cressman

• Baseline• Who are these “Silicon Valley startups?”• How do they approach security differently?• Bringing it all together• What can you do?



BASELINEWhy we’re here. Why they’re adapting.

@scott_cressman



Last 20 years of security:

Got a problem?BUY A BOX

FIREWALL

@scott_cressman



VPN

EMAIL GATEWAY

WEB PROXY

DLP

NEW OFFICE

REPLACEMENT BOX

Another problem?ANOTHER BOX! Keep Stacking…

SANDBOX

FASTER ROUTER

FIREWALL

@scott_cressman



BUT, your users have left the building…

@scott_cressman



AND, your apps are in the Cloud…

@scott_cressman



DarkHotel Attack

OFF NETWORK AND SUPPLIERS

BRANCH OFFICE/STORE/CLINIC

HQ

Attackers are Targeting the Weakest Links

@scott_cressman



WHO ARE THESE “STARTUPS”?How they’re different

@scott_cressman



Who are they?

@scott_cressman



How do they work?

@scott_cressman



What do they value?

@scott_cressman

Productivity over obstruction

Mobility over control

Visibility over prevention

Automation over repetition

Outsourcing over distraction

Partnership over dictatorship



HOW ARE THEY DOING IT?Differently…

@scott_cressman



A lighter touch



Mostly Microsoft



Content filtering focus



Traditional Web Proxy



Heavyweight endpoint agents



Off-network security VPN dependence



Focus on mobility

@scott_cressman



Off-network devices

@scott_cressman



Maintain security without violating privacy

@scott_cressman



Federate Identity

@scott_cressman



Federated Identity is a prerequisite

@scott_cressman



Identity always, everywhere

@scott_cressman



The device is expendable

@scott_cressman



Optimize for productivity

@scott_cressman

+

=



Invest in security teams & automation

@scott_cressman



Internal focus on simplification & discovery

@scott_cressman

• “Internal” focus• Shift to discovery from prevention• Simplification of their “protection ecosystem”



Demand openness from their vendors

@scott_cressman



Analysts actually doing security

@scott_cressman

• Analysts spending time on analysis• Run security drills• Threat Intelligence sharing (STIX/TAXII)• Consumption of threat intel (e.g. FBI Flash

bulletins, FS-ISAC, etc.)



Operationalize their intelligence

@scott_cressman



Threat Intelligence Platforms

@scott_cressman



BRINGING IT ALL TOGETHERThe new Security Stack & Protection Ecosystem

@scott_cressman



The Shifting Security Stack

@scott_cressman



UMBRELLAEnforcementInstant protection on- and off-network.

ReportingNear real-time visibility on- and off-network of all DNS traffic.

INVESTIGATEIntelligenceEnrich threat intel and assist with investigations and IR (incident response).

context on domains,

IPs, or ASNs

GETInternal Systems

logs

SECURITY INCIDENT &

EVENT MANAGEMENT

THREAT INTEL

PLATFORM

logsGET

POSTevents

Example security lifecycle



WHAT CAN YOU DO?Today and in the coming months & years

@scott_cressman



Revisit your priorities

@scott_cressman



Demand more of your vendors

@scott_cressman



Invest in (cloud) identity management

@scott_cressman



Invest in your security team & automation

@scott_cressman



OPEN CONVERSATIONQuestions & commentary

@scott_cressman

how silicon valley startups are approaching security differently

Technology

years of security

cressm baseline

cressm beng

cressm productivity

cressm traditional web

cressm content filtering

silicon valley startups

bay area startups