the evolving threat landscape - rochester security summit · the evolving threat landscape it data...
TRANSCRIPT
The Evolving Threat Landscape
IT Data and Security Analytics
October 2014 Mike Larmie, MCITP
Security Sales Engineer - NY, NJ, CT
2
The Inflection Point
The Inflection Point
3
60% of organizations were affected
by successful attacks in 2013 – 2014 CyberDefense Report, by CyberEdge Group
We’re Not Always Covering the Basics…
4
77% of breaches are a result of
unsophisticated tactics for initial
compromise- 2013 Data Breach Report, Verizon
…Not Meeting the Compliance Requirements…
“Requirement 11 was the least
complied with requirement in our
study. Just 23.8% of companies
met all the controls between 2011
and 2013”
Verizon 2014 PCI Compliance Report
Source: Verizon 2014 PCI Compliance Report
6
Expanding Attack Surface
Bring Your Own IT
7
Corporate
IT
User-Added
Devices
User-Added
Services
8
Corporate
IT
User-Added
Devices
User-Added
Services
Bring Your Own IT
9
The Living Threat
Today’s Security Technology Misses a Key Attack Vector
10IDS/IPSFirewall SIEM
Physical Network
Mobile
Devices
76% of network intrusions exploited weak or stolen credentials
69% of breaches discovered by an external party
66% of breaches are undetected for months
- 2013 Data Breach Report, Verizon
Deception-Based Attacks Are Hard to Detect
11
Deliver the data, analysis, & insight to
Fight the Living Threat
Our Mission
12
Rapid7’s Unique Data & Analytics Solution
13
Simplified
Compliance
Threat & Risk
Management
User-Based
Incident Detection
Business
Context
Attacker
Methods
Users
Behaviors
Assets
Controls
Collect Contextualize Analyze
Services
and Support
Nexpose
Complete Penetration Testing
Automated Vulnerability
Validation
Efficient Phishing Simulations
Metasploit Pro
“Using hours efficiently is critical, and Metasploit Pro
is a huge help on this. Time savings are the
biggest reason for us to use
Metasploit Pro.”
—Jim O’Gorman, President
Offensive Security
Nexpose
Complete Asset Discovery
Contextual Exposure
Analysis
Simplified Compliance & Reporting
Prioritized Action Plans
Nexpose
“We reduced risk by more than
98%. That’s particularly impressive when you
consider that we brought on five new hospitals in
that timeframe.”
—Scott Erven, Manager, Information Security
Essentia Health
Nexpose
Comprehensive Measurement of Critical Security Controls
Results-Oriented Trending
ControlsInsight
“Not knowing the state of our endpoints is a risk that
our organization cannot afford to take. Rapid7
ControlsInsight has provided our
organization with visibility that we
cannot get anywhere else.”
—Chad Currier, IT Infrastructure Director
Cardinal Innovations Healthcare Solutions
Nexpose
Smart Detection of Attacks
Fast Incident Investigation
Simplified Discovery
of User Behavior
ControlsInsight
“Rapid7 UserInsight allows us to look at what users are
doing, enabling us be hyper-vigilant
when it comes to things like
detecting compromised credentialsor knowing if a user logs in from two different locations
within a suspiciously brief period.”
—Manager, Risk and Compliance
Large Outsourced Sales and Marketing Agency
Professional Services
26
Strategic Services• On-Premise Managed Services• Risk Rater Professional • Off-Premise Managed Services
Deployment Services• 3.5-day Rapid Deployment
• Custom Deployment
• Integration to 3rd-party apps
• Custom Reporting & Scripting
Training Services• Webinars
• Virtual Training
• On-site Training
• NX Administrator Certification
Assessment Services• Internal or External Network
• Web or Mobile Application
• Wireless
• Social Engineering
More Than Just Innovative Technology
27
Customer Focus
200+Customers
in Rapid7
Voice
96%Issue
resolution
on 1st call
~3,000Customers
in 78
countries
41
NPS
28%of Fortune
1000
15k+Community
Members
Silver
Stevie’s
Award for
customer
service
Customers Partners
Success Is Not A Continuum—Nick Saban, Alabama Head Coach
Questions?
29
Thank You