The Evolving Threat Landscape

IT Data and Security Analytics

October 2014 Mike Larmie, MCITP

Security Sales Engineer - NY, NJ, CT

2

The Inflection Point

The Inflection Point

3

60% of organizations were affected

by successful attacks in 2013 – 2014 CyberDefense Report, by CyberEdge Group

We’re Not Always Covering the Basics…

4

77% of breaches are a result of

unsophisticated tactics for initial

compromise- 2013 Data Breach Report, Verizon

…Not Meeting the Compliance Requirements…

“Requirement 11 was the least

complied with requirement in our

study. Just 23.8% of companies

met all the controls between 2011

and 2013”

Verizon 2014 PCI Compliance Report

Source: Verizon 2014 PCI Compliance Report

6

Expanding Attack Surface

Bring Your Own IT

7

Corporate

IT

User-Added

Devices

User-Added

Services

8

Corporate

IT

User-Added

Devices

User-Added

Services

Bring Your Own IT

9

The Living Threat

Today’s Security Technology Misses a Key Attack Vector

10IDS/IPSFirewall SIEM

Physical Network

Mobile

Devices

76% of network intrusions exploited weak or stolen credentials

69% of breaches discovered by an external party

66% of breaches are undetected for months

- 2013 Data Breach Report, Verizon

Deception-Based Attacks Are Hard to Detect

11

Deliver the data, analysis, & insight to

Fight the Living Threat

Our Mission

12

Rapid7’s Unique Data & Analytics Solution

13

Simplified

Compliance

Threat & Risk

Management

User-Based

Incident Detection

Business

Context

Attacker

Methods

Users

Behaviors

Assets

Controls

Collect Contextualize Analyze

Services

and Support

Nexpose

Complete Penetration Testing

Automated Vulnerability

Validation

Efficient Phishing Simulations

Metasploit Pro

“Using hours efficiently is critical, and Metasploit Pro

is a huge help on this. Time savings are the

biggest reason for us to use

Metasploit Pro.”

—Jim O’Gorman, President

Offensive Security

Nexpose

Complete Asset Discovery

Contextual Exposure

Analysis

Simplified Compliance & Reporting

Prioritized Action Plans

Nexpose

“We reduced risk by more than

98%. That’s particularly impressive when you

consider that we brought on five new hospitals in

that timeframe.”

—Scott Erven, Manager, Information Security

Essentia Health

Nexpose

Comprehensive Measurement of Critical Security Controls

Results-Oriented Trending

ControlsInsight

“Not knowing the state of our endpoints is a risk that

our organization cannot afford to take. Rapid7

ControlsInsight has provided our

organization with visibility that we

cannot get anywhere else.”

—Chad Currier, IT Infrastructure Director

Cardinal Innovations Healthcare Solutions

Nexpose

Smart Detection of Attacks

Fast Incident Investigation

Simplified Discovery

of User Behavior

ControlsInsight

“Rapid7 UserInsight allows us to look at what users are

doing, enabling us be hyper-vigilant

when it comes to things like

detecting compromised credentialsor knowing if a user logs in from two different locations

within a suspiciously brief period.”

—Manager, Risk and Compliance

Large Outsourced Sales and Marketing Agency

Professional Services

26

Strategic Services• On-Premise Managed Services• Risk Rater Professional • Off-Premise Managed Services

Deployment Services• 3.5-day Rapid Deployment

• Custom Deployment

• Integration to 3rd-party apps

• Custom Reporting & Scripting

Training Services• Webinars

• Virtual Training

• On-site Training

• NX Administrator Certification

Assessment Services• Internal or External Network

• Web or Mobile Application

• Wireless

• Social Engineering

More Than Just Innovative Technology

27

Customer Focus

200+Customers

in Rapid7

Voice

96%Issue

resolution

on 1st call

~3,000Customers

in 78

countries

41

NPS

28%of Fortune

1000

15k+Community

Members

Silver

Stevie’s

Award for

customer

service

Customers Partners

Success Is Not A Continuum—Nick Saban, Alabama Head Coach

Questions?

29

Thank You