O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
A Scribd passará a dirigir o SlideShare em 1 de dezembro de 2020A partir desta data, a Scribd passará a gerenciar sua conta do SlideShare e qualquer conteúdo que você possa ter na plataforma. Além disso, serão aplicados os Termos gerais de uso e a Política de Privacidade da Scribd. Se prefira sair da plataforma, por favor, encerre sua conta do SlideShare. Saiba mais.
• 1 team in the
US and China • $2.6 billion under management • 6 funds | 150+ investments • 15 years | 27 IPOs GLEN N SOLOMON • Managing Partner • 10 years at GGV Capital • Enterprise, SaaS, Cloud, Security, Mobile • goinglongblog.com | @glennsolomon
Cybercrime is a Growth Industry
Source: 2015 Verizon DBIR Report; ITRC ; HP 2015 Cost of Cyber Crime Study; The Global State of Information Security Survey 2015; McAfee Net Losses – Estimating the Cost of Cybercrime 42.8M Security Incidents 5,810 Confirmed Data Breaches 61 Countries $445B Annual Cost to the Global Economy
Data Breaches by the Numbers
Data Records Lost or Stolen in 2014 2,803,306 records lost or stolen every day 116,793 records every hour 1,947 records every minute 32 records every second Source: SafeNet – The Art of Data Protection, Feb 2015 Only 4% of breaches were “Secure Breaches” where encryption was used and the stolen data was rendered useless
Hackers & Their Weapons Participants
Hackers Hacktivists Criminal Organizations Commercial Vendors State Sponsored Terror Groups Available to Purchase Hacking Tools Zero-day Exploits Credit Card Data eCommerce/Social- Media Credentials Key Participants Eastern Europe Russia China US Latin America Source: RAND National Security Research Division
Common Threats & Victims Identity
Theft Phishing Social Engineering Cyber AttackCyber Extortion When you protect your company, you need to focus on all possible weaknesses. Hackers only need to find one way in…
The Corporate Challenge Source: 2015
Verizon DBIR Report; BTIG Security Report – Attack of the Clones Cloud-based Applications Social Networking Virtualization BYOD 83 million software applications today; 141 million by 2017 Stolen or weak credentials involved in 76% of cyber attacks 14% of attacks or exploits are on cloud services, applications, or storage systems Mobile security breaches have affected 65% of global organizations in the last 12 months
The Next Generation of Cyber
Security Source: BTIG Security Report – Attack of the Clones Legacy Security Companies Next Generation Equivalent Firewall/Intrusion Prevention System Next Generation Network Security Antivirus Next Generation Endpoint/Malicious Detection Web Gateway/URL Filtering Cloud Security & Data Protection Authentication, Authorization & Accounting Identity & Access Management – The New Perimeter Secure Event Management Security Intelligence & Analytics Data Security Data Security, Discovery, Clarification, Control & Intel Data Loss Prevention Inside Threat Protection Governance, Risk Management & Compliance Compliance Automation and Data Governance
New Threat Vectors Source: Immuniweb,
Symantec Internet Security Threat Report 2015; Crowd Research Partners – Insider Threat Report Social Media Protection While email remains a significant attack vector, 70% of social media scams were manually shared. Advanced Persistent Threats Zero-day exploits are almost impossible to detect and will work 9 out of 10 cases because they have legal, financial and banking industry experts, psychologists, and even ex-law enforcement officers behind them. Insider Threats Privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations. This is followed by contractors, consultants, and regular employees. Compromised account credentials, or when someone’s account is hijacked, are also a big part of this risk.
New Threat Vectors Internet of
Things These hubs, switches, and router are increasingly used to target the network. They have processing, storage, and internet connectivity. Mobile Security & Protection As more users rely on their mobile devices, more spam, scams, and threats are tailored to these devices. Mobile malware such as bootkits will become harder to remove. Critical Infrastructure The most significant trend is the use of malware to compromise supervisory control and data acquisition (SCADA) systems, including Homeless Management Information System (HMIS), historians, and other connected devices. Source: Symantec Internet Security Threat Report 2015; Crowd Research Partners – Insider Threat Report
Approaches Over Time 1987-2009 2009-2014
2014 onward 2015 onward Signatures Sandboxes Anomaly Detection Zero-Trust APT Attack Sophistication Level Hammertoss, Black Energy, etc Endpoint Content Network Source: Based on Agari presentation material
Modern Security Challenges in the
Cloud Challenge: Corporate services are migrating to the cloud Secure Application Access Privileged Access Management Multi-Factor Authentication FirewallsNetwork Access Control SSO Challenge: Dynamic workloads due to multi-tiered apps & virtualization, containers, micro-services, etc. Protect Server to Server Interactions Cloud Workload ManagementMachine Firewalls
Modern Security Challenges in the
Cloud (cont) Challenge: Employees on websites via HTTP and mail –some malicious Securing Employee to Internet Cloud Policy ManagementCloud Access Security Brokers SaaS Data Encryption Challenge: Rapid development cycles leave little room for security checks Web App Security RASPsWAFs CDNs