19. EXAMPLE: INSTRUMENT YOUR CONTROLS FOR CONSUMPTION
Block list
Quarantine list
Alert list
Sandbox
ExploitKits,
Scanning IPs
C2 IPs Move to quarantine
network
Rebuild device
Analyze device
Signatures
Firewall
Endpoint
Indicators
APT IPs
Notify user
AI:
beaconing
SHARING
User
Violation
21. THREE CATEGORIES OF METRICS
HEALTH
% of controls running
% of assets configured to best practices
% of vulnerable systems
% of traffic visible
…
Mean time to detect (MTTD)
Time to discover all impacted assets
Completeness per IOC sweep
Detection for % of all attack vectors
Detection for % of all data leakage vectors
% of false positive alerts per analytic
% of attacks automatically prevented
% of users with privilege rights
…
RESILIENCE
Mean time to respond (MTTR)
Mean time to rebuild a desktop
% of automated countermeasures
% of red team exercises detected
Time from intrusion to eradication (dwell)
…
VISIBILITY
BUSINESS VALUE AND PRODUCTIVITY
METRICS
§ Losses occurred vs. losses prevented
§ Mean cost per incident
§ % of XXX vs industry benchmark
…
26. enterprise apps today
are cloud-enabled
/cloud-native
Cloud is
Everywhere
Containers Have
Gone Mainstream
enterprises will use
containers by 2020
8 of 10 1 in 2
of cloud users
leverage 2 or more
cloud providers
(Gartner)
81%
Multi-Cloud
CLOUD SECOPS IS HEAVILY BEHIND
SANS 2019 Cloud Security Survey
● 99% of cloud security failures will be the customers fault by 2023 (Gartner)
● 42% Lack of skills or training for specific public cloud services*
● 52% Inability to respond to incidents traversing our cloud apps and data*
CYBERSECURITY LACKS ADOPTION FOR CLOUD
TRANSFORMATION