SlideShare uma empresa Scribd logo

Relentless 7 steps for cyber security operation

F-Secure Corporation
F-Secure Corporation

Cyber security must be treated like a never-ending process of continuous development. Learn More about Why your cyber security operation can never rest and what are the seven ways to keep it one step ahead. Article Link: https://business.f-secure.com/7-ways-to-keep-cyber-security-operation-ahead/

Tecnologia
1 de 70
Baixar para ler offline
RELENTLESS Why your cyber security operation can never rest and seven ways to keep it one step ahead
SAY WHAT YOU WANT ABOUT CYBER SECURITY
IT
NEVER
GETS
BORING
On the one hand, you’re dealing with a threat landscape that won’t stop changing, with new hackers and tactics and threats emerging every day.
On the other, you’re dealing with rapid change in your own infrastructure, with new users and apps and data and devices…
IN SHORT, CYBERSECURITY NEVERSTOPS.
You can’t stop your business from developing the new applications it needs.
You can’t stop attackers from discovering and distributing new ways to breach your defenses.
And you certainly can’t afford to stop patching your systems and learning from the latest threat intelligence.
IF YOU SLOW DOWN YOU’RE JUST MAKING YOURSELF AN EASY TARGET.
It’s what makes cyber security so endlessly interesting and ruthlessly challenging all at once.
But even though change is the only constant, cyber defenses are often still too rigid.
MOBILE+DYNAMIC Endpoints are but the ability to monitor and manage them has struggled to keep up.
HUMAN+VERSATILE Attackers are but too many defenses are automated and homogenous.
+ USER PRODUCTIVITY Processes get in the way of so it’s no surprise that people find ways around them.
HERE’S THE CHALLENGE: CYBER SECURITY CAN’T BE TREATED LIKE A STATIC, PREVENTATIVE DISCIPLINE.
And it can’t be seen as just an IT thing, either. If you’re going to deliver innovative new services, cyber security needs to be at the heart of everything you do. This is about growth, too.
Cyber security must be treated like a never-ending process of continuous improvement.
A process that evolves and adapts as rapidly as the criminals trying so hard to beat us.
predict respond preventdetect One that takes a holistic approach to every aspect of cyber security, to predict, prevent, detect and respond to emerging threats with confidence and speed.
And one that supports businesses to meet their evolving strategic goals.
WECALLTHIS APPROACH LIVESECURITY.
And we believe it takes a tacit commitment to seven fundamental principles to effectively predict, prevent, detect and respond to attacks.
1. IT TAKES MAN AND MACHINE TO WIN.
Attackers combine people, process and technology to get past your defences. You need the same thing the right combination of people, process and technology to fend them off.
It takes the scalability of software to secure all your endpoints and constantly incorporate the latest threat intelligence.
But it takes real-world human and hacker expertise to assess your operations, find vulnerabilities, configure your software the right way and then respond to the right signs.
2 LOCAL AND INDUSTRY-SPECIFIC EXPERTISE MATTERS
Different industries need to deal with different types of attacks and regulations.
It takes a very different approach to cyber security to protect a global brand’s intellectual property than it does to protect a bank’s sensitive data in a highly regulated environment.
You can deliver effective security because you understand your industry’s unique needs. So any partners you work with will need to have the same, specific expertise your industry needs.
When you move into new markets, your cyber security operations need to adapt to the situation on the ground. For example, the new EU General Data Protection Regulation (GDPR) changes the way businesses handle EU citizens’ data.
Unless you can take these regional and industry-specific nuances into account, you can’t appropriately organize and prioritize your cyber strategy.
3 YOU CANNOT IGNORE THE LATEST THREAT INTELLIGENCE
Every single week of every single month, new threats, tactics and malware emerge to exploit vulnerabilities. From Sony to Yahoo to Ashley Madison, we’ve already seen the level of all-out extortion tactics hackers will increasingly use. And IoT botnets, for example, will only become a bigger problem as businesses make strategic moves into IoT technology.
The trouble is that too many cyber security operations don’t have the time or infrastructure to deal with this rate of change.
Keeping up with the latest threat intelligence can be a struggle. Applying it across the cyber security operation can be even tougher. But it’s a vital foundation for constantly improving your defenses.
4 CYBER SECURITY MUST BE AGILE
Attackers can pivot in an instant, seizing new opportunities the moment they open up.
It’s essential that you have at least as much agility to stay ahead of them. That starts with a versatile foundation of processes.
To get it right, you need to be able to predict potential incidents, prevent the vast majority from ever happening, detect them when they do happen and then respond quickly and appropriately once you’ve been breached. predict respond preventdetect
That calls for everything from patch management to crisis management to be prepared. A lot of which might seem like very basic cyber security for most of us but it can also be very effective.
Starting with a solid foundation of endpoint protection and adding advanced technology such as analytics and vulnerability management on top makes sense to help predict and prevent incidents.
But equally, unless you’ve got a predetermined and rehearsed plan for things like breach detection or incident response, you’ll find your company in a state of chaos when something does go wrong.
5 A DISTRIBUTED ATTACK SURFACE CALLS FOR DISTRIBUTED SECURITY
Attackers should never know your own infrastructure better than you do. A successful business relies on clear, constant visibility across complex organizational and IT infrastructures. And today’s mobile workforces depend on constant access to data and services through an ever-growing array of devices.
But the increasingly distributed and dynamic nature of corporate infrastructures makes it incredibly hard for IT and security leaders to see the edges of their attack surface and even harder to protect it.
Until you prioritize a centralized view of every endpoint in your networks, you’ll always be flying blind. But just seeing every endpoint isn’t enough you’ve also got to harden every potentially vulnerable device.
80%80% In fact, in 80% of the incidents we’ve responded to, patch management would’ve prevented access. This kind of endpoint protection should be second nature for cyber security operations. It’s low-hanging fruit and it gets the job done.
6 COMPLIANCE IS TABLE STAKES
Regulatory compliance is vital for any business – it’s an essential safeguard for the entireorganization,fromthe boardroom to the shopfloor. Regulators set the minimum requirements. But that’s just the starting point, not the end goal.
Most large companies will be compliant but it hasn’t prevented them from being breached. Take Yahoo, for example, regulatory compliance didn’t stop hackers stealing 500 million user accounts.1 1. http://fortune.com/2016/09/22/yahoo-hack/
For instance, payment regulations such as PCI-DSS don’t cover the full spectrum of preventative defences you could need, let alone the predictive, responsive and detection capabilities you should also consider. Regulators will react to known issues and compel businesses to fix them, but it takes a proactive approach to keep ahead of the persistent innovation of attackers.
Regulations are an important starting point for cyber security. But cyber attackers move faster than regulators do. So a relentlessly proactive approach to cyber security is essential.
7 7 YOU’RE NEVER DONE
If you take one thing away from this, we’d hope it is this in cyber security, you’re never done.
THIS MUCH WEKNOW:
Your attackers will never relent. So your cyber security operation can never relent. That means it must constantly evolve and improve.
So rather than expecting a silver bullet technology to come and save the day, it’s important to confront the fundamental reality of cyber security…
REACTING ISN’TENOUGH.
You need a proactive process that’s designed to continuously improve and adapt. Only then can you effectively predict, prevent, detect and respond to incidents.
The average cost of a data breach is now $4 million3 . 2. 2014 Cyber attack to cost Sony $35 million in IT repairs, Computer World, 2015 3. 2016 Cost of Data Breach study, Ponemon Institute, sponsored by IBM THE STAKES HAVENEVER BEENHIGHER²
The corporate victims have never been more varied. From retail giants and global financial institutions to hospitals and universities.
And the role of the cyber security professional has never been harder. But when you’re armed with the right people, processes and tools there’s nothing more rewarding
ANDNOTHING MOREIMPORTANT.
BEHINDTHESCENESOF AREALWORLDBREACH Breaches are inevitable. But most companies are worryingly underprepared to handle the consequences of one. Read ‘The Chaos of a Corporate Attack’ to find out how one company was breached and how they reacted. Read the eBook Use our stress test to learn more about the current state of your cyber security operations. Find out what you’re getting right – and where you need to make changes. Take the stress test ANDPUTYOUR SECURITYOPERATION TOTHETEST
And our cyber security experts (and white-hat hackers) are constantly bringing back new insights, tactics and lessons learned from their experiences out on the frontline of cyber security. It’s how our Live Security approach powers scalable software that continuously improves to predict, prevent, detect and respond to breaches. So if you’re looking for an approach to cyber security that’s relentlessly moving forward, we should talk. WE’RE F-SECURE

Recomendados

F-Secure E-mail and Server Security
F-Secure E-mail and Server SecurityF-Secure E-mail and Server Security
F-Secure E-mail and Server SecurityF-Secure Corporation
 
F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF-Secure Corporation
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNeha Gupta
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
F-Secure Corporation
F-Secure CorporationF-Secure Corporation
F-Secure CorporationPratima Potturu
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 

Recomendados

F-Secure E-mail and Server Security
F-Secure E-mail and Server SecurityF-Secure E-mail and Server Security
F-Secure E-mail and Server SecurityF-Secure Corporation
 
F secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF secure Radar vulnerability scanning and management
F secure Radar vulnerability scanning and managementF-Secure Corporation
 
CSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistCSE 2016 Future of Cyber Security by Matthew Rosenquist
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNeha Gupta
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
F-Secure Corporation
F-Secure CorporationF-Secure Corporation
F-Secure CorporationPratima Potturu
 
Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?Cyber security webinar 6 - How to build systems that resist attacks?
Cyber security webinar 6 - How to build systems that resist attacks?F-Secure Corporation
 
Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for BusinessF-Secure Corporation
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNorth Texas Chapter of the ISSA
 
Emirates Forensic Presentation
Emirates Forensic PresentationEmirates Forensic Presentation
Emirates Forensic PresentationEmirates Forensic
 
NTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of DiscoveryNTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of DiscoveryNorth Texas Chapter of the ISSA
 
Privacy & cyber-physical security in eu cities 2016
Privacy & cyber-physical security in eu cities 2016Privacy & cyber-physical security in eu cities 2016
Privacy & cyber-physical security in eu cities 2016Martin Tom-Petersen
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityNeil Parker
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic Ravi Nayak
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavorSatria Ady Pradana
 
Post-mortem of a data breach
Post-mortem of a data breachPost-mortem of a data breach
Post-mortem of a data breachF-Secure Corporation
 
How do you predict the threat landscape?
How do you predict the threat landscape?How do you predict the threat landscape?
How do you predict the threat landscape?F-Secure Corporation
 
Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!F-Secure Corporation
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceF-Secure Corporation
 
Security A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsSecurity A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsF-Secure Corporation
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace F-Secure Corporation
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espaceLes attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espaceF-Secure Corporation
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3F-Secure Corporation
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 

Mais conteúdo relacionado

Destaque

Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNorth Texas Chapter of the ISSA
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNorth Texas Chapter of the ISSA
 
Emirates Forensic Presentation
Emirates Forensic PresentationEmirates Forensic Presentation
Emirates Forensic PresentationEmirates Forensic
 
Privacy & cyber-physical security in eu cities 2016
Privacy & cyber-physical security in eu cities 2016Privacy & cyber-physical security in eu cities 2016
Privacy & cyber-physical security in eu cities 2016Martin Tom-Petersen
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityNeil Parker
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic Ravi Nayak
 

Destaque (12)

Protection Service for Business
Protection Service for BusinessProtection Service for Business
Protection Service for Business
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret WeaponNTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
NTXISSACSC4 - Between The Keyboard And The Chair - Cybersecurity's Secret Weapon
 
NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-Virus
 
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't EnoughNTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
NTXISSACSC4 - Artifacts Are for Archaeologists: Why Hunting Malware Isn't Enough
 
Emirates Forensic Presentation
Emirates Forensic PresentationEmirates Forensic Presentation
Emirates Forensic Presentation
 
NTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of DiscoveryNTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of Discovery
 
Privacy & cyber-physical security in eu cities 2016
Privacy & cyber-physical security in eu cities 2016Privacy & cyber-physical security in eu cities 2016
Privacy & cyber-physical security in eu cities 2016
 
Understanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber SecurityUnderstanding the Risk & Challenges of Cyber Security
Understanding the Risk & Challenges of Cyber Security
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 

Mais de F-Secure Corporation

How do you predict the threat landscape?
How do you predict the threat landscape?How do you predict the threat landscape?
How do you predict the threat landscape?F-Secure Corporation
 
Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!F-Secure Corporation
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceF-Secure Corporation
 
Security A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsSecurity A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsF-Secure Corporation
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace F-Secure Corporation
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espaceLes attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espaceF-Secure Corporation
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3F-Secure Corporation
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2F-Secure Corporation
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeF-Secure Corporation
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Corporation
 
Best business protection for windows
Best business protection for windowsBest business protection for windows
Best business protection for windowsF-Secure Corporation
 
Six things to take into account when choosing cloud solutions
Six things to take into account when choosing cloud solutionsSix things to take into account when choosing cloud solutions
Six things to take into account when choosing cloud solutionsF-Secure Corporation
 
Small and midsize business security is big business
Small and midsize business security is big businessSmall and midsize business security is big business
Small and midsize business security is big businessF-Secure Corporation
 
大きなビジネスを生み出す中小中堅企業
大きなビジネスを生み出す中小中堅企業大きなビジネスを生み出す中小中堅企業
大きなビジネスを生み出す中小中堅企業F-Secure Corporation
 
Why should you care about government surveillance?
Why should you care about government surveillance?Why should you care about government surveillance?
Why should you care about government surveillance?F-Secure Corporation
 
Arbeta var du vill- eBook om modern mobilitet
Arbeta var du vill- eBook om modern mobilitetArbeta var du vill- eBook om modern mobilitet
Arbeta var du vill- eBook om modern mobilitetF-Secure Corporation
 

Mais de F-Secure Corporation (20)

Post-mortem of a data breach
Post-mortem of a data breachPost-mortem of a data breach
Post-mortem of a data breach
 
How do you predict the threat landscape?
How do you predict the threat landscape?How do you predict the threat landscape?
How do you predict the threat landscape?
 
Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!Got hacked? It’s too late to run now!
Got hacked? It’s too late to run now!
 
The Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security ServiceThe Real Costs of SIEM vs. Managed Security Service
The Real Costs of SIEM vs. Managed Security Service
 
Security A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important termsSecurity A to Z: Glossary of the most important terms
Security A to Z: Glossary of the most important terms
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace
 
Les attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espaceLes attaques menées depuis la France dans le cyber espace
Les attaques menées depuis la France dans le cyber espace
 
Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3Defending Servers - Cyber security webinar part 3
Defending Servers - Cyber security webinar part 3
 
Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2Defending Workstations - Cyber security webinar part 2
Defending Workstations - Cyber security webinar part 2
 
Cyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat LandscapeCyber security webinar part 1 - Threat Landscape
Cyber security webinar part 1 - Threat Landscape
 
F-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior controlF-Secure Policy Manager - onsite security management with superior control
F-Secure Policy Manager - onsite security management with superior control
 
The State of the Net in India
The State of the Net in IndiaThe State of the Net in India
The State of the Net in India
 
Best business protection for windows
Best business protection for windowsBest business protection for windows
Best business protection for windows
 
Six things to take into account when choosing cloud solutions
Six things to take into account when choosing cloud solutionsSix things to take into account when choosing cloud solutions
Six things to take into account when choosing cloud solutions
 
Small and midsize business security is big business
Small and midsize business security is big businessSmall and midsize business security is big business
Small and midsize business security is big business
 
大きなビジネスを生み出す中小中堅企業
大きなビジネスを生み出す中小中堅企業大きなビジネスを生み出す中小中堅企業
大きなビジネスを生み出す中小中堅企業
 
Why should you care about government surveillance?
Why should you care about government surveillance?Why should you care about government surveillance?
Why should you care about government surveillance?
 
Arbeta var du vill- eBook om modern mobilitet
Arbeta var du vill- eBook om modern mobilitetArbeta var du vill- eBook om modern mobilitet
Arbeta var du vill- eBook om modern mobilitet
 
Psb mobile security
Psb mobile securityPsb mobile security
Psb mobile security
 
Internet gatekeeper
Internet gatekeeperInternet gatekeeper
Internet gatekeeper
 

Último

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Último (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Relentless 7 steps for cyber security operation

  • 1. RELENTLESS Why your cyber security operation can never rest and seven ways to keep it one step ahead
  • 3. IT
  • 7. On the one hand, you’re dealing with a threat landscape that won’t stop changing, with new hackers and tactics and threats emerging every day.
  • 8. On the other, you’re dealing with rapid change in your own infrastructure, with new users and apps and data and devices…
  • 10. You can’t stop your business from developing the new applications it needs.
  • 11. You can’t stop attackers from discovering and distributing new ways to breach your defenses.
  • 12. And you certainly can’t afford to stop patching your systems and learning from the latest threat intelligence.
  • 13. IF YOU SLOW DOWN YOU’RE JUST MAKING YOURSELF AN EASY TARGET.
  • 14. It’s what makes cyber security so endlessly interesting and ruthlessly challenging all at once.
  • 15. But even though change is the only constant, cyber defenses are often still too rigid.
  • 16. MOBILE+DYNAMIC Endpoints are but the ability to monitor and manage them has struggled to keep up.
  • 17. HUMAN+VERSATILE Attackers are but too many defenses are automated and homogenous.
  • 18. + USER PRODUCTIVITY Processes get in the way of so it’s no surprise that people find ways around them.
  • 19. HERE’S THE CHALLENGE: CYBER SECURITY CAN’T BE TREATED LIKE A STATIC, PREVENTATIVE DISCIPLINE.
  • 20. And it can’t be seen as just an IT thing, either. If you’re going to deliver innovative new services, cyber security needs to be at the heart of everything you do. This is about growth, too.
  • 21. Cyber security must be treated like a never-ending process of continuous improvement.
  • 22. A process that evolves and adapts as rapidly as the criminals trying so hard to beat us.
  • 23. predict respond preventdetect One that takes a holistic approach to every aspect of cyber security, to predict, prevent, detect and respond to emerging threats with confidence and speed.
  • 24. And one that supports businesses to meet their evolving strategic goals.
  • 26. And we believe it takes a tacit commitment to seven fundamental principles to effectively predict, prevent, detect and respond to attacks.
  • 27. 1. IT TAKES MAN AND MACHINE TO WIN.
  • 28. Attackers combine people, process and technology to get past your defences. You need the same thing the right combination of people, process and technology to fend them off.
  • 29. It takes the scalability of software to secure all your endpoints and constantly incorporate the latest threat intelligence.
  • 30. But it takes real-world human and hacker expertise to assess your operations, find vulnerabilities, configure your software the right way and then respond to the right signs.
  • 32. Different industries need to deal with different types of attacks and regulations.
  • 33. It takes a very different approach to cyber security to protect a global brand’s intellectual property than it does to protect a bank’s sensitive data in a highly regulated environment.
  • 34. You can deliver effective security because you understand your industry’s unique needs. So any partners you work with will need to have the same, specific expertise your industry needs.
  • 35. When you move into new markets, your cyber security operations need to adapt to the situation on the ground. For example, the new EU General Data Protection Regulation (GDPR) changes the way businesses handle EU citizens’ data.
  • 36. Unless you can take these regional and industry-specific nuances into account, you can’t appropriately organize and prioritize your cyber strategy.
  • 37. 3 YOU CANNOT IGNORE THE LATEST THREAT INTELLIGENCE
  • 38. Every single week of every single month, new threats, tactics and malware emerge to exploit vulnerabilities. From Sony to Yahoo to Ashley Madison, we’ve already seen the level of all-out extortion tactics hackers will increasingly use. And IoT botnets, for example, will only become a bigger problem as businesses make strategic moves into IoT technology.
  • 39. The trouble is that too many cyber security operations don’t have the time or infrastructure to deal with this rate of change.
  • 40. Keeping up with the latest threat intelligence can be a struggle. Applying it across the cyber security operation can be even tougher. But it’s a vital foundation for constantly improving your defenses.
  • 42. Attackers can pivot in an instant, seizing new opportunities the moment they open up.
  • 43. It’s essential that you have at least as much agility to stay ahead of them. That starts with a versatile foundation of processes.
  • 44. To get it right, you need to be able to predict potential incidents, prevent the vast majority from ever happening, detect them when they do happen and then respond quickly and appropriately once you’ve been breached. predict respond preventdetect
  • 45. That calls for everything from patch management to crisis management to be prepared. A lot of which might seem like very basic cyber security for most of us but it can also be very effective.
  • 46. Starting with a solid foundation of endpoint protection and adding advanced technology such as analytics and vulnerability management on top makes sense to help predict and prevent incidents.
  • 47. But equally, unless you’ve got a predetermined and rehearsed plan for things like breach detection or incident response, you’ll find your company in a state of chaos when something does go wrong.
  • 48. 5 A DISTRIBUTED ATTACK SURFACE CALLS FOR DISTRIBUTED SECURITY
  • 49. Attackers should never know your own infrastructure better than you do. A successful business relies on clear, constant visibility across complex organizational and IT infrastructures. And today’s mobile workforces depend on constant access to data and services through an ever-growing array of devices.
  • 50. But the increasingly distributed and dynamic nature of corporate infrastructures makes it incredibly hard for IT and security leaders to see the edges of their attack surface and even harder to protect it.
  • 51. Until you prioritize a centralized view of every endpoint in your networks, you’ll always be flying blind. But just seeing every endpoint isn’t enough you’ve also got to harden every potentially vulnerable device.
  • 52. 80%80% In fact, in 80% of the incidents we’ve responded to, patch management would’ve prevented access. This kind of endpoint protection should be second nature for cyber security operations. It’s low-hanging fruit and it gets the job done.
  • 54. Regulatory compliance is vital for any business – it’s an essential safeguard for the entireorganization,fromthe boardroom to the shopfloor. Regulators set the minimum requirements. But that’s just the starting point, not the end goal.
  • 55. Most large companies will be compliant but it hasn’t prevented them from being breached. Take Yahoo, for example, regulatory compliance didn’t stop hackers stealing 500 million user accounts.1 1. http://fortune.com/2016/09/22/yahoo-hack/
  • 56. For instance, payment regulations such as PCI-DSS don’t cover the full spectrum of preventative defences you could need, let alone the predictive, responsive and detection capabilities you should also consider. Regulators will react to known issues and compel businesses to fix them, but it takes a proactive approach to keep ahead of the persistent innovation of attackers.
  • 57. Regulations are an important starting point for cyber security. But cyber attackers move faster than regulators do. So a relentlessly proactive approach to cyber security is essential.
  • 59. If you take one thing away from this, we’d hope it is this in cyber security, you’re never done.
  • 61. Your attackers will never relent. So your cyber security operation can never relent. That means it must constantly evolve and improve.
  • 62. So rather than expecting a silver bullet technology to come and save the day, it’s important to confront the fundamental reality of cyber security…
  • 64. You need a proactive process that’s designed to continuously improve and adapt. Only then can you effectively predict, prevent, detect and respond to incidents.
  • 65. The average cost of a data breach is now $4 million3 . 2. 2014 Cyber attack to cost Sony $35 million in IT repairs, Computer World, 2015 3. 2016 Cost of Data Breach study, Ponemon Institute, sponsored by IBM THE STAKES HAVENEVER BEENHIGHER²
  • 66. The corporate victims have never been more varied. From retail giants and global financial institutions to hospitals and universities.
  • 67. And the role of the cyber security professional has never been harder. But when you’re armed with the right people, processes and tools there’s nothing more rewarding
  • 69. BEHINDTHESCENESOF AREALWORLDBREACH Breaches are inevitable. But most companies are worryingly underprepared to handle the consequences of one. Read ‘The Chaos of a Corporate Attack’ to find out how one company was breached and how they reacted. Read the eBook Use our stress test to learn more about the current state of your cyber security operations. Find out what you’re getting right – and where you need to make changes. Take the stress test ANDPUTYOUR SECURITYOPERATION TOTHETEST
  • 70. And our cyber security experts (and white-hat hackers) are constantly bringing back new insights, tactics and lessons learned from their experiences out on the frontline of cyber security. It’s how our Live Security approach powers scalable software that continuously improves to predict, prevent, detect and respond to breaches. So if you’re looking for an approach to cyber security that’s relentlessly moving forward, we should talk. WE’RE F-SECURE