Information security stki summit 2012-shahar geiger maor

Trends In
Information Security

Tell me and I’ll forget STKI Summit 2012
Show me and I may remember
Shahar Geiger Maor,
Involve me and I’ll understand VP & Senior Analyst

Agenda

Endpoints Networking Security

DC Cloud
Post
Voice MDM
PC
Video Cyber
2
Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic

Presentation Visualization

MDM
Networking Security

ollaboration

3

End-To-End Security Project

Web Security Secure
WAF Browsing
Gateway
Application
Security

Information
DLP Laundering
Data
Security

Firewalls IPS NAC
Network
Security
Source: Taldor 4

TEAMS Project (A3)

Source: Malam-Team 5

The New Training Center-IDF

Source: Bynet 6

Presentation Visualization -Security

MDM
Networking Security

ollaboration

7

STKI Index-2011 –Top Security Queries
Mobile Sec., 25%
Access/Authentication, 13%
DB/DC Sec., 11%
GRC, 9%
Network Sec., 8%
Sec. Policy, 6%

Data Sec., 6%
SIEM/SOC, 4% SIs/Vendors/Products, 4%
Endpoint Sec., 4%
Fraud, 3%
“Cyber”, 2%
Market/Trends, 2%
Application Sec., 2%
Miscellaneous, 1%
8
GW Sec., 1%

Presentation Visualization-Cyber

MDM
Networking Security

ollaboration

9

New Buzz…..

10

Your Text here Your Text here

Shahar GeigerMaor’s work Copyright 2012 @STKI Do Do not remove source or attribution from any or portion of graphic of graphic
Shahar Maor’s work Copyright 2012 @STKI not remove source or attribution from any graphic graphic or portion 11

The Cyber Triangle

Cyber
Warfare
Cyber
Terror

Cyber
Crime

Private Information Command & Control Business Information
Systems
Source: ILITA. STKI modifications 12

The Cyber Triangle–Regulations

Director of Security
SOX of the Defense
Establishment

National
ISOIEC Information
27001 Security Authority
Israeli Law,
PCI-DSS Information and
Technology Authority
Bank of Israel
Ministry of Finance

ISOIEC ISOIEC
ISOIEC

ISOIEC PCI-DSS

SOX PCI-DSS SOX SOX

Private Information Command & Control Business Information
Systems
Source: ILITA. STKI modifications 13

Generic Cyber Attacks

1. IndividualsGroups
2. CriminalNationalistic
background
3. Lots of intervals
4. Lots of targets
5. Common tools

14

Distributed Denial Of Service (DDOS)

1. Targets websites,
internet lines etc.
2. Legitimate traffic
3. Many different
sources
4. From all over the
world
5. Perfect timing

15

DDOS Mitigation- Israeli Market Positioning 1Q12

Vendors to watch:
Andrisoft, Cloudshield, Correro,
GenieNRM, IntruGuard, Narus,
RioRey, Prolexic
Local Support

Player
Radware
Worldwide
Leader

Arbor F5
Networks Imperva

Foresight
Akamai
Market Presence

16

Advanced and Persistent Threat (APT)

1. Group/ Org./
State
2. Ideological/
Nationalistic
background
3. Multi-layered
attack
4. Targeted
5. Variety of
tools
6. Impossible to
detect in real
time(???)

17

Iranian Intelligence Wants To Be Your Friend on LinkedIn

Source: http://www.guym.co.il/

Cyber Preparedness???

Country-by-country
stress tests
4.5
4
3.5
3
2.5
2
1.5
1
0.5
0
Italy
Mexico

Spain

USA
Poland

Denmark
Estonia
India

China

Sweden
Romania

Russia

France
Brazil

The Netherlands
Austria

Japan

Germany

United Kingdom

Israel
Finland
Australia

Canada

http://www.securitydefenceagenda.org/ 19

bureaucracies live forever....

Space US Roman the rear
Shuttle’s standard war ends of
booster railroad chariots two war
rockets gauge horses

21

Israeli National Cyber Command (INCC)

Established: 07.08.2011
Goal:
• To lead the nation’s cyber strategy
• To establish a cyber defense policy
• To promote new initiatives and technologies in regards to cyber
security domains.
Means:
• Government budget
• Industryacademic knowledge sharing

22

On the INCC’s Agenda

• Mapping the national critical infrastructure
• Gap analysis for national critical infrastructure security controls
• Certifications: for vendors, for Sis, for consultants
• Authorizations: for businesses, institutes and any other entity
who keep privatepublic information
• Proactive defense by establishing professional forums
• Promotion of academic and industry research
• Promotion of specific fields of expertise (e.g: SCADA security)
• Establishment of national security lab
• Education and public awareness

23

Five Aspects of Government Intervention

1. Multi-system and system complexity: Resource pooling and
knowledge sharing
2. Joint venture: Cyber defense is a “game for large players”
3. National as well as International co-operation
4. Governmental incentives and programs (e.g: MAGNET, Yozma
initiative)
5. Regulation

…This is the planned State –Level Cyber Security Approach

24

An Example fo State-Level Cyber Security –IPv6

http://www.ccdcoe.org/publications/books/Strategic_Cyber_Security_K_Geers.PDF 25

Spotting the Unknown: Finding the “God Particle” of Security

One possible signature of a Higgs boson from

Large Hadron Collider (LHC) at CERN
http://commons.wikimedia.org/wiki/LHC 28

Big Data : Information Diet

• The modern human animal spends upwards of 11
hours out of every 24 in a state of constant
consumption of information from the net:
• we have grown obese on sugar, fat, and flour
• we become gluttons for texts, instant messages, emails,
RSS feeds, downloads, videos, status updates, and
tweets.

• Just as too much junk food can lead to obesity, too
much junk information can lead to cluelessness

• Big Data “should” help a company understand this
information glut and is essential in order to be
smart, productive, and sane.

29

Spotting the Unknown: Big Data At Your Service

SIEM

Applications

Data Warehouse

Business Process
Management

Business Intelligence

Detect, analyze and respond to
phenomena based on large volumes of
structured and unstructured information

Source: IBM
30 Shahar Geiger Maor’s work Copyright 2012 @STKI Do not remove source or attribution from any graphic or portion of graphic

Spotting the Unknown: The Sandbox Approach

Source: http://www.fireeye.com/ 31

But…”The Contact Line Will Always be Breached”

Maginot Line Bar-Lev Line
http://en.wikipedia.org/wiki/File:Maginotline_ http://en.wikipedia.org/wiki/File:1973_sinai_w
organization.gif ar_maps.jpg
32

“Real-Time Forensic” -NetWitness

http://visualize.netwitness.com/Default.aspx?name=investigation
33

“Real-Time Forensic” -HBGary

http://hbgary.com/attachments/ad-datasheet.pdf 34

STKI Cyber Security Survey

This survey consists of two different parts:
• First part –CISOs and Infra managers from dozens leading
organizations.
• Second part –the insights of 9 leading security consultants who
cover most of the IT market in Israel.
Important notes:
• This survey refers to incidents during 2009-2011.
• Unreasonable results were removed.
• Results may have been subjected to wrong interpretation by the
Respondents and some of the incidents may have been
“dropped”.

35

Thank You Very Much For Your Contribution!

36

Number Of Security Incidents –Users’ Perspective

Average number of significant security incidents* in the past 3 years

50%
Market
40% Average:
30% 2
20% incidents
10%
0% "Cyber sector"**
No 1 "Soft Cyber sector"***
Incidents Incident 2-5
5-10
Incidents More
Incidents
Than 10
Incidents
*"Significant security incident" -One that caused direct loss in working hours andor money
**”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense…
***”Soft cyber sector” –All the others
37

Number Of Security Incidents –Consultants’ Perspective

Average number of significant security incidents during 2011

80%

60%

40%

20% Defense & Gov.
Finanace
0% Infra & Telecom
No 1 Rest of Industry
Incidents Incident 2-5
5-10
Incidents More
Incidents
Than 10
Incidents

38

What Kind Of Incidents? –Users’ Perspective

What was the nature of security incidents in the last 3 years?
Cyber sector Soft Cyber sector

Inside factor (Malicious, accidental,
64%
technical error) 20%

Known vulnerabilitiesthreats 41%
55%

No answer 40%
13%
Vulnerabilitiesthreats were unknown at 39%
the time 12%

We still don’t know 16%
0%

”Cyber sector” –large finance orgs., Infra, Telco, Gov, Defense…
“Soft cyber sector” –All the others
39

What Kind Of Incidents? –Consultants’ Perspective

What was the nature of security incidents in 2011?

6%
8%
5%
Known
vulnerabilitiesthreats
29% 36%
Vulnerabilitiesthreats
32% 32% 35%
47% were unknown at the time
30% 29% Inside factor (Malicious,
accidental, technical error)
15% We still don’t know
21%
34%
26%
15%

40

Once Again, The Human Factor. DLP Justification?

Have you encountered any malicious or non-malicious
activity by employees in the last 3 years?
Cyber sector Soft Cyber sector

17%
No 0%

23%
Yes, malicious 33%

70%
Yes,non-malicious 88%

41

Targeted Attacks –Users’ Perspective

Have you witnessed any targeted attacks in the last 3 years?
Soft Cyber sector Cyber sector
70%
66%

53%
47%

33%

18%
10% 11% 10%
8%

DOSDDOS Phishing Appweb attacks Malicious code No
42

Targeted Attacks –Consultants’ Perspective

Have you witnessed any targeted attacks toward one of
your clients in 2011?
(Not including Phishing and DOS attacks)
89%

56%

11%

Yes, Appweb attacks Yes, malicious code No

43

Lost of Working Hours

Approximately how many working hours did your organization lose due to
significant security incidents in the last 3 years?

Cyber sector Soft cyber sector
Don’t
Less than know
50 12%
Don’t 20%
know More
30% than 51 Less than
More than 33% 50
51 55%
50%

44

Impact on Revenue

How much money (% of total revenue, pre org. on average) has been lost due to
security incidents in the last three years?
Consultants Users

63%
58%

37%

13% 13% 13%
5%
0% 0% 0%

Les than 1% 5%-1% 10%-5% More than 10% Don’t know

45

Evolving to Combat Advanced Persistent Threats

Total Visibility Across the Enterprise:
• Host-Based Visibility
• Network-Based Visibility
• Log Aggregation: Internal DNS Server Logs, DHCP Logs, Enhanced
Microsoft Windows Event Audit Logs, Border Firewalls Logs with
Ingress/Egress TCP Header
• Information, External Webmail Access Logs, Internal Web Proxy
Logs, VPN Logs, Netflow Logs, Full Packet Capture Logs
• HIDS/HIPS
Actionable Threat Intelligence:
• Indicators of Compromise

http://www.mandiant.com/news_events/forms/m-trends_tech2011 46

Security Fundamentals Come First!

Establishing
After establishing a rigid and Cyber Security A new
continuous security policy, Policy
component
Check out this diagram:
Security Computer Cyber
education and Emergency
awareness Response Team Command
Center?

Internet policy Access policy System policy Standards

Access configuration Operating
System design
management management systems

Strong Patch
SDLC Mobile devices
authentication management

system
Testing Encryption(?)
hardening
47

Introducing: Cyber Command Center

Cooperation Research
Knowledge
with nation and
Sharing
CC Intelligence

Methodology
Mission

Duties &
Tools Reporting
responsibilities

Key
Drill & Legal
Success
simulation aspects
Criteria

Source: Sharon Mashhadi 48

Presentation Visualization-MDM

MDM
Networking Security

ollaboration

49

Mobile Device Management…

50
Source: Bent Objects

Critical Capabilities for Mobile Device Management

Policy Security and
Device Diversity Containerization
Enforcement Compliance

Inventory Software Administration IT Service
Management Distribution and Reporting Management

Network Service
Delivery Model
Management

http://www.gartner.com/technology/streamReprints.do?id=1-16U0UOL&ct=110801&st=sg 51

The Israeli Point of View

In your opinion, what are the Critical Capabilities for a MDM
solution?

16% 12%
8%

6% 13%

Source: STKI
52

MailCalendar Sync?

Does your organization’s policy allow for mobile devices to be synchronized to mailcalendar?

Not yet
13%

Of course!
87%

Source: STKI 53

(Don’t) Bring Your Own Device (Not yet)

Does your organization’s policy allow for private mobile devices to be synchronized to
mailcalendar?

Yes (to all...)
13%

Yes (Policy) No!
33% 54%

Source: STKI 54

MDM Strategy

What’s your mobile device management and security strategy?

5% Conducting a POCevaluation
8%
of solutions
Using an existing (non-specific)
13% security methodologysolutions
It's considered high priority,
53% but no actions were made yet
Already implemanting a
specific MDMsecurity solution
21% MDMsecurity is considered
low priority at the moment

Source: STKI 55

Data Leakage From Mobile Devices

How are you planning to tackle data leakage from mobile
devices (multiple answers)?

43% 40% 37%
30%

Our MDM We're usingwill Higher security We do not deal
solution shoud be using awareness with it
be the answer compensating
security controls

Source: STKI 56

Market Status: Waiting For “Something” To Happen

~17,000 MDM licenses have been sold in the Israeli market so far…
(STKI estimation, Feb 2012)

57

MDM Insights

-There is no single end-to-end solution
-Decision-maker’s position determines type of solution

CxOs /
Special Purpose

Pure
Security
MDM

Employees

58

Mobile Security

CxOs /
Special Purpose • AGAT- Active Sync
Protector
• Checkpoint -
Pointsec Mobile
Security
Pure • Juniper –Junos
Security
MDM Pulse Mobile
Security Suite
• LetMobile
• Trend Micro –
Mobile Security
Employees

59

Mobile Security Management -Israeli Market Positioning 1Q12

Local Support

AGAT Player

Checkpoint
Worldwide
Juniper Leader

LetMobile
Trend Micro

Market Presence

60

Mobile Device Management

CxOs /
• AirWatch Special Purpose
• BoxTone
• FancyFone –FAMOC
• Fiberlink-MaaS360
• Matrix-MMIS
• McAfee -Enterprise Pure
Mobility Security
Management
MDM
• MobileIron
• Symantec - Mobile
Management
• ZenPrise –Mobile
Manager Employees

61

Mobile Device Management -Israeli Market Positioning 1Q12

Mobile Iron
Local Support

Player
AirWatch
Worldwide
FancyFone Leader

McAfee
Fiberlink
Matrix
Zenprise Symantec
BoxTone

Market Presence

62

Mobile Containerization

• DME-Excitor
• Good Technologies
• Sybase-Afaria

CxOs /
Special Purpose

Pure
Security
MDM

Employees

63

Mobile Container Management -Israeli Market Positioning 1Q12

Local Support

Good Player
Technologies
Worldwide
Leader

Excitor
Sybase

Market Presence

64

Mobile Remote Control

CxOs /
Special Purpose

• Callup-Xcontrol
• Communitake
•
Pure
Mformation Security
• SOTI MDM

Employees

65

Mobile Remote Control-Israeli Market Positioning 1Q12

Local Support

Player

Mformation Communitake Worldwide
Leader

Xcontrol

SOTI
Market Presence

66

Presentation Visualization-Cloud Security

MDM
Networking Security

ollaboration

67

Cloud Flavors

Source: Changewave, a service of 451 Group 68

Super Hybrid Clouds : can IT handle it ?

IT’s challenge becomes:
• integration
• identity management
• data translation between the core and multitenant public cloud
• orchestration for processes connecting private and public clouds

69

Cloud Security is still A Major Concern

Source: Changewave, a service of 451 Group 70

Cloud Standards and Test Bed Groups
• Cloud Security Alliance (CSA)
• Distributed Management Task Force (DMTF)
• Storage Networking Industry Association (SNIA)
• Open Grid Forum (OGF)
• Open Cloud Consortium (OCC)
• Organization for the Advancement of Structured Information
Standards (OASIS)
• TM Forum
• Internet Engineering Task Force (IETF)
• International Telecommunications Union (ITU)
• European Telecommunications Standards Institute (ETSI)
• Object Management Group (OMG)

http://cloud-standards.org/wiki/index.php?title=Main_Page 71

Cloud Security Standards –Current Status

ISO
27001

SSAE 16
FedRAMP
(SAS 70)
ILITA Cloud IAM
(Israel) (access &
Security federation)

FISMA –
CSA
ATO

FIPS 140-
2

72

ISO 27001 (2005)

There is no particular focus on “cloud computing”.
(Reddit, HootSuite, Quora and Foursquare have suffered outages
even though AWS is ISO 27001 certified).
ISO 27001 relates to some cloud security issues:
• A.6.2.1 -Identification of risks related to external parties
• A.6.2.3 -Addressing security in third party agreements
• A.10.5.1 -Information back-up
• A.11 -Access control
• A.7.2.1 -Classification
So, what’s the point of being ISO 27001 certified? Lower risk.

ISO 27001 certification guarantees that the certified entity has
undertaken a comprehensive approach to resolve major risks.
73

SOC 1/SSAE 16/ISAE 3402

SSAE 16
is an enhancement to the current standard for
Reporting on Controls at a Service Organization
(SAS70).

ISAE 3402
SSAE 16 was built upon the ISAE 3402
framework.

SOC 1
A SOC 1 Report (Service Organization Controls Report) is a
report on Controls at a Service Organization which are relevant
to user entities’ internal control over financial reporting. The
SOC1 Report is what you would have previously considered to be
the standard SAS70, complete with a Type I and Type II reports,
but falls under the SSAE 16 guidance.
http://www.ssae-16.com/ 74

SOC 1/SSAE 16/ISAE 3402

Who Needs an SSAE 16 (SOC 1) Audit?
If your Company (the ‘Service Organization’)
performs outsourced services that affect the
financial statements of another Company (the
‘User Organization’), you will more than likely
be asked to provide an SSAE16 Type II Report,
especially if the User Organization is publicly
traded.

Some example industries include:
* Payroll Processing
* Loan Servicing
* Data Center/Co-Location/Network
Monitoring Services
* Software as a Service (SaaS)
* Medical Claims Processors
http://www.ssae-16.com/ 75

FIPS 140-2 Certification –For CSP Trust

1. Federal Information Processing Standard (FIPS) Publication 140-2
2. Specifies the security requirements of cryptographic modules
used to protect sensitive information
3. Notice: There are four levels of encryption under FIPS 140-2

http://www.gore.com/en_xx/products/electronic/anti-tamper/security-standards.html 76

PCI DSS –Vital For Cloud Service Providers

PCI DSS was set up by the major credit card companies to try and improve the Information
Security of financial transactions related to credit and debit cards. It essentially pushes the
responsibility of looking after card data onto merchants who may store, process and transmit
this type of data.
Protect Cardholder Data
Implement Strong
Access Control Measures

Regularly
Monitor and
Test Networks

Maintain an Information
Security Policy
Maintain a Vulnerability Management Program

http://phoenix-consultancy.com/pci_dss.html 77

Access Control And Federation

http://blogs.forrester.com/eve
_maler/12-03-12-
a_new_venn_of_access_contr
ol_for_the_api_economy
78

Cloud Security Alliance

(Join the Israeli chapter here: http://www.linkedin.com/groups?gid=3050440&trk=hb_side_g)

• Security Guidance for Critical Areas of Focus in Cloud
Computing (Released November 14, 2011)
• Innovation Initiative -created to foster secure innovation in
information technology. (Released February 24, 2012)
• GRC Stack -a toolkit to assess both private and public clouds
against industry established best practices, standards and critical
compliance requirements.
• Consensus Assessments Initiative -Research tools to perform
consistent measurements of cloud providers (Released
September 1, 2011)
• Cloud Controls Matrix (CCM) -Released August 26, 2011
• Cloud Metrics - Metrics designed for Cloud Controls Matrix and
CSA Guidance.
• CloudTrust Protocol (See next slides…)
79
https://cloudsecurityalliance.org/research/

Cloud Trust Protocol (CTP) Transparency as a Service

SAS70, SSAE 16, HIPAA, ITAR, FRCP, HITECH, GLBA, PCI DSS, CFATS, DIACAP, Responding to
NIST 800-53, ISO27001, CAG, ENISA, CSA V2.3, … all elements of
transparency TaaS

Enterprise CSC Trusted Community
Cloud
Cloud Trust
CTP Response
Manager (CRM)

TaaS
Dashboard CTP

TaaS CTP

Private Trusted Cloud CTP

CTP

Cloud Responding to
Trust all elements of
Agent transparency CTP
Using reclaimed visibility into the cloud •
Downstream to confirm security and create digital •
compliance trust CTP •
processing
Source: http://www.csc.com/cloud/insights/57785-into_the_cloud_with_ctp , & CSA

Digital Trust and Value Creation

http://assets1.csc.com/financial_services/downloads/DigitalTrustForLifeReport.pdf
81

Federal Information Security Management Act (FISMA, 2002)

FISMA ATO for CSP (Low, Moderate, High)
• Part of NIST’s Computer Security Division
• Issues an authorization to operate for cloud service providers
• It doesn’t require certification of products or services. It sets security
requirements for federal IT systems.

U.S. Government Cloud Computing Technology Roadmap
(http://www.nist.gov/itl/cloud/upload/SP_500_293_volumeI-2.pdf)
Its aim is:
“…to make it substantially easier to buy, sell, interconnect and use
cloud environments in the government”.

82

Federal Risk and Authorization Management Program

FedRAMP is the result of close collaboration with cybersecurity and cloud experts from:

83

Federal Risk and Authorization Management Program (FedRAMP)

• established on December 8, 2011
• The FedRAMP security controls are based on NIST SP 800-53 R3 /
53 A, controls
• Establishes US Federal policy for the protection of Federal
information in cloud services
• Describes the key components and its operational capabilities
• Defines Executive department and agency responsibilities in
developing, implementing, operating, and
maintaining the program
• Defines the requirements for Executive
departments and agencies using the
program in the acquisition of cloud
services

84

How Will Cloud Services Be Prioritized For FedRAMP Review?

• “FedRAMP will prioritize the review of cloud systems with
the objective to assess and authorize cloud systems that can
be leveraged government-wide”.
• FedRAMP will prioritize Secure Infrastructure as a Service
(IaaS) solutions, contract vehicles for commodity services, and
shared services.
(1) Cloud systems with existing Federal agency’s authority-to-
operates (ATOs) get first priority
(2) Cloud systems without an existing Federal agency ATO get
second priority

85

FedRAMP – Deliverables For Cloud Computing Service Providers

A. Develop Plan of Action & Milestones: (POAM)
B. Assemble Security authorization Package
(SAP)
C. Determine Risk
D. Determine the Acceptability of Risk
E. Obtain Security Authorization Decision
(yes/no)

86

FedRAMP - Third Party Assessment Organizations (3PAOs)

• Perform initial and periodic assessment of CSP systems per
FedRAMP requirement
• provide evidence of compliance, and play an on-going role in
ensuring CSPs meet requirements.
• FedRAMP provisional authorizations must include an assessment
by an accredited 3PAO to ensure a consistent assessment process.
• Independent assessors of whether a cloud service provider has
met the 297 agreed upon FedRAMP security controls (604 pages)
so they can get an authority to operate (ATO).
• Companies cannot be 3PAOs and cloud service providers (CSP) at
the same time for same contracts (MOU, etc.,)

87

Cloud Guidelines in Israel By ILITA (Start: 19.5.2012)

• Primal check of outsourcing legitimacy
1

• Meticulous definition of purpose and use of outsourced data
2
• Alignment of security and privacy controls in accordance to existing regulations and
3 standards (ISO 27001, 357, 257)

• Transparency and obedience to privacy laws
4

• Defining the means of privacy enforcement and monitoring
5

• Ensuring data deletion upon ending of contract
6

http://www.justice.gov.il/MOJHeb/ILITA/News/mikurhuts.htm 88

Decrease The Risk Of Cloud Computing

• Do a thorough check on the potential provider – not only its performance record,
but also the background of its management, have they implemented the
information security and business continuity policies and procedures, financial
stability, legal risks etc.
• Write very specific security clauses in your agreement with the provider, where
the biggest emphasis will be on issues that have raised the highest concerns
during risk assessment.
• Keep a backup copy of your information locally – although a cloud computing
provider will (probably) do regular backup, it is always a good idea to have direct
control of your information. (e.g. banking regulators in some countries have
imposed regulations to local banks to keep the backup copy inside the country
specifically because of this risk.)
• Develop your strategy on how to return the information processing/archiving back
to your company (re-insourcing) in case of problems with your cloud computing
provider – you should know exactly which steps are needed, as well as which
resources.
• An exit strategy might also be to have an alternative cloud computing provider
standing by, ready to jump in if your existing partner performs badly.
• Perform regular checks of your provider to find out whether they are complying
with the security clauses in the agreement

Source: http://blog.iso27001standard.com/# 89

Market Data

Source: http://xkcd.com/657/large/ 90

Information Security Staffing

1 Security Personnel 25’th percentile 50’th percentile 75’th percentile Average

For how many
employees? 500 1167 1600 1582
For how many IT staff?
33 42 61 55
For how many
desktops? 397 750 1172 951
For how many
endpoints? 522 1130 1779 1314
For how many WIN
servers? 119 200 270 194

Source: STKI 91

Security Consultants -Israeli Market View 1Q12 (Partial List)

*DataSec, **Oasis-Tech
Source: STKI 92

Security System Integrators -Israeli Market View 1Q12 (Partial List)

*Netcom, **Spider, ***We, ^Oasis-Tech, ^^Decimus
Source: STKI 93

Networking Budget ~ 10% of IT OpEx

Source: The Corporate Executive Board Company 94

Constant Staffing Mix Within IT

Source: The Corporate Executive Board Company 95

Positioning Methodology

Israeli vendor rating – Market positioning is focused on the enterprise
sector (not SMB)
 X axis: Market penetration (sales + installed base+ clients
perspective)
 Y axis: localization, support, Local R&D center, number and
quality of SIs, etc.
 Worldwide leaders are marked based on global positioning

Vendors to watch: Israeli market newcomers

STKI positioning represents the current Israeli market and not necessarily
what we recommend to our clients

96

xxx- Israeli Market Positioning 1Q12

Vendor B
Local Support

Player

Worldwide
Leader

Vendor A

Market Presence

97

Data Leakage Prevention -Israeli Market Positioning 1Q12

Websense
Local Support

Symantec Player

Verdasys Worldwide
Fidelis Leader

GTB McAfee
CA Safend
Checkpoint
EMC
Market Presence

98

Database Protection -Israeli Market Positioning 1Q12

McAfee
Local Support

Player
GreenSQL Imperva
Worldwide
Brillix Leader

Informatica
Oracle IBM
Safenet
SAP
Fortinet
Market Presence

99

Network Encryption -Israeli Market Positioning 1Q12

Safenet
Local Support

Fortinet Player
Thales
Worldwide
Leader
Cisco

Market Presence

100

Enterprise Network Firewall -Israeli Market Positioning 1Q12

Checkpoint

PaloAlto
Fortinet
Local Support

Juniper
Player
Microsoft Cisco
Worldwide
Leader

HP McAfee
F5
SonicWall
Barracuda

Market Presence

101

Secure Remote Access-Israeli Market Positioning 1Q12

Juniper

Checkpoint
Cisco
Local Support

Player
F5
Worldwide
Leader

Citrix Microsoft
Fortinet

SonicWall

Market Presence

102

Intrusion Prevention Systems -Israeli Market Positioning 1Q12

McAfee
IBM Checkpoint
Local Support

Juniper
Radware Player
PaloAlto
Worldwide
Barracuda Leader
Fortinet
Cisco
HP
SourceFire
SonicWall
Market Presence

103

Network Access Control-Israeli Market Positioning 1Q12

Access Layers
Local Support

Cisco ForeScout Player
Juniper
Checkpoint Worldwide
McAfee Leader
(Insightix)
HP Wise-Mon

Symantec
Microsoft
Enterasys
Market Presence

104

Secure Web Gateway-Israeli Market Positioning 1Q12

Websense
BlueCoat
Local Support

Mcafee Cisco
Player
Symantec Safenet
Clear Swift
Worldwide
Zscaler Leader

Fortinet
Sonicwall
Trend Micro
Microsoft
PineApp
Barracuda
Market Presence

105

Information security stki summit 2012-shahar geiger maor

Information security stki summit 2012-shahar geiger maor

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Information security stki summit 2012-shahar geiger maor

Semelhante a Information security stki summit 2012-shahar geiger maor (20)

Mais de Shahar Geiger Maor

Mais de Shahar Geiger Maor (20)

Último

Último (20)

Information security stki summit 2012-shahar geiger maor