SlideShare a Scribd company logo

Avoiding Data Breaches in 2016: What You Need to Kow

Enterprise Management Associates
Enterprise Management Associates

These slides - based on the webinar featuring David Monahan, research director for security and risk management at leading IT analyst firm Enterprise Management Associates (EMA), and David Cramer, vice president of product management for Data Center Automation and Cloud at BMC - reveal key data on data breashes. Few these slides to: - Understand the risks of the misalignment between security and operations - Learn what tools and technology are available to help bridge the gap between security and operations - Build your game plan to help your organization bridge the gap

Related slideshows

VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to Cyberattacks
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
1 of 27
Download to read offline
Avoiding Data Breaches in 2016: What You Need to Know David Monahan Research Director Enterprise Management Associates (EMA) David Cramer VP of Product Management BMC
Today’s Presenters Slide 2 © 2016 Enterprise Management Associates, Inc. David Monahan – Research Director, Risk and Security David is a senior information security executive with several years of experience. He has organized and managed both physical and information security programs, including security and network operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies. David Cramer, VP of Product Management, BMC David joined BMC in 2015 and serves as Vice President of Product Management for the Cloud/DCA business unit. Prior to BMC, David was head of product management for CA Technologies. During his tenure at CA, David was responsible for application delivery, cloud management, virtualization and Infrastructure automation solutions. Before joining CA, David held executive positions at AlterPoint, Motive, NetSolve, and Nortel Networks.
Logistics for Today’s Webinar Slide 3 © 2016 Enterprise Management Associates, Inc. Questions • An archived version of the event recording will be available at www.enterprisemanagement.com • Log questions in the Q&A panel located on the lower right corner of your screen • Questions will be addressed during the Q&A session of the event Event recording Event presentation • A PDF of the PowerPoint presentation will be emailed to you as part of the follow-up email.
Avoiding Data Breaches in 2016: What You Need to Know David Monahan Research Director Enterprise Management Associates (EMA) David Cramer VP of Product Management BMC
© Copyright 2/23/2016 BMC Software, Inc5 WE LIVE IN AN INCREASINGLY DIGITAL WORLD
© Copyright 2/23/2016 BMC Software, Inc6 © 2016 Enterprise Management Associates, Inc. • Cyber-security/ Information Security was an afterthought, Obligation, or low priority insurance policy • 51%: Spending Between 10%-24% of IT Budget on Security • 26%: Spending Between 20% and 30% (They are Playing Catchup) Have We Been Sitting in a Pot Coming to a Boil?
© Copyright 2/23/2016 BMC Software, Inc7 Keeping Organizations Secure Against Cyber Criminals Has Never Been Tougher 97% of executives expect a rise in data breach attempts in the next 12 months As a result, 99% plan to invest more in security in the next 12 months than they did in 2015.
BMC Study Shows: Many Breaches Are Avoidable of executives say security breaches occur even when vulnerabilities and their remediation have already been identified 44% “There’s so many more vectors that are easier, less risky and quite often more productive than going down that route. This includes, of course, known vulnerabilities for which a patch is available but the owner hasn’t installed it.” Rob Joyce, Chief of NSA’s Tailored Access Operations
Decline of Baselines and Asset Prioritization © 2016 Enterprise Management Associates, Inc.
Decline in Monitoring High Value Assets © 2016 Enterprise Management Associates, Inc.
Decline in Security Confidence © 2016 Enterprise Management Associates, Inc. 79% of organizations were only “somewhat confident” to “highly doubtful” that their security program could detect a security incident before it had a significant impact on their environment.
CVE® (Common Vulnerabilities and Exposures) Total Count (Oct 8, 2015): 71,951 Total Count (Nov 15, 2015): 72,805 854 (New bulletins) 38 Days 22 (per day) 8030 (per year) “A dictionary of common security exposures and vulnerabilities” What you know and don’t fix can hurt you
© Copyright 2/23/2016 BMC Software, Inc13 Even “small” threats can cause “BIG” issues…… ATTACKS 80% More than 80% of attacks target known vulnerabilities 99.9% FIX READY 99.9% of exploits were compromised over a year after the CVE was published
© Copyright 2/23/2016 BMC Software, Inc14 Visibility – you can’t patch what you don’t know Downtime – hard to schedule maintenance times with users Complexity – dependencies make it hard to isolate actions So Why Do Vulnerabilities Go Unaddressed? 193Days to resolve average vulnerability
Complexity and Lack of Visibility Slide 15 © 2014 Enterprise Management Associates, Inc.  Drivers for Lack of Value in Tools  #2 Tools do not provide adequate correlation of data to business impact  #5 Tools do not provide enough visibility into the ways threats appear and/or propagate in the environment  Over 90% of Outages Caused by Unscheduled or Undocumented Changes  #2 Tools do not provide adequate correlation of data to business impact  Complexity is the bane of Security  Complexity in Tools = shelf-ware, thus lack of ROI  Complexity in Architectures= Security Gaps and failures
© Copyright 2/23/2016 BMC Software, Inc16 OperationsSecurity Reduce downtime 80% of downtime due to misconfigurations Close the window of vulnerability 43% of companies have had a data breach
© Copyright 2/23/2016 BMC Software, Inc17 A Three-Pronged Game Plan To stay on top of today’s complexities, threats and opportunities, large enterprises are developing SecOps strategies that focus on three core areas: People Security and operations professionals share aligned goals for making business systems more secure and reliable Processes Guide and integrate the activities and data sets of key stakeholders in security and IT operations Technology Enable efficient, consistent and integrated processes to enable IT Operations and Security efforts
© Copyright 2/23/2016 BMC Software, Inc18 People Problems © 2016 Enterprise Management Associates, Inc. 68% of Organizations are Experiencing Security Staffing Problems!
© Copyright 2/23/2016 BMC Software, Inc19 Integration and Scalability are Crucial for Security! • We Can’t Just Throw People at the Problem! • 95% Organizations with 10 or less FTE Experienced More Than 100 Severe/Critical security alerts PER DAY • 70%: Scalability of Automation is Important to Meet Compliance Needs • 93%: Integration is Important for Security © 2016 Enterprise Management Associates, Inc.
© Copyright 2/23/2016 BMC Software, Inc20 Where Do Organization Stand © 2016 Enterprise Management Associates, Inc. • 88%: Integration is important for Vulnerability Mgmt. • 71%: Ease of Use Important for Vulnerability Mgmt. • 82%: Scalability is Important for Automation solutions • 87% : Scalability is Important when dealing with Vulnerability Mgmt.
© Copyright 2/23/2016 BMC Software, Inc21
© Copyright 2/23/2016 BMC Software, Inc22 BMC BladeLogic: Relentless Remediation Drag picture to placeholder or click icon to add Automate to eliminate threats before they become a breach entry point • Automatic correlation of discovered vulnerabilities and BSA patches — Filter to systems through operational views — Deploy remediation actions • Network vulnerability identification and remediation action capabilities • Direct integration with Change Management Reduce cost and time associated with remediating vulnerabilities
Threats are neutralized….is that it? 52% of enterprise leaders equate regulatory compliance with tighter security. “We must sustain our operations and defenses before, during, and after an attack by reducing the attack surface, continually improving defensive cyberspace operations, and effectively commanding and controlling the DODIN.” DISA Strategic Plan
© Copyright 2/23/2016 BMC Software, Inc24 BMC BladeLogic: Vigilant Compliance Drag picture to placeholder or click icon to add Manage by policy, not just by alert…
© Copyright 2/23/2016 BMC Software, Inc25 Criteria That Decision Makers Consider Important in SecOps Solutions 62% 58% 50% Want flexibility to tailor the solution to the specific regulations in their industry want integration with service desks and change- management processes Share that they want reporting for compliance audits
© Copyright 2/23/2016 BMC Software, Inc26 Customer Success with SECOPS State of Michigan Reduced time for Audit report creation from 32 hours to 15 minutes Reduced time for server provisioning from 2 months to 5 days Reduced 9,000+ staff hours by automatically remediating 94,273events
Log Your Questions in the Q&A Panel Get the full BMC and Forbes Insights Security Survey results here: http://www.bmc.com/info/secops-survey.html Slide 27 © 2016 Enterprise Management Associates, Inc.

More Related Content

Avoiding Data Breaches in 2016: What You Need to Kow

  • 1. Avoiding Data Breaches in 2016: What You Need to Know David Monahan Research Director Enterprise Management Associates (EMA) David Cramer VP of Product Management BMC
  • 2. Today’s Presenters Slide 2 © 2016 Enterprise Management Associates, Inc. David Monahan – Research Director, Risk and Security David is a senior information security executive with several years of experience. He has organized and managed both physical and information security programs, including security and network operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies. David Cramer, VP of Product Management, BMC David joined BMC in 2015 and serves as Vice President of Product Management for the Cloud/DCA business unit. Prior to BMC, David was head of product management for CA Technologies. During his tenure at CA, David was responsible for application delivery, cloud management, virtualization and Infrastructure automation solutions. Before joining CA, David held executive positions at AlterPoint, Motive, NetSolve, and Nortel Networks.
  • 3. Logistics for Today’s Webinar Slide 3 © 2016 Enterprise Management Associates, Inc. Questions • An archived version of the event recording will be available at www.enterprisemanagement.com • Log questions in the Q&A panel located on the lower right corner of your screen • Questions will be addressed during the Q&A session of the event Event recording Event presentation • A PDF of the PowerPoint presentation will be emailed to you as part of the follow-up email.
  • 4. Avoiding Data Breaches in 2016: What You Need to Know David Monahan Research Director Enterprise Management Associates (EMA) David Cramer VP of Product Management BMC
  • 5. © Copyright 2/23/2016 BMC Software, Inc5 WE LIVE IN AN INCREASINGLY DIGITAL WORLD
  • 6. © Copyright 2/23/2016 BMC Software, Inc6 © 2016 Enterprise Management Associates, Inc. • Cyber-security/ Information Security was an afterthought, Obligation, or low priority insurance policy • 51%: Spending Between 10%-24% of IT Budget on Security • 26%: Spending Between 20% and 30% (They are Playing Catchup) Have We Been Sitting in a Pot Coming to a Boil?
  • 7. © Copyright 2/23/2016 BMC Software, Inc7 Keeping Organizations Secure Against Cyber Criminals Has Never Been Tougher 97% of executives expect a rise in data breach attempts in the next 12 months As a result, 99% plan to invest more in security in the next 12 months than they did in 2015.
  • 8. BMC Study Shows: Many Breaches Are Avoidable of executives say security breaches occur even when vulnerabilities and their remediation have already been identified 44% “There’s so many more vectors that are easier, less risky and quite often more productive than going down that route. This includes, of course, known vulnerabilities for which a patch is available but the owner hasn’t installed it.” Rob Joyce, Chief of NSA’s Tailored Access Operations
  • 9. Decline of Baselines and Asset Prioritization © 2016 Enterprise Management Associates, Inc.
  • 10. Decline in Monitoring High Value Assets © 2016 Enterprise Management Associates, Inc.
  • 11. Decline in Security Confidence © 2016 Enterprise Management Associates, Inc. 79% of organizations were only “somewhat confident” to “highly doubtful” that their security program could detect a security incident before it had a significant impact on their environment.
  • 12. CVE® (Common Vulnerabilities and Exposures) Total Count (Oct 8, 2015): 71,951 Total Count (Nov 15, 2015): 72,805 854 (New bulletins) 38 Days 22 (per day) 8030 (per year) “A dictionary of common security exposures and vulnerabilities” What you know and don’t fix can hurt you
  • 13. © Copyright 2/23/2016 BMC Software, Inc13 Even “small” threats can cause “BIG” issues…… ATTACKS 80% More than 80% of attacks target known vulnerabilities 99.9% FIX READY 99.9% of exploits were compromised over a year after the CVE was published
  • 14. © Copyright 2/23/2016 BMC Software, Inc14 Visibility – you can’t patch what you don’t know Downtime – hard to schedule maintenance times with users Complexity – dependencies make it hard to isolate actions So Why Do Vulnerabilities Go Unaddressed? 193Days to resolve average vulnerability
  • 15. Complexity and Lack of Visibility Slide 15 © 2014 Enterprise Management Associates, Inc.  Drivers for Lack of Value in Tools  #2 Tools do not provide adequate correlation of data to business impact  #5 Tools do not provide enough visibility into the ways threats appear and/or propagate in the environment  Over 90% of Outages Caused by Unscheduled or Undocumented Changes  #2 Tools do not provide adequate correlation of data to business impact  Complexity is the bane of Security  Complexity in Tools = shelf-ware, thus lack of ROI  Complexity in Architectures= Security Gaps and failures
  • 16. © Copyright 2/23/2016 BMC Software, Inc16 OperationsSecurity Reduce downtime 80% of downtime due to misconfigurations Close the window of vulnerability 43% of companies have had a data breach
  • 17. © Copyright 2/23/2016 BMC Software, Inc17 A Three-Pronged Game Plan To stay on top of today’s complexities, threats and opportunities, large enterprises are developing SecOps strategies that focus on three core areas: People Security and operations professionals share aligned goals for making business systems more secure and reliable Processes Guide and integrate the activities and data sets of key stakeholders in security and IT operations Technology Enable efficient, consistent and integrated processes to enable IT Operations and Security efforts
  • 18. © Copyright 2/23/2016 BMC Software, Inc18 People Problems © 2016 Enterprise Management Associates, Inc. 68% of Organizations are Experiencing Security Staffing Problems!
  • 19. © Copyright 2/23/2016 BMC Software, Inc19 Integration and Scalability are Crucial for Security! • We Can’t Just Throw People at the Problem! • 95% Organizations with 10 or less FTE Experienced More Than 100 Severe/Critical security alerts PER DAY • 70%: Scalability of Automation is Important to Meet Compliance Needs • 93%: Integration is Important for Security © 2016 Enterprise Management Associates, Inc.
  • 20. © Copyright 2/23/2016 BMC Software, Inc20 Where Do Organization Stand © 2016 Enterprise Management Associates, Inc. • 88%: Integration is important for Vulnerability Mgmt. • 71%: Ease of Use Important for Vulnerability Mgmt. • 82%: Scalability is Important for Automation solutions • 87% : Scalability is Important when dealing with Vulnerability Mgmt.
  • 21. © Copyright 2/23/2016 BMC Software, Inc21
  • 22. © Copyright 2/23/2016 BMC Software, Inc22 BMC BladeLogic: Relentless Remediation Drag picture to placeholder or click icon to add Automate to eliminate threats before they become a breach entry point • Automatic correlation of discovered vulnerabilities and BSA patches — Filter to systems through operational views — Deploy remediation actions • Network vulnerability identification and remediation action capabilities • Direct integration with Change Management Reduce cost and time associated with remediating vulnerabilities
  • 23. Threats are neutralized….is that it? 52% of enterprise leaders equate regulatory compliance with tighter security. “We must sustain our operations and defenses before, during, and after an attack by reducing the attack surface, continually improving defensive cyberspace operations, and effectively commanding and controlling the DODIN.” DISA Strategic Plan
  • 24. © Copyright 2/23/2016 BMC Software, Inc24 BMC BladeLogic: Vigilant Compliance Drag picture to placeholder or click icon to add Manage by policy, not just by alert…
  • 25. © Copyright 2/23/2016 BMC Software, Inc25 Criteria That Decision Makers Consider Important in SecOps Solutions 62% 58% 50% Want flexibility to tailor the solution to the specific regulations in their industry want integration with service desks and change- management processes Share that they want reporting for compliance audits
  • 26. © Copyright 2/23/2016 BMC Software, Inc26 Customer Success with SECOPS State of Michigan Reduced time for Audit report creation from 32 hours to 15 minutes Reduced time for server provisioning from 2 months to 5 days Reduced 9,000+ staff hours by automatically remediating 94,273events
  • 27. Log Your Questions in the Q&A Panel Get the full BMC and Forbes Insights Security Survey results here: http://www.bmc.com/info/secops-survey.html Slide 27 © 2016 Enterprise Management Associates, Inc.