SlideShare a Scribd company logo

Monitoring security in the externalised organisation (Auscert 2013)

Download as PPTX, PDF
Huntsman Security
Huntsman Security

With an increasing prevalence of cloud services, end user computing and third party delivery - many organisations are having to monitor security controls at arms length where they don't have direct contact or access

1 of 14
Copyright © Tier-3 Pty Ltd, 2012. All rights reserved. Monitoring security in the “Externalised organisation” (Or in the “office of the future”) Piers Wilson Tier-3 Huntsman® - Head of Product Management
Introductions 210/2/2013 Piers Wilson Head of Product Management at Tier-3 Director of IISP Previously Senior Manager in PricewaterhouseCoopers Cyber Security practice Tier-3 Huntsman® Advanced Security Incident & Event Management (SIEM) solution • High performance event correlation • Behaviour Anomaly Detection (BAD 2.0) • “Big data” analytics • Governance, Risk, Compliance • Cloud/multi-tenancy support • Active response
Agenda and scope • What this talk is about… – The implications of technology trends – Anticipating the emergent IT and security environment – Monitoring security when: • It is more important • It is more difficult – Approaches to dealing with this in a constructive way 10/2/2013 3 79% of the UK population use the internet anywhere, on any device Ofcom, 2012 Looking ahead to 2013, we are going to see more and more organisations seeking alternatives to on-premise deployments. Paul Moxon, Axway (via IDG Connect) Most significantly, we’re seeing an overriding belief that cloud is disrupting software in fundamental and lasting ways. Michael Skok, 2012 Future of Cloud Computing A standard setup of computing on a business' premises — a server in a closet or basement, and software loaded on individual machines — is a model that's likely to drift into obsolescence The Daily Progress, 2013 Enterprise mobility is booming; organizations must connect with employees, customers, and partners in new ways and across new devices and applications. Forrester
Background • Mobile apps, consumerisation and "bring your own device" are here • Users / Customers increasingly expect to access systems via mobile / personal devices • Cloud computing is well along the hype curve – its use and pervasiveness is growing • Social media is already a more “normal” way of working than email for many people 10/2/2013 4
The old “Office of the Future” 10/2/2013 5
The “Office of the Future” This is starting to be known as the “externalised organisation” A greater focus and proportion of IT delivery / use happens outside 10/2/2013 6 IT your users control IT your cloud provider controls IT you control
Conclusions... Security teams face a real challenge • Data isn’t where it used to be • The network is going beyond just losing its perimeter to being completely external • You have a lot less control over the front and back end platforms (i.e. none) • People are working and communicating differently (e.g. social media) Some new approaches are necessary... 10/2/2013 7
More diversity and complexity in monitoring and control 10/2/2013 8 Security Operations • Greater visibility • Compliance burden • Improved response Cyber-securityUsers Mobile Environment Cloud ApplicationsPaaS • Cyber security controls • Threat feeds • Social media • End-user devices • Social Media • MDM • Mobile Apps • App backends • Salesforce • Etc... • Virtualised Platforms • Hypervisor layer Platforms PhysicalSecurity ControlsNetworkApplications • Windows • Unix • Mainframe • Locks • CCTV • RFID • Firewalls • AV • IDS/IPS • ID&AM • LAN/WAN • VPN • Remote Access • Web • Client/Server • Databases
Future-proof, advanced SIEM solutions 10/2/2013 9 Cyber-security Users Mobile Environment Cloud Applications PaaS • Ability to consider the platform and the hypervisor layer • Multi-tenancy increasingly going to be demanded by platform suppliers • Ability to monitor service levels and risk currently rare • Everything is externalised, what log access is possible? • Are there ways to track access, misuse, anomalous go away • MDM platforms and staff mobility management • Custom apps – does log data come from the user device or the back-end • What will mobile payments mean – esp. for carriers, banks, retailers • Activity on internal and external systems • Social media monitoring – legality, effectiveness and feasibility • What about the wider communications environment • Increasingly rich market for “cyber security solutions” which add to the controls portfolio None of this is easy Agility within the organisation and in its security partners will be key Check suppliers have got these trends on their radar Operations will require “intelligent” SIEM solutions to meet business demands
Future security operations 10/2/2013 10 Data Visualisation Data Enrichment Cloud platforms External Apps Threats Intelligent SIEM
Deciding what information to collect and why… Security teams are used to drawing a balance between benefit and risk • what data we collect and its value Industry (more widely) is starting to invest in, and discover, the value of data analytics In security, the wider benefits of “big data” involves different parameters … more data means: • Improved fraud analytic capability • Better customer profiling • More context • Better diagnostics (and anticipation) AND • Greater visibility around security threats, risks, attacks 10/2/2013 11 Smarter data analytics More useful data sources More uses / Bigger audience
… and then making sure we can protect it Growth of security/customer/fraud/business data from the mobile computing environment can: • Challenge privacy obligations • Give security teams another (and higher impact) data set to protect Need to evolve security stance - even simple “big data” examples could raise the risk levels much higher Cloud changes the way we deliver IT Must ensure we have the right tools and approaches to gain the maximum value from the security, fraud, activity data available Social media exposes users, and gives business new ways to interact Usage and brand management need monitoring - threat awareness becomes a tangible advantage 10/2/2013 12
So what? • The value of (all) data is increasing • More mobile and app-oriented environment and wider adoption of external services … security logs, behaviour anomaly detection, cyber threat detection and analytics more critical … businesses increasingly looking to drive efficiencies and interaction • We have to acknowledge these trends and ensure that we adequately protect business information • Gaining visibility – and keeping it – is vital 10/2/2013 13
Copyright © Tier-3 Pty Ltd, 2012. All rights Finally… 14 Time for questions Or: Find me at Tier-3’s stand piers.wilson@tier-3.com +44 (0) 7800 508517 www.tier-3.com @tier3huntsman

More Related Content

Monitoring security in the externalised organisation (Auscert 2013)

  • 1. Copyright © Tier-3 Pty Ltd, 2012. All rights reserved. Monitoring security in the “Externalised organisation” (Or in the “office of the future”) Piers Wilson Tier-3 Huntsman® - Head of Product Management
  • 2. Introductions 210/2/2013 Piers Wilson Head of Product Management at Tier-3 Director of IISP Previously Senior Manager in PricewaterhouseCoopers Cyber Security practice Tier-3 Huntsman® Advanced Security Incident & Event Management (SIEM) solution • High performance event correlation • Behaviour Anomaly Detection (BAD 2.0) • “Big data” analytics • Governance, Risk, Compliance • Cloud/multi-tenancy support • Active response
  • 3. Agenda and scope • What this talk is about… – The implications of technology trends – Anticipating the emergent IT and security environment – Monitoring security when: • It is more important • It is more difficult – Approaches to dealing with this in a constructive way 10/2/2013 3 79% of the UK population use the internet anywhere, on any device Ofcom, 2012 Looking ahead to 2013, we are going to see more and more organisations seeking alternatives to on-premise deployments. Paul Moxon, Axway (via IDG Connect) Most significantly, we’re seeing an overriding belief that cloud is disrupting software in fundamental and lasting ways. Michael Skok, 2012 Future of Cloud Computing A standard setup of computing on a business' premises — a server in a closet or basement, and software loaded on individual machines — is a model that's likely to drift into obsolescence The Daily Progress, 2013 Enterprise mobility is booming; organizations must connect with employees, customers, and partners in new ways and across new devices and applications. Forrester
  • 4. Background • Mobile apps, consumerisation and "bring your own device" are here • Users / Customers increasingly expect to access systems via mobile / personal devices • Cloud computing is well along the hype curve – its use and pervasiveness is growing • Social media is already a more “normal” way of working than email for many people 10/2/2013 4
  • 5. The old “Office of the Future” 10/2/2013 5
  • 6. The “Office of the Future” This is starting to be known as the “externalised organisation” A greater focus and proportion of IT delivery / use happens outside 10/2/2013 6 IT your users control IT your cloud provider controls IT you control
  • 7. Conclusions... Security teams face a real challenge • Data isn’t where it used to be • The network is going beyond just losing its perimeter to being completely external • You have a lot less control over the front and back end platforms (i.e. none) • People are working and communicating differently (e.g. social media) Some new approaches are necessary... 10/2/2013 7
  • 8. More diversity and complexity in monitoring and control 10/2/2013 8 Security Operations • Greater visibility • Compliance burden • Improved response Cyber-securityUsers Mobile Environment Cloud ApplicationsPaaS • Cyber security controls • Threat feeds • Social media • End-user devices • Social Media • MDM • Mobile Apps • App backends • Salesforce • Etc... • Virtualised Platforms • Hypervisor layer Platforms PhysicalSecurity ControlsNetworkApplications • Windows • Unix • Mainframe • Locks • CCTV • RFID • Firewalls • AV • IDS/IPS • ID&AM • LAN/WAN • VPN • Remote Access • Web • Client/Server • Databases
  • 9. Future-proof, advanced SIEM solutions 10/2/2013 9 Cyber-security Users Mobile Environment Cloud Applications PaaS • Ability to consider the platform and the hypervisor layer • Multi-tenancy increasingly going to be demanded by platform suppliers • Ability to monitor service levels and risk currently rare • Everything is externalised, what log access is possible? • Are there ways to track access, misuse, anomalous go away • MDM platforms and staff mobility management • Custom apps – does log data come from the user device or the back-end • What will mobile payments mean – esp. for carriers, banks, retailers • Activity on internal and external systems • Social media monitoring – legality, effectiveness and feasibility • What about the wider communications environment • Increasingly rich market for “cyber security solutions” which add to the controls portfolio None of this is easy Agility within the organisation and in its security partners will be key Check suppliers have got these trends on their radar Operations will require “intelligent” SIEM solutions to meet business demands
  • 10. Future security operations 10/2/2013 10 Data Visualisation Data Enrichment Cloud platforms External Apps Threats Intelligent SIEM
  • 11. Deciding what information to collect and why… Security teams are used to drawing a balance between benefit and risk • what data we collect and its value Industry (more widely) is starting to invest in, and discover, the value of data analytics In security, the wider benefits of “big data” involves different parameters … more data means: • Improved fraud analytic capability • Better customer profiling • More context • Better diagnostics (and anticipation) AND • Greater visibility around security threats, risks, attacks 10/2/2013 11 Smarter data analytics More useful data sources More uses / Bigger audience
  • 12. … and then making sure we can protect it Growth of security/customer/fraud/business data from the mobile computing environment can: • Challenge privacy obligations • Give security teams another (and higher impact) data set to protect Need to evolve security stance - even simple “big data” examples could raise the risk levels much higher Cloud changes the way we deliver IT Must ensure we have the right tools and approaches to gain the maximum value from the security, fraud, activity data available Social media exposes users, and gives business new ways to interact Usage and brand management need monitoring - threat awareness becomes a tangible advantage 10/2/2013 12
  • 13. So what? • The value of (all) data is increasing • More mobile and app-oriented environment and wider adoption of external services … security logs, behaviour anomaly detection, cyber threat detection and analytics more critical … businesses increasingly looking to drive efficiencies and interaction • We have to acknowledge these trends and ensure that we adequately protect business information • Gaining visibility – and keeping it – is vital 10/2/2013 13
  • 14. Copyright © Tier-3 Pty Ltd, 2012. All rights Finally… 14 Time for questions Or: Find me at Tier-3’s stand piers.wilson@tier-3.com +44 (0) 7800 508517 www.tier-3.com @tier3huntsman