This presentation or communication may contain confidential and proprietary information and is intended solely for the authorized use and information of

the client to whom it is addressed. It should not be copied, disseminated, or used in any other manner without the prior written consent of Forsythe.

CSO50 PRESENTS: DATA CENTRIC SECURITY “ Why modern approaches to protecting data are mission critical ”

Forsythe Security

David Poarch, Vice President

April 19, 2016

AGENDA • Shifting Mindset

• The Problem

• The Vision

• Where do we go from here?

• Q&A

A Shifting Mindset:

Why protect hardware, not data?

4

SHIFT IN MINDSET AND METRICS:

Time

Secu

rity

In

vestm

en

t

ENHANCED PROGRAMS • Data Protection

• Incident Response

• 3rd Party Risk

• Behavioral Analysis

• Endpoint Security

• NG Perimeter

TRADITIONAL

CONTROLS • Firewall

• Intrusion Prevention

• Anti-Virus

• SIEM

• etc…..

Se

cu

rity

Bre

ac

h

Boom

THE PROBLEM: Evolution of Data

6

Data Center HQ

Regional Office

Remote Office

International Office

Other Data Centers

DR Site

Mobile Workforce

Home Office

Vendor Partner

3rd Party

Sanctioned

IaaS PaaS SaaS

Unsanctioned

Structured

Unstructured

Data Types:

DATA SPRAWL

THE VISION: Data-Centric

Security

10 COMPONENTS OF A

SUCCESSFUL DATA-CENTRIC

SECURITY PROGRAM

9

DATA DISCOVERY • Determine where and what type of

data is stored

• Continuous process to provide

visibility, outline risk, and validate

employee role assignment

• Confirm awareness level and policy

compliance as well as enhancement

• Policy

• Data handling procedures

• Report/detect/protect

• IR /forensics

• Risk-based approach

• Identify business owners

CLASSIFICATION DATA TAGGING/ WATERMARKING • Non-intrusive

• Handle in chunks

• Tied to classification

• Low-hanging fruit (PCI, HIPAA, PII)

DATA LOSS PREVENTION • At rest, discovery, in transit including

mobile in cloud

• Build policy integrate with

continuous monitoring

DATA VISIBILITY • Database activity monitoring

• Monitoring who and when data is

accessed

• Validate sensitive data is stored

securely

• Alert on policy violations

ENCRYPTION STRATEGIES • Consider SSL decryption at

gateway points of access

• Data-in-motion

• Data-at-rest

• Data-in-use

ENHANCE GATEWAY CONTROLS • FTP/email file transfer

• Next generation firewall

• 3rd party service providers

• Secure web

IDENTITY MANAGEMENT • Directory unification

• Access management

• Federation privileged access

• Access management and

authentication

CLOUD ACCESS • Access & authentication

• Data analysis

• Discovery

• Data loss prevention

• Encryption

CONTINUOUS EDUCATION

• Company policies & data handling

procedures

• Importance of data classification

• Reporting incidents

• Leverage tools to be effective and

support the education program

10

IaaS PaaS SaaS

DATA-CENTRIC SECURITY APPROACH

11

COMPREHENSIVE SECURITY PROGRAM:

IDENTITY & ACCESS MANAGEMENT • Federation

• Privileged Access

• Audit & Accountability

• Cloud Access

APPLICATION SECURITY

• Database Security

• Secure SDLC

• Web Application Security

• Securing DevOps

SECURITY PROGRAM GOVERNANCE • Incident Response

• Security Operations Center

….(SOC) Consulting

• GRC Consulting

• Security Strategy

• Audit Readiness

• Continuous Education

CORE INFRASTRUCTURE SECURITY • Firewall

• IPS

• Proxy

• Network Access Control

• Email Security

• Enhanced Gateway Controls

• DDOS Protection

THREAT & VULNERABILITY MANAGEMENT • Security Analysis

• Threat Intelligence

• Security Monitoring

• Network-based Malware Protection

• Incident Response (Action)

DATA PROTECTION

• Data Loss Prevention

• Data Classification

• Data Tagging/Watermarking

• Data Visibility

• Encryption Protection

• Database Monitoring

How do you get started?

What do you do next?

Where do you go from here?

13

CONVERSATION CHECKLIST

What is the relationship between a privileged user and critical data?

Do you know if the user is legitimate or an adversary?

Can you audit, track & report interaction of users with data?

Where are your data assets?

Are you currently encrypting?

Do you have a key management solution in place?

How are you protecting your data in the cloud today?

What are you doing around privileged access?

For more information on

Data-Centric Security,

please contact Forsythe:

security@forsythe.com