CSO50 PRESENTS: DATA CENTRIC SECURITY · 2017. 3. 3. · DATA CENTRIC SECURITY ... support the...
Transcript of CSO50 PRESENTS: DATA CENTRIC SECURITY · 2017. 3. 3. · DATA CENTRIC SECURITY ... support the...
This presentation or communication may contain confidential and proprietary information and is intended solely for the authorized use and information of
the client to whom it is addressed. It should not be copied, disseminated, or used in any other manner without the prior written consent of Forsythe.
CSO50 PRESENTS: DATA CENTRIC SECURITY “ Why modern approaches to protecting data are mission critical ”
Forsythe Security
David Poarch, Vice President
April 19, 2016
4
SHIFT IN MINDSET AND METRICS:
Time
Secu
rity
In
vestm
en
t
ENHANCED PROGRAMS • Data Protection
• Incident Response
• 3rd Party Risk
• Behavioral Analysis
• Endpoint Security
• NG Perimeter
TRADITIONAL
CONTROLS • Firewall
• Intrusion Prevention
• Anti-Virus
• SIEM
• etc…..
Se
cu
rity
Bre
ac
h
Boom
6
Data Center HQ
Regional Office
Remote Office
International Office
Other Data Centers
DR Site
Mobile Workforce
Home Office
Vendor Partner
3rd Party
Sanctioned
IaaS PaaS SaaS
Unsanctioned
Structured
Unstructured
Data Types:
DATA SPRAWL
9
DATA DISCOVERY • Determine where and what type of
data is stored
• Continuous process to provide
visibility, outline risk, and validate
employee role assignment
• Confirm awareness level and policy
compliance as well as enhancement
• Policy
• Data handling procedures
• Report/detect/protect
• IR /forensics
• Risk-based approach
• Identify business owners
CLASSIFICATION DATA TAGGING/ WATERMARKING • Non-intrusive
• Handle in chunks
• Tied to classification
• Low-hanging fruit (PCI, HIPAA, PII)
DATA LOSS PREVENTION • At rest, discovery, in transit including
mobile in cloud
• Build policy integrate with
continuous monitoring
DATA VISIBILITY • Database activity monitoring
• Monitoring who and when data is
accessed
• Validate sensitive data is stored
securely
• Alert on policy violations
ENCRYPTION STRATEGIES • Consider SSL decryption at
gateway points of access
• Data-in-motion
• Data-at-rest
• Data-in-use
ENHANCE GATEWAY CONTROLS • FTP/email file transfer
• Next generation firewall
• 3rd party service providers
• Secure web
IDENTITY MANAGEMENT • Directory unification
• Access management
• Federation privileged access
• Access management and
authentication
CLOUD ACCESS • Access & authentication
• Data analysis
• Discovery
• Data loss prevention
• Encryption
CONTINUOUS EDUCATION
• Company policies & data handling
procedures
• Importance of data classification
• Reporting incidents
• Leverage tools to be effective and
support the education program
11
COMPREHENSIVE SECURITY PROGRAM:
IDENTITY & ACCESS MANAGEMENT • Federation
• Privileged Access
• Audit & Accountability
• Cloud Access
APPLICATION SECURITY
• Database Security
• Secure SDLC
• Web Application Security
• Securing DevOps
SECURITY PROGRAM GOVERNANCE • Incident Response
• Security Operations Center
….(SOC) Consulting
• GRC Consulting
• Security Strategy
• Audit Readiness
• Continuous Education
CORE INFRASTRUCTURE SECURITY • Firewall
• IPS
• Proxy
• Network Access Control
• Email Security
• Enhanced Gateway Controls
• DDOS Protection
THREAT & VULNERABILITY MANAGEMENT • Security Analysis
• Threat Intelligence
• Security Monitoring
• Network-based Malware Protection
• Incident Response (Action)
DATA PROTECTION
• Data Loss Prevention
• Data Classification
• Data Tagging/Watermarking
• Data Visibility
• Encryption Protection
• Database Monitoring
13
CONVERSATION CHECKLIST
What is the relationship between a privileged user and critical data?
Do you know if the user is legitimate or an adversary?
Can you audit, track & report interaction of users with data?
Where are your data assets?
Are you currently encrypting?
Do you have a key management solution in place?
How are you protecting your data in the cloud today?
What are you doing around privileged access?