Effective Threat Protection Strategies
description
Transcript of Effective Threat Protection Strategies
[Name / Title]
[Date]
Effective Threat Protection Strategies
Agenda1. The Business Challenge
2. Changing Threat Landscape
3. Effective Threat Protection Strategy
4. The Four Principles
5. Getting It Right
Agenda1. The Business Challenge
2. Changing Threat Landscape
3. Effective Threat Protection Strategy
4. The Four Principles
5. Getting It Right
The business challenges
Increase in usage of internet means greater exposure to threats
Growing number of threats from cybercriminals
Costs of security breaches
Protecting business continuity
Maintaining regulatory compliance
Organizations are still getting infected
Source: Ponemon Institute Security, Mega trends survey 2009
The cost
Average cost of a data breach
$204 per record compromised
Average loss due to security incident
$234,244 per respondent
Agenda1. The Business Challenge
2. Changing Threat Landscape
3. Effective Threat Protection Strategy
4. The Four Principles
5. Getting It Right
Changing threat landscape
The paths to threat exposure are also multiplying:
Social network use by businesses, customers and employees
Infected web pages
Email and IM spam
Regulatory and compliance riskComply with a growing body of government regulations and industry standards, such as:
National and state regulations
Payment Card Industry Data Security Standard
Health Insurance Portability and Accountability Act
Agenda1. The Business Challenge
2. Changing Threat Landscape
3. Effective Threat Protection Strategy
4. The Four Principles
5. Getting It Right
Effective threat protection strategy
Balancing business needs with threats and regulations
Protecting against the threats
Enabling your business to operation efficiently
Four key principles
1. Prevention
2. Proactive
3. Performance and productivity
4. Simplicity
Agenda1. The Business Challenge
2. Changing Threat Landscape
3. Effective Threat Protection Strategy
4. The Four Principles
5. Getting It Right
1. Prevention
Close the security gaps by addressing the sources of infection,preventing threats from getting in, and creating a secure IT environment
Look at implementing interlocking layers of protection
Firewall - secure the computers perimeter
Application Control - prevent unwanted applications
Device Control – allow on clean authorized devices
Network Access Control – ensure computers comply with policy
Email filtering – keep email free of spam and malware
Web security - protect users from accessing malicious websites
Patch management – keep computers protected with latest patches
2. Proactive
Protect against previously unseen attacks before a signature is available
Technologies that deliver:
Behaviour-based detection – stopping code from performing suspicious actions
Host-based Intrusion Prevention Systems (HIPS)
Buffer Overflow Protection Systems (BOPS)
Cloud-based reputation protection – providing latest information online
Live Anti-Virus
Live URL Filtering
3. Performance... and productivity
IT security should help protect productivity
Users will turn off security software if it slows down the performance
A security solution should not get in the way of business itself
Balance protection with productivity
4. Simplicity
Security safeguards have to be simple and manageable to get the job done
Understand the incremental benefit over the security already in place
Assess the effect of proposed threat protection measures
Do as much as you can with the smallest number of products
Avoid products that require an expert to manage
Account for the cost of maintaining security products
Agenda1. The Business Challenge
2. Changing Threat Landscape
3. Effective Threat Protection Strategy
4. The Four Principles
5. Getting It Right
Security solutions with the greatest business flexibility, least operational effort and lowest investment
Comprehensive security & control
Simplicity & manageability
Pre-packaged intelligence
Unrivalled support
Security that frees IT managers to concentrate on their business.
The Sophos Approach
Comprehensive security and data protection
Simplicity and manageability
Simplification Manageability
Best security
with least investment
Single agent
Widest platform support
Integrated management
Intelligent policy updating
Appliance monitoring
Automatic protection
Easy to use management
Integrated data protection
Remote monitoring
Anonymizing proxy detection
Delivers consistent protection
Puts our expertise in your hands
Reduces agent pollution
Eliminates end user impact
Ensures lowest operating costs
Pre-packaged intelligence from SophosLabs™
Unrivalled visibility
Integrated expertiseAutomated analysis
Monitoredregulations
Reduces need for specialist
security expertise
Penalty backedSLAs
Unrivalled support and services
“Overall, Sophos, which places customer support as the cornerstone of its business, was the best. We were greatly impressed by the troubleshooting skills of its technicians, whose knowledge about their product and Windows is solid.”
Infosecurity Magazine Scorecard: AV Vendors Tech Support , Ed Skoudis
"I have always received outstanding attention from your support team.” Sal Serafino, Cold Spring Harbor Laboratory, US
"Sophos has continually demonstrated dedication to both technical support and customer service."Neil Barnes, calfordseaden, UK
24 / 7 support as standard
Exceptionalservice levels
Our staffin
our offices
Breadth ofknowledge,
cross platformissue resolution
Worldwidecoverage
Direct access toexperts speaking
local language
Enhancedsupport servicesto maximise ROI
Summary
1. Review your current security against your business needs
2. Deploy layers of protection to close the security gaps
3. Measure each technology choice against the four principles