ISE Confidential - not for distribution

T H E E V O LV I N G T H R E A T L A N D S C A P E :

A D V A N C I N G E N T E R P R I S E S E C U R I T Y

11 December 2013

Agenda

ISE Confidential - not for distribution

• Objectives• About ISE• I. Security Separated from Functionality• II. Black Box vs. White Box• III. Secure Assets, Not Perimeters• IV. “Build It In,” Not “Bolt It On”• V. Security as Ongoing Process• Q&A

Objectives

ISE Confidential - not for distribution

• Analyze trending best practices• Keep pace with the rapidly evolving adversaries• Streamline resource and financial investment

About ISE

ISE Confidential - not for distribution

About ISE

ISE Confidential - not for distribution

Analysts

• Fortune 500 Enterprises• Media & Entertainment, Security Software, Healthcare, etc

Customers

• White box

Perspective

• Computer Scientists• Ethical Hackers

Research• Recent: Browsers; Routers• Upcoming: Digital Cinema; Hospital Pilot

I. Security Separated From Functionality

ISE Confidential - not for distribution

I. Security Separated From Functionality

ISE Confidential - not for distribution

CONFLICT IS GOOD!There, I said it.

I. Security Separated From Functionality

ISE Confidential - not for distribution

I. Security Separated From Functionality

ISE Confidential - not for distribution

I.T.

I. Security Separated From Functionality

ISE Confidential - not for distribution

I. Security Separated From Functionality

ISE Confidential - not for distribution

I. Security Separated From Functionality

ISE Confidential - not for distribution

I. Security Separated From Functionality

ISE Confidential - not for distribution

Objective of Conflict• Facilitate dialogue amongst teams to arrive at a

usable system, on deadline, that entails an acceptable level of security protocols.

II. Black Box vs. White Box

ISE Confidential - not for distribution

II. Black Box vs. White Box

ISE Confidential - not for distribution

• Evaluation Types• Penetration Test• Vulnerability Assessment

• Methodologies• Black Box• White Box

II. Black Box vs. White Box

ISE Confidential - not for distribution

Black Box Perspective

II. Black Box vs. White Box

ISE Confidential - not for distribution

White Box Perspective

II. Black Box vs. White Box

ISE Confidential - not for distribution

III. Secure Assets, Not Perimeters

ISE Confidential - not for distribution

III. Secure Assets, Not Perimeters

Traditional Attacks Traditional Defenses

20

III. Secure Assets, Not Perimeters

21

Modern Attacks

III. Secure Assets, Not Perimeters

22

IV. “Build It In,” Not “Bolt It On”

ISE Confidential - not for distribution

IV. “Build It In,” Not “Bolt It On”

ISE Confidential - not for distribution

IV. “Build It In,” Not “Bolt It On”

ISE Confidential - not for distribution

IV. “Build It In,” Not “Bolt It On”

ISE Confidential - not for distribution

IV. “Build It In,” Not “Bolt It On”

ISE Confidential - not for distribution

V. Security as Ongoing Process

ISE Confidential - not for distribution

V. Security as Ongoing Process

ISE Confidential - not for distribution

V. Security as Ongoing Process

ISE Confidential - not for distribution

V. Security as Ongoing Process

ISE Confidential - not for distribution

V. Security as Ongoing Process

ISE Confidential - not for distribution

Recap

ISE Confidential - not for distribution

I. Security Separated from FunctionalityII. Black Box vs. White BoxIII. Secure Assets, Not PerimetersIV. “Build It In”, Not “Bolt It On”V. Security as Ongoing Process

Whitepaper forthcoming

Questions?

ISE Confidential - not for distribution

Ted HarringtonExecutive Partner

ted.harrington@securityevaluators.com