evolve to demand. demand to evolve by igor volovich

EVOLVE TO DEMAND. DEMAND TO EVOLVE.IGOR VOLOVICH, CEO, ROMAD CYBER | FORMER CISO, SCHNEIDER ELECTRIC AMERICAS

PROGRAM NOTE

X 25CISO, VP Global InfoSec

IS IT GETTING BETTER?

DBIR 2016

“IT staff continue to struggle with detection and response. Indeed, internal breach discovery detected fewer incidents than did fraud detection, third parties, and law enforcement.”

- Tripwire

OR DO YOU FEEL THE SAME?New malware strains per year

WILL IT MAKE IT EASIER ON YOU NOW?

YOU GOT SOMEONE TO BLAME

“How I learned to stop worrying and accept the breach.”

- Modern CISO

“Compromise is inevitable. Consider yourself breached.”

- Industry experts

“Prevention is no longer an option. Focus on detection and response.”

- Cyber vendors

ARE WE MAKING PROGRESS?

DETECT PREVENT RESPOND

1980 1990 2000 2010

IF WE HAD REAL ANSWERS…

New malware strains per yearTotal known malware strains% of total new malware by days observed

(6 months)

45% of new strains active <24hrs

• Attackers exploit inherent flaws in reactive defense models• Commoditization of attack tradecraft drives threat volume• Cybercrime remains lucrative, accessible, relatively risk-free

EVOLVING TO DISRUPT“We must work to raise the

cost for the adversary and disrupt cybercrime economic models.”

James Trainor, Jr.Assistant Director,Cyber Division, FBI

DETECT PREVENT RESPOND DISRUPT

$

CYBERCRIMEVALUE CHAIN

MAKING MONEY WITH MALWARE

Exploit kit developed

Malware family developed

Malware kit published

1

2

3●●●

∞

NO DEFENSE AGAINSTNEW MALWARE VARIANTS

Vulnerability discovered

Exposurewindow opens Active malware

distribution begins

Derivativevariants produced

= $

SIGNATURES DISTRIBUTED

EXPLOITATION CYCLE RESTARTS

1

2

3

$ - Time-to-detection gap

Months Seconds/Minutes Hours/Days

General detectioncoverage

First detectioncoverage

TURNING THE TABLES

Exploit developed

Malware family developed

Malware kit published

1

2

3●●●

∞

Vulnerability discovered

Derivativevariants produced

Skill & Cost Accessibility

Cybercrime Economics

Traditional defender focus

Treat the problem,not the symptom.Hit them whereit hurts.

STACKS OF BANDAIDS AREN’T ENOUGH

• Incremental legacy solutions cannot cope• Attacker motivation remains strong, risk negligible• Reactive models have outlived themselves• It’s too dangerous to go alone, bring friends•Must disrupt cybercrime economics – but how?• Law-enforcement attribution-based models don’t scale

NEXT-GEN ?

?

Behavioral

Sustainable

Reliable

ScalableAutonomous

Disruptive

Proactive

EVOLVE TO DEMAND, DEMAND TO EVOLVE

PRODUCTS SOLUTIONS

FEATURES CAPABILITIES

EFFICIENCIES OUTCOMES

DEFENDING DISRUPTING

REACTIVE PREDICTIVE

BE THE CHANGE YOU SEEK

“Ask not what our cyber industry can do for you – ask what you can do for our cyber industry.”

-Not JFK

THANK YOU