evolve to demand. demand to evolve by igor volovich
TRANSCRIPT
EVOLVE TO DEMAND. DEMAND TO EVOLVE.IGOR VOLOVICH, CEO, ROMAD CYBER | FORMER CISO, SCHNEIDER ELECTRIC AMERICAS
PROGRAM NOTE
X 25CISO, VP Global InfoSec
IS IT GETTING BETTER?
DBIR 2016
“IT staff continue to struggle with detection and response. Indeed, internal breach discovery detected fewer incidents than did fraud detection, third parties, and law enforcement.”
- Tripwire
OR DO YOU FEEL THE SAME?New malware strains per year
WILL IT MAKE IT EASIER ON YOU NOW?
YOU GOT SOMEONE TO BLAME
“How I learned to stop worrying and accept the breach.”
- Modern CISO
“Compromise is inevitable. Consider yourself breached.”
- Industry experts
“Prevention is no longer an option. Focus on detection and response.”
- Cyber vendors
ARE WE MAKING PROGRESS?
DETECT PREVENT RESPOND
1980 1990 2000 2010
IF WE HAD REAL ANSWERS…
New malware strains per yearTotal known malware strains% of total new malware by days observed
(6 months)
45% of new strains active <24hrs
• Attackers exploit inherent flaws in reactive defense models• Commoditization of attack tradecraft drives threat volume• Cybercrime remains lucrative, accessible, relatively risk-free
EVOLVING TO DISRUPT“We must work to raise the
cost for the adversary and disrupt cybercrime economic models.”
James Trainor, Jr.Assistant Director,Cyber Division, FBI
DETECT PREVENT RESPOND DISRUPT
$
CYBERCRIMEVALUE CHAIN
MAKING MONEY WITH MALWARE
Exploit kit developed
Malware family developed
Malware kit published
1
2
3●●●
∞
NO DEFENSE AGAINSTNEW MALWARE VARIANTS
Vulnerability discovered
Exposurewindow opens Active malware
distribution begins
Derivativevariants produced
= $
SIGNATURES DISTRIBUTED
EXPLOITATION CYCLE RESTARTS
1
2
3
$ - Time-to-detection gap
Months Seconds/Minutes Hours/Days
General detectioncoverage
First detectioncoverage
TURNING THE TABLES
Exploit developed
Malware family developed
Malware kit published
1
2
3●●●
∞
Vulnerability discovered
Derivativevariants produced
Skill & Cost Accessibility
Cybercrime Economics
Traditional defender focus
Treat the problem,not the symptom.Hit them whereit hurts.
STACKS OF BANDAIDS AREN’T ENOUGH
• Incremental legacy solutions cannot cope• Attacker motivation remains strong, risk negligible• Reactive models have outlived themselves• It’s too dangerous to go alone, bring friends•Must disrupt cybercrime economics – but how?• Law-enforcement attribution-based models don’t scale
NEXT-GEN ?
?
Behavioral
Sustainable
Reliable
ScalableAutonomous
Disruptive
Proactive
EVOLVE TO DEMAND, DEMAND TO EVOLVE
PRODUCTS SOLUTIONS
FEATURES CAPABILITIES
EFFICIENCIES OUTCOMES
DEFENDING DISRUPTING
REACTIVE PREDICTIVE
BE THE CHANGE YOU SEEK
“Ask not what our cyber industry can do for you – ask what you can do for our cyber industry.”
-Not JFK
THANK YOU