planning your 2015 threat detection strategy with a broken crystal ball
TRANSCRIPT
Presents
Broken Crystal:
Planning for 2015?
Mike Rothman, President
Twitter: @securityincite
About Securosis
• Independent analysts with backgrounds on both
the user and vendor side.
• Focused on deep technical and industry expertise.
• We like pragmatic.
• We are security guys - that’s all we do.
MORE in 2015
• More breaches
• More noise
• More “silver bullets”
• More complexity
https://flic.kr/p/9FGgsK
And LESS…
• Less time
• Less Available People with Proper Skills
• Less margin for error
https://flic.kr/p/hndeH
Bad Year. For Retail!
• Breach-O-Rams
• What did we learn?
• Attack surface
• POS devices
• The value of alerts
Increasingly Advanced Attacks
• More sophisticated malware
• Better C&C
• Shorter window to mass distribution
Benefiting from the Misfortune of Others
• You can’t “get ahead of the threat”
• But you can learn from high profile folks
• Threat intelligence broke out in 2014
• How can you use it?
• Changing market dynamics
https://flic.kr/p/82JDK8
We haven’t addressed the security skills gap
http://www.flickr.com/photos/morton/2305095296/
Complexity Ahead• Hybrid Cloud
• DevOps
• Increased Attack Surface
https://flic.kr/p/ahKnn1
On the HorizonMobile Everything. Cloud Everything. Connected Everything (IoT)
http://www.flickr.com/photos/52859023@N00/644335254 https://flic.kr/p/aGWfWB
Shopping List 2015
Network Security
• NGFW vs. UTM vs. IPS
• Sandbox for the masses
• SDN emerging? (and how do you secure it?)
• Consistency of Policy is Paramount
https://flic.kr/p/4pK11q
Endpoint Security
• Lots of new “solutions” that are shiny.
• Advanced Malware Protection
• Bundled with Network Security?
• Whither traditional AV? (Finally)
https://flic.kr/p/4Weo8G
Security Management
• Threat Intelligence hits the mainstream
• Forensics and IR to the forefront
• Monitoring the Hybrid Cloud
Vulnerability
Assessment
• Network Vulnerability Testing
• Remediation Verification
Asset Discovery
• Active Network Scanning
• Passive Network Scanning
• Host-based Software
Inventory
Behavioral Monitoring
• Log Collection
• Netflow Analysis
• Service Availability Monitoring
SIEM / Security Intelligence
• SIEM Event Correlation
• Incident Response
Threat Detection
• Network IDS
• Host IDS
• File Integrity Monitoring
AlienVault Core Capabilities
OTX + AlienVault Labs
Threat Intelligence Powered by Open Collaboration
Preparing for the Future• Security skills for success are evolving quickly.
• AWS accounts for everyone!
• Back to the Future — Scripting and programming
https://flic.kr/p/8kq5vp
Questions?More from Securosis:
• Blog: http://securosis.com/blog
• Research: http://securosis.com/research
• We publish (almost) everything for free
• Contribute. Make it better.
More from AlienVault:
• Free 30-day trial of AlienVault
USM:https://www.alienvault.com/free-trial
• Free Interactive
Demo:https://www.alienvault.com/live-demo-site
• Join the Open Threat Exchange (OTX):
https://www.alienvault.com/open-threat-
exchange
Mike RothmanSecurosis LLC
http://securosis.com/blog
Twitter: @securityincite