ERepublic Hawaii DGS 14 Presentation Information Security Threatscape - Derrick Harcey

InformaAon*Security*Threatscape*
Dening'Controls'for'the'New'Perimeter'
Derrick*Harcey,*P.E.,*CISSP**
Oracle*Enterprise*Security*Architect*
*
Copyright**2014*Oracle*and/or*its*aliates.*All*rights*reserved.**|* Oracle*CondenAal**Internal/Restricted/Highly*Restricted*
WSJ**NOV*17th*2014*
Copyright**2014,*Oracle*and/or*its*aliates.*All*rights*reserved.**|* Oracle*Public*
2*
Copyright**2014*Oracle*and/or*its*aliates.*All*rights*reserved.**|*
THE NEW ECONOMICS OF SECURITY

GLOBAL CRIME STATISTICS IN PERSPECTIVE
$56B*
STOLEN'
VEHICLE''
MARKET'
$30B*
STOLEN**
SMART*PHONE*
$114B*
STOLEN''
CREDIT'CARD'MARKET'
$85B*
COCAINE'
MARKET'
$288BILLION
GLOBAL'CYBERCRIME'MARKET'
4*
GOVERNMENT*
*HAVE*
Privacy'
Quality'of'Service'
SSN / SIN #s
Personal Profile
Identity Theft
Info Security
Credit Card Info
Tax IDs
Denial of Service
Fraud
Continuous
Monitoring
Data'Security'
&'Integrity'
Collaboration
Privacy
Regulatory'
Compliance'
PII
PIPEDA'
201'CMR'17.00
HIPAA / HITECH
PCI DSS
IRS 1075
*
State*and*Local*Mobility*Survey*
Mobile*Work*Exchange*survey*of*150*S&L*IT*Managers*
40%'
61%'
40%'of'S&L'Employees'
use'Mobile'devices'for'
work'related'tasks'
61%'of'mobileVready'
respondents'claim'
mobility'has'increased'
producWvity'
65%'
65%'of'S&L'Managers'
39%'
39%'of'mobileVready'
expect'the'#'of'mobile'
workers'to'increase'over'
the'next'5'years'
respondents'believe'
mobility'has'improved'
their'work'life'balance'
58%'
35%'
58%'say'their'agency'is'not'
mobile'ready'
35%'have'matured'their'
mobile'strategy'in'the'
past'year'
Source:*Mobile*Work*Exchange*S&L*Survey**July*2014*
6*
VDIR*2014*
HACKING & MALWARE RISING FASTEST

900'
HACKING'
800'
1600%
700'
600'
500'
MALWARE'
INCREASE
400'
SOCIAL'
300'
200'
PHYSICAL'
100'
0'
V100'
2004'
2005'
Hacking'
2006'
2007'
Malware'
2008'
Social'
2009'
2010'
Physical'
2011'
Misuse'
2012'
2013'
Error'
7*
SQL INJECTION & CREDENTIALS

ARE IN THE TOP 3 INCIDENTS FOR HACKING
900'
LOST'
STOLEN'
BACKDOOR' SQL'
CREDENTIALS' OR'C2'
INJECTION'
800'
HACKING'
BRUTE'
FORCE'
700'
600'
19%*
500'
13%* 13%*
MALWARE'
400'
SOCIAL'
300'
50%*
200'
PHYSICAL'
100'
0'
V100'
2004'
2005'
Hacking'
2006'
2007'
Malware'
2008'
Social'
2009'
2010'
Physical'
2011'
Misuse'
2012'
2013'
Error'
8*
GOOD*SECURITY*HYGIENE*
We*are*very'vulnerable'to*a*variety*of*adacks*
and*exploitaAons*from*a*variety*of*actors*
across*the'enWre'spectrum'of'sophisWcaWon.*
Most*adacks*and*exploitaAons*can*be*stopped*
with*good*hygiene.*
Using*good*hygiene*reduces*the*cluder*that*
more*sophisAcated*actors*use*to*mask*their*
adacks,*enabling*government*and*industry*to*
put*an*increased*focus*on*the*more*advanced*
and*dangerous*threats.*
THE NEW PERIMETER

MOVING CONTROLS CLOSER TO THE ASSETS THEY PROTECT
PEOPLE'
DATA'
Employees,*Contractors*
Customers*&*Partners**
Unstructured*&*Structured*
DEVICES'
Phones,*Servers,**
Laptops,*Tablets*
ORACLE SECURITY INSIDE OUT
LAYERS OF THE STACK
NETWORK INTRUSIONS LOST,

STOLEN & WEAK CREDENTIALS
76%
Governance*Risk*&*Compliance**
Access*&*CerAcaAon*Review,*Anomaly*DetecAon,*
User*Provisioning,*EnAtlements*Management***
SECURITY'
SECURITY'
SECURITY'
Solaris*Trusted*Extensions,*
LDAP*Host*Access*Control**
SECURITY'
Secure*Live*MigraAon**
SECURITY'
Cryptographic*AcceleraAon**
ApplicaAon*Data*Integrity**
Secure*backup,*Disk*EncrypAon*
ILM*Security*
SECURITY'
SECURITY'
ENTERPRISE*MANAG
ER*
Mobile*Security,*Privileged*Users*
Directory*Services,*IdenAty*Governance**
EnAtlements*Management,*Access*Management*
EncrypAon,*Masking,*RedacAon,*Key*Management*
Privileged*User*Control,*Big*Data*Security,*Secure*Cong*
IMPLICATE WEB OR
APPLICATION SERVERS
80%
BREACHED RECORDS
FROM SERVERS
94%
PROPOGATION ENABLED
BY MISCONFIGURATION
50%
Oracle*CondenAal**Internal/Restricted/Highly*Restricted*
12*
SECURING ACCESS TO APPS & DATA

IDENTITY'MANAGEMENT'
Mobile'
Security'
IdenWty''
Governance'
DATABASE'SECURITY'
EncrypWon'
Privileged'
&'RedacWon'
User'Control'
Key'
Management'
Directory''
Access'
AcWvity'
ConguraWon'
Database'
Services'
Management'
Monitoring''
Management'
Firewall'
13*
DEFENSE
IN-DEPTH
SECURITY
INSIDE
OUT
SECURE
WHATS
STRATEGIC
Copyright**2014*Oracle*and/or*its*aliates.*All*rights*reserved.**|* Oracle*CondenAal**Internal*
14*

ERepublic Hawaii DGS 14 Presentation Information Security Threatscape - Derrick Harcey

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ERepublic Hawaii DGS 14 Presentation Information Security Threatscape - Derrick Harcey

Uploaded by

Copyright:

Available Formats

InformaAonSecurityThreatscape*

THE NEW ECONOMICS OF SECURITY

HACKING & MALWARE RISING FASTEST

SQL INJECTION & CREDENTIALS

THE NEW PERIMETER

ORACLE SECURITY INSIDE OUT

LAYERS OF THE STACK

NETWORK INTRUSIONS LOST,

SECURING ACCESS TO APPS & DATA

You might also like