Digital Guardian CISO Mentoring Webinar SeriesStories From the CISO Trenches
1
▪ Principal at Brock Cyber Security Consulting LLC
▪ Former Global Chief Information Security Officer (CISO) at DuPont (11 years)
▪ Held additional IT, Research and Marketing Positions at DuPont
▪ Information Security Officer within the U.S. Air Force. NSA
▪ Mr. Brock has BS and MS degrees in Electrical Engineering
▪ Certified Information Security Manager (CISM)
About Larry Brock
About Bill Bradley
3
Bill BradleyDirector, Product Marketing
▪ Leads Product Marketing for DLP
▪ 20 Years of Marketing & Sales Experience• Field Sales, Competitive Analysis,
Product Marketing & Management
▪ Previously at Rapid7 and General Electric
Stories From the CISO Trenches
Larry BrockPrincipal
BCS Consulting
▪The Risks and Executive Repercussions
▪Practical Protection Elements
▪ Illustrative Moments as a CISO
▪ Visibility into the Crown Jewels
▪ Changing the Tide
▪ The Importance of Prioritization
▪ Final Thoughts
Agenda
▪Trade Secrets
▪Destructive Value
▪Competitive Position
▪Customer List
▪Purchasing Contracts
▪Credit Card Information
▪Health Information
▪Employee Information
▪Customer Information
▪Cash
Where is The Value Within Your Organization?
Who Are the Typical Actors?
Source: Corruption Perceptions Index
Internal External
Mistakes By Loyal Employees Or Contractors
Careless Employees, Contractors, or Suppliers
Disgruntled Current Employees
Disgruntled Former Employees
Competitors
Hacktivists
Foreign Governments
143 Million 57 Million
3 Billion 40 Million
Cyber Attacks and Senior Executive Accountability
1. Establish A Holistic Information Protection Program
2. Ensure Adequate Funding
3. Focus On Protecting What Matters (Crown Jewels)
4. Improve Your Ability To Detect Both Insider And Cyber-attacks
5. Stringent Credential Management
6. Control What Information Leaves
7. Discover The Weaknesses In Your Security
Practical Protection Elements
7 Elements to manage risks, organize/manage objectives and reporting
(Source
1. High-Level Responsibility
2. Written Policies & Procedures
3. Care in Delegation of Authority
4. Effective Education
5. Auditing, Monitoring, Reporting
6. Consistent Enforcement
7. Response to Violations
+1. Regular Risk Assessments
Elements of a Holistic Protection Program
Leadership Must Be Engaged In Protection Program!
Ideal Intellectual Property Governance Structure
A. CEO Has Ownership With Board Routinely Engaged
▪ Actions: Data Protection Included In Routine Reviews With Businesses And Functions
B. Governance Team: Recommends Corporate Info Protection Policy
▪ Actions: Approve Program Plans, Eliminate Barriers, Influence Executive Peers…
C. Cross-Functional IP Risk Team
▪ Lead By Corporate Process Leader; Includes Leaders From Info Security , Corp Security, Compliance, Select Business Functions
D. Business & Functional IP Protection Leadership Team (Global)
▪ Leader For Every Business And Function (E.G. R&D, Engineering, Legal, HR, Ops).
▪ Actions: Education, Identification, Classification, Protection Initiatives, Business Process Changes
High-Level Responsibility
▪The Crown Jewels
▪Going Against the Tide
▪The Importance of Prioritization
Illustrative Moments
1. Intellectual Property can be hard to define
2. Efforts at the InfoSec Level
3. Make it a Business Wide Initiative
4. Make it a CEO Priority
5. Make it a Company Wide Effort
Visibility into the Crown Jewels
1. Identify And Classify Your Crown Jewels
2. Get Business Wide Buy In on Crown Jewels (and their value)
3. Establish “Secure Electronic Zones” Or Vaults
4. Implement Strong IP Protection Controls
5. Protect Content In Cloud Services (I.E. Salesforce, Dropbox)
Visibility into the Crown Jewels
▪Open and Collaborative Environment
▪ Drive Productivity, Efficiency, Innovation, and Growth
▪Visibility is Good for Security Teams; Also Good for Employees
▪ Spotted an Incident In-Process
▪ Swing the Pendulum The Other Way… Without Negative Impacts
Changing the Tide
Cannot focus on just keeping the bad guys out, must focus on keeping your valuables from leaving
▪ Consider authentication for outbound access to Internet
▪ Block/Restrict outbound protocols (FTP, SSH, Telnet)
▪ Restrict access to “uncategorized” web sites
▪ Block server access to Internet or white-list the few that need it
▪ Block HTTPS connections to sites with self-signed certificates
▪ Restrict use of file sharing sites (Dropbox), Skype and personal web-mail unless additional controls are in place
▪ Must control content when PCs or mobile devices leave corporate environment
Changing the Tide
▪ IP Heavy Organization
▪ Granted 900+ patents in 2011
▪ Over 50,000 active patents today
▪Employee Data
▪ PII, PCI, PHI
▪ Internal and External Threats
The Importance of Prioritization
▪Monitor Inbound Files For Malware
▪Monitor, Alert, And Block (When Possible) Unusual Activities
▪ Security Information & Event Management
▪ Strong Analytical Capability To Detect Anomalous Activities (C&C)
Improve Your Ability To Detect Both Insider And Cyber-attacks
▪ All Companies Should Assume Both Insider And Cyber Attacks Are Occurring
▪ No “Silver Bullet” Solutions – Requires A Comprehensive Approach
▪ Process, People, And Technology
▪ Leverage Frameworks And Standards (ITIL, ISO 27K, …)
▪ Most Advanced Cyber Attacks Involve Compromising Privileged Credentials
▪ Implementing Strong Controls For All Privileged Accounts, Including End-point Devices, Is Necessary To Have Any Chance On Defending Against Today’s Threats
▪ Classical Security Controls (AV, FW, IPS, Etc) Are Still Necessary But Insufficient For Today’s Threats
▪ Collaborate To Learn About Attackers And Best Defenses – You Cannot Fight This Alone!
▪ This Is A Long-term Issue And Requires Continuous Improvements As Adversaries Change Approaches
Final Thoughts…
Digital Guardian CISO Mentoring Webinar Series
20
Agenda
▪ Week 1 - Digital Guardian to Up Your Game
▪ Week 2 - Digital Guardian and Strategic Data Protection
▪ Week 3 - Digital Guardian and Documented Improvement
Digital Guardian and Documented ImprovementCustomer Success Stories
22
Digital Guardian Success Stories
▪ Going Rogue
▪ Visibility
▪ Consolidated
23
Identifying and Stopping Rogue a Employee
24
Evolution of an Insider Attack
MayHacker ToolDownloads
OctoberCompromised 5Hosts
AugustInstalled KeyboardLogger onPersonal PC
DecemberCompromised 3Hosts
JuneEmployeeTermination
MayEDRInstalled
EDRDetection
Business Wide Data Visibility and IP Protection
25
Consolidated EDR and DLP
26
First & Only Unified Internal & External Risk Visibility
27
Endpoint Detection
& Response
Data Loss
Prevention
User & Entity
Behavior Analytics
Single Console; Single Agent
Digital Guardian Sees All Risks to Your Data
28
A Recognized Leader.Just ask Gartner and Forrester
Digital Guardian is the only Leader in both Enterprise Data Loss Prevention and
Endpoint Detection & Response
Magic Quadrant Leader Wave Leader
Q & AThank You.
Larry BrockPrincipalBCS Consulting
Digital Guardian’s Next Webinar:
Understand, Deploy, and Hunt with MITRE’s ATT&CK FrameworkThe blueprint for repeatable threat hunting success
▪ December 12 @ 1:00 PM ET• Tim Bandos – VP Cybersecurity – Digital Guardian• Bill Bradley – Director Product Marketing - Digital Guardian
▪ Watch this webcast to learn:• The key elements of the MITRE ATT&CK framework• How to get started and operationalize a threat hunt framework• Advanced techniques to safeguard your organization and grow
your security knowledge
31
Register: https://info.digitalguardian.com/webinar-understand-deploy-hunt-with-mitre-attck-framework.html