2019年IDC企業安全建設.pdf

1、Enterprise Security Trends IDCPete LindstromOver 25 years in InfoSec,IT,Finance Tech Risk Pro performing reading,writing,rithmetic on risk and security mattersFormer Marine(Gulf War veteran),Big Six IT Auditor(PwC),Internal Auditor(GMAC Mortgage),Security Architect&Director(Wyeth)BBA Finance,Univers

2、ity of Notre Dame;former CISSP and CISAVice President,Security StrategiesIT Executive Program,IDC“To enable digital transformation through proper IT risk management by making efficient and effective economic decisions supported by evidence and outcome analysis leading to the strongest cybersecurity

3、program possible.”The Cybersecurity Mission StatementDigital Transformation(DX)DefinedThe application of 3rdPlatform and related technologies to fundamentally improve all aspects of society.For business this means:$1.2T in 2017$2.0T in 2020$1.4T in 2018$1.7T in 2019$6.3T Direct DX InvestmentNew sour

4、ces of innovation and creativity to enhance experiences and improve financial performance.Simply modernizing the technology underpinning existing systems is not transformation.TRANSFORMUsing information to create an evidence based culture.Companies should plan on doubling the productivity of their k

5、nowledge workers by using information more effectively.DECISION MAKINGDigital transformation is not to be confused with digital technologies,however,it does use 3rdPlatform technologies such as Cloud,mobility,Big Data,and social as well as Innovation Accelerators including IoT,robotics,and 3D printi

6、ng.WITH TECHNOLOGYCybersecurity for Digital TransformationKEY TRENDS AND PATHWAYS FOR DIGITAL DISRUPTORSDX Security PerformanceScorecard Critical Success Metrics and KRIsDX Trust PlatformAligning Security with Business PartnersDX Risk RoadmapsPrioritizing the Industry Risk JourneyDX Security Organiz

7、ationOvercome the IT Security Skills GapDX Security CapabilitiesReshaping Security and Technology ExpertiseCybersecurity for Digital TransformationKEY TRENDS AND PATHWAYS FOR DIGITAL DISRUPTORSIDC Energy Insights:Energy as a ServiceDistributed EnergyPredictive GridDigital GridDistributed Energy Mana

8、gementIntelligent Grid ManagementMicrogridsPredictive Grid ControlSmart AssetsStrategic Asset ManagementConnected AssetsAsset InstrumentationFailure Models&Effects Analysis(FMEA)AutomationPredictive Underground Line ServicesDrone-Based Line InspectionSelf-Healing AssetsAsset Performance ManagementCo

9、nnected ConsumerReliability as a ServiceCustomer TransparencyPublic SafetyDER as a Reliability Enabler360 Connected Customer ManagementService Safety AlertsDevise-Based Energy ProgramsWater QualityClosed Loop Outage ManagementPersonalized MarketingLeak DetectionEnhanced Personal SafetyNext-Gen Safet

10、yVirtual MusterConnected Safety WearEnhanced Process SafetyProcess Self InspectionProcess Condition MonitoringVirtual Power PlantEquipment Health CommunicationOrchestrated Demand ResponseGlobal Trade AutomationDigital Grid SimulationDigital Corrosion ManagementAugmented MaintenanceRevenue Protection

11、PROGRAMSUSE CASESStrategic PrioritiesIDC Energy Insights:Energy as a ServiceDistributed EnergyPredictive GridDigital GridDistributed Energy ManagementIntelligent Grid ManagementMicrogridsPredictive Grid ControlSmart AssetsStrategic Asset ManagementConnected AssetsAsset InstrumentationFailure Models&

12、Effects Analysis(FMEA)AutomationPredictive Underground Line ServicesDrone-Based Line InspectionSelf-Healing AssetsAsset Performance ManagementConnected ConsumerReliability as a ServiceCustomer TransparencyPublic SafetyDER as a Reliability Enabler360 Connected Customer ManagementService Safety Alerts

13、Devise-Based Energy ProgramsWater QualityClosed Loop Outage ManagementPersonalized MarketingLeak DetectionEnhanced Personal SafetyNext-Gen SafetyVirtual MusterConnected Safety WearEnhanced Process SafetyProcess Self InspectionProcess Condition MonitoringVirtual Power PlantEquipment Health Communicat

14、ionOrchestrated Demand ResponseGlobal Trade AutomationDigital Grid SimulationDigital Corrosion ManagementAugmented MaintenanceRevenue ProtectionPROGRAMSUSE CASESStrategic PrioritiesManufacturing InsightsDX Use Cases:where the value is!IDC Energy InsightsAgile EnergyAgile MiningEnergy-as-a-ServiceIDC

15、 Financial InsightsConnected BankingContextual and Value Centric InsuranceIDC Government InsightsEffective National GovernmentSmart Cities and CommunitiesIDC Health InsightsKnowledge-Based MedicineValue-Based HealthIDC Manufacturing InsightsCollaborative Innovation(AOVC)Engaging Consumer Experience

16、at Scale(BOVC)Creating Experience Ecosystems(EOVC)Technology-as-a-Service(TOVC)IDC Retail InsightsExperiential Hospitality,Dining&TravelExperiential RetailIDC Telecommunications InsightsCommunications Service-Enabled Connected CommunitiesLearn more at Use Cases:where the value is!IDC Energy Insights

17、Agile EnergyAgile MiningEnergy-as-a-ServiceIDC Financial InsightsConnected BankingContextual and Value Centric InsuranceIDC Government InsightsEffective National GovernmentSmart Cities and CommunitiesIDC Health InsightsKnowledge-Based MedicineValue-Based HealthIDC Manufacturing InsightsCollaborative

18、 Innovation(AOVC)Engaging Consumer Experience at Scale(BOVC)Creating Experience Ecosystems(EOVC)Technology-as-a-Service(TOVC)IDC Retail InsightsExperiential Hospitality,Dining&TravelExperiential RetailIDC Telecommunications InsightsCommunications Service-Enabled Connected CommunitiesLearn more at th

19、e RISK!and the RISK!DX Risk Roadmaps Key to SuccessSuccessful cybersecurity programs strategically align with the risks associated with their organizations digital transformation use cases.Cybersecurity for Digital TransformationKEY TRENDS AND PATHWAYS FOR DIGITAL DISRUPTORSThe Many Faces of Cyberse

20、curityTECHCONTROLSBIZCOMMERCECOPCRIMELAWCOUNSELCyberPOLICYFRAUDRISKCOMPLYFRAUDIRPRIVACYFORENSICSBridging the Technology Skills GapDX Security Organization Key to Success Successful cybersecurity programs address the cybersecurity skills gap through internal training,security-at-scale,and strategic o

21、utsourcing.Cybersecurity for Digital TransformationKEY TRENDS AND PATHWAYS FOR DIGITAL DISRUPTORSDigital Security FunctionsIDENTITY MGTValidate human identities.Create,modify,and revoke user accounts/credentials.Define and assign user access rules.Monitor user behavior.Account ProvisioningPassword R

22、esetKnowledge-based Identity ValidationIdentity Access GovernanceUser Session RecordingPassword AuthnOTP Hard Token AuthnSmartcard AuthnSoft Token AuthnStatic Biometric AuthnBehavioral Biometric AuthnSingle Sign-on(federation)Authn Triggers(stepup)Web Access Mgt(authz)Shared Credential MgtPrivilege

23、RestrictionsVULN MGTEliminate services and processes.Reduce known weaknesses.Identify and patch vulnerabilities.Reduce coding errors.Filter connection attempts.Vuln ScanningApply Update/PatchStatic AnalysisDynamic AnalysisFirewall Policy MgtPolicy OrchestrationStatic Network FiltersDynamic Network F

24、iltersURL FiltersAPI FiltersMicrosegmentationApplication IsolationRemote BrowsersWhitelist(known good)Runtime App Self-ProtectionTRUST MGTManage overall digital security program.Manage usage policies.Manage IT policies and procedures.Classify and harden data and systems.Key Management3rdParty Assess

25、mentsPolicy ManagementRisk Register ManagementRisk AnalyticsCompliance ManagementRemote Access VPNSite-Site VPNSession VPN(app)Endpoint EncryptionBasic File EncryptionPolicy-based File EncryptionDatabase EncryptionFile Integrity CheckingDigital SignaturesTrusted BootHardware Security ModulesTrusted

26、Platform ModulesSecure ElementsRemote AttestationTHREAT MGTMonitor usage activity.Determine whether activity is malicious or inappropriate.Block/alert on inappropriate activity.Conduct forensic analysis.Manage incidents.Contextual Analysis(SIEM)Algorithmic Analysis(big data)System ForensicsNetwork F

27、orensicsIncident MgtBreach Patterns(IoC feeds)Malware SignaturesFile Behavior Analysis(sandbox)System Anomaly DetectionIP/URL BlacklistsNet Intruder SignaturesNetwork Anomaly DetectionDenial of Service ProtectionEmail Anti-SpamBreach DetectionRegEx Data Leak DetectionDocument FingerprintingDeception

28、(honeypots,etc)SERVICEPROCESSTECHNOLOGYDigital Security FunctionsIDENTITY MGTValidate human identities.Create,modify,and revoke user accounts/credentials.Define and assign user access rules.Monitor user behavior.Account ProvisioningPassword ResetKnowledge-based Identity ValidationIdentity Access Gov

29、ernanceUser Session RecordingPassword AuthnOTP Hard Token AuthnSmartcard AuthnSoft Token AuthnStatic Biometric AuthnBehavioral Biometric AuthnSingle Sign-on(federation)Authn Triggers(stepup)Web Access Mgt(authz)Shared Credential MgtPrivilege RestrictionsVULN MGTEliminate services and processes.Reduc

30、e known weaknesses.Identify and patch vulnerabilities.Reduce coding errors.Filter connection attempts.Vuln ScanningApply Update/PatchStatic AnalysisDynamic AnalysisFirewall Policy MgtPolicy OrchestrationStatic Network FiltersDynamic Network FiltersURL FiltersAPI FiltersMicrosegmentationApplication I

31、solationRemote BrowsersWhitelist(known good)Runtime App Self-ProtectionTRUST MGTManage overall digital security program.Manage usage policies.Manage IT policies and procedures.Classify and harden data and systems.Key Management3rdParty AssessmentsPolicy ManagementRisk Register ManagementRisk Analyti

32、csCompliance ManagementRemote Access VPNSite-Site VPNSession VPN(app)Endpoint EncryptionBasic File EncryptionPolicy-based File EncryptionDatabase EncryptionFile Integrity CheckingDigital SignaturesTrusted BootHardware Security ModulesTrusted Platform ModulesSecure ElementsRemote AttestationTHREAT MG

33、TMonitor usage activity.Determine whether activity is malicious or inappropriate.Block/alert on inappropriate activity.Conduct forensic analysis.Manage incidents.Contextual Analysis(SIEM)Algorithmic Analysis(big data)System ForensicsNetwork ForensicsIncident MgtBreach Patterns(IoC feeds)Malware Sign

34、aturesFile Behavior Analysis(sandbox)System Anomaly DetectionIP/URL BlacklistsNet Intruder SignaturesNetwork Anomaly DetectionDenial of Service ProtectionEmail Anti-SpamBreach DetectionRegEx Data Leak DetectionDocument FingerprintingDeception(honeypots,etc)SERVICEPROCESSTECHNOLOGY38%32%30%30%Top Can

35、didates for Automation Password Resets Provisioning Single Sign-on Advanced AuthTRUST Patch Management Continuous Assessments FW Policy Orchestration Alert Context/Aggregation Attack Identification Incident ManagementIDENTITY Policy/Governance 3rdParty Risk Certificate ManagementVULNERABILITYTHREATB

36、uilding Blocks of Digital TransformationDistributed Integrity Model(Zero Trust)Focused on users,data,and workloads Virtual elements dynamically tied to the“channels and containers”world of network/operating platform.Integrity validated by roots of trust or“tethers”that leverage cryptography.TPMs,HSM

37、s,Secure Elements,etc.As users,data,compute objects travel through channels and containers,they are“traced”through gateways and across trust zones.DX Security Innovations(Risk)Intelligent Core Data ServicesIntegration&OrchestrationDeveloper ServicesEngagementIDMultifactor Auth&FederationRisk-basedAu

38、thenticationUser BehaviorAnalyticsFederation&NotificationHardenedSecurity PostureSecurityOrchestrationPaaS/API SecDevSecOpsSDN Security3rdParty ScoresCognitive&AnalyticsMonitoring&AutomationThreat ModelingIntelligence&DeceptionBlockchain&Rights MgtPKI/Certificates&Roots of TrustSW SecurityData Sheet

39、sCompliance&CyberinsuranceDX Security Capabilities Key to SuccessSuccessful cybersecurity programs automate their security processes and innovatetheir architectures for dynamic technology environments.Cybersecurity for Digital TransformationKEY TRENDS AND PATHWAYS FOR DIGITAL DISRUPTORSDigital trust

40、 enables decisions to be made between two or more entities that reflect their level of confidence in each other;these decisions are based on each entitys digital reputation as well as the risk levels provided by each entitys cybersecurityprograms for any proposed digital activity.IDC Digital Trust F

41、rameworkBigger Picture Risk in DX WorldPerson(“Public”)BusinessMachineP2PIntoleranceMob JusticeB2CPrivacy BreachesEmployee TrustG2CitizenDisinformationSurveillanceM2PBias OutPerson(“Public”)BusinessMachineC2BBot FraudB2BSupply Chain Issues3rd/4thPartiesG2BRegulations/BansM2BBias OutCitizen2GPolitica

42、l ActionsActivismB2GLobbyistsG2GCyberwarfareInternet SanctionsM2GBias OutP2MBias InB2MBias InG2MBias InM2M?Person(“Public”)BusinessMachineP2PSocial MediaLI endorsementsB2CLoyalty/FICOBackground ChecksG2CitizenPassports/Valid IDSocial ScoreM2PSSO/MFAUBAPerson(“Public”)BusinessMachineC2BProvider Ratin

43、gsDigital Trust IndexB2BContractsDigital Trust IndexG2BRegulationsM2B3rdParty Risk ScoresCitizen2GMediaWatchdog GroupsB2GLegal EntitiesG2GTreatiesM2GEncryptionP2MDevice IDRoot of TrustB2MCybersecuritySW Bill of MaterialsG2MDevice RegistryCryptoM2MBlockchainIntegrityDigital Trust Platform Key to Succ

44、essSuccessful cybersecurity programs automate their security processes and innovatetheir architectures for dynamic technology environments.Cybersecurity for Digital TransformationKEY TRENDS AND PATHWAYS FOR DIGITAL DISRUPTORSSecurity spending vs.total incidentsRelative security valueThe Best Email S

45、ecurity Single Sign-on Firewalls User Awareness Training File EncryptionThe Worst 3rdParty Risk Scoring Audit/Vendor Risk Mgt Incident ResponseKey Risk Indicators(KRIs)Control OutcomePopulationEfficacy/ErrorsNormalizedEndpoint Antimalware allowed/deniedFirewall connections allowed/deniedIntrusion Pr

46、evention flows allowed/deniedEmail Security messages allowed/deniedSecure Web Gateway sessions allowed/deniedFile ObjectsNetwork Flows/ConnectionsNetwork Flows/Connections File ObjectsEmail MessagesWeb Sessions(outbound)Malware blocked(TP);Legitimate file allowed(TN);Legitimate file blocked(FP);Malw

47、are allowed(FN)Connection blocked(TP);Legitimate connection allowed(TN);Legitimate connection blocked(FP);Connection allowed(FN)Connection/malware blocked(TP);Legitimate connection/file allowed(TN);Legitimate connection/file blocked(FP);Connection/malware allowed(FN)Phish/malware blocked(TP);Legitim

48、ate email allowed(TN);Legitimate email blocked(FP);Phish/malware allowed(FN)Malicious/inappropriate Web blocked(TP);Legit Web session allowed(TN);Legit Web session blocked(FP);Malicious/inappropriate Web allowed(FN)Number of files transmittedTotal filesNumber of endpointsNumber of usersBusiness Unit

49、/DepartmentNumber of flowsNumber of active IP addressNumber of open portsNumber of applicationsBusiness unit/DepartmentNumber of flowsNumber of active IP addressNumber of open portsNumber of files transmittedNumber of applicationsBusiness unit/DepartmentNumber of messagesNumber of usersNumber of Web

50、 sessionsNumber of usersSuccess AreasBusiness DecisionEssentialKPIIDCRecommended TargetDX Security Performance Key to SuccessSuccessful cybersecurity programs develop digital KPIs to measure the efficiency and effectiveness of their programs.Cybersecurity for Digital TransformationKEY TRENDS AND PAT

51、HWAYS FOR DIGITAL DISRUPTORSDX Security PerformanceScorecard Critical Success Metrics and KRIsDX Trust PlatformAligning Security with Business PartnersDX Risk RoadmapsPrioritizing the Industry Risk JourneyDX Security OrganizationOvercome the IT Security Skills GapDX Security CapabilitiesReshaping Se

52、curity and Technology ExpertisePete LindstromVice President,Security StrategiesIDCPLIDC is the premier global provider of market intelligence,advisory services,and events for the information technology,telecommunications,and consumer technology markets.IDC helps IT professionals,business executives,

53、and the investment community make fact-based decisions on technology purchases and business strategy.More than 1,100 IDC analysts provide global,regional,and local expertise on technology and industry opportunities and trends in over 110 countries worldwide.For more than 50 years,IDC has provided st

54、rategic insights to help our clients achieve their key business objectives.IDC is a subsidiary of IDG,the worlds leading technology media,research,and events company.Terms of Use:Except as otherwise noted,the information enclosed is the intellectual property of IDC,copyright 2016.Reproduction is forbidden unless authorized;contact for information.All rights reserved.感 謝 聆 聽感 謝 聆 聽感 謝 聆 聽