Christopher Schuetze: Safer With Security - How Fabrics Can Be Used to Manage the Complexity of Your Enterprise Security

Okay, so good morning everybody. And welcome to our first session here. And I'm really very happy to share, copy a call's idea of having one or more fabrics to organize and to structure your cybersecurity, cybersecurity challenges, and achieve something simple and easy. Maybe we start with challenges we have to deal with in cybersecurity challenges, or maybe in another phrase, how major is the level of cybersecurity we currently have? Honestly, I love this lights with big numbers on it, especially with the keynote early in the morning. Maybe it helps to wake some people up and giving more attention, but it is also a sad statement. We have 62% of all attacks that are caused by social engineering. By manipulating the user, the employee sending out phishing mails to get credentials. This is still a very successful approach. In the first half of 2019, we had 4.1 billion data sets, which have been breached.
That is a lot. And the second number shows why in the UK 48% of businesses identified at least one breach or attack each month. So almost 50% have up to 12 attacks a year. And this is only the number of attacks we detected because on the other hand, it takes an other average, 72 days to detect that you have become the victim of an attack. And if you ask what is the typical way, how attackers try to get access? Well, malware two of three reported attacks in 2018 in Germany are based on malware infections. So something like a virus, a warm, a root kit and, and a really bad thing. Ransomware 521% increased the amount of a tax from 2018 to 2019 people in and install a software on your computers, on your devices, your service, and encrypt your data and ask you kindly to pay a ransom to maybe get access back.
The thing is, you don't know whether you really get access back or not, and you have to ensure that all installed stuff in your systems is removed. Remember 72 days more than two months is a lot of time and maybe your backups are infected too. Why do attackers do this? What is their intention? The simple answer is because of money. They want your knowledge. They want to your research. They want you to stop from doing your job, always with the intention to earn money with it, or maybe giving you a big disadvantage and protecting your data. Your assets in an insecure world is the real challenge we have to deal with. Not enough, few years ago, we started to store our data everywhere. Not only in the local data center, we added web-based applications to handle our CRM data cloud has become the new normal, and we store data everywhere around the world in services we trust, or we have to trust the mobile work for, for, especially this year.
When most of us started to work from home, we have new challenges. We have devices. We don't know that users use to access critical data. Maybe in the worst case, they start to download something on their insecure device. We started to use platforms like teams like slack or any other collaboration platform to be able to work together from everywhere. So, so to have something like this event here, but how can we control our data here? And then big data happened. We started to extract data from existing data. We started to get more information out of existing information, a simple example, having all your employees in a data analytics tool, really connected with their HR data, connected with something like sick days, data, family status, and so on allows you to cluster this data to something like maybe, which are the most effect, efficient people or group of people in my organization.
But it would also allow you to see which group is more often sick. Maybe also the salary of colleagues. And here you do not only have external threats towards your data who is allowed to see such information within an organization, the junior data analytics consultant consultant. I don't think so. I really don't think so. So data is the new oil well known phrase, especially when you think back about 4.1 billion data records breached. I shared this statement on LinkedIn while I was preparing this keynote here and got some interesting feedback about it and is said, and it was about, well, we know this insecurity, but we don't have enough time and resources to solve it for protecting data. We developed this year, the information protection lifecycle as part of very data-centric specific fabric, generally speaking, it covers the life cycle of data from beginning to the end where end also could mean to archive it, but let's have a closer look to is as an idea, how to implement data security, everything starts with knowing what to protect.
We need manual and automated tools that detect data, especially critical data, maybe based on classification. The next step then is to have a layer that is controlling the access ensure only people who are allowed to access a data can do this. And also you should have something like an governance component in place. Technically described. The data is stored somewhere. We have to secure that we have to encrypt it. We maybe have to Ize it like in the previous big data example that you are not able to see the salary of colleague, just see an average number of salary of a group of employees, something like that. And we need a layer that takes care of monitoring and detection of uncommon activities. Ideally without eight automated responses to contain and recover in case of an incident, having a dece layer to confuse attackers also help maybe something like an honey pot to detect attackers early and last but not least after the active use of data, data is, are hyped or permanently deleted.
So let's come back to control access, accessing data with a device, from a network as a user. How can I trust one who is trying to access the data? Is it sufficient to trust a single statement from an identity provider? Honestly, no trust, nobody trust nobody without approving that he or she is the one you want to talk with. Talk in the sense of sharing data, sharing knowledge, whatever this slide shares. The idea of zero trust zero trust in general is a model or a paradigm. It is rather a single tool can download nor a service you can buy. It is a combination of process related to security and also the underlying technology with the goal to achieve a more secure environment. And it does not only cover data, identity and network as a single item, it combines them. It combines the context. It combines the use networks, especially when working from home, the topic network is important.
How secure is your line, your wireless line at home and how well patched is the device you are working with. Maybe you access the company network with your private device or check your business mails with your private phone or tablet. Generally speaking, zero trust is a model that follows the circle, identify assets, user, and data. As a first step, you need to know what you have to protect in which level then trust nobody technically described block everybody out of your systems, applications and data, and then define policies of how others. So, so endpoints or users or services can access the assets. Here is really a high level of restriction necessary. Remember trust nobody. And then you have to monitor and verify your actions and like every circle, maybe you need to adopt it.
Okay, well, we are here because we want to talk about how fabrics can be used to manage the complexity in cybersecurity, how to manage the assets, how to secure the oil, the cul cybersecurity fabric connects everything, identities, devices, structured, and unstructured data, any type of application, any type of system and any type of network from wireless to corporate, to internet up to your local work from home network, we have a bundled set of services to fulfill the needed capabilities and the overall topic. Something like government and manage and the four specific areas about protection detection, response, and recover to achieve really a better level of security here. This structure gives you the flexibility to handle things in a really a central, but also loose coupled approach with the option to extend with new capabilities and integrate existing tools too, because usually you do not start with a Greenfield approach. There is something out there, the wild Sue of your cybersecurity tools, but let's have a more detailed look into a potential cybersecurity fabric. Like the one that could help to structure your cybersecurity in the cybersecurity fabric capabilities are bundled to building blocks based on our coping, a core reference architecture for cybersecurity. Those building blocks and capabilities are then bundled to services. As you can see in the middle of the, of the slide.
So for, for instance, we have something like an protection and detection, service and response service and or, and so on, especially the topic identity and access management is a set of services itself. Therefore we have our identity fabric concept. It is well known by other conferences. And we have a lot of research about that because it is a really specific topic. Okay. So for instance, let's say malware protection and normally detection and network security. This can be bundled to have something like an protection and detection service, which then can be consumed by applications by other services to make them more secure. The building blocks of those capabilities are then executed in containers or via microservice via APIs. They can run on your local in your local data center. They can run in a private or public cloud that gives you a lot of flexibility applications or digital services can use those services via an API layer or with standard supports and custom integrations to really use that kind of capability or also to deliver data back to the cybersecurity fabric. So something like threat detection can get receive data from your authentication layer of things like that. On the other hand, we have legacy applications and maybe legacy security products, which can be integrated by custom connectors and integrations. So we have an open architecture for new digital services and a support for existing applications and security products.
The cybersecurity fabric is a unified and overall approach, really for all types of data systems and identity and all types of digital services, no matter whether it's legacy or not. Remember our challenges at the beginning of the session, the cybersecurity fabric is a paradigm and approach for modeling a security organization. It is neither a concrete tool nor a specific service deciding which products fulfill the specific capabilities is really usually the last step. And for sure as mentioned, existing tools are also considered and also the need for maybe additional one here. Usually when we do this for our customer, if we implement this for our customers, we use our internal leadership compasses for a specific area. And at all, it is flexible because it builds on APIs. It builds on microservices and therefore it is scalable, flexible, and things can be changed and extended or replaced to really meet future requirements.
Okay. Tough content early in the morning. So I would like to give you some ideas of how to start with fabrics and go in the direction of your trust to secure your data and to secure the barrels of oil. Let's start with things you can do right now. First, a simple thing which minimizes the risk of social engineering and fishing enable multifactor authentication, maybe for everything, at least for the important things. Second, ensure that you have a cybersecurity controls that you have cybersecurity controls implemented at least on a manual base, but best with really a high level of automation and setting the course within the next 100 days is also important. We recommend to start with an cybersecurity portfolio assessment. Remember the zero trust slide with identify your assets, know what to protect, know what you have. And then in the next step, define a strategy towards zero trust towards how to manage devices, user data networks, and accesses in a potentially insecure environment meant invest into data governance for structured and unstructured data. Like my example about big data, the junior data Analyst Analyst should not be able to extract such critical information and last not, but not least do not annoy your users with passwords. When talking about zero trust, you can also start thinking about how to get rid of passwords and do this all by using the flexibility and extensibility of the copy and cold cyber security fabric. Thank you.