Professional Documents
Culture Documents
Ebook Transforming Security in The World of Digital Transformation
Ebook Transforming Security in The World of Digital Transformation
FOREWORD
Taking a look back... 3
INTRODUCTION
Simplifying and strengthening your security strategy 4
CHAPTER 1
Challenges: what is holding organisations back? 5
CHAPTER 2
Response: how are organisations tackling those challenges? 8
CHAPTER 3
Best practice: what does success look like? 11
FOREWORD
Taking a look back
Here at VMware Carbon Black, we began 2020 by making
three major predictions.
Firstly, that the demand for to organisations. Across breaches. Separate VMware
endpoint security would the year, over a quarter Carbon Black research
skyrocket. As organisations (29%) of respondents to among incident response
continued to shift to a our Global Threat Report professionals found that
work-from-anywhere model, informed us that this was island hopping was a feature
the need to ensure security the biggest threat to their in 41% of the breach attempts
is placed around the user, organisation in 2020. they encountered.
applications and data has
become more evident than Finally, our biggest Security is a fast-moving
ever. This only accelerated prediction was that we space. But some clear
across the course of the year. would continue to see a trends are emerging. And
rapid rise in third-party with that in mind, it’s been
Secondly, we forecast that application breaches and fascinating to hear from IT
the inability to institute ‘island hopping’ as a major and security leaders across
multi-factor authentication source of attacks. Across the world on how they
would be a major threat the year we saw a sharp have been dealing with the
rise in OS and application challenges we face in the
breaches, accounting security landscape of today.
for 31% of all reported
SCOTT LUNDGREN
CTO, VMWARE CARBON BLACK
4
INTRODUCTION
Simplifying and strengthening
your security strategy
Maintaining business and response mechanisms; concerns? And how can you
continuity in the current or unifying endpoint and unify IT and security teams
climate has been integral for workload security to simplify to alleviate pressure?
security teams worldwide. the environment: it’s time
The demand for secure to build new elements into To find out, Meet the Boss,
access to applications and your security strategy to in partnership with VMware
data has soared as we move fully leverage infrastructure Carbon Black, hosted a
to a digitally distributed and control points while series of virtual roundtable
way of working and, as seamlessly securing sessions with security
a result, 96% of security data centres, clouds and executives to explore how
professionals said the endpoints to provide the they are approaching
volume of attacks they flexibility and agility required these challenges at their
have faced has increased. in the modern environment. respective organisations.
Want to know how to
Re-evaluating the approach So, how can you accelerate develop an intrinsic security
to securing your business is how your teams identify, approach at your business?
crucial. Whether it’s shifting prevent and respond to It’s all here.
the balance from a reactive threats with the right context
security posture to a position and insights? How can
of strength; accelerating you shift security to cloud
threat prevention, detection while navigating emerging
96%
Of security professionals surveyed
in the US and Canada said the
volume of attacks they have faced,
increased (VMware 2020).
5
CHAPTER 1
Challenges: what is holding
organisations back?
Whether it’s managing security in a remote working
environment, ensuring employee accessibility or navigating
increased threats, there are multiple hurdles to success.
COVID-19 forced businesses hardware or software “We had to look
to make fundamental issues, managing remote strategically at connections
operational changes devices and allowing and moving back to the
overnight to deploy access to critical company basics of security,” says
a digitally dispersed resources all had to be Rohan Daya, Head of IT
workforce. Handling actioned from a distance Governance & Risk at
– while defending a much Old Mutual Insure. “We
broader attack surface. needed to understand the
landscape and who’s got
access from where. On the
back of that, we increased
access across the business as
well, so the move to remote
working really helped us
accelerate in that space.”
6
88%
Of cyber security
professionals reported
increased phishing
attacks relating to
COVID-19 (VMware 2020)
7
In light of the new working feels like they have to learn “I think by staying
environment, VMware the lessons all over again. intellectually disciplined
Carbon Black CTO Scott It seems like we spend and focused on the
Lundgren feels it’s hard too much time trying to underlying problems and
to say with any degree convince others that 100% the commonality there, it
of certainty that you are security is not the goal, actually provides a compass
100 percent secure. “It’s nor is it attainable.” to think about how we can
impossible, and has certainly tackle the security challenges
not gotten any easier since Instead, it’s about improving we face today.”
COVID-19. But because the your posture. “The underlying
field is immature and many physics or the mechanics are
people are moving into the actually extremely similar to
field from other areas, such where they were 20 years
as legal or finance or IT, it ago,” continues Lundgren.
CHAPTER 2
Response: how are organisations
tackling those challenges?
From shifting the balance from attack to defence to unifying
IT and security teams, a number of areas are seen as critical.
Moving from in-office trigger points from a As a result, threat visibility
to remote working has monitoring perspective,” he improved. “We were able
required new security explains. “We gathered all to set a baseline to see the
standpoints. At Old the data and logs and l put typical times people log on
Mutual Insure, Head of IT a golden thread together to the VPN and identify the
Governance & Risk Rohan using those. I looked at trends and monitor those.
Daya noticed typical traffic access management, So then, when someone
had completely changed, advanced threat protection, tried to access the network
with employees operating at combined all those logs that didn’t have the right
different hours to suit their and built our own user credentials, there was an
work-from-home lifestyles. activity monitoring.” immediate notification.”
“We needed to alter our
9
That kind of alerting is “We have point detection our endpoint detection
critical, because attackers agents on the majority of and response, which were
are far too sophisticated our endpoints and also internet or cloud native – just
in their methods to be the critical infrastructure, worked seamlessly as we
deterred by traditional like domain controllers. changed, whereas with some
endpoint security. Siemens We also use cyber defence of the older things, we had
was in a good place with centres 24/7 around the to work a bit harder to make
its endpoint detection and world to collect logs from them internet capable.”
response when employees proxies and analyse them
were mandated to their with cloud-based artificial One sticking point that
homes, so was able to intelligence to make our invariably challenges security
pivot to support a digitally lives a little bit easier.” teams is who they report to
distributed workforce – as and how they collaborate
CISO Achim Knebel explains. Rudi Opperman, Head of with different teams,
Security Engineering and particularly IT. Vetea Lucas,
Continuous Monitoring Head of IT Security and
at Standard Bank Group, Compliance at Sodexo, says
describes how the move it’s a discussion that has gone
to remote working was on for far too long. “Where
more like a reprioritisation should security report to?
of controls rather than a The board? The CIO? I think
change. “The more modern in the end it depends on the
security technologies that context of the organisation,
we had deployed – like because if you don’t have
proper maturity, being close
to the IT team is probably
better compared to reporting
directly into the CEO.”
10
Amit Sharma, a security of the business teams. And is really difficult. One of the
leader within a leading the decision about whether things that I’ve seen work
sportswear manufacturing you should launch a product well is some level of cross-
organisation, agrees. first or should you make it pollination of people – for
“Security should be secure first are currently example, where someone
reporting into someone in being made by the business, in security will work in an
the executive board, yet still not by the IT team.” adjacent function of the
have a leg back into the CIO business that they have
office,” he offers. “The IT VMware Carbon Black CTO expertise in. Alongside that,
teams are one of our major Scott Lundgren weighs in. building bridges with other
partners who are delivering “The hardest part of security departments and being
the technical platforms. is dealing with people, able to talk to each other
However, the challenges and ultimately products is always very helpful.”
that security sees today are aren’t going to solve this
not technical, they’re about problem. So it’s a challenge
the mindset and awareness internally, and I understand it
11
CHAPTER 3
Best practice:
What does success look like?
By putting the right foundations in place – including gaining
visibility into the environment and shifting security to cloud
- organisations are creating a platform for success.
Whitbread’s Head of my colleagues. It’s a case Rudi Opperman, says it’s a
Information Security, Martin of taking your vintage car nice problem to have. “One
Jimmick, feels COVID-19 has out of the old garage and of the best things about
radically changed the pace putting it in a brand new cloud is the rich telemetry
of innovation. “Some of the one – it’s still the same that is available electronically
decision-making in terms of vintage car with its original and programmatically
pushing things into cloud problems, you just moved it through APIs. You can drown
has rapidly accelerated. So, from one place to another.” in it, but at least it’s there
we’re pushing more than compared to the traditional
ever into environments like While cloud might come data centre where it’s
Office 365, which is now with complications, such difficult even just to get the
beginning to dictate where as providing access to data in the first place.”
we’re heading.” exponential amounts
of data, Standard
Yet that journey is not Bank Group’s Head of
without complexity, as Security Engineering and
William Davies, Head of Continuous Monitoring,
Security and Information
Assurance at Government
Business Services in the
Cabinet Office, explains. “We
transitioned very quickly and
it’s going well at the moment,
but there have been a few
sleepless nights for me and
12
That’s where our thought Lundgren argues that in an to enrich the information
leaders are now on their era of cloud applications that is allowing you to
journeys. But what about and mobile users, you need make a decision.”
as we look ahead to the to prioritise the controls
future? What approaches and rethink how to get The next step is pulling the
do we need to take now the visibility you’ve always information together, says
to secure our businesses needed. “There’s a lot of Derivco’s Chief Security
and shift from a reactive power that comes with Officer, Michael Poezyn.
security posture to a moving applications to “We’ve been focusing on
position of strength? the cloud,” he explains. the soul of the security
“But there’re also a lot of orchestration, automation
“You must start with full negatives and complexity and response platforms to
visibility into the network is the biggest by far. What’s try and enrich the visibility.
environment,” emphasises important is to provide a So that way, if you’ve got
VMware Carbon Black’s simplified view on what is all the data and touch points
Scott Lundgren. “You fundamentally an extremely and know where they are
need to err on the side of complicated situation.” located, you can enrich the
capturing more: getting information you have on
more context and more Frederic Pascalon, Director any given incident.”
data and pulling that into of Group Cybersecurity
a place where you or and Principal Architect at While there is no magic
your team has access to Capgemini, agrees that wand to dissolve legacy
it. Then on top of that you it’s very important to start technology, unite teams and
can overlay simplicity, being from the beginning with protect the business from
able to drive down to the the data and identify its every threat, prioritisation
core data elements. When in meaning. “Then you are can help. By prioritising
doubt you need to be able to able to onboard the rest certain areas, security
fall back to that rich visibility.” of the building blocks and teams will be better
positioned to overcome
obstacles and navigate
the current environment.
13
Security priorities
VMware Carbon Black’s Scott Lundgren shares his key
takeaways:
• “Accelerate the work • “Recognise the • “Get the required
you’re doing around importance of basic visibility into your
security tooling to enable cyber hygiene. systems. If you don’t
both the security team Understand what’s have the right visibility,
and the engineering installed and what’s not, then you can’t even
team with a single set of where devices are and begin to have efficiency
tools, tailored for each where they’re not. It’s because you’re completely
department. This can make easier said than done, blind and chasing things
everyone play together yet it’s foundational.” that don’t exist.”
a lot more simply.”
• “Understand the
consequences of your
decisions. We often
talk about specific
technologies and specific
product capabilities and,
while they’re important,
if they don’t tie the
whole system together,
it doesn’t work. Also
understanding what
the big decision points
are and the multiple
consequences is
important for the
future of security.”
14
As we press into 2021, our daily lives. Everyone If cybercriminals can get
everything is different – really does have a security into your personal laptop
yet the same. We have responsibility within the or mobile device, they will
seen the lengths many modern organisation, then be able to use this as
organisations have had to especially as cybercriminals an entry point and island
go to throughout 2020 in have taken advantage hop into the corporate
order to deliver business of disruption to escalate network you access, whether
as usual and ensure a high campaigns. So, what’s by deactivating VPNs or
employee experience, in store for 2021? breaking down firewalls.
and this will continue to
drive security further into First off, as remote working Secondly, we have
becomes the norm for seen a major shift to
many organisations, mobile the cloud across 2020
devices and operating due to the pandemic
systems will increasingly and the requirements
be targeted. As employees for organisations to
use personal devices to operationalise. Cloud-
review and share sensitive jacking through public
corporate information, clouds will become the
these devices become island-hopping strategy
an exposure point. of choice for cybercriminals,
as opportunity due to
the reliance on public
clouds continues to grow.
15