Blueprint for Security Architecture & Strategy
DynTek Security Key Team Members
William ChangSr. IT Project ConsultantSecurity [email protected]
Joe RubinoVice President of [email protected]
Rob CostanzaPrincipal Architect, EastSecurity [email protected]
Shaun LandPrincipal Security ArchitectCSO GHE & [email protected]
Steve StruthersVP Security, [email protected]
Steven SanchezSenior Account [email protected]
Brian ZenoDistrict Sales [email protected]
Brett HarmonCyber Security Alliance [email protected]
Representative ClientsHIGHER & K‐12 EDUCATION
Representative ClientsFEDERAL, STATE & LOCAL GOVERNMENT
Representative ClientsHEALTHCARE FINANCIAL
Strategy Driven IT Security
6
Individuals always perform betterwhen they know where they aregoing. Developing and publishing aStrategy for Security provides this.
Improves Results
A Security Architecture that is built asthe result of a defined strategysimplifies the process of selecting theright people and technology.
Reduces Complexity
Auditors love details and checkboxesthat are checked, but short of that,they appreciate strategy and a planto get somewhere.
Improves Compliance
A strategy allows you to build thedetailed roadmap for improvingsecurity. When you know the longterm plan, buying leverage goes up,as you can negotiate bundles andvendor investments.
Reduces Cost
8
Assess Current
State and Goals
Plan & Architect
FutureState
Remediate & Mature Current
State
Deploy & Mature
New Controls
The Process
• Evaluate the existing client SOC, IT infrastructure, and core systems
• Assess the health of the current state, and risks of the current deployment
• Assess security control objectives
• Be prepared to respond to OCR Audits and questions
• Focus on optimizing existing investments
• Identify alternatives and their associated costs
• Develop a strategy and remediation/action plan
• Provide oversight of remediation plan for current controls to desired maturity and value
• Provide oversight of implementation plan of new controls to desired maturity and value
IT Security Strategy Simplified
Risk Controls2. What are the options around managing/mitigating Risk
(the Controls):A. PeopleB. ProcessC. Technology
3. Prioritize the risks by Qualifying and Quantifying each.
4. Decide what you are NOT going to do (as an organization)
5. Create the Roadmap for what are ARE going to do.
6. Execute on the plan
1. What are the IT related RISKS to the organization?A. Which are IT security specific risks?
Risk & Security Controls Strategy, planning, implementation & operations
10
Risk Management / Security Controls 59 Controls
12
Intrusion Protection
Secure Access Gateways
Behavioral Analysis Sandbox
Network Application/ Load Balancing
Application Firewall
Network DLP
Network Access Control
Web DLP
Email DLP
Proxy
URL Filtering
Web Gateway
Email GatewayFirewall
Adaptive Threat Protection
DLP Historical Analysis
Forensics
Endpoint Threat Detection & Response
Endpoint Visibility
Network Visibility
NETWORK PROTECTION EMAIL / WEB
INCIDENT RESPONSE
SSL Certificate Management
2 Factor Auth.
DLP Data Location Classification, Access
File Encryption
Device Controls
Secure Backup
SharePoint Security
Database Security
Patch Management
Identity Access Management
Password Vault
DLP Reporting
Risk Analysis Reporting
SIEM
Log Management
Remediation Management
File Integrity Monitoring
Change Control
Vulnerability Management
Auditing / Monitoring
DATA PROTECTION
Mobile Security Management
Network Access Control
Host DLP
Application Control / Whitelisting
Mobile Data / USB Control / Encryption
Web Filter
Desktop Firewall
Host IPS
Advanced Anti-Malware
Disk Encryption
Anti-Virus / Anti-Malware
RISK / COMPLIANCE
ENDPOINT PROTECTION
Host DLP
Application Control / Whitelisting
Virtualization Security / Control
Host IPS
Advanced Anti-Malware
Anti-Virus / Anti-Malware
SERVER PROTECTION
Control Prioritization / Maturity Program
13
Firewall1
Intrusion Prevention2
Secure Access Gateways 3
Application Firewall4
Network Access Control5
Behavioral Analysis/Sandbox 6
Network Application/Load Balancing 7
Network DLP8
URL Filtering(Required by Law CIPA) 1
Web Gateway2
Email Gateway3
Proxy 4
Email DLP5
Web DLP6
Network Visibility1
Endpoint Visibility2
Endpoint ThreatDetection & Response 3
Forensics 4
Adaptive Threat Protection 5
DLP Historical Analysis6
Patch Management1
Secure Backup2
2 Factor Auth.3
Device Controls4
File Encryption5
Database Security6
SSL CertificateManagement 7
Collaboration PlatformSecurity 8
DLP Data LocationClassification, Access 9
Log Management1
Policy Auditing /Monitoring 2
Vulnerability Management 3
Identity Access Management 4
Change Control5
SIEM6
Password Vault7
Remediation Management 8
File Integrity Monitoring9
Risk Analysis / Reporting10
DLP Reporting11
Anti-Virus / Anti-Malware 1
Web Filter2
Disk Encryption3
Advanced Anti-Malware4
Mobility SecurityManagement 5
Network Access Control6
Host IPS7
Desktop Firewall8
Mobile Data / USB Control/ Encryption 9
Application Control / Whitelisting 10
Host DLP11
Anti-Virus / Anti-Malware 1
Advanced Anti-Malware2
Host IPS3
Virtualization Security / Control 4
Application Control / Whitelisting 5
Host DLP6
GARTNER MATURITY MODEL
Level 1 – Initial
Level 2 – Developing
Level 3 – Defined
Level 4 – Managed
Level 5 - Optimal
NETWORK PROTECTION EMAIL / WEB
INCIDENT RESPONSE
DATA PROTECTION
RISK / COMPLIANCE
ENDPOINT PROTECTION
SERVER PROTECTION
Example “Client Current State” View
14
Intrusion Protection2
Secure Access Gateways3
Application Firewall4
Network Access Control5
Behavioral Analysis /Sandbox 6
Network Application / Load Balancing 7
Network DLP8
Web DLP6
Email DLP5
Proxy4
Email Gateway3
Web Gateway2
URL Filtering(Required by Law CIPA) 1
Firewall1
DLP Historical Analysis6
Adaptive Threat Protection 5
Forensics4
Endpoint Threat Detection & Response 3
Endpoint Visibility2
Network Visibility1
DLP Data Location Classification, Access 9
Collaboration Platform Security 8
SSL CertificateManagement 7
Database Security6
File Encryption5
Device Controls4
2 Factor Auth.3
Secure Backup2
Patch Management1
DLP Reporting11
Risk Analysis / Reporting10
File Integrity Monitoring9
Remediation Management 8
Password Vault7
SIEM6
Change Control5
Identity Access Management 4
Vulnerability Management 3
Policy Auditing / Monitoring 2
Logo Management1
Host DLP11
Application Control / Whitelisting 10
Mobile Data / USB Control/ Encryption 9
Desktop Firewall8
Host IPS7
Network Access Control6
Mobility Security Management 5
Advanced Anti-Malware4
Disk Encryption3
Web Filter2
Anti-Virus / Anti-Malware 1
Host DLP6
Application Control / Whitelisting 5
Virtualization Security / Control 4
Host IPS3
Advanced Anti-Malware2
Anti-Virus / Anti-Malware 1
LegendWell Covered
Mostly Covered
Partially Covered
Not Deployed
NETWORK PROTECTION EMAIL / WEB
INCIDENT RESPONSE
DATA PROTECTION
RISK / COMPLIANCE
ENDPOINT PROTECTION
SERVER PROTECTION
15
Healthcare “Client Future State” ViewClient Security/Risk Controls - ROADMAP
Intrusion Protection2
Secure Access Gateways3
Behavioral AnalysisSandbox 6
Network Application/ Load Balancing 7
Application Firewall4
Network DLP 8
Network Access Control5
Web DLP6
Email DLP5
Proxy4
URL Filtering(Required by Law CIPA) 1
Web Gateway3
Email Gateway2
Firewall1
Adaptive Threat Protection 6
DLP Historical Analysis5
Forensics4
Endpoint Threat Detection & Response 3
Endpoint Visibility2
Network Visibility1
DLP Data Location Classification, Access 9
Collaboration PlatformSecurity 8
SSL Certificate Management 7
Database Security6
File Encryption5
Device Controls4
2 Factor Auth.3
Secure Backup2
Patch Management1
DLP Reporting11
Risk Analysis / Reporting10
File Integrity Monitoring9
Remediation Management 8
Password Vault7
SIEM6
Change Control5
Identity Access Management 4
Vulnerability Management 3
Policy Auditing / Monitoring 2
Logo Management1
Host DLP11
Application Control / Whitelisting 10
Mobile Data / USB Control/ Encryption 9
Desktop Firewall8
Host IPS7
Network Access Control6
Mobility Security Management 5
Advanced Anti-Malware4
Disk Encryption3
Web Filter2
Anti-Virus / Anti-Malware 1
Host DLP6
Application Control / Whitelisting 5
Virtualization Security / Control 4
Host IPS3
Advanced Anti-Malware2
Anti-Virus / Anti-Malware 1
LegendOptimize / Deploy Phase 1
Deploy Phase 2
Deploy Phase 3
Do Not Deploy
New Controls
NETWORK PROTECTION EMAIL / WEB
INCIDENT RESPONSE
DATA PROTECTION
RISK / COMPLIANCE
ENDPOINT PROTECTION
SERVER PROTECTION
Security Solutions
• 40% Product features and capabilities• 30% Deployment and maturity• 30% Administration and use/response
Success is …
Getting the OrganizationBehind SecurityMaking security the Organizations problem
17
The organization typically looks at IT as the owner of the security problems (risks). Turning this around helps the rest of the organization become active “risk owners” and partners with IT.
This is accomplished through:• Executive level risk messaging & education• Improved Enterprise Risk Management (ERM) process
Executive Organizational Level Risk MessagingMaking your organization’s executive partners “security smart”
18
Simplify the “Risk Management Process” to common non-technical language, so that any executive can get it, own it and get behind it
• Take away the risk & security techno mumbo jumbo
• Use the risk & security controls graphic
• Educate the executive team on security through an “Executive Level Security Workshop”—they should be able to understand all the controls when you are done
• Leverage the Enterprise Risk Register
Improved Enterprise Risk Management ProcessGetting the organization to own the Organizational Risks
19
IT’s job is to be in the RECOMMENDATION business:
• Identify risk (constantly and continuously)• Analyze the risks• Assign the risks (to an IT owner for tracking, and an
executive decision maker (or team) to own the risk.• Make recommendations for each risk to the
organization (including prioritizing the risks)• Executing on each risk as directed by the owner• Tracking and managing known risks
The organizations job is to be in the RISK DECISION business:
• Contribute to the enterprise risk register• Own the organizational risks• Review the risks with IT• Determine risk management for each risk (accept,
remediate, reduce) • Support IT with the risk decisions from the owners
(budget, resources, time)
The Enterprise Risk Register
20
How it all happens – The IT View
The Enterprise Risk RegisterManaging Risk – The Executive View
21
Security Services• Over 40 experienced security consultants• Services capability for architecture, deployment, support and staff augmentation • Security Strategy Engagements• PCI Readiness Engagements• Cyber Attack Preparedness• Breach / Incident Response Cyber Attack Response (like Ransomware)
• PII/PHI Breach Response• Work with Incident Response partners like Cisco
• Vulnerability and Compromise Assessments• Penetration Testing (yearly/periodically)• Managed Security Services
22
Quick Facts• DynTek’s security business growing 99% Y-o-Y
(Q1 & Q2 2016 - grew 300%+)• Cisco DVAR & Gold Partner• Various Partner Awards such as Intel Partner of the Year 2016• Locations across the US and more importantly people who can
be onsite as needed• We have a proven history of investing in key security segments for
Commercial, Government, Healthcare, & Education• Financing capability with flexible terms allowing you to leverage multi-
year budgets without entering into a complex leasing agreement
23
ConclusionWe have developed a simplified model that IT executives and management can use to document and communicate the relationship between organizational risks and IT Security expenditures. The DynTek team is ready to assist in any aspect of improving your organizational security posture. From planning to design, to implementation and support, we look forward to the opportunity to assist.
What are the steps?1. Identify the key strategies and associated risks.
2. Document and prioritize the risks based on IT’s understanding of the strategy.
3. Identify and select solutions to address each area of risk.
4. Present findings and recommendations to executive management for final determination.
24
A program that you continue to use, on a regular basis.
A Tradition of Partnering and Success!
McAfee Partner of the Year, Americas
Questions?