Date post: | 19-Dec-2015 |
Category: |
Documents |
View: | 214 times |
Download: | 0 times |
Enterprise security
How to bring security transparency into your organization
ISSA EDUCATIONAL SESSION
Nicklaus Schleicher,
VP Support & Customer Service
Enterprise security
Consul
17 years of security event management experience
Winner of ISSA Organization of the Year in 2003
Founded in 1986 Worldwide presence:
– US,
– Europe,
– Asia-Pacific,
– Latin America
Enterprise security
Security landscape is changing
Disappearing perimeter More complex security devices Heterogeneous networks Information overload Not enough resources Increasing threats Regulatory requirements Cost pressure
Enterprise security
What are customers saying
Make their security operations more efficient
Gain a holistic understanding of their overall security
Comply with regulations
Make sense out of the chaos that is a large network
Respond more quickly and intelligently to problems
Monitor and enforce business-critical policies
Conduct more effective post-event forensics and
analysis
Move from auditing to monitoring
Enterprise security
It’s all about Value
Suppose you could protect your most valuable business assets at the lowest cost?
Wouldn’t you want to know how?
Enterprise security
It’s all about Your Critical Data
Most security devices monitor the network perimeter.
Yet key assets are on the less-protected inside.
Is your core network adequately protected?
Enterprise security
Lots of Products - Few Solutions
Companies have invested heavily in firewalls, IDS, and AV systems, yet remain vulnerable to devastating attacks.
What are you doing to continuously monitor security on your perimeter AND core networks?
Enterprise security
Regulations are a worry
Proliferating industry and regulatory standards raise the bar on implementing and demonstrating effective security.
HIPAA, GLB, BS 7799, Basel II
What is the value of effective compliance to regulations in your company?
Enterprise security
The security infrastructure is in place
Security InfrastructureSecurity Infrastructure
Authorization Authentication
Firewall / VPN
Anti-Virus
PKI
OS Security
Application SecurityIntrusion Detection
Systems (IDS)
Biometrics
Enterprise security
Too many reports and alarms
From firewalls
From intrusion detection systems
From anti-virus systems
Many log files
Enterprise security
Too few reports where it matters
Internal systems are not monitored enough:– Logging turned off or not understood
– Reports have no real-world meaning
Comparison across systems impossible
Auditing versus company policy impossible
Are you secure? “I don’t know”Are you secure? “I don’t know”
Enterprise security
Insiders remain a threat
Inside is as hostile as outside, but in a different way
64% of companies admit they suffer from security breaches
76% of all security breaches are due to insider work
70% of all corporate data still on mainframes
Enterprise security
Step one: define
What’s the status?
Assess current enterprise security
Review policies
Benchmarking and gap analysis
Compliance to standards and regulations
Understand source of today’s vulnerabilities
Define metrics for success
Enterprise security
Step two: protect
Implementation of solution:
Implement policies
Define security procedures
Create awareness and communication
Establish administration and support roles
Enterprise security
Step three: check
How secure are we?:
Measure Compliance
Check for existing vulnerabilities
Modify policies and settings
Learn from intrusions and issues
Measure against metrics
Security event managementSecurity event management
Enterprise security
People
system administrators
managers
finance
human resource
secretary
on line customers / suppliers / partners
hackers
etc.
Enterprise security
Technology
operating system
intrusion detection system
firewalls
business applications
anti-virus software
etc.
Enterprise security
Security policy
Who is allowed to
do what kind of actions
on what kind of documents
in which period of time
from which place and
on which server?
Enterprise security
Monitors output from over 50 platformsEvaluates security events, policy violations
Real-time, intuitive view of network Prioritized, actionable alerts, drill-down reports
Best practices baselines, HIPAA, GLBExtensive auditing, reporting and forensics
Visualization, reporting and alerting
Normalization and correlation
Policy
Consul/eAudit