Andreas Mertz (Founder/Man. Dir. it-cube SYSTEMS, CISSP) 360 SAP Security
|
|
- Marjory Davis
- 8 years ago
- Views:
Transcription
1 Andreas Mertz (Founder/Man. Dir. it-cube SYSTEMS, CISSP) 360 SAP Security
2 Agenda Motivation SAP Threat Vectors / SAP Hack Solution Approach the 360 of agilesi Threat Detection Secenarios / SIEM use cases Key Benefits Questions & Answers 2
3 Motivation
4 ESPIONAGE. SABOTAGE. FRAUD. Why Business Applications Are Critical? Essential Business Processes Sensitive/Critical Data FI, HR, CO, PP, CRM, SRM Intellectual Property (e.g. Product data) How/Where would you attack your company? Where to earn/make or lose money? Any information an attacker wants is stored in the company s ERP system! 4
5 SAP SECURITY - A DANGEROUS STATUS QUO Application Security has been neglected Imbalance of allocated spending and perceived security risk Source: Study The STATE of RISK-BASED SECURITY MANAGEMENT by Ponemon Institute llc,
6 SAP SERVERS ON THE INTERNET The MYTH: SAP systems are inaccessible from the Internet, so vulnerabilities can be only exploited by insiders. TRUTH: Business processes are changing and anticipate the need to for remote and mobile access via web portals. PROVE: Increasing numbers of SAP systems are exposed to the Internet: Dispatcher, Message Server, HostControl, Web Services, Solution Manager, etc STATS: Searches performed using well-known Google search requests or Shodanhq result in hundreds of SAP Servers accessible from the Internet Application Server Type Search String Number based on Shodan Search SAP NetWeaver J2EE (Enterprise Portal) inurl:/irj/portal 834 SAP Business Objects (SAP ITS) inurl:infoviewap 20 SAP NetWeaver ABAP inurl:/sap/bc/bsp 113 6
7 MOTIVATION SAP ABAP Risk / Attack Vectors Insecure ABAP Coding Configuration Errors (system settings) Business Logic Business Runtime Database Not controlled, remote access via RFC, SOAP etc. Transports / SW Deployment Operating System Data Manipulation OS Commands Over 95% of SAP systems are exposed to espionage, sabotage and fraud attacks. Do you really think auditing SoD controls is sufficient? 7
8 SAP Live Hacking
9 LIVE HACKING Hack example: /SA38 as a backdoor EDITOR CALL /SA38 EXPLOIT Minimalistic Authorization Report start, but No Table Access rights Execute Report incl. EDITOR CALL TABLE read & write access 9
10 LIVE HACKING SAP hack detection & alerting with agilesi (example) agilesi CODE Scanner checks coding when imported to Agent systems EDITOR_CALL agilesi Transport Extractor SoD conflict detection AUTHORITY_CHECK Transport released by containing objects created by Hidden ABAP Transport imported by 10
11 360 SAP Security
12 360 SAP SECURITY MONITORING 360 = SAP goes SIEM Identity Mgmt. Systems Physical Access /Web Gateways Endpoints Servers Network devices SIEM Security devices Databases Runtime of Business Applications 12
13 360 SAP SECURITY MONITORING 360 = Continous! Automated! Complete! In one spot! SIEM agilesi SAP -SIEM integration SAP Security Sources SAP SIEM Integration Security Audit Log automated System Log continuous System Parameters complete Tables in one spot Transport Log Gateway Config & Log Change Documents SIEM SAP Security Analytics Content & Use Cases derived from: DSAG Audit Guidelines SAP Security Recommendations SAP Pentesting Practises Dashboards, Reports, Notifications Table Change Logging SAP specific categorization for SIEM Access Control Data Monitors, Active Lists, Rules Security Notes Cross-Event & Device Correlation 13
14 HOLISTIC APPROACH FOR CONTINUOUS SAP SECURITY MONITORING Secure Code Virtual Forge Secure Apps Change Mgmt Source Code weaknesses Secure Systems Patch status, SW deployment (SAP transports) SOS Business Transaction Monitoring Detect Attacks CSI AA GRC System settings, SoD & critical authorizations. manual/custom ACL/Oversight tools Critical transactions and commands Workflow anomalies, fraud und human factor Code Scanner Enterprise IT Environment 14
15 THE EFFECT The agilesi effect (e.g. critical authorizations) check assignment usage for critical auth. of critical auth. continuous landscape continuous landscape continuous landscape agilesi snapshot landscape on demand landscape on demand Firefigher only SAP GRC snapshot single systems not available not available of critical auth. audit 15
16 SECURITY MONITORING WITH SAP SOLUTIONS Manual SAP Security With agilesi snapshot continuous monitoring single systems complete landscape control manual work full automation single event source cross event/device correlation many point solutions holistic, complete functionality on demand alerting only continuous, automated, complete 360 SAP security monitoring/alerting 16
17 Use Cases
18 USE CASES / DETECTION SCENARIOS Predefined Detection Use Cases = Fast Time to Value SoD Conflicts & Access Control All DSAG checks implemented and covered by agilesi Checks are maintainable, customizable, extendable System & Client change option Check settings and changes Administrator/ Firefighter activity SAP standard accounts lock status and activity monitoring Changes to SAP standard accounts Change/Switch off authorization checks Security Audit Log settings Transactions SU24, SU25, SU26, SM01, AUTH_SWITCH_OBJECTS profile parameter auth/object_disabling_active Security Audit Log activation status configuration check filter configuration settings and changes Content & Use Cases derived from: SAP Pentesting & Security Experience DSAG Audit Guidelines STMS/Transport Table Change Logging Monitoring SAP Security Recommendations Activation status: Profile parameter rec/client and DB table settings table logs to control critical data OS Commands transport imports of critical objects imports at unusual time critical STMS parameters like RECCLIENT and VERS_AT_IMPORT Changes to user master records Data Loss Detection added value of agilesi cross device event correlation Check SAP event and network events (Client/PC activity) Debugging 18
19 BUSINESS TRANSACTION MONITORING More use cases Business Transaction Monitoring Major Invoices being made without purchase orders Deviation of: value of purchase order and invoice value at equal quantity of goods Invoice receipt and payment before date of good receipt Control of critical data of application within customer namespace (e.g. applications in production process) 19
20 VISIBILITY IS KEY. ArcSight w/ agilesi 1.0 agilesi Extractors Extractors: Visibility & Coverage Extractor Events/Data Example Use Cases Security Audit Log Subset of security events in SAP systems, such as (failed) logins, transaction starts, etc Brute force login User created / deleted / locked / unlocked Password changes Execution of reports System Log SAP basis log, for availability, error tracking, security,... Debugging Execution of OS commands Table logging in program disabled by user System Parameters SAP system configuration Password policy checks SNC encryption status SAP Gateway check Tables Data stored in Tables System and client change settings RFC configuration Single Sign-On / Logon Tickets Any data stored in any table Ping Monitor availability Check availability of SAP systems Transport Log Change management through transports with code, customizing Updates to roles Transports of critical objects, at unusual times Gateway Config & Log Communication with external programs Monitor denied external calls Change Documents Changes to Business Objects Roles, profiles and User master data Table Change Logging Changes to data stored in tables Monitor critical tables (master data, conditions of purchase) Access Control Checks against critical combinations of authorization objects SoD Conflicts Backdoor implementation via transports Security Notes SAP RSECNOTE implementation status Security notes missing in system landscape 20
21 Solution Architecture
22 agilesi ARCHITECTURE MODEL data collection agilesi AGENT monitored systems data extraction acc. to CORE config extractor job programs/reports FI CO log SM SIEM MM SD analysis agilesi Analytics frontend dashboards, reports, notifications SAP specific categorization in SIEM event correlation, security analytic PP administration agilesi CORE Extractor Service Management event transformation (SIEM format) Web DynPro interface (conf. frontend) AA 22
23 SETUP Extractor management/deployment/scheduling 23
24 SIEM FRONT END agilesi 4 ArcSight: Management Dashboards missing security patches per system overall PROD system landscape 24
25 MEANINGFUL DASHBOARDS agilesi 4 ArcSight: SOC focused control dashboards Compliance/ security dashboard overview event graph from top level charting to event drilldown 25
26 Offerings 26
27 OFFERINGS agilesi is available for: 27
28 LICENSE MODEL (# SID) SID: ECP SID: PLP Host: sap-lnx-01 Host: sap-windows-01 Instance: 00 (central instance) Instance: 00 (central instance) Application: ECC 6.0 Application: PLM SID: ECP Host: sap-lnx-02 LICENSE: # SID = 3 Instance: 01 (dialog instance) Application: ECC 6.0 SID: ECP ECP PLP CRP SID: PLP Host: sap-windows-02 Instance: 01 (dialog instance) Application: PLM SID: CRP Host: sap-lnx-03 Host: sap-windows-03 Instance: 02 (dialog instance) Instance: 00 Application: ECC 6.0 Application: CRM 28
29 Summary
30 How can you protect your most critical application while reducing costs? Eliminate the blind spot in SAP Security Monitoring Continuously monitor your critical system conditions and events Automate collection, correlation, visualization, reporting & alerting Reduce your audit costs & efforts and safe costly SAP consultants Utilize predefined checks and SAP -specific threat vector detection Enable your SOC team to interpret SAP security events and act 30
31 Key use & benefits Regain control with Security Intelligence for SAP Improve your SAP Security & Risk Management Lower the number and criticality of auditor s findings Transform your risks into remediation Fulfill compliance requirements for your SAP landscapes Consolidate the SAP tool zoo into one holistic approach 31
32 Let s discuss it!
33 IT S ABOUT THE I IN IT, NOT JUST THE T! Thank you for your attention! For more information visit it-cube SYSTEMS GmbH Paul-Gerhardt-Allee München Germany P: F: M: W: +49 (89) (89) info@it-cube.net
34 Company Overview
35 COMPANY OVERVIEW Our Expertise Full-service provider for IT-/SAP-Security with 10+ years experience Vendor-neutral consulting, system integration, product development Founded in 2001, privately held Partnerships with 20+ A-brand vendors 28 consultants, 8 developers Approved for classified information (Ü2) by BMWi 35
36 SOLUTION OVERVIEW Portfolio it-cube SYSTEMS GmbH SIEM & Security Intelligence, Security Log Management, SAP Security Monitoring, APT & Malware Defense, Application Firewalling, Database Security, Software Security & Code Analysis, Data Leakage Prevention (DLP), Secure Data Exchange und Managed Security Services (MSS), Threat Intelligence, Digital Forensic, Endpoint Security, Business Analytics, IT Networks, SIEM & Security Intelligence, Security Log Management, SAP Security Monitoring, APT & Malware Defense, Application Firewalling, Database Security, Software Security & Code Analysis, Data Leakage Prevention (DLP), Secure Data Exchange und Managed Security Services (MSS), Threat Intelligence, Digital Forensic, Endpoint Security, Business Analytics, IT Networks, SIEM & Security Intelligence, Security Log Management, SAP Security Monitoring, APT & Malware Defense, Application Firewalling, Database Security, Software Security & Code Analysis, Data Leakage Prevention (DLP), Secure Data Exchange und Managed Security Services (MSS), Threat Intelligence, Digital Forensic, Endpoint Security, Business Analytics, IT Networks, SIEM & Security Intelligence, Security Log Management, SAP Security Monitoring, APT & Malware Defense, Application Firewalling, Database Security, Software Security & Code Analysis, Data Leakage Prevention (DLP), Secure Data Exchange und Managed Security, Database 36
37 SOLUTION PORTFOLIO it-cube SYSTEMS Defending your success. it-cube Solutions Security Intelligence Managed Services Security Information & Event Management (SIEM) Log-Management & IT-Search Threat Intelligence Digital Forensics Industrial/SCADA Security Governance Risk Compliance (GRC) Managed Security Services (MSS) Security Outsourcing Operational Outtasking Service & Support Helpdesk People & Processes IT-/Business Application Monitoring Transaction Monitoring SOC / NOC Process Design Identity and Access Management (IAM) Security Awareness Building Security Training Data Analytics Operational Intelligence Big Data Analysis Business Analytics IT-Search Business Application Monitoring Professional Services Security Consulting Security Training Security Assessments System Integration Product Development Customizing & Engineering Network & Infrastructure Applications SAP-Security Data Loss Prevention (DLP) Malware Protection Software Code Analysis Secure Data Exchange Database Virtualization IT-Monitoring Firewalling Intrusion Prevention Web/ Security Remote Access Network Access Control Vulnerability Management Virtualization Security 37
SAP Security Monitoring with agilesi. agilesi tm Solution Brief Product Specification July 2012 Version 1.1
SAP Security Monitoring with agilesi Solution Brief agilesi Rel. 1.1 Product Overview agilesi turns SAP Security Data into Insight, Action and Competitive Advantage. The new agilesi solution is a game-changer
More informationagilesi tm Whitepaper September 2012 Version 1.1 SAP Security Monitoring with agilesi Business Whitepaper Securing SAP Landscapes
SAP Security Monitoring with agilesi Business Whitepaper Securing SAP Landscapes How to Protect Exposed Business-Critical Applications? Today SAP business solutions are the first choice for many organizations
More informationSAP Secure Operations Map. SAP Active Global Support Security Services May 2015
SAP Secure Operations Map SAP Active Global Support Security Services May 2015 SAP Secure Operations Map Security Compliance Security Governance Audit Cloud Security Emergency Concept Secure Operation
More informationInception of the SAP Platform's Brain Attacks on SAP Solution Manager
Inception of the SAP Platform's Brain Attacks on SAP Solution Manager Juan Perez-Etchegoyen jppereze@onapsis.com May 23 rd, 2012 HITB Conference, Amsterdam Disclaimer This publication is copyright 2012
More informationIBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer
IBM Security QRadar SIEM & Fortinet / FortiAnalyzer Introducing new functionality for IBM QRadar Security Intelligence Platform: integration with Fortinet s firewalls and logs forwarded by FortiAnalyzer.
More informationCYBER-ATTACKS & SAP SYSTEMS Is our business-critical infrastructure exposed?
CYBER-ATTACKS & SAP SYSTEMS Is our business-critical infrastructure exposed? by Mariano Nunez mnunez@onapsis.com Abstract Global Fortune 1000 companies, large governmental organizations and defense entities
More informationObserveIT User Activity Monitoring
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ObserveIT provides a comprehensive solution for monitoring user activity across the enterprise. The product operates primarily based on
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Peter Helms, Senior Sales Engineer, CISA, CISSP September 6, 2012 1 McAfee Security Connected 2 September 6, 2012 Enterprise Security How? CAN? 3 Getting
More informationSecuring ephi with Effective Database Activity Monitoring. HIMSS Webcast 4/26/2011. p. 1
Securing ephi with Effective Database Activity Monitoring HIMSS Webcast 4/26/2011 p. 1 Agenda Agenda Database Security Primer Industry Trends What Works Integrated DB Security Product Demonstration Questions
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationClavister InSight TM. Protecting Values
Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide
More informationSAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts
SAP Cybersecurity Solution Brief Objectives Solution Benefits Quick Facts Secure your SAP landscapes from cyber attack Identify and remove cyber risks in SAP landscapes Perform gap analysis against compliance
More informationSecurity Analytics The Beginning of the End(Point)
Security Analytics The Beginning of the End(Point) Arie Joosse Arie.Joosse@nexthink.com It s 10am, what do you know about your endpoints? What applications are running? New ones that you didn t deploy
More informationContinuous Audit and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes
REMEDYNE Fraud Prevention Document Version: Rel. 1.4 2015-03-05 Continuous Audit and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes TABLE OF CONTENTS 1. SOLUTION
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationDeveloping Value from Oracle s Audit Vault For Auditors and IT Security Professionals
Developing Value from Oracle s Audit Vault For Auditors and IT Security Professionals November 13, 2014 Michael Miller Chief Security Officer Integrigy Corporation Stephen Kost Chief Technology Officer
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationSecuring the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation
Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationAuditing the Security of an SAP HANA Implementation
Produced by Wellesley Information Services, LLC, publisher of SAPinsider. 2015 Wellesley Information Services. All rights reserved. Auditing the Security of an SAP HANA Implementation Juan Perez-Etchegoyen
More informationSAP Netweaver Application Server and Netweaver Portal Security
VU University Amsterdam SAP Netweaver Application Server and Netweaver Portal Security Author: Nick Kirtley Supervisors: Abbas Shahim, Frank Hakkennes Date: 28-09-2012 Organization: VU University Amsterdam,
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationToo Critical To Fail Cyber-Attacks on ERP, CRM, SCM and HR Systems
Too Critical To Fail Cyber-Attacks on ERP, CRM, SCM and HR Systems SESSION ID: HTA-R01 Mariano Nunez CEO Onapsis Inc. @marianonunezdc Why Should We Care? Over 95% of the ERP systems analyzed were exposed
More informationIf I want a perfect cyberweapon, I'll target ERP
If I want a perfect cyberweapon, I'll target ERP Alexander Polyakov / ERPScan Session ID: ADS-R07 Session Classification: Advanced Intro I hate CYBER talks and all that buzz I usually do more technical
More informationTHE STATE OF SAP SECURITY 2013: VULNERABILITIES, THREATS AND TRENDS
THE STATE OF SAP SECURITY 2013: VULNERABILITIES, THREATS AND TRENDS Alexander Polyakov ERPScan Session ID: DAS-T03 Session Classification: Intermediate Agenda SAP: Intro SAP: vulnerabilities SAP: threats
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationRisk Analytics for Cyber Security
Risk Analytics for Cyber Security Justin Coker, VP EMEA, Skybox Security IT Challenges 2015, Belgium 2nd October 2014 www.skyboxsecurity.com justin.coker@skyboxsecurity.com +44 (0) 7831 691498 Risk Analytics
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationInformation Technology Policy
Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov
More informationSAP SECURITY CLEARING THE CONFUSION AND TAKING A HOLISTIC APPROACH
SAP SECURITY CLEARING THE CONFUSION AND TAKING A HOLISTIC APPROACH WWW.MANTRANCONSULTING.COM 25 Mar 2011, ISACA Singapore SOD SAS70 Project Controls Infrastructure security Configurable controls Change
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationSecurity and Your SAP System When Working with Winshuttle Products
Security and Your SAP System When Working with Winshuttle Products 2014 Winshuttle, LLC. All rights reserved. 2/14 www.winshuttle.com Background Companies running SAP systems are accustomed to configuring
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationInformation System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls
Information System Audit Arkansas Administrative Statewide Information System (AASIS) General Controls ARKANSAS DIVISION OF LEGISLATIVE AUDIT April 12, 2002 April 12, 2002 Members of the Legislative Joint
More informationFrom the Bottom to the Top: The Evolution of Application Monitoring
From the Bottom to the Top: The Evolution of Application Monitoring Narayan Makaram, CISSP Director, Security Solutions HP/Enterprise Security Business Unit Session ID: SP01-202 Session 2012 Classification:
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationContinuous Monitoring and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes
REMEDYNE Continuous Monitoring Document Version: Rel. 1.6 2015-09- 07 Continuous Monitoring and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes TABLE OF CONTENTS
More informationEvolving Threat Landscape
Evolving Threat Landscape Briefing Overview Changing Threat Landscape Profile of the Attack Bit9 Solution Architecture Demonstartion Questions Growing Risks of Advanced Threats APT is on the rise 71% increase
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationLogInspect 5 Product Features Robust. Dynamic. Unparalleled.
LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationNetwork Security. Intertech Associates, Inc.
Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture
More informationRSA Security Analytics
RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationLogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.
LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,
More informationIT Security Strategy and Priorities. Stefan Lager CTO Services stefan.lager@addpro.se
IT Security Strategy and Priorities Stefan Lager CTO Services stefan.lager@addpro.se Cyberthreat update Why would anyone want to hack me? I am not a bank! Security Incidents with Confirmed Data Loss Source:
More informationCorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP. Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014
CorreLog: Mature SIEM Solution on Day One Paul Gozaloff, CISSP Presentation for SC Congress esymposium CorreLog, Inc. Tuesday, August 5, 2014 Agenda 1. About CorreLog 2. Log Management vs. SIEM 3. The
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationProduct Roadmap Session 16 Nov 2011, Blijdorp Zoo Rotterdam
Product Roadmap Session 16 Nov 2011, Blijdorp Zoo Rotterdam Bart van Dongen, CTO Ferry van Genderen, Head of development Mike Hoksbergen, Software Development Partner EA HR Hans Veltman, Product Manager
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
More informationWhite Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere
Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive
More informationHP NonStop Server Security and HP ArcSight SIEM
HP NonStop Customer Technical Talk HP NonStop Server Security and HP ArcSight SIEM 04/12/2012 HP NonStop Karen Copeland HP Enterprise Security Morgan DeRodeff XYPRO Barry Forbes NonStop Enterprise Division
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationTop 10 most interesting SAP vulnerabilities and attacks Alexander Polyakov
Invest in security to secure investments Top 10 most interesting SAP vulnerabilities and attacks Alexander Polyakov CTO at ERPScan May 9, 2012 Me Business application security expert What is SAP? Shut
More informationAn Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011
An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011 Brian McLean, CISSP Sr Technology Consultant, RSA Changing Threats and More Demanding Regulations External
More informationRedefining SIEM to Real Time Security Intelligence
Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities
More informationThe Power of Risk, Compliance & Security Management in SAP S/4HANA
The Power of Risk, Compliance & Security Management in SAP S/4HANA OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationAutomate PCI Compliance Monitoring, Investigation & Reporting
Automate PCI Compliance Monitoring, Investigation & Reporting Reducing Business Risk Standards and compliance are all about implementing procedures and technologies that reduce business risk and efficiently
More informationThe Role of Security Monitoring & SIEM in Risk Management
The Role of Security Monitoring & SIEM in Risk Management Jeff Kopec, MS, CISSP Cyber Security Architect Oakwood Healthcare Jeff Bell, CISSP, GSLC, CPHIMS, ACHE Director, IT Security & Risk Services CareTech
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationWeb App Security Audit Services
locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System
More informationlocuz.com Professional Services Security Audit Services
locuz.com Professional Services Security Audit Services Today s Security Landscape Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System layer.
More informationKnow your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products
Know your security in mission critical environments Petr Hněvkovský, Senior Security Consultant, HP Enterprise Security Products Threat landscape Riskier Enterprises + Advanced Attackers = More Attacks
More informationMinimize Access Risk and Prevent Fraud With SAP Access Control
SAP Solution in Detail SAP Solutions for Governance, Risk, and Compliance SAP Access Control Minimize Access Risk and Prevent Fraud With SAP Access Control Table of Contents 3 Quick Facts 4 The Access
More informationHow To Create Situational Awareness
SIEM: The Integralis Difference January, 2013 Avoid the SIEM Pitfalls Get it right the first time Common SIEM challenges Maintaining staffing levels 24/7 Blended skills set, continuous building of rules
More informationState of SIEM Challenges, Myths & technology Landscape 4/21/2013 1
State of SIEM Challenges, Myths & technology Landscape 4/21/2013 1 Introduction What s in a name? SIEM? SEM? SIM? Technology Drivers Challenges & Technology Overview Deciding what s right for you Worst
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationQlikView's Value Proposition to SAP Accounts
QlikView's Value Proposition to SAP Accounts Key Themes and Agenda Time To Value Performance Total Cost of Ownership SAP Background QlikView and SAP Business Warehouse Business Objects Common Data Warehouse
More informationCompliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT
Compliance & SAP Security Secure SAP applications based on state-of-the-art user & system concepts Driving value with IT BO Access Control Authorization Workflow Central User Management Encryption Data
More informationSAP Identity Management Overview
Identity Management Overview October 2014 Public Agenda Introduction to Identity Management Role Management and Workflows Business-Driven Identity Management Compliant Identity Management Reporting Password
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationKelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan
The Truth about Data Loss Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationChanging the Enterprise Security Landscape
Changing the Enterprise Security Landscape Petr Hněvkovský Presales Consultant, ArcSight EMEA HP Enterprise Security Products 2012 Hewlett-Packard Development Company, L.P. The information contained herein
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationMcAfee Network Security Platform
McAfee Network Security Platform Next Generation Network Security Youssef AGHARMINE, Network Security, McAfee Network is THE Security Battleground Who is behind the data breaches? 81% some form of hacking
More informationGood Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats?
Good Guys vs. the Bad Guys: Can Big Data Tools Counteract Advanced Threats? Will Froning, Information Security Manager, American University of Sharjah Mark Seward, Senior Director, Security and Compliance
More informationUnified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice
Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government
More informationEAS-SEC Project: Securing Enterprise Business Applications
EAS-SEC Project: Securing Enterprise Business Applications SESSION ID: SEC-W06 Alexander Polyakov CTO ERPScan @Twitter sh2kerr Alexander Polyakov CTO of the ERPScan inc EAS-SEC.org President Business application
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationDevice Hardening, Vulnerability Remediation and Mitigation for Security Compliance
Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance Produced on behalf of New Net Technologies by STEVE BROADHEAD BROADBAND TESTING 2010 broadband testing and new net technologies
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More information