I D C A N A L Y S T C O N N E C T I O N

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "I D C A N A L Y S T C O N N E C T I O N"

Transcription

1 I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM) provides a window into an organization's risk posture and allows for that risk position to be monitored and improved. Organizations are looking for ways of optimizing their security infrastructure to cost-effectively deal with real threats. Continuous security monitoring tools and processes provide the knowledge and intelligence that enable IT professionals to coordinate cyberdefense. CSM products can be considered the "brains" of an organization's security efforts. The following questions were posed by Tenable to Robert Westervelt, research manager for IDC's Security Products group, on behalf of Tenable's customers. Q. Enterprises spend a considerable amount of money on security products, but serious breaches continue to plague those same organizations. Is there something else people can do to improve their security investments? A. The latest spate of high-profile breaches has prompted organizations to reassess their approach to securing their critical assets. One of the best ways to do that is by bolstering visibility through continuous security monitoring. The best approach is to use tools that pull in contextual data over network, user, and application activity within both the corporate confines and the extended network. Continuous security monitoring provides the context required to gain situational awareness and, in turn, accelerates response when security incidents are identified, which is sorely needed if enterprises are ever going to break this persistent litany of breaches. Having continuous security monitoring tools also bolsters the security program by supporting risk-based decisions over the shotgun approaches to security decisions we see so often when critical incidents occur. That kind of security decision making when organizations are already in crisis is costly and doesn't necessarily result in protecting the most critical assets. Building in threat information with the contextual data collected about changes to the network, user habits, and application use provides the salient information required to make sound impact assessments. This kind of decision making helps security teams focus on mitigating risks to the data that keeps the blood flowing in the organization. Q. Could you explain what is meant by "continuous security monitoring"? A. Continuous monitoring is the ability to gain situational awareness of all devices and applications on the network; proactively identify, prioritize, and remediate vulnerabilities and configuration weaknesses; and gain a clear understanding that all the deployed security controls supporting IDC 1977

2 the security program are performing effectively. Continuous security monitoring enables organizations to ensure adequate protection of sensitive corporate and customer data. It involves correlating data from endpoint and network devices, security appliances, and software to identify internal threats and signs of attackers already present on the network. The result of an ongoing monitoring program is gaining a clear understanding at all times of the organization's true security posture. A program uses a mixture of automation and manual processes to achieve this complete situational awareness. Organizations typically pull in log data from the network, endpoints, and applications, analyzing and correlating events to identify potential problems that require further investigation. Forward-leaning organizations interviewed by IDC also use a mixture of passive and active vulnerability scanning to identify vulnerabilities and configuration errors in systems and applications and also identify evidence of malware and botnet activity. Those scans probe systems regularly and examine network traffic for anomalous activity that could signal a serious threat or a growing performance issue before it disrupts business operations as well as evidence of cloud services use, the presence of virtual systems, and mobile devices attempting to connect to corporate resources. It also involves regularly assessing system status across the corporate environment and its extended environments to verify the resiliency of the infrastructure as part of a proactive risk mitigation program. The data gleaned from vulnerability scanning and log management can be combined with information pulled from support systems that manage help desk requests, asset and configuration management, and incident response activities to gain additional insight. Some organizations are also adding external threat intelligence feeds both static and customized feeds to rapidly deploy protective measures when new attacks are detected and investigate whether system activity shows any known indicators of compromise associated with those attacks. Organizations that have been successful at this also gain buy-in from senior leadership and pull in lines-of-business leaders with the most knowledge of the company's core assets and business mission. They combine their knowledge with those of IT operations and security practitioners who understand the infrastructure and security controls in place to enforce data governance policies. Having these individuals involved can help everyone gain a clear understanding of the organization's risk tolerance. Q. It's generally difficult to quantify the value of security. Given that, what are the benefits an organization should expect from continuous security monitoring? A. Organizations that maintain continuous network monitoring programs improve their agility, creating a proactive security program rather than one that is consistently reacting to security incidents. Continuous monitoring enables the IT team to identify newly introduced security weaknesses before they are targeted by an attacker. The increased visibility also enables chief information security officers (CISOs) to allocate resources based on the relative impact an identified weakness has on valuable assets. If an organization is conducting passive vulnerability scanning and network traffic analysis, the data gleaned can be correlated with log data from workstations, servers, and network security gear to identify malware and other threats. This approach has also been proven to identify advanced threats, including new zero-day malware often used in targeted attacks. The data collected pulls together suspicious log-in activity, changes in network traffic that indicates botnet communication, or running processes that could be evidence of the presence of malware or criminal lateral movement within the organization IDC

3 Data breach investigations consistently identify that the common point of failure for victim organizations is the lack of proactive monitoring including oversight of remote access connections, which are frequent targets of criminals. Changes in outbound communication could also signal malware communication to remote servers or data exfiltration already in progress. Attackers often cloak their malicious activity using encryption, but abnormal traffic can trigger immediate action and further investigation. The key is to have a strong correlation engine that can identify issues and also provide the context required behind the identified issues to support rapid incident response. It is easier said than done, and most organizations have not assessed their incident response procedures, an essential component that makes continuous monitoring truly effective. Once all the continuous monitoring components are in place, maintained, and consistently used by the IT team, the enriched security program could give a company a competitive advantage. Senior executives will have the metrics in place to demonstrate to potential business partners and customers evidence of a strong security posture. The enhancements also support risk-based decision making or a data-driven approach to risk mitigation. The data gleaned from continuous monitoring can be used to measure the effectiveness of existing security investments and establish the foundation for a securityminded culture among employees. Compliance initiatives are also bolstered by having a clear validation of regulatory compliance status at all times. But more importantly, the IT security team gains a continuous knowledge of all the assets within the organization and prioritizes efforts to reduce the attack surface. The CISO can corroborate budget requests for future technology investments with data that can be easily understood by senior leadership within the organization. Q. What are the components of a continuous security monitoring solution, and which features should an enterprise concentrate on when evaluating such a solution? A. Before an organization begins evaluating continuous security monitoring solutions, an assessment should identify existing security infrastructure, the location of sensitive assets, and data flow. A clear understanding of the operational processes in place and the goals for the program is also necessary to develop requirements for evaluating solutions. A continuous security monitoring solution should have a flexible deployment model with components that support on-premises, cloud-based, or hybrid approaches. It must have the ability to pull in data from a variety of sources, including existing third-party log management, data loss prevention, and file integrity monitoring products. It must be able to assess and gauge the effectiveness of intrusion prevention systems, firewalls, and other network defenses. The solution should be scalable and have the flexibility to adapt to infrastructure changes. It must be capable of proactive auditing to maintain a constant snapshot of system statuses and alert when configuration weaknesses or vulnerabilities are detected. The solution should be agile enough to support rapid response and have the ability to measure the effectiveness of mitigation efforts, including modified security controls and the addition of new security technologies. Look for reporting capabilities that are intuitive and customizable and that provide mitigation guidance and workflows for rapid response when issues are identified. More robust solutions can prioritize risks based on system configurations, the organization's risk posture, and the sensitivity of the assets at risk. Ease of use is important, and report templates should support a variety of use cases. The analytics engine should support incorporating threat intelligence feds and be agile enough to process data about new threats. It should be capable of correlating activity from endpoint agents, logs, and data generated by emerging advanced threat detection products IDC 3

4 Dashboards must be configurable, display high-level information, allow drilldown for more granular data, and give the organization the ability to tailor the display to individual use cases. Management controls should support customization based on the organization's risk posture and the ability to tune alerts to eliminate false positives. Any generated alerts must have the context behind them to help investigators identify, scope, and contain a threat quickly. Q. Many talk about the IT security ecosystem as consisting of people, process, and technology, yet it seems technology gets the lion's share of attention. Should organizations be looking at security more holistically? A. Absolutely. In recent years, we have seen what happens when organizations fail to calculate the full impact of adopting new security technology. Despite the adoption and deployment of modern security systems capable of detecting advanced threats, there have been countless data breaches that stem from the failure to prioritize and investigate alerts, process breakdowns, inadequate or nonexistent training, and a lack of planning. Failing to thoroughly vet the impact of a new technology results in not getting the full value out of the investment or worse it can cause a false sense of security. A thorough evaluation includes understanding the immediate and long-term impact of the new solution, including the need for potential changes to the incident response workflow and ongoing maintenance and optimization requirements when changes take place. Reports detailing data breaches consistently find attackers targeting mainly known vulnerabilities and using configuration weaknesses to their advantage. Criminals bypass poorly configured and maintained network security appliances and steal account credentials to spoof a valid user and avoid being detected. Organizations can greatly reduce the potential for these lapses by becoming, achieving, and maintaining a proficient security program and using proactive monitoring to make it more costly for criminals to carry out attacks against their network. The essential technology ingredients at the heart of any continuous network monitoring program are vulnerability scanning tools to probe systems and monitor network traffic for threats and an analytics engine capable of correlating and analyzing an extensive amount of log data, network, and endpoint activity. This involves bridging silos of data, addressing weak or inadequate processes, assessing and updating policies, and communicating those policies effectively. Modern security technologies must be flexible enough to integrate with diverse security infrastructure to enable organizations to create agile security systems. Rather than layering or bolting on security technology, forward-leaning organizations are linking detached systems to interoperate when a security incident occurs. If done the right way, these systems can share threat data to become situationally aware. These intelligent security systems can respond when a threat is detected and apply protections to the rest of the network if they are needed. A B O U T T H I S A N A L Y S T Robert Westervelt is a research manager within IDC's Security Products group. He provides insight and thought leadership in the areas of cloud security, mobile security, and security related to the Internet of Things (IoT). Westervelt is also responsible for research and analysis around a wide range of evolving security markets, including endpoint security, security and vulnerability management (SVM), and identity and access management (IAM) IDC

5 A B O U T T H I S P U B L I C A T I ON This publication was produced by IDC Custom Solutions. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Custom Solutions makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee. C O P Y R I G H T A N D R E S T R I C T I O N S Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the IDC Custom Solutions information line at or Translation and/or localization of this document require an additional license from IDC. For more information on IDC, visit For more information on IDC Custom Solutions, visit Global Headquarters: 5 Speen Street Framingham, MA USA P F IDC 5

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be! I D C T E C H N O L O G Y S P O T L I G H T S e r ve r S e c u rity: N o t W h a t It U s e d t o Be! December 2014 Adapted from Worldwide Endpoint Security 2013 2017 Forecast and 2012 Vendor Shares by

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

Sluggish Incident Response: Next-Generation Security Problems and Solutions

Sluggish Incident Response: Next-Generation Security Problems and Solutions CUSTOMER NEEDS AND STRATEGIES Sluggish Incident Response: Next-Generation Security Problems and Solutions Christian A. Christiansen Christina Richmond Robert Westervelt IDC OPINION The rush to adopt technologies

More information

CLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL

CLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL CLOSING THE GAP ON BREACH READINESS INSIGHTS FROM THE SECURITY FOR BUSINESS INNOVATION COUNCIL OVERVIEW This e-book contains insights on breach readiness, response and resiliency based on in-depth interviews

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications

Technology Blueprint. Protect Your Email Servers. Guard the data and availability that enable business-critical communications Technology Blueprint Protect Your Email Servers Guard the data and availability that enable business-critical communications LEVEL 1 2 3 4 5 SECURITY CONNECTED REFERENCE ARCHITECTURE LEVEL 1 2 4 5 3 Security

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Requirements When Considering a Next- Generation Firewall

Requirements When Considering a Next- Generation Firewall White Paper Requirements When Considering a Next- Generation Firewall What You Will Learn The checklist provided in this document details six must-have capabilities to look for when evaluating a nextgeneration

More information

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

The Benefits of an Integrated Approach to Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The

More information

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats

More information

Cisco Advanced Malware Protection

Cisco Advanced Malware Protection Solution Overview Cisco Advanced Malware Protection Breach Prevention, Detection, Response, and Remediation for the Real World BENEFITS Gain unmatched global threat intelligence to strengthen front-line

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Symantec Advanced Threat Protection: Network

Symantec Advanced Threat Protection: Network Symantec Advanced Threat Protection: Network DR150218C April 2015 Miercom www.miercom.com Contents 1.0 Executive Summary... 3 2.0 Overview... 4 2.1 Products Tested... 4 2.2. Malware Samples... 5 3.0 How

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

REVOLUTIONIZING ADVANCED THREAT PROTECTION

REVOLUTIONIZING ADVANCED THREAT PROTECTION REVOLUTIONIZING ADVANCED THREAT PROTECTION A NEW, MODERN APPROACH Blue Coat Advanced Threat Protection Group GRANT ASPLUND Senior Technology Evangelist 1 WHY DO I STAND ON MY DESK? "...I stand upon my

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Migrating to Windows 7? Technology Points to Consider

Migrating to Windows 7? Technology Points to Consider I D C T E C H N O L O G Y S P O T L I G H T Migrating to Windows 7? Technology Points to Consider September 2010 Adapted from Worldwide IT Asset Management Software 2009 2013 Forecast and 2008 Vendor Shares

More information

The Hillstone and Trend Micro Joint Solution

The Hillstone and Trend Micro Joint Solution The Hillstone and Trend Micro Joint Solution Advanced Threat Defense Platform Overview Hillstone and Trend Micro offer a joint solution the Advanced Threat Defense Platform by integrating the industry

More information

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious

More information

FIVE PRACTICAL STEPS

FIVE PRACTICAL STEPS WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND

More information

I D C A N A L Y S T C O N N E C T I O N

I D C A N A L Y S T C O N N E C T I O N I D C A N A L Y S T C O N N E C T I O N David Tapper Vice President, Outsourcing and Managed Services T h e B u s i n e ss Value of Managed Servi c e s i n Optimizing Productivi t y, D r i vi n g D ow

More information

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...

More information

I D C E X E C U T I V E B R I E F

I D C E X E C U T I V E B R I E F Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com I D C E X E C U T I V E B R I E F P e netration Testing: Taking the Guesswork Out of Vulnerability

More information

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software

More information

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly

More information

SOLUTION BRIEF. Next Generation APT Defense for Healthcare

SOLUTION BRIEF. Next Generation APT Defense for Healthcare SOLUTION BRIEF Next Generation APT Defense for Healthcare Overview Next Generation APT Defense for Healthcare Healthcare records with patients personally identifiable information (PII) combined with their

More information

Ecom Infotech. Page 1 of 6

Ecom Infotech. Page 1 of 6 Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance

More information

Intel Security and TCS: Together Securing Workloads of the Modern Data Center

Intel Security and TCS: Together Securing Workloads of the Modern Data Center Intel Security and TCS: Together Securing Workloads of the Modern Data Center Data center security today is extremely different from what it was an era ago primarily because the data center has undergone

More information

Cloud and Data Center Security

Cloud and Data Center Security solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic

More information

I D C S P O T L I G H T. Ac c e l e r a t i n g Cloud Ad o p t i o n w i t h Standard S e c u r i t y M e a s u r e s

I D C S P O T L I G H T. Ac c e l e r a t i n g Cloud Ad o p t i o n w i t h Standard S e c u r i t y M e a s u r e s I D C S P O T L I G H T Ac c e l e r a t i n g Cloud Ad o p t i o n w i t h Standard S e c u r i t y M e a s u r e s March 2012 Adapted from Worldwide Cloud Security 2011 2015 Forecast: A Comprehensive

More information

I D C V E N D O R S P O T L I G H T. W o r k l o a d Management Enables Big Data B u s i n e s s Process Optimization

I D C V E N D O R S P O T L I G H T. W o r k l o a d Management Enables Big Data B u s i n e s s Process Optimization I D C V E N D O R S P O T L I G H T W o r k l o a d Management Enables Big Data B u s i n e s s Process Optimization November 2015 Adapted from Worldwide Workload Management Software Market Shares, 2014:

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights

Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights I D C E X E C U T I V E I N S I G H T S Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights May 2009 By Albert Pang, Research Director, Enterprise Applications

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

CyberArk Privileged Threat Analytics. Solution Brief

CyberArk Privileged Threat Analytics. Solution Brief CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect

More information

Total Protection for Compliance: Unified IT Policy Auditing

Total Protection for Compliance: Unified IT Policy Auditing Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.

More information

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF

SP Monitor. nfx One gives MSPs the agility and power they need to confidently grow their security services business. NFX FOR MSP SOLUTION BRIEF NFX FOR MSP SOLUTION BRIEF SP Monitor Jump Start Security-as-a-Service Designed to give you everything you need to get started immediately providing security-as-a service, SP Monitor is a real-time event

More information

Trend Micro Cloud Security for Citrix CloudPlatform

Trend Micro Cloud Security for Citrix CloudPlatform Trend Micro Cloud Security for Citrix CloudPlatform Proven Security Solutions for Public, Private and Hybrid Clouds 2 Trend Micro Provides Security for Citrix CloudPlatform Organizations today are embracing

More information

CYBER SECURITY, A GROWING CIO PRIORITY

CYBER SECURITY, A GROWING CIO PRIORITY www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper with Cloud-Based Security Services > White Paper It s a phenomenon and a fact: employees are always on today. They connect to the network whenever they want, from wherever they happen to be, with laptops,

More information

Speed Up Incident Response with Actionable Forensic Analytics

Speed Up Incident Response with Actionable Forensic Analytics WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

On-Premises DDoS Mitigation for the Enterprise

On-Premises DDoS Mitigation for the Enterprise On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

More information

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

WHITE PAPER SPLUNK SOFTWARE AS A SIEM SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to operate security operations centers (SOC) of any size (large, med, small)

More information

Continuous Cyber Situational Awareness

Continuous Cyber Situational Awareness Continuous Cyber Situational Awareness Continuous monitoring of security controls and comprehensive cyber situational awareness represent the building blocks of proactive network security. A publication

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

Safeguarding the cloud with IBM Dynamic Cloud Security

Safeguarding the cloud with IBM Dynamic Cloud Security Safeguarding the cloud with IBM Dynamic Cloud Security Maintain visibility and control with proven security solutions for public, private and hybrid clouds Highlights Extend enterprise-class security from

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

ENABLING FAST RESPONSES THREAT MONITORING

ENABLING FAST RESPONSES THREAT MONITORING ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger,

More information

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Current IBAT Endorsed Services

Current IBAT Endorsed Services Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network

More information

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle

More information

Cisco Advanced Malware Protection for Endpoints

Cisco Advanced Malware Protection for Endpoints Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview With today s sophisticated malware, you have to protect endpoints before, during, and after attacks. Cisco Advanced Malware Protection

More information

October 2014. Four Best Practices for Passing Privileged Account Audits

October 2014. Four Best Practices for Passing Privileged Account Audits Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least

More information

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com Experience the commitment white paper Information Security Continuous Monitoring Charting the Right Course cgi.com Hacking, malware, distributed denial of service attacks, insider threats and other criminal

More information

I D C V E N D O R S P O T L I G H T

I D C V E N D O R S P O T L I G H T I D C V E N D O R S P O T L I G H T S u p p o r t i n g Softw a re Business Transformation w ith Sys t e m s D e s i g n e d for the Task November 2014 Adapted from Managing Business Model Transitions

More information

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s I D C T E C H N O L O G Y S P O T L I G H T E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s M a nagement November 2013 Adapted from

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns

More information

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM The Benefits of Integrating File Integrity Monitoring with SIEM Security Information and Event Management (SIEM) is designed to provide continuous IT monitoring, actionable intelligence, incident response,

More information

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION SOLUTION BRIEF Trend Micro CLOUD AND DATA CENTER SECURITY Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION As you take advantage of the operational and economic

More information

Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares

Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015

More information

CORE Security and GLBA

CORE Security and GLBA CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com

More information

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations

More information

IBM Security QRadar Risk Manager

IBM Security QRadar Risk Manager IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to

More information

I D C T E C H N O L O G Y S P O T L I G H T. T h e I d e n t i t y I m p e r a t i ve i n t h e C l o u d

I D C T E C H N O L O G Y S P O T L I G H T. T h e I d e n t i t y I m p e r a t i ve i n t h e C l o u d I D C T E C H N O L O G Y S P O T L I G H T T h e I d e n t i t y I m p e r a t i ve i n t h e C l o u d March 2015 Adapted from Worldwide Identity and Access Management 2014 2018 Forecast by Pete Lindstrom,

More information

VULNERABILITY MANAGEMENT

VULNERABILITY MANAGEMENT Vulnerability Management (VM) software differ in the richness of reporting, and the capabilities for application and security configuration assessment. Companies must consider how a VM technology will

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Breaking down silos of protection: An integrated approach to managing application security

Breaking down silos of protection: An integrated approach to managing application security IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity

More information

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

LogInspect 5 Product Features Robust. Dynamic. Unparalleled. LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

I D C T E C H N O L O G Y S P O T L I G H T. E n a b l i n g Quality I n n o va t i o n w i t h Servi c e

I D C T E C H N O L O G Y S P O T L I G H T. E n a b l i n g Quality I n n o va t i o n w i t h Servi c e I D C T E C H N O L O G Y S P O T L I G H T E n a b l i n g Quality I n n o va t i o n w i t h Servi c e V i r t u a lization a nd Netw or k Virtualization December 2014 Adapted from Worldwide Automated

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

I D C T E C H N O L O G Y S P O T L I G H T

I D C T E C H N O L O G Y S P O T L I G H T I D C T E C H N O L O G Y S P O T L I G H T T h e B u s i n e ss Value of Hyb r i d C l o u d - B a s e d C o m p r o m i s e I n t e l l i g e nce Monitoring and T h r e a t M i tigation February 2013

More information

Carbon Black and Palo Alto Networks

Carbon Black and Palo Alto Networks Carbon Black and Palo Alto Networks Bring Together Next-Generation Endpoint and Network Security Solutions Endpoints and Servers in the Crosshairs of According to a 2013 study, 70 percent of businesses

More information

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond

More information

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information