Security. Security consulting and Integration: Definition and Deliverables. Introduction

Transcription

1 Security

2 Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data technologies, such as Voice over IP (VoIP), web applications, mobile devices, wireless LANs (WLANs), and instant messaging. At the same time, there is pressure to comply with emerging regulations, and business partner or customer requirements related to security, privacy or business continuity. Given this new layer of complexity, how can an organization cost-effectively secure its business assets and reputation without compromising opportunities for future growth? Finding the right answer begins with leveraging the strengths of a trusted advisor who understands what it takes to secure next-generation networks. Alcatel-Lucent offers extensive knowledge and expertise for protecting network and system infrastructures and information. Alcatel-Lucent's Security solution helps companies understand their security requirements, identify vulnerabilities, reduce risk, and defend against and respond to attacks. Alcatel-Lucent's security consulting and integration services help customers to improve their security policies, practices and use of technologies, and are built upon a foundation of industry standards and best practices. Additionally, Alcatel-Lucent's Security solution enables service providers and large enterprises to centralize their security management operations, similar to those in a centralized network operation center. Alcatel- Lucent's consolidated security operations center (SOC) platform is designed, integrated and customized to meet each customer's security requirements. It provides 24/7 monitoring and crisis management capabilities, and can be structured as a Managed Security Service (MSS). Alcatel-Lucent's Security solution is fully complementary of Alcatel-Lucent's other strategic solutions, such as IP Transformation, IPTV and Triple Play, thereby enabling customers to benefit from fully integrated, secure solutions and operations. The Security Solution enables service providers to secure new triple play services and safely introduce new, valueadded services to their customers and partners. Security consulting and Integration: Definition and Deliverables Alcatel-Lucent's security consulting and integration services help organizations identify, manage and mitigate risks, while maximizing the benefit of their security investments. Alcatel- Lucent's certified security professionals have the first-hand knowledge and industry experience to understand customers' challenges, develop their security strategies, and augment customers' in-house capabilities. These services are especially beneficial for customers deploying new architectures where security risks require special design considerations and hardening of solutions. Increasing Internet activity, along with the use of VoIP and broadband services, wireless connections and other new technologies drive these security requirements. Alcatel-Lucent security consulting and integration services can be customized to meet customers' needs in the following areas: Security Risk Assessment services analyze the customer's organization and its infrastructure (e.g., network, applications, services and policies) to understand security risk exposures. This may be accomplished via a traditional risk assessment or policy gap analysis, or through different forms of testing to discover vulnerabilities, from design and architecture reviews to vulnerability assessments and penetration tests. Information obtained from this activity can be useful in defining future security requirements and recommendations. Review your security policies and understand their current application through interviews and audits Perform applicable security testing Assess the current security technical architecture through network devices hardening and conformance to policy Conduct vulnerability testing Reproduce real-world attack scenarios to identify and exploit vulnerabilities (penetration testing) Perform policy gap analysis for existing policy, practice, standard or procedure documents based on industry standards as a framework Analyze inputs to identify and prioritize network and organizational vulnerabilities 02

3 Network scanning results and interview summaries Documentation of baseline security posture Policy document inventory summary Prioritized threat matrix Tailored mitigation recommendations Security Strategy and Policy services help customers to create their security strategy and governance model. These services help customers define an overall security program and specific policies tailored to their organization, as well as guide the implementation of security policies and/or benchmarking to industry standards. Analyze the customer's present security environment and/or policy documents Document security policy findings and security requirements Formulate and document security policies Plan, design, implement and maintain an incident response program and operational processes for handling incidents A baseline understanding of your environment with documented security policies and high-level recommendations for security improvement. A well-formed incident response policy and functional architecture based on industry best practices, as well as process documents. Security Architecture and Design services develop security architectures and detailed designs based on business drivers and security policies. Develop design documentation, including detailed specifications on equipment/appliance design and requirements (including hardening), traffic flow/controls, and management, monitoring and alarm functions. Detailed security architecture showing diagrams, services, interface and IP address mapping List of recommended security components (equipment, appliance and applications) Detailed security design documentation, including device configurations and deployment guidelines Pre-defined security assurance solution for triple play, part of the 8950 solution portfolio Security Policy and Architecture Integration services specify, design, implement and test security network and/or IT architecture solutions to support business requirements and security policies. Develop security implementation, integration and test plans Perform all security implementation and testing activities, with minimal impact to operations in migration scenarios Verify the security components' implementation and hardening, and perform acceptance testing procedures Implementation, integration and testing results documentation Updated as-built design documents services, architecture and configurations Acceptance document and issue tracking report Recommendations for further security component enhancements, if any Analyze business drivers and security requirements Create security architecture using best-in-class security components and policies, to include segmentations, logical controls, functionality. 03

4 Business Continuity / Disaster Recovery (BCDR) services plan for and enable the secure continuity of operations. Specific activities include business impact analysis, risk assessment, gap analysis, BCDR plan design and development, and plan testing / maintenance. Identify deviation from the customer's BCDR policies and industry best practices Identify impacts of potential risks to the networks and other aspects of the business, and quantify impacts in financial terms Identify BCDR vulnerabilities and recommend improvements Develop a BCDR plan tailored to the customer's business needs Thoroughly test the customer's BCDR plan and train their staff Complete report of all findings, best practices and recovery planning suggestions Complete analysis package, including rating and ranking of risks, threats and vulnerabilities Documented BCDR plan Documented BCDR test exercise plan and testing results Tailored mitigation recommendations Payment Card Industry (PCI) Security Compliance services help enterprises and carriers who store, process or transmit cardholder data comply with the PCI Data Security Standard. The services address compliance readiness or remediation activities, as well as actual compliance validation via PCI data security assessments and scanning. Review the customer's security policies and understand their current application through interviews and/or audits Identify gaps between the PCI standards and the customer's current security posture Perform validation on a sampling of systems in the cardholder processing environment Review the customer's computing environment for vulnerabilities that may allow potential disruption or unauthorized access Document vulnerabilities and recommendations on how to reduce the customer's exposure level Create a compliance report following the PCI guidelines and methodology Documented findings and/or a comprehensive report of security vulnerabilities PCI Data Security Assessment Readiness Report, including a gap analysis with remediation recommendations Report on compliance following the report content and format prescribed in PCI Security Audit Procedures PCI Security Scanning Report, including compliance level and recommendations 04

5 Security Consulting and Integration Methology Alcatel-Lucent's people, knowledge assets and methodology deliver superior results for security solutions: Unparalleled experience and global expertise with more than 25 years of high-security wireline, wireless, voice and data - Highly skilled consultants, including 85+ CISSP/ISO experts and Master Recovery Planner credentials - 1,000+ security engagements spanning service providers, enterprises, and government Pioneering research and industry leadership, including security patents and key roles in leading advisory and standards bodies related to security Multivendor, end-to-end capabilities with experience across 450+ products of 100 best-in-class vendors Our methodology manages end-to-end complexity to deliver superior security solutions Managed Security Services Security Risk Assessment PCI Security Compliance BCDR Consulting Security Strategy & Policy Security Architecture & Design Managed security services: Definitions and Deliverables Alcatel-Lucent's SOC and MSS approach is the coordinated design, implementation and operation of eight activities often delivered by vendors independently. The security policy reference definition and management includes analyzing business risks and priorities, defining the solution architecture and policies, as well as organizational/awareness processes. This policy will be more effective if accompanied by an active editorial strategy through a security portal, keeping both operations staff and customers/end-users trained and informed. Security processes and operations for workplace and end user equipment may be the responsibility of Alcatel-Lucent's SOC, depending on the ownership of customer premise equipment. As the SOC assumes more responsibility for managing security equipment, it can assist in identifying and managing vulnerabilities to preserve protection levels. The security operations team members, who work in partnership with the SOC, manage the day-to-day configuration of rules, filters, access control lists and software/hardware upgrades to assure they meet security policy requirements. Audits are performed to determine conformity with policy. The SOC will monitor and detect intrusions, and via correlation capabilities, will respond appropriately to any incidents. Alcatel-Lucent's tailored solution addresses customers' needs in terms of incident prevention, response and monitoring, and enables cost-effective compliance with regulatory requirements. The graphic below depicts Alcatel-Lucent's Managed Security scope of work: Security Policy & Architecture Integration Policy management Editorial management Access & data projection management Security monitoring SOC User management Audit management Security management Vulnerability management 05

6 Managed security services: Definitions and Deliverables Alcatel-Lucent's Managed Security Services provide coverage from prevention to response: Threat management, through the availability of a Threat Knowledge Base, which Alcatel-Lucent manages through the CERT-IST*, and impact assessment, through simulation, modelization and decision-helping services. Vulnerability assessment, through intrusive and non-intrusive approaches, coupled with vulnerability scan processes and IT inventory interaction. Monitoring services and Security Event Management through the deployment and operation of a Security Information Management solution. * (Computer Emergency Response Team Industry, Services and Tertiary sector a key security institution (member of the Forum of Incident Response and Security Team: FIRST); Alcatel-Lucent's experts advise and design the best security management solution, and integrate the SOC managed services to each unique operational environment. Alcatel-Lucent's SOC management solution can complement Alcatel-Lucent's Integrated Fault Management solution to provide a complete and integrated Service Assurance environment. Provide 24/7 monitoring and crisis management capabilities Trending and analysis of logs and security threat activities Event notification and remediation Log file correlation Threat management Vulnerability assessment Decreased downtime and faster resolution Customized reporting Increased security and visibility to incidents/attacks Path to compliance with industry standards and regulatory requirements Alcatel-Lucent SOC Features: 1. Security Event Logging and Storage Executed by operational datacenter and network nodes 2. Global/Central Security Log Collection Customer dedicated central storage and global view 3. Global/Central Vulnerability assessment Customer dedicated threat vulnerability and impact assessment Assets vulnerability assessment (scans, correlated with inventory) 4. Global Security Reporting Regular communications to top executives, CSO organization and IT Security Operations Near-real-time: statistics of key security indicators (KSI) On-demand: standard and customizable reports Daily/weekly/monthly report generation Concept: Security dashboard 5. Global Alerting Service Security Incident Handling 24/7 operations for real-time security analysis and incident identification Customer care center/security/operations, incident handling Chief Information Officer (CIO) incident escalation

7 Framework Alcatel-Lucent SOC Benefits: Consolidation of high volumes of data from a large number of security devices, including firewalls, intrusion detection systems, and host systems. This coverage allows identifying potential threats in real-time. Analysis of the vast amount of security events to quickly prioritize real threats and concerted security attacks. Prevention of damage to a service delivered by the infrastructure or a business relying on it. Through analysis, reporting and simulation of threat exposure, Alcatel-Lucent is able to control the appropriate mitigation strategy in coordination with patch management or security configuration processes. Monitoring of security breaches and problems before they impact Quality of Service or threaten business areas. Security experts have an end-to-end view of the security infrastructure and can manipulate, prioritize and de-prioritize the information collected across the environment, in a point and click format. Problem Interface Dashboard Incident Interface Threats & Vunerabilities Management Prevention Change Interface Detection Infrastructure and Infostructure Config. Interface Service Desk Event & Incident User Management Reaction Watch Assess Assure Detect Alert React Investigate Crisis Management Service Level Mgt. Service Support Services Managed Security Methodology Alcatel-Lucent helps customers implement a process that provides security management throughout the network life cycle (e.g., new infrastructure rollout, new services introduction) while addressing emerging security threats. To meet this objective, security management is a recurrent process that follows the cycle of: ANALYZE: During the design and specification phases, security must be taken into account through: Risk assessment, to identify potential risks for both the infrastructure and the delivery of services. This allows the definition of security objectives. Secure design, to ensure that security objectives are addressed in the design of networks and applications, thus ensuring proper mitigation of security risks. PROTECT: During the implementation and deployment phases, the required security building blocks (e.g. firewall, IDS) are customized, and other, non-security specific components are hardened. MONITOR AND PREVENT: During the infrastructure operation phase, security incidents are detected in real-time and the customer is alerted to the level of exposure. REACT: Following security incident detection, timely, responsive action is taken to eradicate or minimize the impact of the incident (e.g., equipment reconfiguration, applying of patches); thereby reducing the risk with a focus on mission critical infrastructure and services. IMPROVE: Secure operation enables the ongoing improvement of security processes and designs, by reacting to security attacks or taking into account security measurement processes (i.e., audit).

8 Many of these services are enhanced by the support of the CERT-IST, which provides: On-time risk prevention services and assistance for incident handling Daily and real-time advisories and alerts, available on a private website, mailed-pushed and profiled Permanently updated database of flaws/vulnerabilities and known patches Monthly security bulletin and weekly vulnerabilities update Main Solution Customer Benefits Alcatel-Lucent's Security solution helps customers balance the risk, cost and quality concerns associated with protecting their infrastructure, services and information. Alcatel-Lucent provides customized solutions, from serving as a trusted security advisor to managing customers' security so they can focus on their core business. Customers choose Alcatel-Lucent's Security Solution to help: Mitigate risk and liability Protect corporate reputation/brand, and build trust with end users and business partners Manage threats proactively, and prevent network downtime and/or security incidents Enable compliance with regulatory or business partner/customer requirements, thereby avoiding financial penalties due to fines, violations of service level agreements, etc. Accelerate the secure use of new technologies with proven expertise Obtain an independent, third-party review of the effectiveness of security measures used to protect their infrastructure, services and sensitive data as well as mitigation strategies. Enhance staff productivity and build security operations expertise with shared resources and facilities, which also optimizes OPEX/CAPEX. Gain strong escalation capabilities for computer incident response and crisis management

9

10 Alcatel-Lucent and the Alcatel-Lucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. Alcatel-Lucent assumes no responsibility for the accuracy of the information presented, which is subject to change without notice Alcatel-Lucent. All rights reserved