White paper. Creating an Effective Security Operations Function
|
|
- Whitney Short
- 8 years ago
- Views:
Transcription
1 White paper Creating an Effective Security Operations Function
2 Awareness of security issues is fundamental to an effective policy. When we think of a security operations center (SOC), we often have an image of a large room, full of people sitting in neat rows, with their attention split between their desktop monitors and a big screen up-front similar to the Houston Space Center during a Space Shuttle launch. Of course, such places exist, but in many organizations, the reality is quite different. While almost every enterprise has a security operations function, it can take many forms. In some cases, it s a formally designated group, with dedicated staff and facilities. In other cases, security operations consists of just a handful of people with multiple responsibilities who deal with IT security problems as they arise. Wherever you fall on that continuum, understanding all the activities and roles in a security operations function is the first step in making those operations more effective and efficient allowing you to leverage your related technology investments and human expertise to best advantage. Security Operations Defined: What is it exactly that you do? Security operations is a term that has emerged over the last few years to describe a range of activities intended to keep an organization s information assets secure. In the past, security-related tasks were split, on an ad hoc basis, among security personnel, network administrators and server operations teams. Increasingly, these responsibilities are being united under the umbrella of security operations. Daily Activities Whether or not you have a formal SOC in place, it is quite likely that staff members are performing certain routine duties in some shape or form. These daily activities are designed keep security systems working optimally so that business processes are protected from attacks and abuses, yet can still operate seamlessly and without interruption. Vulnerability management keeps hackers (and auditors) at bay. Identifying unpatched systems, weak passwords and misconfigurations serves two purposes: helping you strengthen both security and compliance. It gives you an accurate picture of security vulnerabilities so, for example, you can encourage server operations staff to patch their systems. In turn you can stay one step ahead of hackers who might want to exploit those vulnerabilities and auditors who will hold you accountable for protecting the infrastructure in a compliant manner. Security device management increases the accuracy of threat detection. Keeping firewall policies up-to-date and tuning rules for intrusion detection (IDS) and security information and event management (SIEM) systems enables you to continually refine the accuracy of alerts. When the technology you have deployed is doing its job effectively, network traffic can flow where it needs to go, software can run without interruption, and staff time is not wasted investigating false positives. Monitoring provides an early warning when problems occur. Scanning the security environment for signs of trouble is an ongoing task. This includes verifying that security systems are working properly, checking various communication channels for automated alerts that may require follow-up, and scanning for other indicators, such as an unexplained spike in network traffic, that may signal an attack is under way. Threat research tells you what to look for and how others are responding. Many resources are available to help you keep track of newly discovered vulnerabilities, how they are being exploited and what fixes have been developed in response. These resources include vendor security advisories, bulletin boards, mailing lists and organizations such as the Computer Emergency Response Team (CERT ), SANS Internet Storm Center and the Department of Homeland Security s Cyber Security Alerts. The information they provide can help you quickly recognize an attack and take appropriate actions to reduce your risk. Longer term, they can help you prioritize security investments to better protect your environment.
3 Tools Data Feeds & bulletin boards Threats Configuration management database Assets Information Alerts Figure 1. A Snapshot of Security Operations Vulnerability assessment SIEM & log management Device consoles Vulnerabilities Events Policies Security Operations Center Reports Advisories Drawing on a wide range of tools and information resources, the Security Operations function continually monitors an organization s security environment, responds to immediate threats and longerterm vulnerabilities, and provides advice and guidance on security matters to both senior management and business units. Identity & access management Identities Incident and Issue Management Beyond daily operations, another set of tasks is carried out in response to security incidents. In smaller organizations such events may only happen periodically; in larger organizations they are likely to occur with greater frequency, requiring the attention of dedicated security operations personnel. Rapid incident response mitigates the impact of attacks. The SOC directs the response to attacks and high-risk vulnerabilities, taking immediate steps to blunt the impact of an attack in progress and providing network administrators and systems operators with guidance on further steps to contain or remediate a threat. Issue triage and incident management help ensure you re spending your time wisely. Most security operations teams have more work than they can handle. Establishing an issue triage process enables staff to quickly assess incidents and issues and prioritize which ones pose the biggest risk to the business. In turn, you can allocate skilled resources to the most urgent and/or important issues. Further, well-defined workflow and escalation procedures help ensure that high-risk incidents are resolved as rapidly as possible. Forensic investigation reveals the underlying source of security incidents. With the right information and tools, security analysts can study the circumstances surrounding an attack or breach and follow the trail of evidence all the way back to the source. In turn, SOC staff can protect against repeat events and your organization can take action against known parties (e.g., employees, partners or contractors) who are involved. Strategic Advice and Guidance In the course of carrying out its duties, Security Operations gathers valuable data on the IT environment and the way the organization is approaching security. Turning that operational data into actionable business advice is also an essential task. Strategic advice on security supports business innovation and growth. With a view of the security environment that is both very broad and highly granular, Security Operations is in an excellent position to advise the business on how security can support strategic initiatives such as acquisitions and mergers, partner networks, and the rollout of new lines of business. RSA White Paper 1
4 Figure 2. Who s Who in the SOC? Even in a relatively small security operations function, roles, responsibilities and the reporting structure typically resemble some variation of this model. Shaded areas represent functional overlap. Strategic Incident Response Day-to-day CSO Strategic advice Metrics gathering Security Manager Metrics gathering IR oversight Metrics gathering Security Guru Issue triage Investigation Threat research Investigation Security Analyst Monitoring & alerting Device configuration management Vulnerability management Security operations metrics show areas requiring improvement. Organization-specific advisories raise awareness and drive change. Operational data gleaned from security event logs and incident reports expose gaps between your expectations for how the SOC should operate and the day-to-day realities with which your staff must contend. By examining trends in operational data, you can pinpoint areas requiring improvement to staffing, training, processes, policy or technology. For example, a persistent failure to patch vulnerabilities may indicate there s a need for stronger communication or awareness training directed at server operations personnel. Extended network slowdowns caused by externally launched attacks might highlight the need for more sensitive monitoring of threats or a more disciplined escalation process. In these and other scenarios, once corrective measures have been taken, trend data can also measure whether those actions are having the desired effect. A key responsibility of the SOC team is to translate the organization s own security incidents as well as threat information being generated by CERT, SANS and other authoritative sources into actionable recommendations specific to the organization. When consistently acted on in a timely way, such recommendations can steadily improve the overall security posture. For example, advisories can provide enterprise architects and others with guidance on the types of controls that need to be put in place to protect the business. Additionally, advisories that are more strategic in nature can raise executive awareness about security issues and influence decision-makers to give security an increased level of attention and investment. 2 RSA White Paper
5 Roles and Responsibilities: Who s Who in Security Operations The most important ingredient in a successful security operations center is a well-functioning team. In small organizations, this may include just one or two people handling all SOC tasks, albeit with a focus that is necessarily limited to the most urgent or critical activities. Larger companies may have a sizable team of dedicated security operations personnel, each with specialized areas of expertise. Figure 2 shows the key functions each role performs and how they map to each other. Security Analysts Security analysts are on the front lines of security operations. They have responsibility for ensuring that security tools are appropriately deployed and are running optimally. They constantly monitor the environment for signs of trouble and are often the first point of contact when a high-risk alert is issued or a suspected attack begins to affect business operations. Analysts also typically conduct the initial stages of a forensics investigation. Research Specialists Behind the scenes at most successful SOCs is one or more security gurus, whose formal title may be Research Specialist or Senior Analyst. Typically these individuals have vast technical expertise and wide experience. They live, breathe and eat security and are called on to assist with security incidents that are particularly complex and/or high-pressure. Due to their grasp of security challenges and technologies, they may also act as a consultant to the SOC Manager and Chief Information Security Officer (CISO), advising them on security strategy. SOC Manager The SOC Manager oversees day-to-day security operations, putting in place the people, tools, processes, and measurement methods needed to achieve SOC objectives for supporting the business. The SOC Manager also serves as the interface between the SOC and the CISO. In this role, he or she translates the CISO s goals and requirements into a set of actions for the SOC team to execute and, conversely, makes the CISO aware of issues requiring executive attention and/or investment. CISO As the primary interface between the security organization and the business, the CISO is responsible for ensuring that SOC resources and activities are aligned to support the overall business strategy and are helping to create business value. The SOC translates business requirements into security operations objectives, prioritizes where budget is spent, and often serves as an evangelist, educating business executives about how security can enable business innovation and be used to manage information risk. More advanced security operations centers are turning to tools like SIEM, as well as log management, to automate information gathering, alerting and reporting. RSA White Paper 3
6 The most advanced SOC teams further enrich their insight into the security environment with contextual information provided by other tools and information sources. SOC Tools: From Basic to Advanced Technology is a key element of security operations, providing the means to centralize processes, automate repetitive tasks, and generally make your people more productive. Most security operations teams make use of the following basic tools: Perimeter security devices and software (e.g., firewalls, IDS and antivirus products) each have their own reporting and alerting mechanisms as well as consoles to make policy changes. In rudimentary SOCs, these tools are often the first point of entry for analysts to investigate or remediate a security issue. Vulnerability assessment tools can be commercial products or open source tools like Nessus. Either way, they provide valuable insight into which systems are patched and configured correctly and which systems pose a security risk to the environment. Freeware diagnostic tools are easily downloadable and are extremely useful, even to the most advanced security operations analyst. Network scanning tools such as nmap, wireless scanning tools (Kismet) or penetration testing tools like Metasploit can be invaluable in testing and diagnosing security issues. Beyond the Basics More advanced security operations centers are turning to tools like security information and event management (SIEM) as well as log management tools to automate information gathering, alerting and reporting capabilities. For example, RSA s SIEM solution the RSA envision platform streamlines security operations by: Providing real-time, actionable security information. Realtime alerts highlight high-risk issues, enabling security professionals to prioritize their activities. Scalable correlation capabilities improve analyst productivity by reducing false positives. Enabling forensic investigations. The RSA envision platform supports investigative work on past security incidents by providing the ability to search events in multiple ways, e.g., time period, user ID, port number, host server, to quickly get to the source of the incident. Workflow accelerates the problem resolution lifecycle from initial investigation, routing to the appropriate team members, automatic escalation of high-priority or hardto-resolve incidents, to resolution, closure and archiving. Increasing visibility into the effectiveness of security measures. RSA envision technology helps organizations assess the effectiveness of their security program by providing information about how well access controls are being enforced as well as any unauthorized applications and network services. Context is Key The most advanced security operations teams further enrich their insight into the security environment with contextual information provided by other tools and information sources. For example the configuration management database which captures configuration data for a wide range of assets makes it easier to assess both the requirements for implementing security changes across the enterprise and the potential operational and business impact of such changes. Identity and access management (IAM) systems provide visibility into user behavior, not only for specific security incidents but also to spot broader IAM trends. This helps increase user accountability while allowing the SOC staff to more easily detect the misuse of privileges by insiders. 4 RSA White Paper
7 Getting Started: How do you get security operations up and running? Once you have identified the current security operations functions and roles within your organization, you will want to identify any gaps and inefficiencies and begin to address them. Some of the key best practices employed by leading IT organizations are summarized below. Start by making the analyst s life easier The security analyst s role can be a frustrating one. It is often highly reactive, and if there is no defined structure in place to prioritize and escalate issues, it can be easily become a firefighting job where staff are constantly suppressing the most obvious symptoms of security threats without resolving the underlying problems. Furthermore, if your security analysts can t access timely and accurate information about what s going on in your environment, it s impossible for them to know if you re putting in place the right controls. Over a month-long period, evaluate the activities on which your analysts are spending their time, and prioritize the places where you think additional staff or technology could have the biggest impact in improving their effectiveness. Give people the right information to do their jobs In all areas of the SOC, doing the job effectively depends on being armed with the right information at the right time. Look at the smart use of technology to put that information into people s hands. Analysts timely alerts, prioritized based on urgency. Log and asset data to provide contextual information about security incidents. Research specialists in-depth information on security incidents as they happen to speed resolution. Data on emerging threats so they can recommend protective measures. Focus on process improvements rather than SOC automation It s unlikely that technology will ever truly replace security operations personnel, but tools such as log management and SIEM can streamline some of the more tedious and repetitive processes they handle and thus make them more productive. One example would be taking IDS alerts, cross-referencing them against a list of machines vulnerable to the particular attack that has been detected, and restarting services on affected devices. In cases where the devices are owned by another group, you may need to negotiate permission to automate remedial action on their devices. Make technology work for your people, not the other way around A successful security operations function depends primarily on having a cohesive team of people, supported by welldefined processes and timely information that empowers them to make well-informed decisions. Technology is useful to the extent that it makes your people more effective, so use solutions such as SIEM judiciously to streamline your processes and make information available in an easily digestible manner. When deciding on the right SIEM technology for your security operations function, look for: An easily deployable solution that accelerates and simplifies your processes. A solution that makes readily available all the data your people need to do their jobs. A solution gives you to the tools to turn operational data into actionable information that will improve your security posture and support strategic business initiatives. Security managers up-to-date status on outstanding security issues. Data on how staff resources are being utilized. CISOs summary information on the most pressing security issues and incidents. Overall risk and security posture of the business. RSA White Paper 5
8 About RSA RSA, The Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world's leading organizations succeed by solving their most complex and sensitive security challenges. RSA's information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit and RSA, envision and RSA Security are registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. CERT is a registered trademark of Carnegie Mellon University. All other products or services mentioned are trademarks of their respective owners RSA Security Inc. All rights reserved. SOC WP RSA White Paper
RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationDEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND Introduction > New security threats are emerging all the time, from new forms of malware and web application exploits that target
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationPCI DSS Reporting WHITEPAPER
WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts
More informationEffective Threat Management. Building a complete lifecycle to manage enterprise threats.
Effective Threat Management Building a complete lifecycle to manage enterprise threats. Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationWhite paper. Security Check: 7 Things to Consider When Evaluating Vendor Solutions for SIEM
White paper Security Check: 7 Things to Consider When Evaluating Vendor Solutions for SIEM The goal of a SIEM solution is to make security people more productive. Solutions for security information and
More informationLeveraging a Maturity Model to Achieve Proactive Compliance
Leveraging a Maturity Model to Achieve Proactive Compliance White Paper: Proactive Compliance Leveraging a Maturity Model to Achieve Proactive Compliance Contents Introduction............................................................................................
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationSecure Administration of Virtualization - A Checklist ofVRATECH
Securing the Administration of Virtualization An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) Market Research Report Prepared for RSA, The Security Division of EMC March 2010 IT MANAGEMENT RESEARCH, Table of
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Collect network security device configuration data to
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationIBM Security QRadar Risk Manager
IBM Security QRadar Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance Highlights Visualize current and potential network traffic patterns
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationPCI DSS Top 10 Reports March 2011
PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationSecuring Remote Access in the Federal Government: Addressing the Needs for Telework and Continuity of Operations. RSA Solution Brief
RSA Solution Brief Securing Remote Access in the Federal Government: Addressing the Needs for Telework and Continuity of Operations RSA Solution Brief The Telework Improvements Act of 2009 that was introduced
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationSpyders Managed Security Services
Spyders Managed Security Services To deliver world-class Managed Security Services, Spyders must maintain and invest in a strong Security Operations Centre (SOC) capability. Spyders SOC capability is built
More informationGETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"
GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationPreempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions
Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com blog.coresecurity.com Preempting
More informationIBM SECURITY QRADAR INCIDENT FORENSICS
IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise
More informationExtreme Networks Security Analytics G2 Risk Manager
DATA SHEET Extreme Networks Security Analytics G2 Risk Manager Proactively manage vulnerabilities and network device configuration to reduce risk, improve compliance HIGHLIGHTS Visualize current and potential
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More information1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5
KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationWhite paper. Four Best Practices for Secure Web Access
White paper Four Best Practices for Secure Web Access What can be done to protect web access? The Web has created a wealth of new opportunities enabling organizations to reduce costs, increase efficiency
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationSYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
More informationEnabling Security Operations with RSA envision. August, 2009
Enabling Security Operations with RSA envision August, 2009 Agenda What is security operations? How does RSA envision help with security operations? How does RSA envision fit with other EMC products? If
More informationRSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief
RSA SECURITY MANAGEMENT An Integrated approach to risk, operations and incident management Solution Brief THE PROBLEM WITH TACTICAL SECURITY MANAGEMENT What are your organization s most pressing IT security
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationSIEM and DLP Together: A More Intelligent Information Risk Management Strategy
SIEM and DLP Together: A More Intelligent Information Risk Management Strategy An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for RSA, The Security Division of EMC December 2009 IT MANAGEMENT
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationManaging Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services
Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More informationAchieving Regulatory Compliance through Security Information Management
www.netforensics.com NETFORENSICS WHITE PAPER Achieving Regulatory Compliance through Security Information Management Contents Executive Summary The Compliance Challenge Common Requirements of Regulations
More informationInformation Security and Continuity Management Information Sharing Portal. Category: Risk Management Initiatives
Information Security and Continuity Management Information Sharing Portal Category: Risk Management Initiatives Contact: Chip Moore, CISO State of North Carolina Office of Information Technology Services
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationOptimizing Network Vulnerability
SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationCurrent IBAT Endorsed Services
Current IBAT Endorsed Services Managed Network Intrusion Prevention and Detection Service SecureWorks provides proactive management and real-time security event monitoring and analysis across your network
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationIMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
More informationManaging Vulnerabilities For PCI Compliance
Managing Vulnerabilities For PCI Compliance Christopher S. Harper Vice President of Technical Services, Secure Enterprise Computing, Inc. June 2012 NOTE CONCERNING INTELLECTUAL PROPERTY AND SOLUTIONS OF
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationTECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS
TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS BUSINESS BENEFITS Use of the Certified Partner seal and the Secured by RSA brand on product packaging and advertising Exposure in the Secured by RSA
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationThe Sophos Security Heartbeat:
The Sophos Security Heartbeat: Enabling Synchronized Security Today organizations deploy multiple layers of security to provide what they perceive as best protection ; a defense-in-depth approach that
More informationTripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER
Tripwire Log Center NEXT GENERATION LOG AND EVENT MANAGEMENT WHITE PAPER Introduction A decade or more ago, logs of events recorded by firewalls, intrusion detection systems and other network devices were
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationDepartment of Education. Network Security Controls. Information Technology Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Department of Education Network Security Controls Information Technology Audit May 5, 2010 Report 10-17 FINANCIAL
More informationRSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief
RSA Solution Brief RSA Managing Data Loss the Lifecycle of Prevention Encryption Suite Keys with Uncover your risk, establish control. RSA Key Manager RSA Solution Brief 1 Executive Summary RSA Data Loss
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationConvergence of Desktop Security and Management: System Center 2012 Endpoint Protection and System Center 2012 Configuration Manager
Convergence of Desktop Security and Management: System Center 2012 Endpoint Protection and System Center 2012 Configuration Manager Contents INTRODUCTION: UNDERSTANDING HOW ALIGNING DESKTOP SECURITY AND
More informationQ1 Labs Corporate Overview
Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationRSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA
RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer
More informationQRadar SIEM and FireEye MPS Integration
QRadar SIEM and FireEye MPS Integration March 2014 1 IBM QRadar Security Intelligence Platform Providing actionable intelligence INTELLIGENT Correlation, analysis and massive data reduction AUTOMATED Driving
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationWhite Paper The Dynamic Nature of Virtualization Security
White Paper The Dynamic Nature of Virtualization Security The need for real-time vulnerability management and risk assessment Introduction Virtualization is radically shifting how enterprises deploy, deliver,
More information8 Key Requirements of an IT Governance, Risk and Compliance Solution
8 Key Requirements of an IT Governance, Risk and Compliance Solution White Paper: IT Compliance 8 Key Requirements of an IT Governance, Risk and Compliance Solution Contents Introduction............................................................................................
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationBEST PRACTICES. Systems Management. www.kaspersky.com
BEST PRACTICES www.kaspersky.com 2 YOUR GUIDE TO SYSTEMS MANAGEMENT BEST PRACTICES. Enhance security and manage complexity using centralized IT management tools. Unpatched vulnerabilities in popular applications
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationAn Introduction to Network Vulnerability Testing
CONTENTS Introduction 3 Penetration Testing Overview 4 Step 1: Defining the Scope 4 Step 2: Performing the Penetration Test 5 Step 3: Reporting and Delivering Results 6 VeriSign SecureTEST 7 Common Vulnerability
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationSymantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,
Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More information2012 North American Managed Security Service Providers Growth Leadership Award
2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate
More informationcompliance through Integrated solutions for effective compliance management Solution Brief
compliance through RSA SECURITY MANAGEMENT Integrated solutions for effective compliance management Solution Brief WHEN WILL COMPLIANCE GET EASIER? The increasingly complex and stringent compliance environment
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More information