Smart cyber security for smart cities

Similar documents
DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

The Cyber Threat Profiler

Bio-inspired cyber security for your enterprise

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

24/7 Visibility into Advanced Malware on Networks and Endpoints

End-user Security Analytics Strengthens Protection with ArcSight

The Importance of Cybersecurity Monitoring for Utilities

IBM Security QRadar Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager

Overcoming Five Critical Cybersecurity Gaps

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

A Case for Managed Security

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

Managed Security Services for Data

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Compliance Guide: ASD ISM OVERVIEW

Payment Card Industry Data Security Standard

The SIEM Evaluator s Guide

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

Continuous Network Monitoring

External Supplier Control Requirements

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Integrating MSS, SEP and NGFW to catch targeted APTs

Network Monitoring as an essential component of IT security

High End Information Security Services

Caretower s SIEM Managed Security Services

Breaking down silos of protection: An integrated approach to managing application security

Unknown threats in Sweden. Study publication August 27, 2014

Getting Ahead of Malware

The Value of QRadar QFlow and QRadar VFlow for Security Intelligence

Sorting out SIEM strategy Five step guide to full security information visibility and controlled threat management

Defending Against Cyber Attacks with SessionLevel Network Security

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Global Partner Management Notice

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

MAXIMUM PROTECTION, MINIMUM DOWNTIME

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Ecom Infotech. Page 1 of 6

Advanced Threat Protection with Dell SecureWorks Security Services

Integrated Threat & Security Management.

INCIDENT RESPONSE CHECKLIST

Legislative Council Panel on Information Technology and Broadcasting. Hacking and Virus Activities and Preventive Measures

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Protecting Your Organisation from Targeted Cyber Intrusion

Security strategies to stay off the Børsen front page

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

GFI White Paper PCI-DSS compliance and GFI Software products

The Four-Step Guide to Understanding Cyber Risk

Protecting critical infrastructure from Cyber-attack

A practical guide to IT security

Combating a new generation of cybercriminal with in-depth security monitoring

Unified Security Management and Open Threat Exchange

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Best Practices for Building a Security Operations Center

you us MSSP are a Managed Security Service Provider looking to offer Advanced Malware Protection Services

Introducing IBM s Advanced Threat Protection Platform

ALERT LOGIC FOR HIPAA COMPLIANCE

IBM Security QRadar QFlow Collector appliances for security intelligence

IT Security. Securing Your Business Investments

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

Simplify Your Network Security with All-In-One Unified Threat Management

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

SORTING OUT YOUR SIEM STRATEGY:

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

How To Prevent Hacker Attacks With Network Behavior Analysis

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

Risk-based solutions for managing application security

Things To Do After You ve Been Hacked

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

ADVANCED THREATS IN THE ENTERPRISE. Finding an Evil in the Haystack with RSA ECAT. White Paper

Win the race against time to stay ahead of cybercriminals

PROACTIVE PROTECTION MADE EASY

Endpoint Threat Detection without the Pain

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Protect Your Connected Business Systems by Identifying and Analyzing Threats

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Critical Security Controls

ThreatSpike Dome: A New Approach To Security Monitoring

MANAGED SECURITY SERVICES (MSS)

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Compliance Guide: PCI DSS

Transcription:

Competence Series Smart cyber security for smart cities 1 IT Security made in Europe

Cities are becoming smarter Population growth, urbanisation trends and climate change are driving a process of continuous urban development in cities worldwide. This is not only having an impact on how and where people live and work but also on matters such as energy, water, mobility, the environment, finance and public administration. The collection, analysis and intelligent use of data is what turns cities into smart cities: cameras and sensors register and measure movements, temperature changes, air pollution, traffic, power distribution and much more. The data collected by internet and web-based services is evaluated at a central point and then forwarded to the appropriate stakeholders. Cities are becoming more cost-efficient, more environmentally sustainable, and the quality of life and safety of residents are being improved. The benefits are impressive. However, the systems which send, receive, store and analyse the data are vulnerable should, for example, their data streams be manipulated. The IT security challenges for smart cities Smart cities are no longer smart when, for example, their sensors communicate with each other across inadequately secured or unencrypted wireless networks. Networked healthcare services, emergency control centres, smart grids, industrial control centres, intelligent transport systems, the Internet of Things and traffic control systems are some of the key areas for IT security. Cyber attacks are increasingly becoming a reality. It is therefore extremely important that the entire IT infrastructure of a smart city regularly undergoes proactive IT security monitoring. Smart cities and IT security must work hand in glove. A balance has to be struck between the intelligent use of data on the one hand, and ensuring the security of sensitive or security-relevant data on the other. This is a challenging task, which public bodies and institutions often cannot tackle on their own. 2

Incidents have already been in many parts of the world 2011/Germany. The server of the German Customs Investigation Bureau and Federal Police was infected by a trojan. Consequently, GPS data, telephone numbers and registration numbers of suspects were accessed. 2012/USA. As a result of a computer glitch, the court in Placer County, California, summoned 1,200 people to appear for jury duty at the same trial. Traffic chaos ensued. 2013/USA. Thousands of passengers were kept sitting for several hours in 19 trains operated by Bay Area Rapid Transit (BART) near San Francisco. The cause was a software error that crashed the entire system. 2013/Turkey. The airports in Istanbul were the victims of an attack. A malware infection shut down the passport control system. 2013/Latvia. Attackers used SQL injection to attack an employment agency and gain access to 3,077 user accounts containing private information and plain text passwords. 2014/Singapore. Following the arrest of several Anonymous members, a number of Singapore government servers were attacked and the personal information of government employees was published. 2014/Finland. Unknown attackers compromised government servers and stole a considerable number of documents over a period of years. 2015/USA. The US government and a number of defence industry companies were spied on in a large-scale attack. Several billion bytes of data were stolen. 3

Rethinking the approach to IT security IT security managers know that measures designed to fend off attacks from the outset are always incomplete. The wide variety of attack options, the rapid development of attack methods, misconfigured security tools, or missing adjustment to changing conditions, are some of the reasons why a high level of IT security is not achieved. Conventional IT security solutions are unable to provide adequate protection for complex IT infrastructures and systems. Take signature-based antivirus solutions, for example: they only provide protection when the viruses or malware are known, when a definition has been issued by the anti-virus software vendor and when the security software is properly configured and perfectly adjusted to current conditions. If one of those preconditions is not met, the anti-virus software will not work and will therefore not provide any protection. Purely defensive measures in this context are always incomplete. A rethink of the approach to IT security is needed. Smart cities have countless potential gateways for attackers. There needs to be a refocusing of attention away from notional risks and towards the detection of real dangers. The large number of automated and autonomous systems must be checked in a timely, effective and efficient manner for attacks and anomalies; vulnerabilities and abnormalities must be analysed, acted upon and patched. How managed security services can help Managed security services means IT risk detection by experts from an external service with encompassing expertise for complex security measures. The services are provided in security operation centres (SOC) 24/7 if required. Outsourcing this specialist work reduces long-term investment risks significantly: separate IT security tools can often be replaced by an end-to-end software solution from a single provider and investment in highly specialised staff and their ongoing training is greatly reduced. 4

Managed security services made in Europe: maximum data security standards in a partnership with external experts RadarServices is the European market leader in proactive and continuous IT security monitoring and risk detection. The company offers an IT early warning system that is constantly updated and adapted to the needs of the customer. It therefore meets the challenges posed by IT security in smart cities in a highly efficient and effective manner. This outsourcing of IT security and risk analysis does not require any security-sensitive data to be released. Automated detection and analysis is carried out on a highly secured hardware appliance which contains all the modules along with the advanced correlation engine. All necessary tools run within the customer organisation s network, which ensures the security of data because data never leaves the customer. Even when security specialists from RadarServices carry out manual analyses, data is never sent outside the customer s network. All processes are designed to meet the strictest data security standards, using a concept that is unique among security providers anywhere in the world. Multilevel IT risk detection system Comprehensive IT security monitoring and IT risk management enables the timely detection of attacks and vulnerabilities affecting each component of a smart city. To achieve this, the first necessary step is automated risk identification. This is followed by comprehensive correlation of all events as the second step, and then by a third step involving a detailed expert review. Finally, the results are presented in a clearly structured management cockpit and customized reports. 5

Security Information & Event Management (SIEM) Host-based Intrusion Detection (HIDS) Advanced Cyber Intrusion Detection (ACID) Vulnerability Assessment (VAS) Software Compliance (SOCO) Advanced Email Threat Detection (AETD) Advanced Correlation Engine Risk & Security Intelligence Team Risk & Security Cockpit / Alerting 6

Smart risk detection tools Various types of attack can only be detected with the assistance of an extensive set of tools. RadarServices works with a complete toolkit. It is made up of: Security Information and Event Management or SIEM the evaluation of log data from various sources as well as risk and threat data, with the aim of obtaining solid security information enabling rapid response to security incidents and pertinent compliance reports Advanced Cyber Intrusion Detection or ACID the detection of dangerous malware, anomalies and other risks in the network traffic by means of signature- and behaviour-based detection engines Host-based Intrusion Detection or HIDS the collection, analysis and correlation of server and client logs and the immediate alerting and response as soon as attacks, misuse or errors are detected. The file integrity of local systems must be checked, and rootkits such as hidden attacks, trojans and viruses must be identified on the basis of system changes Vulnerability Assessment or VAS a 360-degree overview of potential security vulnerabilities in operating systems and application software, and the monitoring of all data flows on the network anomalies Advanced Email Threat Detection or AETD the detection of advanced malware previously undiscovered by conventional security measures, including advanced persistent threat (APT) systems Software Compliance or SoCo automatic monitoring of compliance regulations and the immediate reporting of breaches to minimise compliance risks 7

Intelligent correlation and cross-correlation New types of attacks can usually no longer be detected using signature-based methods. Such attacks are not detected on the basis of specific patterns but from behavioural anomalies in the IT systems. Detecting them requires advanced correlation engines that correlate security events within a risk identification module and also cross-correlate the information from all modules. A unique and deep insight into security-relevant events can be obtained by correlating and cross-correlating logs with vulnerabilities, SIEM findings and large quantities of additional data. However, rules, policies, self-taught algorithms and statistical models must be updated regularly. RadarServices configures and maintains all modules continually. The rules for risk identification and correlation are updated continuously. Experts in risk analysis who speak your local language All of the automatically gathered security information has to be analysed by experienced experts with constantly updated skills. They analyse, consolidate and prioritise the results and continually develop the automated mechanisms based on the very latest information and findings. The experienced, highly specialised Risk & Security Intelligence Team at RadarServices works exclusively on risk analysis on behalf of customers and benefits from its ability to make comparisons between different sectors. Every day, thousands of incidents are processed and correlated. An important part of the work of the Risk & Security Intelligence Team involves the provision of support to the customers in-house IT teams. High quality risk and security information is provided in the requested level of detail. Each risk detected is continuously integrated. Each risk statement is accompanied by a guide on how to eliminate or when this is not possible to minimise the risk. This approach supports IT risk management processes within a customer s organization and will also contribute to its continuous and constantly updated risk assessment. Throughout the risk identification process, the expert team at RadarServices remains in constant touch with the customer s internal IT organisation via a communications and feedback system. Should a serious emergency occur, the experts will offer their fire fighting expertise upon request. Smart information processing 8

Smart information processing The multilevel approach delivers verified IT risk and security information which is immediately applicable for remediation process. False positives and false negatives have been eliminated. All of the information on the current state of IT security, risks identified and instructions for dealing with them are conveyed in the Risk & Security Cockpit. Reports and statistics are provided in the desired level of detail. In urgent cases, alerts are triggered. These may be received in the cockpit, via email or even as a push notification on the mobile phones of a previously specified group of recipients. Moreover, the built-in Business Process Risk view highlights all business areas seriously at risk as a result of IT security problems. The implications are clear and easy to understand at the push of a button. False positives and false negatives have been eliminated. Newly discovered risks are continually integrated. The result is a modern, effective and at the same time efficient IT risk identification management system that is able to cope with the challenge of securing the complex IT infrastructures of smart cities. 9

RadarServices is the European market leader for pro-active IT security monitoring and IT risk detection as a managed service. The services uniquely combine automated detection of security relevant flaws and risks with the analysis and assessment done by experts. Data never leaves the clients premises. There is no need for training, configuration or maintenance and no requirement for additional capital expenditures or headcount. RadarServices Hasnerstrasse 123 1160 Vienna Austria T: +43 (1) 929 12 71-0 F: +43 (1) 929 12 71-40 E: sales@radarservices.com www.radarservices.com RadarServices Germany Taunustor 1 60310 Frankfurt a. M. T: +49 (69) 2443424 655 E: sales_germany@radarservices.com RadarServices Middle East A110-1, DSO HQ Building Dubai, UAE T: +971 (4) 501 5447 E: sales_me@radarservices.com 2015 RadarServices Smart IT-Security GmbH. FN371019s, Commercial Court Vienna, Austria. All rights and changes reserved. RadarServices is a registered trademark of RadarServices Smart IT-Security GmbH. All other product or company names are trademarks or registered trademarks of the respective owners. Detecting Risk, Protecting Value 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information