3 rd InfoCom Security, Athens, 10 Arpil 2013

Similar documents
BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

White Paper. PCI Guidance: Microsoft Windows Logging

PCI Requirements Coverage Summary Table

Application Monitoring for SAP

Securing SharePoint 101. Rob Rachwald Imperva

Secret Server Qualys Integration Guide

PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics

Big Data, Big Risk, Big Rewards. Hussein Syed

Achieving PCI COMPLIANCE with the 2020 Audit & Control Suite.

How To Manage A Privileged Account Management

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

How to Develop a Log Management Strategy

TRIPWIRE NERC SOLUTION SUITE

Establish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions

<COMPANY> PR11 - Log Review Procedure. Document Reference Date 30th September 2014 Document Status. Final Version 3.

FairWarning Mapping to PCI DSS 3.0, Requirement 10

March

PCI Requirements Coverage Summary Table

Addressing PCI Compliance

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

PCI DSS Compliance: The Importance of Privileged Management. Marco Zhang

Take Control of Identities & Data Loss. Vipul Kumra

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

E-Guide Log management best practices: Six tips for success

Securing OS Legacy Systems Alexander Rau

Scalability in Log Management

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

CSN38:Tracking Privileged User Access within an ArcSight Logger and SIEM Environment Philip Lieberman, President and CEO

Secret Server Splunk Integration Guide

What We Do. security. outsourcing. policy and program. application. security. training & awareness. security solutions

Cloud Computing Governance & Security. Security Risks in the Cloud

Windows Least Privilege Management and Beyond

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

Comprehensive Compliance Auditing and Controls for BI/DW Environments

Caretower s SIEM Managed Security Services

Vulnerability. Management

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

Payment Card Industry Data Security Standard

VERIFONE ENHANCED ZONE ROUTER

Administrative Improvements. Administrative Improvements. Scoping Guidance. Clarifications for Segmentation

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

How To Protect Data From Attack On A Computer System

How To Secure An Extended Enterprise

Media Shuttle s Defense-in- Depth Security Strategy

Using Continuous Monitoring Information Technology to Meet Regulatory Compliance. Presenter: Lily Shue Director, Sunera Consulting, LLC

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Attachment A. Identification of Risks/Cybersecurity Governance

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

The Business Case for Security Information Management

Understanding Vulnerability Management Life Cycle Functions

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

ISO COMPLIANCE WITH OBSERVEIT

IBM QRadar Security Intelligence April 2013

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

QRadar SIEM 6.3 Datasheet

Enforcive / Enterprise Security

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

White Paper. What Auditors Want Database Auditing. 5 Key Questions Auditors Ask During a Database Compliance Audit

Security management solutions White paper. Extend business reach with a robust security infrastructure.

Miami University. Payment Card Data Security Policy

NEC Managed Security Services

Netwrix Auditor for Active Directory

PCI Compliance 3.1. About Us

Information Blue Valley Schools FEBRUARY 2015

Boosting enterprise security with integrated log management

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Complete Database Security. Thomas Kyte

Netwrix Auditor for SQL Server

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

Feature. Log Management: A Pragmatic Approach to PCI DSS

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Best Practices for Database Security

Demonstrating the ROI for SIEM: Tales from the Trenches

Making the difference between read to output, and read to copy GOING BEYOND BASIC FILE AUDITING FOR DATA PROTECTION

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

PCI DSS Top 10 Reports March 2011

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Network Segmentation

Best Practices in File Integrity Monitoring. Ed Jowett, CISSP ITIL Practitioner Sr. Systems Engineer, Tripwire Inc.

Projectplace: A Secure Project Collaboration Solution

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Enforcive /Cross-Platform Audit

IBM Security Privileged Identity Manager helps prevent insider threats

Third-Party Access and Management Policy

BIO Safety - Tips For Maintaining Good Compliance

In this topic we will cover the security functionality provided with SAP Business One.

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Security and Control Issues within Relational Databases

Enterprise Security Solutions

IBM Software InfoSphere Guardium. Planning a data security and auditing deployment for Hadoop

Transcription:

3 rd InfoCom Security, Athens, 10 Arpil 2013 Kostas Kolokotronis Manager, Security Architecture Services CISSP, PCI DSS QSA 2001-2013 Encode S.A. All rights reserved. Encode logo & Extrusion Testing is a registered trademark of Encode

The Need The Challenge The Solution The Controls In Conclusion

The Need

Insider Threat 57% of insider security attacks were carried out by employees who at one time had privileged user status Insider Threat Survey, CERT External Threat In 100% of APT-type of attacks there is a case of Account Hijacking and misuse of Privileged User credentials Today's Social & Economical conditions Disappointed & disgruntled employees losing their jobs Tremendous increase in privileged access abuse incidents Organizations have already started taking measures Compliance Mandate Global security standards (such as PCI DSS, SOX etc.) explicitly require that administrative actions are fully audited

The Challenge

They are the watchers In most cases security monitoring is assigned to IT admins Lack of a distinct role So actually they are watching themselves! User Access & Activity Monitoring relies on systems native audit mechanisms Privileged users can bypass / tamper with them Lack of necessary user accountability In many cases activities are performed using shared, application or generic system accounts that provide no accountability Lack of centralized log management system Privileged users can harm the integrity of log records Privileged users can hide illegal activity log records within mass volumes of not important log data

The Solution

Segregation of Duties At the organization level Creation of a distinct role for security monitoring assigned to a person/team no related with IT admin Security audit tools beyond IT admins control Use of audit tools independent to native audit mechanisms Centralized monitoring solution Security audit data are promptly (near real-time) sent to centralized log management/siem system (in-house or MSS provider) Centralized collection, processing and secure retention of log data from all critical parts of the IT environment

The Controls

Database Activity Monitoring solutions Full audit of DB users accesses and activities (including DB admins) Totally independent to native DB audit mechanism Minimum performance impact Out of IT admins control System Configuration Audit & File Integrity Monitoring Solutions Full audit of changes performed at system configuration settings and critical files Independent to native system audit mechanisms Out of IT admins control

Terminal Services or VDI Infrastructure Security controlled environment best practice for administrative and remote accesses Data/Application/Network activity monitoring Session Recording (best practice for forensic investigations) Privileged Accounts Password Management solution Enforce strong authentication on all privileged user accesses Maintain user accountability over shared or generic system accounts Enforce authorization workflow for access to very critical systems

Security Information & Event Management System Centralized log aggregation, processing (filtering, normalization, correlation) and secure retention Real-time monitoring & alerting Cross-device correlation Compliance reporting Enables early detection, warning & response to security incidents The only effective way of security monitoring

Baseline Segregation of duties Distinct Role Security logs are promptly sent to centralized log management system Good + Database Activity Monitoring solution + System Configuration & File Integrity Monitoring solution Advanced + Privileged Accounts Password Management system DiD + Terminal Service or VDI infrastructure with Session Recording Optimized + Security Information & Event Management (in-house or through MSS provider) Baseline Good Advanced Defense in Depth Optimized /effective

Step 3: IT admin logs on target server. Access monitored by external audit tools Step 2: IT admin gets the password for target server Step 1: IT admin logs on Terminal Server or VDI

In Conclusion

IT admins We cannot live without them We cannot restrict them greatly however We must closely monitor them! This is not just a best practice, this is a major security & compliance mandate

www.encodegroup.com _

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information