The Emergence of Security Business Intelligence: Risk



Similar documents
Continuous Network Monitoring

IBM Security IBM Corporation IBM Corporation

Total Protection for Compliance: Unified IT Policy Auditing

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Extreme Networks Security Analytics G2 Vulnerability Manager

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Vulnerability Management

What is Security Intelligence?

The SIEM Evaluator s Guide

IBM Security Intelligence Strategy

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

IBM QRadar Security Intelligence April 2013

Improving Network Security Change Management Using RedSeal

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge

An Application-Centric Infrastructure Will Enable Business Agility

IBM Security QRadar Vulnerability Manager

Requirements When Considering a Next- Generation Firewall

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Obtaining Enterprise Cybersituational

Q1 Labs Corporate Overview

Using SIEM for Real- Time Threat Detection

Preempting Business Risk with RSA SIEM and CORE Security Predictive Security Intelligence Solutions

THE TOP 4 CONTROLS.

EVOLVED DATA CENTER ARCHITECTURE

Modern App Architecture for the Enterprise Delivering agility, portability and control with Docker Containers as a Service (CaaS)

Redefining Infrastructure Management for Today s Application Economy

Enabling Continuous PCI DSS Compliance. Achieving Consistent PCI Requirement 1 Adherence Using RedSeal

Network Security Monitoring: Looking Beyond the Network

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cisco Network Optimization Service

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

IBM SECURITY QRADAR INCIDENT FORENSICS

Best Practices for Building a Security Operations Center

IBM Security QRadar Risk Manager

Be Fast, but be Secure a New Approach to Application Security July 23, 2015

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

1 Introduction Product Description Strengths and Challenges Copyright... 5

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

Convergence of Desktop Security and Management: System Center 2012 Endpoint Protection and System Center 2012 Configuration Manager

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Modern Application Architecture for the Enterprise

How To Use A Policy Auditor (Macafee) To Check For Security Issues

HP and netforensics Security Information Management solutions. Business blueprint

IBM Tivoli Endpoint Manager for Security and Compliance

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

The Benefits of an Integrated Approach to Security in the Cloud

CORE Security and GLBA

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

A VERITAS PERSPECTIVE: Maximize Agility, Minimize Risk In The Multi-Vendor Hybrid Cloud

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

How To Monitor Your Entire It Environment

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

Extreme Networks Security Analytics G2 Risk Manager

SECURITY POLICY MANAGEMENT ACROSS THE NEXT GENERATION DATA CENTER

Endpoint Security for DeltaV Systems

The Next Generation Security Operations Center

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

How To Protect Your Data From Attack

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

IBM Security QRadar Risk Manager

PENETRATION TESTING GUIDE. 1

How To Create An Insight Analysis For Cyber Security

QRadar SIEM 6.3 Datasheet

FIVE PRACTICAL STEPS

Attack Intelligence: Why It Matters

I D C A N A L Y S T C O N N E C T I O N

Governance, Risk, and Compliance (GRC) White Paper

REVOLUTIONIZING ADVANCED THREAT PROTECTION

ClearSkies SIEM Security-as-a-Service (SecaaS) Infocom Security Athens April 2014

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

BlackStratus for Managed Service Providers

Introducing IBM s Advanced Threat Protection Platform

Making the Internet Business-Ready

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

API Management: Powered by SOA Software Dedicated Cloud

Breaking down silos of protection: An integrated approach to managing application security

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

A Look at the New Converged Data Center

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

An Enterprise Continuous Monitoring Technical Reference Architecture

Transcription:

The Emergence of Security Business Intelligence: Risk Management through Deep Analytics & Automation Mike Curtis Vice President of Technology Strategy December, 2011

Introduction As an industry we are rich in data, but poor in information and even further away from true intelligence. We continue to chase the advanced persistent threat that inevitably evolves as we adopt new technology. Protection technologies advance to address new threats and slowly but surely, more mature solutions will begin to reach their end of productivity. As they ride the point solution conveyor belt, most enterprises today have amassed a vast, disparate and complex cadre of solutions deployed throughout their security architecture. These solutions sit at various points of the information stack to perform their specific functions inside of the layered security model. The problem is, each solution is specialized for its job and it presents risk, state, event, compliance fill in the blank data that is specific to its purpose. The result is that we are quite proficient at generating data and a lot of it, but that data is siloed, fragmented even owned and used by different constituents in the organization. This leads to inefficient and incomplete security processes. Security practitioners are forced to act in the absence of good information. So the question is How do we synthesize our understanding of risks across all the layers of the stack and then enable a unified, coordinated response? How often are we able to transform that data into real insight that enables action? How do we create true intelligence that helps us better understand the threat environment as well as leverage our security architecture in new and powerful ways to protect ourselves? This is the challenge we are confronted with.simply how do we reach the next plane of operational effectiveness in security? As the threat vector morphs along with new technology shifts like virtualization, consumerization of IT, mobile computing and cloud this only gets more difficult. The security industry is roughly 30 years old since the dawn of the first firewalls and anti-virus solutions. We ve spent those 30 years amassing point solution after point solution to

chase new threats. SIEM and ITGC solutions have come along in recent years to begin to help enterprises make sense of it all. But we must still push forward beyond correlating and providing visibility and coordination with key controls. We must achieve a better understanding of security risk and provide new ways to articulate security and compliance requirements inside of the critical business services that are fundamental to an organization. Fuse these elements with big data analytics and automation and you can deliver Security Business Intelligence. Current State of the Industry While the security and compliance world is fast maturing, the promise of completely solving security through technology remains very far out on the horizon. This means the fundamental process of assessing risk and compliance against policies will not go away anytime soon. Even today, with the creation of standards like Open Vulnerability and Assessment Language (OVAL) and Security Content Automation Protocol (SCAP), the vulnerability management process is a challenging one, often involving manual efforts with less than perfect information on which to prioritize effort. Vulnerability assessment still largely revolves around a scan-and-patch paradigm, but there are numerous operational and business obstacles that make it difficult to simply patch or otherwise directly mitigate every discovered issue. It s very difficult to drive a consistent, complete risk assessment process spanning network, application and web layers from pre-production software development through to standard operating systems, off-the-shelf software and network devices. This is because these tools operate in different worlds and involve differing mitigation strategies. The effectiveness and level of integration between risk assessment and protection solutions is limited.

Interoperability among solutions is mostly centered on standard ways to express vulnerabilities, software and weakness, events and configuration state. Interoperability to drive smarter more automated remediation is just beginning. Although some converged security solutions are emerging, most enterprises have numerous security products deployed that address varying types of risks and threats operating at a specific layer throughout their defense in depth model. As a result, we have layer specific data resulting in siloed processes and information. Security and operations functions are still in the process of converging. Those responsible for performing a remediation task and those in the security organization have information needs that differ. This causes challenges when trying to facilitate a security process across functional areas. It s very difficult to compare an already complex and challenging risk assessment process with both the existing security countermeasures that are in place as well as new applicable countermeasures, so that the optimal mitigation strategy is deployed. Of course, all of this must also be carried out under the umbrella of corporate security & compliance policy. This gap creates exposure, duplication of effort, non-compliance and overall inefficiency and higher costs to secure the environment and comply with regulations. The Next Chapter: Security Business Intelligence As an industry, we are at the point where the ability to generate massive amounts of layer specific data is in place. We are even beginning to turn data into intelligence in some situations based on smart vendors and practitioners solving problems. The next step will be to create true knowledge out of data, in the process making enterprise wide security intelligence immediately actionable to mitigate risk. In parallel with this, we must of course always keep pace with the evolving threat vector and changing computing environment. When we combine advanced security intelligence with new models of expressing risk inside of key business services we can better understand how security and compliance both impact and enable business. We can

begin to view security as something that can be visualized, optimized and fine-tuned, instead of always playing from behind. Big data analytics combined with the evolution of standards and next level automation are the tools to deliver on security business intelligence. Big data analytics will be applied to security to enable a smarter, more agile approach to risk management. More and more security processes will become automated using policy based workflows First generation solutions such as stateful firewall and signature based antivirus already becoming increasingly ineffective in the face of new threat vectors will become obsolete. Risk data will be assimilated and unified throughout the different risk inputs including vulnerabilities, software weaknesses, configuration state data and malware data. Next generation remediation decision frameworks will identify how discovered risks are already being mitigated by presently installed countermeasures. Interoperability will become more prevalent with more evolved, useful applications. A common platform to facilitate seamless processes across security, compliance and operations must emerge New ways to express risk and compliance requirements inside of a business service context will emerge. Next generation intelligence platforms will show risks and threats with added situational context (identity, time of day, business application) to enable better security processes. What chief information security officers really need is a solution that unifies the elements of risks, articulates the attributes of those risks and intelligently maps them to the most effective countermeasures based on those attributes to enable action. The Role of Standards Going Forward Beginning with common vulnerabilities and exposures (CVE) and now with OVAL and SCAP, the standards community has created the framework to automate the assessment of risk and the

validation of configuration compliance. By creating standard ways to define software flaws/vulnerabilities, misconfigurations, software weaknesses and system names, a foundation for interoperability is put in place. OVAL acts as the chassis to enable a standardized approach to performing vulnerability or system characteristic assessment Extensible Configuration Checklist Description Format (XCCDF) acts as a meta policy language to formalize security policy guidance into sets of OVAL checks SCAP is the fundamental protocol or set of specifications that connects all these components Newer efforts are building on the pieces described above to apply the same approach to create standard ways to articulate emerging attack patterns and facilitate interoperability among risk sources and threat protection solutions. It s this next frontier that presents an opportunity to automate not just assessment and compliance validation, but also the rest of the incident lifecycle through to remediation. The connective tissue the standards represent provides opportunities for vendors to build new and powerful linkages to create the next generation of security management solutions. Critical Watch ACI will be at the forefront of this effort.

ACI Platform (Active Countermeasure Intelligence) Critical Watch has built the first and only Active Countermeasure Intelligence technology to respond to these challenges. It enfuses security solutions with the deep analytics and intelligent automation needed to address the modern risk management challenge. It is a flexible software framework designed for rapid deployment and integration across a wide range of disparate devices and risk input sources with a central intelligence engine built on Big Data technology. Risk Collection Agents collect risk data and normalize it through appropriate risk input API s into to the ACI Recommendation Engine which holds a set of core taxonomies of Recommendation Analytics that link risks to the most effective countermeasures. Countermeasure Control Agents gather state and configuration data from countermeasures as well as perform remediation tasks orchestrated through Countermeasure Policy Workflows. - Taxonomy - Collection & Control - Policy - Rapid Deployment - Flexible / Agnostic - Built on Big Data

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information