2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Similar documents
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Cybersecurity and internal audit. August 15, 2014

IBM QRadar Security Intelligence April 2013

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

How To Create An Insight Analysis For Cyber Security

IBM Security IBM Corporation IBM Corporation

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

Requirements When Considering a Next- Generation Firewall

Combating a new generation of cybercriminal with in-depth security monitoring

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

IBM Security Intelligence Strategy

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Metrics that Matter Security Risk Analytics

Symantec Cyber Security Services: DeepSight Intelligence

Intelligence Driven Security

Cisco Advanced Malware Protection

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Effectively Using Security Intelligence to Detect Threats and Exceed Compliance

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

Security Analytics for Smart Grid

Managing the Unpredictable Human Element of Cybersecurity

Strengthen security with intelligent identity and access management

What is Security Intelligence?

Zak Khan Director, Advanced Cyber Defence

Continuous Network Monitoring

Advanced Threat Protection with Dell SecureWorks Security Services

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

Leveraging Privileged Identity Governance to Improve Security Posture

Enterprise Cybersecurity: Building an Effective Defense

The webinar will begin shortly

State of Security Survey GLOBAL FINDINGS

Stay ahead of insiderthreats with predictive,intelligent security

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Defending Against Cyber Attacks with SessionLevel Network Security

Enterprise Security Solutions

End-user Security Analytics Strengthens Protection with ArcSight

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

A Primer on Cyber Threat Intelligence

IBM Endpoint Manager Product Introduction and Overview

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

RETHINKING CYBER SECURITY

BeyondInsight Version 5.6 New and Updated Features

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

The enemies ashore Vulnerabilities & hackers: A relationship that works

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Protecting against cyber threats and security breaches

Attack Intelligence: Why It Matters

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Q1 Labs Corporate Overview

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Security Intelligence

Fostering Incident Response and Digital Forensics Research

Best Practices for Threat & Vulnerability Management. Don t let vulnerabilities monopolize your organization.

Cisco Advanced Malware Protection for Endpoints

Defending Against Data Beaches: Internal Controls for Cybersecurity

Unified Security, ATP and more

How To Manage Security On A Networked Computer System

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM Software IBM Business Process Management Suite. Increase business agility with the IBM Business Process Management Suite

CYBER SECURITY, A GROWING CIO PRIORITY

The Benefits of an Integrated Approach to Security in the Cloud

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Endpoint Threat Detection without the Pain

Cisco Cyber Threat Defense - Visibility and Network Prevention

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Instilling Confidence in Security and Risk Operations with Behavioral Analytics and Contextualization

Detecting Anomalous Behavior with the Business Data Lake. Reference Architecture and Enterprise Approaches.

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Best Practices to Improve Breach Readiness

Cisco Advanced Malware Protection for Endpoints

Can We Become Resilient to Cyber Attacks?

Transcription:

2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11

Agenda The Threat We Face A View to Addressing the Four Big Problem Areas dentity & Access Management Application Cyber Situational Awareness & Vulnerability Management Continuous Monitoring 2 31/10/11

on a Smarter Planet The planet is getting more nstrumented, nterconnected and ntelligent. 3 31/10/11 162 million Almost 162 million smart phones were sold in 2008, surpassing laptop sales for the first time. 90% Nearly 90% of innovation in automobiles is related to software and electronics systems. 1 trillion Soon, there will be 1 trillion connected devices in the world, constituting an internet of things.

Strategic Change 1: The impact and visibility of recent breaches calls into question the effectiveness of traditional security measures nternal abuse of key sensitive information Complexity of malware, growth of advanced persistent threat Business continuity interruption and brand image impact n spite of significant security policies, a single internal breach by an authorized user resulted in tens of thousands of classified records of the US Army leaked over Wikileaks. mpact to the Army is close to $100M Stuxnet turned up in industrial programs around the world. The sophistication of the malware has led to beliefs that it was developed by a team of over 30 programmers and remained undetected for months on the targeted environment. Targeted to make subtle undetected changes to process controllers to effect uranium refinement Epsilon, which sends 40B e-mails annually on behalf of more than 2,500 clients, said a subset of its clients customer information was compromised by a data breach. Several prominent banks and retailers acknowledged that their customers information might be at risk

Strategic Change 2: challenges are impacting innovation External threats Sharp rise in external attacks from non-traditional sources Cyber attacks Organized crime Corporate espionage State-sponsored attacks Social engineering nternal threats Ongoing risk of careless and malicious insider behavior Administrative mistakes Careless inside behavior nternal breaches Disgruntled employee actions Mix of private / corporate data Compliance Growing need to address an increasing number of mandates National regulations ndustry standards Local mandates mpacting innovation Mobility Cloud / Virtualization Social Business Business ntelligence

Strategic Change 3: The attack surface for a typical business is growing at an exponential rate People Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers Structured Unstructured At rest n motion Applications Systems applications Web applications Web 2.0 Mobile apps nfrastructure 77% of firms feel cyber-attacks harder to detect and 34% low confidence to prevent 75% felt effectiveness would increase with end-to-end solutions Source: Ponemon nstitute, June 2011 6 31/10/11

Fitting it all together to provide dynamic Cyber /Compliance Analytics & Reporting Advanced Analytics autonomic attack pattern recognition machine and network speed deep packet inspection enables intuitive situational awareness Application Governance, Risk, and Compliance Management Composite COP (Multi-Environment) T nfrastructure Operations Domains Network Endpoint Maintaining A Trusted nfrastructure Key Foundational Elements Foundational Capabilities dentity & Access Sense & Respond Cyber acts on intelligence from advanced analytics enables automatic reconfiguration & re-provisioning Discover & Categorize nformation Assets * Common Operational Picture Establish & Manage Enterprise & Federated dentities Manage Access Counter nsider Threats Manage Privileged Ds End-to-end Apps Network Servers Endpoints Provide Physical Ensure Compliance with Policy 7 31/10/11

intelligence simplifies complex security problems and provides comprehensive business insight through the integration of optimized security controls and contextual information about people, data, applications, and infrastructure using deep analytics to identify, predict, and remediate T threats and enterprise risk Operational Context People Applications nfrastructure Business Context metadata threat info event info logs asset values Store / Warehouse Streaming Analysis Event Correlation Historic Forensics Real-time Analysis Predictive Analytics nsight Alerts Scores Metrics Trends Simulations Visuals Search Risk dentification and Posture Compliance Management Advanced Threat Detection nsider Threat and Anti-Fraud Protection Capture Analyze Act ntelligence is the Key 8 31/10/11

Addressing the Four Big Problems Areas D & Access Management Application Cyber SA & Vulnerability Management Continuous Monitoring 9 31/10/11

The opportunity 1 st Point of pain - f you cannot control your network, your adversaries will.. Threat Management Protection Cyber Mission Assurance dentity and Access Management (dam): used to positively identify a person or device on a network and manage that entity s access to the system resources based on the established identity. t must be in concert w/ NSTS s dentity Ecosystem and HSPD 12. Characteristics include: Established business process to manage personnel/devices and their associated digital identity from hire/acquisition through retire (end-to-end life cycle) ntegrated technologies that address the spectrum of scenarios in each stage of the identity life cycle Policies relating to the constraints and standards required to comply with regulations and business best practices Processes that specify the sequence of steps required to complete business tasks or functions Technologies that automate process, and enforce policies, to efficiently and accurately enhance business objectives The policy, process, and technology that have a built-in feedback loop to ensure compliance, effectiveness, & efficiency Confidentiality ntegrity Availability 10 31/10/11

The opportunity 2 nd Point of pain - Applications now provide the power and flexibility for performance. Are yours as safe as they are effective? Threat Management Protection Cyber Mission Assurance Application. used throughout an application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application. Characteristics include: Standardized and automated systems development life cycle methodology which includes assessing code, application security and controls Well defined enterprise assets, including what each application does with respect to the enterprise assets, a security profile for each application, identifying and prioritizing potential threats, and documenting adverse events and the actions taken in each case Continuous web application testing ERP security and controls SOA security strategy and architecture Application security services for cloud Confidentiality ntegrity Availability 11 31/10/11

3d Point of Pain - Knowledge of what and who are on your network, combined with the ability to effectively respond to problems give the assurance you control your cyber destiny. Threat Management Protection Cyber Mission Assurance Cyber Situational Awareness & Vulnerability Management. Provides visibility of all assets found on the organizational network, their status at any given moment, what may be threatening these assets or the data contained on them, and leads to machine speed actions that can lower the risk to the organization. Characteristics include: Full and dynamic inventory of network assets Monitor the security status of all assets and data Monitor the status of all patch and non-patch actions Prioritize remedial actions that need to be taken Oversee vulnerability remediation Execute vulnerability remedation Confidentiality ntegrity Availability 12 31/10/11

The opportunity 4 th Point of Pain - Continuous Monitoring has the single biggest potential for achieving real cybersecurity; ALL Federal clients need this. Threat Management Protection Cyber Mission Assurance Continuous Monitoring: detect and track governance, compliance, and risk associated with the security of an organization s information and technology through real time observation. Characteristics include: Unified policies, procedures, and guidelines mproved situational awareness through dash board reporting Rigorous metrics to determine effective defense against vulnerabilities & attacks Ongoing monitoring of activities, people, data, and programs rather than a static, snap shot in time Strategies that collect data, develop information and use knowledge to develop and maintain a dynamic defense Examining 100% of transactions and data processed in monitored applications and databases Secure products and architecture by design, rather than addon Confidentiality ntegrity Availability 13 31/10/11

DSCUSSON Thomas Varney Cybersecurity & Privacy BM Global Business Services 14 31/10/11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information