CONTINOUS COMPLIANCE. Shifting from checking the box to real-time threat detection and response Carbon Black. All Rights Reserved

Similar documents
Windows XP End-of-Life Handbook for Upgrade Latecomers

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

Continuous Network Monitoring

eguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success

End of Support Should Not End Your Business. Challenge of Legacy Systems

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

CORE Security and GLBA

FFIEC Cybersecurity Assessment Tool

Defending the Database Techniques and best practices

Securing OS Legacy Systems Alexander Rau

NEC Managed Security Services

Security Information Lifecycle

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Compliance Management, made easy

SecureVue Product Brochure

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

TRIPWIRE NERC SOLUTION SUITE

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

IT Security & Compliance. On Time. On Budget. On Demand.

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

How To Buy Nitro Security

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

Injazat s Managed Services Portfolio

The Onslaught of Cyber Security Threats and What that Means to You

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

End-user Security Analytics Strengthens Protection with ArcSight

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

eguide: Designing a Continuous Response Architecture Disrupting the Threat: Identify, Respond, Contain & Recover in Seconds

Defending Against Data Beaches: Internal Controls for Cybersecurity

Understanding Vulnerability Management Life Cycle Functions

Current IBAT Endorsed Services

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

Cybersecurity: What CFO s Need to Know

PCI Data Security Standards (DSS)

FINRA Publishes its 2015 Report on Cybersecurity Practices

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Navigate Your Way to PCI DSS Compliance

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

High End Information Security Services

White paper September Realizing business value with mainframe security management

Managing Business Risk

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Windows Server 2003 End of Support. What does it mean? What are my options?

Avoiding the Top 5 Vulnerability Management Mistakes

Information Security Services

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Payment Card Industry Data Security Standard

BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security

74% 2014 SIEM Efficiency Survey Report. Hunting out IT changes with SIEM

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

ICBA Summary of FFIEC Cybersecurity Assessment Tool

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

Total Protection for Compliance: Unified IT Policy Auditing

Real-Time Security for Active Directory

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

Logging In: Auditing Cybersecurity in an Unsecure World

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

LogRhythm and NERC CIP Compliance

Achieving Compliance with the PCI Data Security Standard

PCI Compliance for Cloud Applications

Cisco Advanced Malware Protection for Endpoints

Persistence Mechanisms as Indicators of Compromise

Integrated Threat & Security Management.

Attachment A. Identification of Risks/Cybersecurity Governance

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA

Time Is Not On Our Side!

Big Data, Big Risk, Big Rewards. Hussein Syed

Cybersecurity and internal audit. August 15, 2014

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

Host-based Protection for ATM's

Vulnerability Management

Top Ten Technology Risks Facing Colleges and Universities

Sarbanes-Oxley Compliance for Cloud Applications

Enterprise Security Solutions

PCI DSS 3.1 and the Impact on Wi-Fi Security

OCIE CYBERSECURITY INITIATIVE

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, One Connection - A World of Opportunities

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

North American Electric Reliability Corporation (NERC) Cyber Security Standard

The Business Case for Security Information Management

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

CyberArk Privileged Threat Analytics. Solution Brief

Leveraging a Maturity Model to Achieve Proactive Compliance

An Introduction to SIEM & RSA envision (Security Information and Event Management) January, 2011

Caretower s SIEM Managed Security Services

Developing National Frameworks & Engaging the Private Sector

Security Controls What Works. Southside Virginia Community College: Security Awareness

Data Security: Fight Insider Threats & Protect Your Sensitive Data

QRadar SIEM 6.3 Datasheet

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Transcription:

CONTINOUS COMPLIANCE Shifting from checking the box to real-time threat detection and response 2016 Carbon Black. All Rights Reserved

Version Control After I drink coffee I like to show the empty mug to the IT guy to tell him that I've Successfully installed JAVA. He hates me!

Agenda Continuous Compliance Introduction to the Compliance Objectives Current Vulnerabilities and Risks Current Compliance Reg s and Best Practice Compliance Frequent Use Cases Best of Breed Security Demo Show Casing Use Cases

Arm Your Endpoints and Achieve Continuous Compliance Real time Visibility of in-scope systems and events Control over critical changes and system events Active Intelligence to Measure risk and Prioritize events Complete Protection from ALL malware threats on every in-scope system and beyond Immediate Enforcement and Audit of security compliance policy and BAUs

Merge Compliance and Security CHALLENGE Compliance = Security Achieve Continuous Compliance and Strengthen Your Security Profile You must validate both compliance and security with controls that: 1. Identify, Classify & Scope and Critical Business Processes 2. Monitor & Prevent Change 3. Measure, Identify & Analyze Risk 4. Detect & Prevent Malware 5. Actively Enforce Policy 1. Real Time Visibility 2. Stop Analyzing Change and Start Controlling it 3. Active Intelligence and Always-on Monitoring 4. Complete Protection from ALL Malware Threats 5. Immediate Enforcement and Audit of Security Compliance Policy

Current Vulnerabilities and Hazards

Security Challenges Facing Every Company Today Traditional endpoint Prevention does NOT stop targeted attacks Malware threats continue to overwhelm traditional defensive techniques. Gartner Research Detection and Response take too long and cost too much Mean Time to IDENTIFICATION 256 days* Mean Time to CONTAINMENT 82 days* Compliance is an extraordinary burden and expense 71% Businesses fell out of compliance within a year of audit** *Ponemon Institute Research Report 2015 Cost of Data Breach Study: US Analysis ** Verizon 2015 PCI Compliance Report

Windows EOL XP and 2003 July 14 th 2015 58% of businesses do not have a fully mature patch management process in place, and 12% do not have a patch management process in place at all. * Trustwave 2014 State of Risk report Even if support package is purchased from MS you do not get the moderate and low patches only critically deemed ones.

Unsupported OS and Applications: Compliance The absence of vulnerability and security patches leaves businesses at risk for satisfying compliance requirements (PCI, HIPAA) and increases company wide LIABILITY. Examples: PCI Requirement 6.2: update all critical in-scope systems with the latest security patches within 30 days. HIPAA Sec. 164.308 (a)(1) Security Management Process Risk Analysis.

Cost of Support The estimated cost of premier support per 2K3 endpoint system is 3x cost of XP: *Taken from Microsoft yearly Premier Support $200 per PC for the first year = $600 $400 per PC for the second year = $1200 $1,000 per PC for the third year = $3000 Premier support provides: Critical patches only Important patches are available at an additional price. Historically, Microsoft labeled many patches as important that should have been labeled as critical No support for moderate-or low-priority security updates = Widening Threat Window

Windows Server 2003 End-of-Life Survey Completed in March 2015, based on 500 IT leaders at medium and large enterprises in the US and UK: 34% of organizations are still using a combination of Windows XP and Windows Server 2003. Another 10% of organizations continue to use Windows XP exclusively. 30% plan to continue to run WS2K3 after the July 14 deadline, leaving an estimated 2.7 million servers unprotected. 57% of enterprises do not know when the end of life deadline is. 14% of enterprises do not yet have an upgrade plan for WS2K3

No End to EOL Scenarios in Sight Operating System Windows XP Embedded SP3 Windows Embedded for Point of Service SP3 Windows Embedded Standard 2009 Windows Embedded POSReady 2009 EOL Date Jan 2016 Apr 2016 Jan 2019 Apr 2019

Third Party Risk Do you know TPISA? 68% of businesses transfer sensitive data between locations; 58% of businesses use third parties to manage sensitive data, yet almost half (48%) do not have a third-party management program in place. Trustwave 2014 state of risk report Things to consider in your TPISA Program: Full data lifecycle analysis GRC programs for managing risks and contract changes Escrow agreements and contract language SSAE16 standardized review and reporting Use cases and certifications

POS and ATMs Block executio n on every system Servers CNN Money ATM Bank Hacking Backend Servers Block executio n on every system Terminals Loyalty Servers Block executio n on every system Block executio n on every system Block executio n on every system Block executio n on every system Transactional Data servers Card Reader Payment Processors And Integrate Systems

Current Compliance Requirements and Best Practice Standards for Continuous Monitoring

Regulations with a Big Bite

The Compliance Impact Questions to Consider Is your organization held to any compliance regulations or standards? How does your organization validate and measure its compliance posture and risk to that posture? How does your organization control in-scope assets and collect compliance information? Does your organization use a 3 rd party assessment entity? Who is that entity, and what do they provide to help meet compliance?

PCI DSS 3.1 The Payment Card Industry Data Security Standard is designed to protect cardholder information. Compliance with PCI-DSS is mandatory for all organizations dealing with credit, debit and ATM cards, as defined by the PCI Security Standards Council. PCI-DSS is comprised of 12 major requirements that aim to considerably strengthen the security of the cardholder information that the organization manages and/or transacts. Cost of non-compliance or breach: Loss of credit card privileges Loss of brand confidence and image Financial loss due to reoccurring fines and penalties Financial loss due to re-assessment costs

PCI DSS is full of Opportunities 100% of Companies that were breached in 2015 were non-compliant 100% of Companies Were Failing Compliance 0 IN TEN YEARS Of all the companies investigated by our forensics team over the last 10 years following a breach, not one was found to have been fully PCI DSS compliant at the time of the breach.

Compliance PCI DSS Industries and Sectors Where you ll find PCI DSS: Retail / Finance / Healthcare Chain Restaurants Department / Large Stores Gas Stations, Convenience & Liquor Stores Hospitality / Resorts / Casinos Hospitals Pharmacies and Pharmaceutical Banks and Insurance Companies Educational Institutions

HIPAA The Health Insurance Portability And Accountability Act is designed to protect the confidentiality and security of patient information. HIPAA regulations were established to protect the integrity and security of health information, including protecting against unauthorized use or disclosure of the information. Cost of non-compliance: Civil and criminal penalties Financial loss due to fines even if the loss of data was not willful Investigations and internal audits in the event of a loss According to the Fifth annual Ponemon study research, the average cost of a data breach for healthcare organizations is estimated to be more than $2.1 million.

SOX/GLBA The Sarbanes-Oxley Act of 2002 requires all public companies and public accounting firms to show the auditors the accuracy of their financial reporting. SOX requires companies to implement processes and controls to protect financial data. Cost of non-compliance: Financial loss due to fines Criminal penalties including imprisonment Brand loss due to data leakage

Utilities and Government NERC/FERC CIP-005-1-R1.6 states that an electronic Security Perimeter should be established that provides... Monitor and Log Access 24X7X365. FISMA/FISMA 2 FISMA and FISMA 2 also require continuous monitoring activities that include configuration management and control of information system components, security impact analyses of changes to the system, ongoing assessment of security controls, and status reporting

Best Practices with a Big Bite

NIST and ISO NIST 800-53: ISO/IEC 27001: describes automated inspection items in connection with a CA-2 (security assessment), CA-4 (security certification) and CA-7 (continuous monitoring and vulnerability detection) continuous monitoring program. provides a description of an information security management system that calls for continual process improvement in information security. To accomplish this goal, an organization must continuously monitor its own security-related processes and improve according to feedback from objective measurements

FFEIC Handbooks Monitoring and Response Security Monitoring: Financial institutions should gain assurance of the adequacy of their risk mitigation strategy and implementation by monitoring network and host activity to identify policy violations and anomalous behavior; Monitoring host and network condition to identify unauthorized configuration and other conditions which increase the risk of intrusion or other security events; Analyzing the results of monitoring to accurately and quickly identify, classify, escalate, report, and guide responses to security events; and Responding to intrusions and other security events and weaknesses to appropriately mitigate the risk to the institution and its customers, and to restore the institution's systems.

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Inherent Risk Profile Low Inherent Risk Minimal Inherent Risk Moderate Inherent Risk Significant Inherent Risk Most Inherent Risk Cybersecurity Maturity Domain 1: Cyber Risk Management & Oversight Domain 2: Threat Intelligence & Collaboration Domain 3: Cybersecurit y Controls Domain 4: External Dependency Managemen t Domain 5: Cyber Incident Management and Resilience

Benefits to Institutions Identifying factors contributing to and determining the institution s overall cyber risk Assessing the institution's cybersecurity preparedness. Evaluating whether the institutions cybersecurity preparedness is aligned with its risks Determining risk management practices and controls that could be taken to achieve the institutions desired state of cyber preparedness Informing risk management strategies.

How to use the CAT

SANS Top 20 Controls CIS Critical Security Controls for Effective Cyber Defense Now 20 controls on actionable ways to prevent cyber attacks. Realized need for continuous monitoring and detection. Provide quick wins on how to achieve a majority of the control to combat the vulnerability.

Frequent Compliance Uses Cases

Compliance Use Case: File Integrity Monitoring and Control Compliance Area PCI-DSS HIPAA SOX/GLBA NERC-CIP CSC 20 Aus DOD 35 Ideal Solution Satisfies the requirement outright for multiple Regulations and Best Practices Best of breed Security Narrow your scope and identify critical change

Compliance Use Case: Proactive Monitoring of Endpoints for Events and Incidents Ideal Solution Compliance Area PCI-DSS HIPAA SOX/GLBA NERC-CIP Augments many individual requirements in many regulations Helps consolidate overlapping technologies Best of Breed Security Continuous monitoring for real time threat alerts and prevention.

Compliance Use Case: Replacement or augmentation (compensating control) for malware protection Compliance Area PCI-DSS HIPAA SOX/GLBA NERC-CIP Ideal Solution Can be used to replace AV or to re-enforce protection and compliance Protection as certified Compensating Control Best of Breed Security Next Gen Endpoint security Block all unknown and bad from running

Compliance Use Case: Enforcement and protection of unsupported systems Compliance Area PCI-DSS HIPAA SOX/GLBA NERC-CIP CSC 20 ISO 27001 Ideal Solution Goes above and beyond original security requirement for EOL Compliance cycle post migration Best of Breed Security Lock down legacy systems in High enforcement Monitor and alert on policy in real time

Best of Breed Compliance Security

Leverage Security Controls for Clarity of Regulatory Policy Visibility and control Eliminate the noise associated with monitoring controls like File Integrity Monitoring and immediately identify critical changes Proactive analysis of risk on in-scope endpoints Proactive monitoring for of regulatory scope - Gain immediate Risk, threat and trust measure across the entire enterprise Positive posture or trust-based malware protection Replacement and enhancement of malware protection - Eliminate the burden of negative technologies and the maintenance associated Enforcement and protection of all in-scope systems in-scope - BA and CE Ensure total enforcement, compliance, and audit with security policy; Move from patch mitigation to threat mitigation

From Checking the Box to Becoming Innovative in Security Level 1 Vulnerable Level 2 Reduced risk Level 3 Strong posture Level 4 Best protection Visibility Detection Prevention Response Integration None AV signatures Only detects known malware AV signatures Only stops known malware Reimage machines No root cause analysis None Silos Polling, scanning Reputation data Algorithms Remove admin rights Basic whitelisting Anti-exploitation Manual root-cause and scope analysis Post-mortem forensics Alerts, logs consolidated in SIEM Real-time visibility & continuous recording of endpoint state Single-source threat intelligence Simple indicators Custom bans Automated rootcause and scope analysis Data correlated with network security, SIEMS, etc. Real-time visibility & continuous recording of endpoint activity Aggregated, multivendor threat intel Patterns and behavior Policy-based defaultdeny Customizable forms of prevention Attack disruption & containment Automated remediation Customized integration via open APIs

Every second counts Continuously record, centralize and retain activity from every endpoint Record: Continuous, always on, never sleeps, because you can t know what is bad ahead of time. Collect: The right data, based on our offensive security expertise. Registry modifications File modifications Copy of every executed binary Cross-process events Network connections File executions Centralize: Stream all data to an aggregated system-of-record. Single source of truth. Manage as key IT asset. Retain: Persistent history of attacker s every action, root cause, patterns of behavior. Non-Intrusive: Never impact endpoint or user. Benefits: Visibility. Know what s happening on every endpoint. Scope an incident in minutes. Historical traceability for investigations. Apply new detection rules retrospectively. Track an attacker s every action

Discussion Before Demo

Continuously Proactive Continuous measuring and monitoring of the operational benefits of compliance drives increased understanding and support for data protection, compliance, and eventually the acknowledgment that compliance can make a substantial contribution toward more effective business management. How do you put a value on compliance? Unlike many business investments, the ROI of compliance may not be immediately obvious in terms of bottom-line benefits. * Verizon Report 2015

Value Proposition for Continuous Monitoring Security Immediate visibility into everything running in your environment to prevent, detect & respond to threats that evade traditional security defenses Mitigate weakness in third-party applications Go beyond scanners point in time snapshots & signatures to prevent alert fatigue, identify threats in real-time & rapidly respond Eliminate the risk from malicious, illegal and unauthorized software. Compliance Compliance governing automation Support for legacy, orphaned, or end-of-life application & operating systems No need for scans or other performance burdensome procedures Aggregate big data to relieve data fatigue integrate your data to personalize compliance stance in real time

Questions?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information