Building Resilience in a Digital Enterprise Transforming from compliance to risk management

Similar documents
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

McAfee Security Architectures for the Public Sector

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Threat Intelligence: The More You Know the Less Damage They Can Do. Charles Kolodgy Research VP, Security Products

Cybersecurity Strategic Consulting

L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Industrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk

Advanced Threats: The New World Order

How To Create An Insight Analysis For Cyber Security

Advanced Threat Protection with Dell SecureWorks Security Services

Protecting against cyber threats and security breaches

Teradata and Protegrity High-Value Protection for High-Value Data

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

White Paper. Emergency Incident Response: 10 Common Mistakes of Incident Responders

Cyber Security Evolved

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Secure Your Success. Intel Security Partner Program

The Path Ahead for Security Leaders

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Comprehensive Advanced Threat Defense

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

McAfee Server Security

Integrating MSS, SEP and NGFW to catch targeted APTs

Middle Class Economics: Cybersecurity Updated August 7, 2015

Address C-level Cybersecurity issues to enable and secure Digital transformation

Gaining the upper hand in today s cyber security battle

Rethinking Information Security for Advanced Threats. CEB Information Risk Leadership Council

Enterprise Security Tactical Plan

Enterprise Security Platform for Government

RETHINKING CYBER SECURITY

Breaking the Cyber Attack Lifecycle

FFIEC Cybersecurity Assessment Tool

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cybersecurity and internal audit. August 15, 2014

Cybersecurity on a Global Scale

Understanding the NIST Cybersecurity Framework September 30, 2014

Accenture Cyber Security Transformation. October 2015

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)

Attack Intelligence: Why It Matters

How To Buy Nitro Security

Cybersecurity Enhancement Account. FY 2017 President s Budget

A Primer on Cyber Threat Intelligence

WRITTEN TESTIMONY OF

The Next Generation Security Operations Center

Defending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014

EEI Business Continuity. Threat Scenario Project (TSP) April 4, EEI Threat Scenario Project

Cyber security Building confidence in your digital future

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Into the cybersecurity breach

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

Cybersecurity The role of Internal Audit

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

Managing cyber risks with insurance

Increase insight. Reduce risk. Feel confident.

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

McAfee Network Security Platform Services solutions for Managed Service Providers (MSPs)

Report. Needle in a Datastack Report

Defending Against Data Beaches: Internal Controls for Cybersecurity

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

IBM SECURITY QRADAR INCIDENT FORENSICS

RETHINKING CYBER SECURITY

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

BigData Analytics per la sicurezza delle Infrastrutture Critiche

20+ At risk and unready in an interconnected world

Cybersecurity Delivering Confidence in the Cyber Domain

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

HP Fortify Software Security Center

Continuous Network Monitoring

MEETING CSIP OBJECTIVES WITH AN AUTOMATED AND PREVENTIVE SECURITY APPROACH

Optimizing Network Vulnerability

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Cyber Information-Sharing Models: An Overview

IBM Security Intelligence Strategy

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

are you helping your customers achieve their expectations for IT based service quality and availability?

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

Cisco Advanced Malware Protection for Endpoints

After the Attack. The Transformation of EMC Security Operations

Enterprise Cybersecurity: Building an Effective Defense

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Operational Lessons from the RSA/EMC CIRC: People, Process, & Threat Intel

Solutions Brochure. Security that. Security Connected for Financial Services

Stay ahead of insiderthreats with predictive,intelligent security

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

The Business Case for Security Information Management

Transcription:

Building Resilience in a Digital Enterprise Transforming from compliance to risk management Risk Management Builds Resilience To be successful in business today, an enterprise must operate securely in the cyberdomain. We re in a period of unprecedented change where transformation and disruptive technologies are the new constant. This transformation and disruption are having a profound effect on security perception and architecture within the business. Security is recognized as an essential element to managing the risk caused by disruption. More importantly, organizations realize that resilience is necessary to take advantage of the innovation made possible by transformative technology. Operating reliable digital services and safeguarding sensitive data are essential to establishing trust with customers and maintaining business continuity. Many organizations today have established a good foundation of cyberdefense within their enterprise. That foundation was primarily compliance-driven and built on best practice or industry regulation. As the risk from targeted threats continues to grow, organizations are seeking more value from their security investments and looking to embed cybersecurity decisions into the normal risk management process of the business. Organizations are looking to embed security into the culture and enterprise architecture of the business to ensure its resilience for the long term and reap the benefits of the current revolution. Building a strategy for resilience by growing capability towards a trusted level will help ensure sustained business continuity in the face of any threat. Decreasing Time to Protect Capability Data-Centric Balanced Controls Threat-Focused Security Intelligence Strategy Continuous Operations COMPLIANCE FOCUS Operational Level Intelligence-driven cybersecurity focused on balanced defense-in-depth to protect business continuity and sensitive information INTELLIGENCE DRIVEN Foundation Level Compliance-driven cyberdefense capability focused on preventative defense-in-depth and information assurance fundamentals BUSINESS ALIGNED Trusted Level Business-focused, balanced data-centric cybersecurity capability focused on measurable business value and speed of action Capability Measurable Real-Time Operations Security Built In Executive Sponsorship Culture of Security Increasing Decision Speed, Efficiency, and Business Value Figure 1. Strategic steps to build a cyber resilient business environment.

This capability roadmap defines the journey an organization can take to operationalize security and move towards a resilient business environment. A digital enterprise faces a number of challenges to move along this journey. The first challenge is attack speed and sophistication. A typical targeted attack may have taken months of planning but typically only takes a few hours to complete. This presents a serious challenge to defenders who have to prevent and respond at the speed of the network. Unfortunately, breaches usually aren t discovered for weeks, as lack of continuous monitoring, compounded by an incomplete sensor grid and insufficient threat intelligence, slows speed of response. Enterprise security operations are faced with analysing millions of security events and suspicious files to find targeted threats. Often this analysis is manual or short-term, which greatly reduces the scope and speed of the response process. It is increasingly important to fully integrate sensor technology with automated malware analysis capability and intelligence to produce highfidelity indicators. The more accurate the initial indicator, the faster security operations can respond to an attack. The second challenge is prioritization. With so many different operating environments and budgets tight, where does an organization prioritize their security investments? A key tenet of operational level security is Offense informs defense. In other words, prioritize security investments to protect sensitive data from targeted threat actors. Several models exist that define these methods, and they can be used to maximize the effectiveness of balanced security control investments. The following sections describe those models, as well as several critical building blocks, to help a digital enterprise grow their cybersecurity maturity to an operational level and become more cyber resilient. Data-Centric Business For business, it is all about the data. Enterprises cannot move fast enough to create new value from Big Data and analytics. However, in security, we are still too device-centric in terms of protection. To manage the risk against targeted attacks, an organization must shift focus from protecting devices and networks to protecting data. That is the only way a digital enterprise can both enable the business and be more effective at managing this risk. There are two general processes to datacentricity in security. First, identify high-value data assets, and second, put a ring fence around them. Identifying sensitive data can difficult. However, almost all enterprises can be broken down simply into three data operating environments: traditional, operational, and supplier. Hybrid Data Center Traditional Business Data Public Cloud Data Center Private Data Center Mixed Data Sensitivity Operational Business Data Figure 2. Today s data centers. Building Resilience in a Digital Enterprise 2

The traditional environment is typically the office environment, with applications like ERP and finance holding the most valuable data. The operational environment typically represents mission-critical systems and houses critical intellectual property. The supplier environment can be external cloud providers or other business partners. The interconnectivity between the different operating environments creates security dependencies that increase the risk of data loss. This process establishes a baseline of data awareness and supports increasing levels of control based on system criticality. Secondly, an organization must break down the information silos and learn to use data more effectively to identify a risk from an external or internal attacker much faster. With this foundation in place, an organization can monitor behaviour patterns and potential violations that could signal a need for intervention or incident response. Balanced Controls For many years, most enterprises focused on prevention as the only means of cybersecurity. Organizations deployed a varied set of security technologies and operated them independently. However, targeted, persistent threats, whether insider or external, are multifaceted problems a one-dimensional approach to security increases the risk to the business. To be resilient, an enterprise must adopt a balanced, continuous approach to cybersecurity and grow their capability to anticipate, identify, prevent, detect, respond, and recover from incidents in the cyberdomain. IDENTIFICATION PREPARATION, READINESS assessments. REMEDIATE root cause and long term effects. RECOVERY PROTECTION PREVENT, DISRUPT, DETER attackers or violations. VALIDATE, CONTAIN an incident quickly. RESPONSE DETECTION DISCOVER, ANALYZE an attack or potential attacker. Figure 3. A balanced approach to enterprise security increases resilience. The NIST cybersecurity framework describes the key capabilities needed to balance security. The framework is a compilation of risk-based guidelines to help an organization assess current capability and prioritize future investment to meet goals. In addition to the NIST framework, the SANS Top 20 Critical Security Controls provide a highly focused set of cyberdefense actions based on collective community input that will help mitigate many common and targeted threats. The combination of NIST Cyber Security Framework with SANS Critical Security Controls provides an excellent roadmap of impactful security actions. Building Resilience in a Digital Enterprise 3

Threat-Focused According to the SANS Critical Security Controls, one of the key tenets of an effective a cyberdefense program is Offense Informs Defense. The adversary attack chain is an example of how offense can inform cyberdefense. These models closely replicate the tactics, techniques, and procedures used by an attacker to steal sensitive data, plant destructive malware, or gain a foothold for later actions. By understanding the adversaries methods, an enterprise can prioritize cyberdefense investments to those that have the most impact on risk reduction. EXTERNAL THREAT MODEL WEAPONIZATION EXPLOIT ESCALATION IMPACT RECON DELIVERY COMMUNICATION MOVEMENT INSIDER THREAT MODEL TIPPING POINT SEARCH STORE COVER RECRUITMENT RECON ACQUIRE EXFILTRATE Figure 4. External and insider threat models. The earlier an attack is prevented or detected, the less risk to the business. However, as an attacker moves through the chain, it becomes increasingly more difficult to prevent or detect the activity. An enterprise can reduce the risk of a targeted external threat having an impact by focusing anti-malware preventive and detection controls against the middle stages of the attack chain. Additionally, an enterprise can leverage the attack chains to measure real security capability. Each step represents an area where a control can be employed to reduce risk. As stated above, an organization can use various cybersecurity control frameworks, such as those developed by NIST or SANS, to match requirements against each stage in the attack chain. The following chart loosely maps the two frameworks to the stages of the external threat attack chain. NIST SANS CSC Attack Chain Stages Prepare SANS CSC 1, 2, 3, 4, 9, 10, 17, 19, 20 All Stages Prevent SANS CSC 5, 7, 11, 12, 13, 15 Delivery, Exploit Detect SANS CSC 5, 14, 16, 18, 20 Exploit, Communication, Movement Respond SANS CSC 8, 18, 20 Exploit, Communication, Movement Recover Impact Table 1. NIST and SANS frameworks mapped against attack chain stages. By mapping to the attack chain, an organization can identify its security gaps and prioritize its investments to have the most impact on risk reduction. Building Resilience in a Digital Enterprise 4

Maximize the Use of Intelligence Statistically, an attacker only needs a few hours to obtain a foothold and extract critical data. However, more than 65% of these attacks took months to discover, and most enterprises were informed of the attack from external sources. The core problem is that customers lack a capability to generate and integrate security intelligence effectively. The proper use of intelligence will improve the effectiveness of security operations and increase the speed of response against targeted threats. To efficiently deliver this capability, an organization must understand the intelligence process of collection, integration, and exchange; integrate global, community, and local intelligence sources for full operational capability; and properly employ strategic, tactical, and operational intelligence to maximize decision-making speed. Focus intelligence on open or global sources to anticipate a potential threat. Focus intelligence on global, community or local technical indicators of compromise to help prevent or detect loss of data. WEAPONIZATION EXPLOIT ESCALATE THEFT RECON DELIVERY COMMUNICATION MOVEMENT Focus intelligence on global, community, or local technical indicators of compromise to help prevent or detect an attack early. Figure 5. Focusing security intelligence improves security operations and response time. The above chart represents a potential way to prioritize intelligence investments and integration. Focusing intelligence capability against the attack chain models will maximize effectiveness to identify threats early and reduce the risk to the business. Continuous Security Operations Building resilience requires an evolution in security operations capability. At a foundation level of capability, security operation is typically focused on consolidation of security events and developing an initial incident response capability. To address targeted threats, security operations must evolve to a continuous operation that is focused on assessing readiness, acquiring and integrating threat intelligence, and increasing the speed of threat response capability. Analytics Intelligence Sensors Infrastructure Derive insights from data, malware, and systems Trusted global, community, and local sources Sensors for key attack vectors Secure network and platform Infrastructure People Process Trained analysts and forensic specialists Threat response, intelligence, and readiness assessment Key CIRC Capability Building Blocks Figure 6. The building blocks of security resilience. Building Resilience in a Digital Enterprise 5

Increasing the speed and capacity of security operations requires more efficient use of technology to handle complex analytic tasks. Organizations are faced with analyzing millions of security events and suspicious files to find a targeted threat. Often this analysis is manual or short-term, which greatly reduces the scope and speed of the response process. It is increasingly important to fully integrate sensor technology with automated malware analysis capability and intelligence to produce high-fidelity indicators. The more accurate the indicator sent from the sensor grid, the faster security operations can respond to an attack. Automating some of the complex malware analysis tasks will produce valuable intelligence and increase the capacity of security operations to handle more threats. Increasing the speed of response requires having visibility over all the business operating environments and the ability to contain an attack over multiple vectors. Centralizing real-time data correlation and analytics will reduce time to identify and contain an attack while enabling new insights about network, system, and user behaviour that may address other problems. Summary Resilience is an evolution, not a single product, process, or technology. Resilience is also business objective. This strategy document defines some the critical building blocks along the journey towards a resilient and trusted digital enterprise. We are in a period of unprecedented change where transformation and the disruption that can arise from it are the new constant. This transformation and disruption are having a profound effect on security perception and architecture within the business. Intel Security solutions can help the digital enterprise manage risk in the cyberdomain by providing balanced controls across business operating environments and increasing the speed and capacity of cyberdefense to manage the risk from targeted threats. By leveraging Intel Security solutions and connected architecture, an organization can improve resilience and confidently move in new business directions. Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2015 McAfee, Inc. 61686brf_compliance-risk-mgmt_0315_ETMG McAfee. Part of Intel Security. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.intelsecurity.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information