Effective Threat Management. Building a complete lifecycle to manage enterprise threats.



Similar documents
Current IBAT Endorsed Services

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Extreme Networks Security Analytics G2 Vulnerability Manager

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

Payment Card Industry Data Security Standard

Achieving SOX Compliance with Masergy Security Professional Services

Vulnerability Management

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

IBM Security QRadar Vulnerability Manager

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

How To Manage Security On A Networked Computer System

Continuous Network Monitoring

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

The SIEM Evaluator s Guide

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

What is Security Intelligence?

FIVE PRACTICAL STEPS

SANS Top 20 Critical Controls for Effective Cyber Defense

IBM Global Technology Services Preemptive security products and services

Enabling Security Operations with RSA envision. August, 2009

Cyber Situational Awareness for Enterprise Security

How To Protect A Network From Attack From A Hacker (Hbss)

Preemptive security solutions for healthcare

Managed Security Services for Data

Find the needle in the security haystack

Advanced Threats: The New World Order

IBM Internet Security Systems

Q1 Labs Corporate Overview

How To Protect Your Network From Attack From A Network Security Threat

Critical Security Controls

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Integrated Threat & Security Management.

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Obtaining Enterprise Cybersituational

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

IT Security Strategy and Priorities. Stefan Lager CTO Services

IBM Internet Security Systems products and services

Using SIEM for Real- Time Threat Detection

Clavister InSight TM. Protecting Values

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Attack Intelligence: Why It Matters

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Cisco Security Optimization Service

Extreme Networks Security Analytics G2 Risk Manager

End-user Security Analytics Strengthens Protection with ArcSight

QRadar SIEM and FireEye MPS Integration

24/7 Visibility into Advanced Malware on Networks and Endpoints

Security Information Management (SIM)

Cisco Remote Management Services for Security

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

IT Security & Compliance. On Time. On Budget. On Demand.

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

The Importance of Cybersecurity Monitoring for Utilities

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Der Weg, wie die Verantwortung getragen werden kann!

IBM QRadar Security Intelligence April 2013

Cisco Advanced Services for Network Security

Caretower s SIEM Managed Security Services

Ecom Infotech. Page 1 of 6

IBM Security IBM Corporation IBM Corporation

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Managed Security Services

Information Security. Incident Management Program. What is an Incident Management Program? Why is it needed?

Getting Ahead of Malware

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Passive Logging. Intrusion Detection System (IDS): Software that automates this process

Building a Web Security Ecosystem to Combat Emerging Internet Threats

PCI DSS Top 10 Reports March 2011

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

PCI DSS Reporting WHITEPAPER

How To Monitor Your Entire It Environment

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

2011 Forrester Research, Inc. Reproduction Prohibited

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

How To Ensure The C.E.A.S.A

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

IBM Security QRadar Risk Manager

IBM Security Intelligence Strategy

IBM SECURITY QRADAR INCIDENT FORENSICS

Transcription:

Effective Threat Management Building a complete lifecycle to manage enterprise threats.

Threat Management Lifecycle Assimilation of Operational Security Disciplines into an Interdependent System of Proactive and Reactive Processes Enhanced Security Posture Efficient Security Operations LURHQ Confidential 2

One System, Two Roles Proactive Processes Discover & Assessment Early Warning Reactive Processes Detection & Response Prevention Security Trending and Analysis Feeds Improving Lifecycle LURHQ Confidential 3

Threat Management Foundation People Dedicated Threat Management team Threat Research and Vulnerability Assessment Monitoring and Response Credentials Certifications (GIAC and others) Experience Processes Enterprise Remediation Threat/Vulnerability Prioritization, Accountability, etc. Incident, Vulnerability & Threat Handling Incident Categorization, Assessment, Response Vulnerability & Threat Identification and Response Technologies Best-of-Breed Security Infrastructure Vulnerability Management Encompassing Intelligence and Scanning Security Monitoring and Analysis Platform Real Time, Centralized Repository for Events, Threat Research, Vulnerabilities, etc Event to Event and Event to Vulnerability/Threat Research Capabilities Reporting LURHQ Confidential 4

Early Warning Threat Research Is A System to Discover, Prioritize and Respond to Emerging Threats Streamline Currently Inefficient Process by Integrating: Vulnerability Alerts from Vendors, BugTraq, etc. Internet-Wide Trending Analyses from DShield, etc. In-Depth Security Intelligence from Service Providers Aggregate and Prioritize Assign Accountability Workflow System to Track Remediation Efforts Result = Better Visibility into Threats Targeting the Enterprise LURHQ Confidential 5

Prevention 24X7 & Immediate Security Infrastructure Management Leverage Threat Research, Vulnerability Management and Monitoring Proactively Block Threats at the Firewall Tune IDS/IPS to Detect/Block Emerging Threats Properly Manage the Technology Lifecycle Replace Outdated Solutions Have Proper Procedures Around Updates Centrally Store Configuration Changes Result = A Dynamic Security Infrastructure Capable of Deflecting Constantly Evolving Threats LURHQ Confidential 6

Discovery and Assessment Continuous Vulnerability Scanning Conduct Vulnerability Scans At Least Once/Qtr for Critical Systems, Annually for Others Preferably Using Multiple Scanners Schedule Scans on Remote Hosts Aggregate and Prioritize Assign Accountability Workflow System to Track Remediation Effort Result = Snapshot of Enterprise s Risk Exposure LURHQ Confidential 7

Detection and Response Real-Time 24X7 Security Event Monitoring and Analysis Encompass Security Infrastructure and Critical IT Assets Discovery of Known and Unknown Threats Gain Complete Context Leverage Security Intelligence Platform s Event to Event and Event to Vulnerability/Threat Research Correlation Capabilities All Information At Your Fingertips Invoke Incident Handling Process Categorize, Assess and Respond Result = Seamless View of Enterprise-Wide Security Status and the Ability to Stop Attacks Before Damage is Done LURHQ Confidential 8

Trending and Analysis Reporting Across All Segments Based on Aggregated Threat Research, Vulnerability Scanning, Security Monitoring and Security Management Data Better Decision Making Improves All Other Segments Discover Over- and Under-Funded Areas of the Environment Provable Security On-Demand Reports for Management/Auditors/Others Result = Comprehensive Security Information for Constantly Improving Threat Management LURHQ Confidential 9

Technology Platform: Integration in Action Enterprise Security Monitoring, Threat Intelligence, Managed Intrusion Detection and Managed Firewall Technology People & Process firewall Negative Filter 4,989,950 firewall Non-Security Event No Action Required 75 IPS NIDS HIDS 5,000,000 events Sherlock Inspector and Inspector Agent Remaining Events of Interest Event Consolidation Positive Filter 10,050 500 Anomaly 10,000 50 Automated Analysis 200 Incident Handling Process: Aggregate, Correlate, Categorize, Assess Threat, and Respond Incident is logged for future correlation and reported, but no further action required. Low Threat Security Event Worm - Customer Not Vulnerable 75 Security Event Information Gathering 50 Incident requires near term intervention by LURHQ and/or the customer to prevent availability or security issue. Medium Threat server Non-Security Actionable 3 per week server server Security Event Human Controlled Exploit Attempt 1 per week Incident requires immediate intervention by LURHQ and the customer to prevent and/or remediate availability or security issue in progress. High Threat Process for Auditing, Trending, Scanning & Threat Intelligence LURHQ Confidential 10

Sasser Case Study: Integration in Action Vulnerability Released to Public Threat Research Rates the Threat High and Assigns Responsibility Vulnerability Management Illustrates the Extent of the Vulnerability s Presence Internally Threat Management Team Aware of Threat and Enterprise Exposure Exploit Released to Public Threat Research Analyzes Exploit Code Security Management Updates IDS Signatures to Look for Attacks Using the Exploit and Adds FW Rules to Block Incoming Traffic, if possible Security Monitoring Highlights Increasing Scan Attempts Worm Propagating Security Monitoring Enables Real-Time Detection Security Management Facilitates Immediate Protection Worm Threat Passed Trending Analyses Illustrates Most Infections Occurred Through VPN Trending Analyses Also Demonstrates Effectiveness of Enterprise s Security LURHQ Confidential 11

Benefits to Your Enterprise Threat Management s Bottom Line: Enhanced Security Posture More Efficient Use of Security Resources Better Visibility Into Enterprise-Wide Security Status On-Demand Reporting for Decision Support, Management and Auditors LURHQ Confidential 12

Conclusion Effective Threat Management Truly Integrates Proactive and Reactive Operational Processes Protection Discovery & Assessment Detection & Response Early Warning Aggregated Security Data Facilitates Trending and Analysis Constantly Improving Threat Management Lifecycle Results in Better Overall Security, Enhanced Operational Efficiency and Improved Decision Making LURHQ Confidential 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information