Managed Security Services Als je het doet moet je het goed doen. Peter Mesker CTO IT SECURITY IS TOPSPORT!
SecurePROTECT Managed Security Services security is een proces, geen product
De uitdaging Don t miss events No false positives No false negatives Under reacting Target, which last year was hit with a major data breach that exposed to hackers data on some 40 million credit and debit cards and personal data on another 70 million customers. The retailer acknowledged that it could have mitigated or even avoided the breach had it paid closer attention to alerts generated by the security monitoring tools. Computerworld, 14 march 2014 Over reacting US Agency Baffled by Modern Technology, Destroys Mice to Get Rid of Viruses In December 2011, the Department of Homeland Security notified the EDA that there was a possible malware infection within the agency s systems. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped sparing $3 million of equipment because the agency had run out of money to pay for destroying the hardware. www.arstechnica.com, 8 july 2013
De echte uitdaging Serendipity! Sifting through a lot of warnings underscores the need for protocols that help to figure out when and how to respond.! It becomes like the car alarms going off in a parking lot no one takes them seriously because generally there are too many false car alarms. And even if it was a real alarm, most people wouldn t know what to do about it, says Avivah Litan, vice president and distinguished analyst at Gartner Inc. She said she was aware of one bank that received an average of 135,000 alerts a day.! What are you supposed to do with that? You need to make security systems more intelligent with contextual data, Ms. Litan said. That way you can prioritize the alerts. The bank reduced its alerts to 5,000 a day by using Big Data, she said. Of those remaining alerts, the bank might look at the top 100.
Van reactief naar proactief
Quickscan Stappenplan! Incident Management Reactief! Vulenerability Management Detectief! Threat Management Proactief
NOC services Security Center Advanced SOC services 7x24 monitoring en alarmering Security announcements Signalering/monitoring Security analytics Device backup én restore Persoonlijke contacten Incident response Root cause analysis Customer dashboard Skilled Service Desk Malware analyse Penetration testing Firmware- en softwarebeheer Escalatieprocedure (email, SMS, telefoon) Intelligence feeds Virtuele security officer Configuratie- en versiebeheer SecureDAP & SecureSLA Log collectie en correlatie Support en changes Rapportage Vulnerability scanning Livescan Security Center rapportage 7x24 service expertise SecureSLA SecureDAP SDM
SecureLink services architectuur Klanten Klanten Klanten Omgeving klant A Omgeving klant B Events Events SecurePROTECT MSS Monitoring Error events Critical events Services portal Tickets Service Desk & Security Center Bugs RFEs RMAs Vendoren Vendoren Vendoren Omgeving klant C Events CMDB SLA (SN)
SecurePROTECT architectuur Error critical SecureLink Service Desk Offsite backup Master Primary Redundant Master Secondary Dashboard Centrale monitoring Critical SMS callcenter Lokale monitoring en rapportage & dashboard Lokale SMVA (+USM) Klant A Lokale SMVA (+USM) Klant B Lokale SMVA (+USM) Klant C SMVA = SecureLink Managed Virtual Appliance Infrastructuur klant
Lokale monitoring & alerting Security gateways IDS/IPS Web Proxy Load balancers Servers & endpoints DNS, DHCP, IPAM Ping SNMP polling SNMP traps Syslog Configs SMVA monitoring server Master Primary Master Secondary OS & apps Switches en routers Voorbeeld F5 SNMP trap DoS attack detected by Application Security Module Syslog/events/flows Severity: critical Syslogs USM Unified Security Management [SIEM, Vulnerability scanning, malware scanning, analyse, forensics] Use cases Alerts (human interpretation) Rapportage & dashboard
Wat bieden wij u?! Account team! Service Delivery Manager! Skilled Service Desk! Changes < 5 werkdagen! Spoedchanges < 4 werkuren! Incidenten Reactietijd <30 CTF <4u! Overeenkomst! SecureDAP! SecureSLA! Rapportage! Root cause en forensische analyse
De voordelen van SecurePROTECT! NOC en Advanced SOC diensten 7x24x365 monitoring, alerting & security analytics van uw volledige infrastructuur! Direct een hoger security niveau! Persoonlijke contacten Naast security analisten bestaat ons Incident Response Team ook uit security engineers die bekend zijn met uw infrastructuur Overzichtelijke en inhoudelijke rapportage! Lagere kosten! Altijd een up-to-date configuratie (lifecycle management)! SecureDAP en SecureSLA! Modulaire services! Customer portal en customer dashboard! Periodieke rapportage
Bedankt voor uw tijd. IT SECURITY IS TOPSPORT!