A Case for Host-based Information Security
|
|
- Cody Ford
- 6 years ago
- Views:
Transcription
1 Technology Concepts and Business Considerations Abstract This white paper considers the information security mindset from protecting the perimeter to redefining the IT ecosystem with the goal of attaining more granular control over more assets, which leads to more effective and efficient IT operations and compliance auditing. August 2009
2 Copyright 2009 EMC Corporation. All rights reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com All other trademarks used herein are the property of their respective owners. Part Number h6501 Technology Concepts and Business Considerations 2
3 Table of Contents Executive summary...4 Introduction...4 Audience... 4 Defining perimeters and IT ecosystems...4 Examining computer attacks...7 Controlling and monitoring hosts...7 Conclusion...9 Technology Concepts and Business Considerations 3
4 Executive summary Most of today s IT environments contain a vast array of different technologies: server and workstation platforms (Microsoft Windows, UNIX, Linux), network devices such as routers and switches, securityspecific network devices like firewalls and intrusion-detection systems, and numerous applications and databases. From an information security perspective, what do we focus on protecting given that we have limited time and resources? The obvious answer is everything but that s not practical. The next-best answer is the most critical and sensitive resources. This is likely to be the right answer, but it only answers the what question. What about the how of getting this accomplished? There are a number of ways to approach the problem, but a shift in paradigm can help us to see things differently. First, consider computer-related attack scenarios. Except for denial-of-service (DoS) attacks that affect availability and passive attacks that include sniffing, passive scanning, or OS/application analysis and man-in-the-middle (MiTM) scenarios, every single computer-based attack targets something on a host platform. Whether the attack focuses on application vulnerabilities, database pilfering, flaws in a service or OS/add-on component that grants access, or any other chink in the armor, the ultimate goal is to gain access to a host and/or its data stores. Next, consider that the more control you have over the object of an attack, the higher the likelihood that you can directly prevent and detect the attacks by decreasing the attack surface through hardening, patching, and monitoring. Introduction This white paper considers the information security mindset from protecting the perimeter to redefining the IT ecosystem with the goal of attaining more granular control over more assets, which leads to more effective and efficient IT operations and compliance auditing. Audience This white paper addresses IT operations managers, IT security managers, and those with server configuration management responsibilities in large-scale IT environments. Defining perimeters and IT ecosystems Traditional security best practices specify that security teams should detect threats as far out as possible, toward the network perimeter. When the threat is detected closer to the host, the options for prevention and remediation are fewer since the enemy is at the gate. This is certainly a good approach by detecting and responding to threats as soon as possible, the likelihood of a successful compromise is reduced. However, there is another way to think about our IT environments: as ecosystems with varying degrees of control. The first type of ecosystem is the macro environment, or the IT infrastructure as a whole. This includes all components within IT desktops, servers, applications, network devices, and so on. Often, IT security tends to focus on protecting this by placing security monitoring and controls at strategic locations throughout the environment. Examples include firewalls at the perimeter and network segmentation points; intrusion-detection sensors at ingress points, DMZs, and other sensitive areas; and vulnerability scanning engines placed where they can assess major subnets. Technology Concepts and Business Considerations 4
5 Figure 1. Macro IT ecosystem with controls This macro level of IT infrastructure is characterized by several major considerations for IT security professionals: Hosts: Each server and network device represents a system that must be configured, managed, and protected. Each of these systems may behave somewhat independently of the others. Networks: Networks need to be planned and designed to support the traffic volume within the infrastructure, and should be segregated to allow maximum control over major points of connectivity. Services and Applications: The services and applications that reside on the hosts will interact with other systems and applications in a variety of ways. Behavior: The sum total of all systems interacting within a network environment leads to behavioral patterns and trends that can and should be monitored. Although this is a simplified view of the environmental aspects to consider, it underscores the point that viewing information security at the macro level is difficult, with many different moving parts to protect. For this reason, it s beneficial to plan a security strategy at the micro level, where each host system is a miniature ecosystem unto itself and security professionals can exert a greater degree of control. In fact, although the response time may be reduced as attacks get closer to the host, the degree of control for protecting the system and its data actually goes up, as shown in Figure 2. Technology Concepts and Business Considerations 5
6 Figure 2. Security control increases closer to the host Most platforms and systems have a number of common attributes: Network connection(s) ingress/egress points File systems Users, groups, and roles/rights Services and/or applications that run on or within the system Platform components such as registry keys and kernel parameters and files Figure 3. Micro IT ecosystem (hosts) In addition, most large IT environments have some degree of homogeneity, or similarity across numbers of systems. There may be six different standard Windows desktop builds, but these six builds account for the Technology Concepts and Business Considerations 6
7 configuration of 30,000 workstations globally. There are likely some similar standards in place for Web servers, file servers, routers and switches, and so on. Examining computer attacks There are several major categories of attacks against computers and networks: Exploits of services and applications: Vulnerabilities in the code of platform services or applications that reside on the platforms are exploited locally or remotely. This grants attackers access to data and provides a pivot point from which to launch further attacks within the network. Denial-of-service (DoS): These can be localized or network-based. In the case of local DoS attacks, an attacker attempts to consume all available resources on a system, rendering it unavailable. In a network-based DoS attack, network capacity is reduced by large quantities of traffic. A related case is local or remote attacks specifically against network devices, causing the flow of traffic through them to be impeded. Passive attacks: Passive attacks are primarily focused on information gathering. Sniffing network traffic and routing communications through a man-in-the-middle (MiTM) are examples of passive attacks. These are then leveraged to execute additional attacks except in the case of purposeful data theft and interception in this case, a passive attack could satisfy the entire goal. Although there are certainly other types of attacks, most of them derive from one of the three listed here. In reviewing these attack types, most of them (not network-based DoS) have one thing in common: They focus on the host. The host is where data is stored, applications and services are running, and vulnerabilities are likely to occur. Manipulation of network traffic in transit is possible, but that simply implies that an attacker has too much access to network conduits, perhaps by gaining access to a switch or some other means. An attacker who has bypassed network access controls to gain entrance to a network ecosystem cannot hide on the network this simply isn t possible. There must be an endpoint that is compromised to provide shelter to an attacker. In addition, unless DoS is the intent, an attacker s goal will always be related to a host in some way: data in a database or stored in a file system, user accounts that provide access to hosts, application access, and so on. Controlling and monitoring hosts Given the types of perimeters defined earlier, as well as the proclivity for host-focused attacks, information security professionals should first attend to the micro ecosystems in their environments. By effectively securing and monitoring each host, security teams can be assured that systems, applications, and data are protected as close to the source as possible. This seems to fly in the face of tried-and-true security best practices, though shouldn t we focus on security measures as far away as possible, to provide maximum detection and reaction time? Although traditional network security measures are a vital component of any organization s overall security strategy, the answer is no. We should focus first and foremost on securing and monitoring hosts. As far back as 2004, Gartner s John Pescatore wrote that [b]usiness-critical platforms require host-based security to protect the expanding enterprise perimeter. 1 The perimeter is still expanding so why hasn t this become gospel? The main reason why effective host-based configuration, security, and monitoring practices aren t commonplace is simple: We think it s hard. It s much easier to place several firewalls and intrusiondetection sensors at points in our networks, make sure they can see traffic, tune their rulesets a bit, and then monitor a console. Securing tens of thousands of hosts? Much more difficult, we think. Additionally, the number of configuration items (CIs, in ITIL parlance) for a modern OS or application can be staggering. A single Windows server might have upward of 80,000 knobs that could be turned. How can we manage this many options? 1 It s Time for Host-Based Security Platforms, Technology Concepts and Business Considerations 7
8 The answer is configuration management. There are several key components to a sound configuration management strategy: A low-overhead agent on each system: Although no one likes agents, having unfettered local access to all resources within the host ecosystem is critical to visibility and control of each configuration item on the host. Standards: Trying to decide exactly how to configure each host and application can be daunting. For this reason, it s important to leverage existing best-practices standards such as those from the Center for Internet Security 2 and the Defense Information Systems Agency (DISA) 3, and vendor-specific guides from Microsoft, VMware, and others. Patching: A simple and automated patching mechanism is one of the cornerstones of vulnerability and configuration management disciplines. There are simply too many vulnerabilities in most modern software packages to leave this to chance. Discovery: The macro ecosystem is dynamic, constantly changing. To maintain a reasonable inventory of hosts, some sort of discovery/scanning mechanism is needed to ensure hosts are quickly identified and brought under centralized management as soon as possible. Change Management: The No. 1 cause of downtime and incidents within organizations is unplanned change. This could be due to malware infections, equipment failure, a deliberate malicious action, or simply someone in a hurry who circumvents approved change management processes. Whatever the case may be, integrating configuration management into a well-defined change management workflow will allow systems and security administrators to keep up with changes that are supposed to happen, while quickly disallowing and rolling back those that aren t supposed to happen. Centralized monitoring and control: Without the ability to centrally manage all the host configuration details, the question of how we ll effectively manage the micro ecosystems becomes problematic. Therefore, all local system agents should report to a central system where administrators can monitor host status, identify configuration items that are out of standard or don t match policies, and make those changes from within the console. This console should integrate with change management systems to ensure continuity of actions within the macro environment. There are many more aspects of configuration management that could be listed, but these are the primary ones that pertain to information security. For example, if a new exploit is released that compromises systems missing a certain Microsoft Windows patch, security teams are much better served by determining which systems aren t patched and configured properly in a console than waiting for exploit attempts to be detected on the network. With one query, all hosts could report whether a specific configuration item was properly instituted, allowing security professionals to implement those changes and defend all the hosts. By focusing further out at the network perimeter, you can detect and/or block these attack attempts, but what happens if the exploit keeps changing? Keeping up with network intrusion signatures is a much less effective approach than simply finding and fixing the problem at the host level. Again, this isn t intended to dissuade anyone from implementing network security measures however, focusing on these at the expense of the host is a losing battle Technology Concepts and Business Considerations 8
9 Conclusion As part of a complete infrastructure security strategy, it s important to realize that the ultimate goal of any security program is to protect sensitive data. This data, although possible to intercept or modify in transit, is largely maintained and accessed on host systems; thus, the need for a strong host-based configuration management and security program is paramount. The number of controls that can be implemented and modified on each host is steadily increasing as platforms grow in complexity. This flexibility also comes with a downside: Administrators and security professionals need to keep up with best practices on configuring and maintaining the myriad options available on each system. Once a strategy is in place for securing and configuring hosts, however, this focus on the micro IT ecosystems within the environment will pay dividends by allowing much more granular security controls to be implemented. Although response times to traditional attacks may decrease (assuming perimeter and network security tools fail), in most cases this won t matter if the systems are properly patched and configured. Technology Concepts and Business Considerations 9
Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationDevice Discovery for Vulnerability Assessment: Automating the Handoff
Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationThreat Centric Vulnerability Management
Threat Centric Vulnerability Management Solution Brief When it comes to vulnerability management, security leaders continue struggle to identify which of the thousands even millions of vulnerabilities
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationA GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING
A GUIDE TO 12 CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING There is a major difference between perceived and actual security. Perceived security is what you believe to be in place at
More informationZero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection
Zero Trust on the Endpoint Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection March 2015 Executive Summary The Forrester Zero Trust Model (Zero Trust) of information
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationSpecialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationThe Convergence of Security and Compliance
ebook The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction....3 Positive versus Negative Application Security....3
More informationRED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.
RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationPROTECTING THE ENTERPRISE FROM BLUEBORNE
PROTECTING THE ENTERPRISE FROM BLUEBORNE WHITE PAPER 2017 ARMIS OVERVIEW The newly discovered BlueBorne attack vector presents a new set of challenges for enterprises and their security teams. BlueBorne
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationEndpoint Security and Virtualization. Darren Niller Product Management Director May 2012
Endpoint Security and Virtualization Darren Niller Product Management Director May 2012 Table of contents Introduction... 3 Traditional Security Approach: Counteracts Virtual Performance Gains... 3 Agent-less
More informationPRACTICAL NETWORK DEFENSE VERSION 1
PRACTICAL NETWORK DEFENSE VERSION 1 The world s premiere online practical network defense course elearnsecurity has been chosen by students in over 140 countries in the world and by leading organizations
More informationSecuring Your Most Sensitive Data
Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way
More informationIsla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide
Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide How the Two Approaches Compare and Interoperate Your organization counts on its security capabilities
More informationClearing the Path to Micro-Segmentation. A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds
Clearing the Path to Micro-Segmentation A Strategy Guide for Implementing Micro- Segmentation in Hybrid Clouds Clearing the Path to Micro-Segmentation 1 More Clouds in the Forecast The migration of vast
More informationDetecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0
Detecting Internal Malware Spread with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Comments and errata should be directed to: cyber- tm@cisco.com Introduction One of the most common network
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationFireMon Security manager
FireMon Security manager Regain control of firewalls with comprehensive firewall management The enterprise network is a complex machine. New network segments, new hosts and zero-day vulnerabilities are
More informationPROFILE: ACCESS DATA
COMPANY PROFILE PROFILE: ACCESS DATA MARCH 2011 AccessData Group provides digital investigations and litigation support software and services for corporations, law firms, law enforcement, government agencies
More informationBUFFERZONE Advanced Endpoint Security
BUFFERZONE Advanced Endpoint Security Enterprise-grade Containment, Bridging and Intelligence BUFFERZONE defends endpoints against a wide range of advanced and targeted threats with patented containment,
More information6 Tips to Help You Improve Configuration Management. by Stuart Rance
6 Tips to Help You Improve Configuration Management by Stuart Rance Introduction Configuration management provides information about what assets you own, how they are configured, and how they are connected
More information3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity
3 Ways Businesses Use Network Virtualization A Faster Path to Improved Security, Automated IT, and App Continuity INTRODUCTION 2 Today s IT Environments Are Demanding Technology has made exciting leaps
More informationEndpoint Security for DeltaV Systems
Endpoint Security for DeltaV Systems Decrease risk with intelligent, adaptive scanning Utilize advanced anti-malware protection Identify, remediate and secure your DeltaV system from cybersecurity risks
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationManaged Security Services - Endpoint Managed Security on Cloud
Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationCyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks
Cyber Hygiene: Uncool but necessary Automate Endpoint Patching to Mitigate Security Risks 1 Overview If you analyze any of the recent published attacks, two patterns emerge, 1. 80-90% of the attacks exploit
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationHackproof Your Cloud Responding to 2016 Threats
Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving
More informationICS Security Monitoring
ICS Security Monitoring INFRASTRUCTURE MINING & METALS NUCLEAR, SECURITY & ENVIRONMENTAL OIL, GAS & CHEMICALS Moses Schwartz Security Engineer Computer Incident Response Team Bechtel Corporation State
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationTechnical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform
Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform Date: October, 2018 Author: Jack Poller, Sr. Analyst The Challenges Enterprise Strategy Group
More informationWhite Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.
White Paper April 2005 McAfee Protection-in-Depth The Risk Management Lifecycle Protecting Critical Business Assets Protecting Critical Business Assets 2 Table of Contents Overview 3 Diagram (10 Step Lifecycle)
More informationHelp Your Security Team Sleep at Night
White Paper Help Your Security Team Sleep at Night Chief Information Security Officers (CSOs) and their information security teams are paid to be suspicious of everything and everyone who might just might
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationSecuring Dynamic Data Centers. Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan &
Securing Dynamic Data Centers Muhammad Wajahat Rajab, Pre-Sales Consultant Trend Micro, Pakistan & Afghanistan @WajahatRajab Modern Challenges By 2020, 60% of Digital Businesses will suffer Major Service
More informationPND at a glance: The World s Premier Online Practical Network Defense course. Self-paced, online, flexible access
The World s Premier Online Practical Network Defense course PND at a glance: Self-paced, online, flexible access 1500+ interactive slides (PDF, HTML5 and Flash) 5+ hours of video material 10 virtual labs
More informationCase Study. Top Financial Services Provider Ditches Detection for Isolation
Top Financial Services Provider Ditches Detection for Isolation True security can only be achieved by reducing the ability of a compromised process to do damage to the host NATIONAL SECURITY AGENCY (NSA)
More informationCOMPLETING THE PAYMENT SECURITY PUZZLE
COMPLETING THE PAYMENT SECURITY PUZZLE An NCR white paper INTRODUCTION With the threat of credit card breaches and the overwhelming options of new payment technology, finding the right payment gateway
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationVulnerability Management
Vulnerability Management Service Definition Table of Contents 1 INTRODUCTION... 2 2 SERVICE OFFERINGS VULNERABILITY MANAGEMENT... 2 3 SOLUTION PURPOSE... 3 4 HOW IT WORKS... 3 5 WHAT S INCLUDED... 4 6
More informationMaximizing IT Security with Configuration Management WHITE PAPER
Maximizing IT Security with Configuration Management WHITE PAPER Contents 3 Overview 4 Configuration, security, and compliance policies 5 Establishing a Standard Operating Environment (SOE) and meeting
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationTrend Micro Deep Security
Trend Micro Deep Security Endpoint Security Similarities and Differences with Cisco CSA A Trend Micro White Paper May 2010 I. INTRODUCTION Your enterprise invested in Cisco Security Agent (CSA) because
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationControl-M and Payment Card Industry Data Security Standard (PCI DSS)
Control-M and Payment Card Industry Data Security Standard (PCI DSS) White paper PAGE 1 OF 16 Copyright BMC Software, Inc. 2016 Contents Introduction...3 The Need...3 PCI DSS Related to Control-M...4 Control-M
More informationForeScout Extended Module for Carbon Black
ForeScout Extended Module for Carbon Black Version 1.0 Table of Contents About the Carbon Black Integration... 4 Advanced Threat Detection with the IOC Scanner Plugin... 4 Use Cases... 5 Carbon Black Agent
More informationSOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE
SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE 1 EXECUTIVE SUMMARY Attackers have repeatedly demonstrated they can bypass an organization s conventional defenses. To remain effective,
More informationSourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data
SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.
More informationBETTER Mobile Threat Defense (BMTD)
BETTER Mobile Threat Defense (BMTD) Powered by BETTER Mobile Security, Inc. Enterprise Challenges Today s enterprise IT managers are looking for better and more efficient ways to empower workforces utilizing
More informationCYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments
CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 29, 2010 Kuala Lumpur Convention Centre Securing Virtual Environments Raimund Genes CTO Trend Micro The Changing Datacenter
More informationTRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS
SOLUTION BRIEF TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED CONTROLS..: Tripwire security controls capture activity data from monitored assets no matter if you rely on physical, virtual,
More informationThe Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls
The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction.... 3 Positive versus Negative Application Security....
More informationSecuring Today s Mobile Workforce
WHITE PAPER Securing Today s Mobile Workforce Secure and Manage Mobile Devices and Users with Total Defense Mobile Security Table of Contents Executive Summary..................................................................................
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationSecurity Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017
Security Automation & Orchestration That Won t Get You Fired Syra Arif Advisory Security Solutions Architect ServiceNow @syraarif November 2017 1 Speaker Introduction NAME: Syra Arif TITLE: Advisory Security
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationStandardizing Network Access Control: TNC and Microsoft NAP to Interoperate
Standardizing Network Access Control: TNC and Microsoft NAP to Interoperate May 2007 Trusted Computing Group 3855 SW 153 rd Dr. Beaverton, OR 97006 TEL: (503) 619-0563 FAX: (503) 664-6708 admin@trustedcomputinggroup.org
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationHow NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity
How NSFOCUS Protected the G20 Summit Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity SPONSORED BY Rosefelt is responsible for developing NSFOCUS threat intelligence and web
More informationITSM SERVICES. Delivering Technology Solutions With Passion
ITSM SERVICES Delivering Technology Solutions With Passion 02 CONTENTS OVERVIEW CLIENTS SOLUTIONS WHAT WE DO PROFESSIONAL SERVICES Overview IT Pillars is a dynamic company, which has served, over the past
More informationQuantifying the Value of Firewall Management
Quantifying the Value of Firewall Management October 2016 Derek E. Brink, CISSP Vice President and Research Fellow, Information Security and IT GRC Report Highlights p2 p4 p6 p7 Network firewall infrastructure
More informationSOLUTION OVERVIEW. Enterprise-grade security management solution providing visibility, management and reporting across all OSes.
SOLUTION OVERVIEW Enterprise-grade security management solution providing visibility, management and reporting across all OSes. What is an endpoint security management console? ESET Security Management
More informationFIREWALL BEST PRACTICES TO BLOCK
Brought to you by Enterprie Control Systems FIREWALL BEST PRACTICES TO BLOCK Recent ransomware attacks like Wanna and Petya have spread largely unchecked through corporate networks in recent months, extorting
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationSecurity Principles for Stratos. Part no. 667/UE/31701/004
Mobility and Logistics, Traffic Solutions Security Principles for Stratos Part no. THIS DOCUMENT IS ELECTRONICALLY APPROVED AND HELD IN THE SIEMENS DOCUMENT CONTROL TOOL. All PAPER COPIES ARE DEEMED UNCONTROLLED
More informationRSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst
ESG Lab Review RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst Abstract: This ESG Lab review documents
More informationA Practical Guide to Efficient Security Response
A Practical Guide to Efficient Security Response The Essential Checklist Start The Critical Challenges to Information Security Data breaches constantly threaten the modern enterprise. And the risk continues
More informationSeqrite Endpoint Security
Enterprise Security Solutions by Quick Heal Integrated enterprise security and unified endpoint management console Enterprise Suite Edition Product Highlights Innovative endpoint security that prevents
More informationAgenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options
Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2 Endpoint Security has reached a Tipping Point Attacks
More informationReduce Your Network's Attack Surface
WHITE PAPER Reduce Your Network's Attack Surface Ixia's ThreatARMOR Frees Up Security Resources and Personnel The Threat Landscape When you re dealing with network security, one of the primary measurements
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationKaspersky Open Space Security
Kaspersky Open Space Security Flexible security for networks and remote users Kaspersky Open Space Security Kaspersky Open Space Security offers new flexibility to network security by extending beyond
More informationFive Essential Capabilities for Airtight Cloud Security
Five Essential Capabilities for Airtight Cloud Security SECURITY IN THE CLOUD REQUIRES NEW CAPABILITIES It is no secret; security and compliance are at the top of the list of concerns tied to cloud adoption.
More informationPROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY OUR MISSION Make the digital world a sustainable and trustworthy environment
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationSnort: The World s Most Widely Deployed IPS Technology
Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationTRAPS ADVANCED ENDPOINT PROTECTION
TRAPS ADVANCED ENDPOINT PROTECTION Technology Overview Palo Alto Networks White Paper Most organizations deploy a number of security products to protect their endpoints, including one or more traditional
More information