Securing a Dynamic Infrastructure. Avinash Pandey CISA CISSP ITIL-F PMP IBM Internet Security Systems, ASEAN
|
|
- Blake Nichols
- 5 years ago
- Views:
Transcription
1 Securing a Dynamic Infrastructure Avinash Pandey CISA CISSP ITIL-F PMP IBM Internet Security Systems, ASEAN avinash@sg.ibm.com
2 AGENDA The Changing World of Security IBM ISS X-Force Trend Report 2008 IBM ISS Protection Platform IBM Security Framework X-Force IBM ISS Security Solutions in Action 2
3 Global market forces are impacting us all Reality of living in a globally integrated world Widespread impact of economic downturn and uncertainty New customer demands and business models Information explosion and risk/opportunity growth Businesses are under increasing pressure to effectively: Manage operational cost and complexity Deliver continuous and high-quality service Address security risks intensified by innovation, emerging technologies and data/information explosion. We have seen more change in the last 10 years than in the previous 90. Ad J. Scheepbouwer, CEO, KPN Telecom The planet is getting instrumented, interconnected and intelligent. 3
4 Welcome to the smart planet and a smarter infrastructure Globalization and Globally Available Resources Billions of mobile devices accessing the Web Access to streams of information in the Real Time New Forms of Collaboration New possibilities. New complexities. New risks. 4
5 The real security problem? Complexity remains the biggest security challenge! InformationWeek 2008 Security Survey Compliance spending: investing in more point products to solve more point problems New methods and motives: adding to the complexity and sheer number of risks We have put so many security products into our systems that the complexity of the sum of those security products has become itself part of the problem. Dan Geer Keynote Speaker Source Boston Conference March 2008 IT Innovation: requiring new ways to secure the new ways we collaborate 5 The global economy: driving new security support requirements Flexibility in business methods: to improve operations and serve customers
6 Not all risks are created equal.. Frequency of Occurrences Per Year frequent infrequent 1, /10 1/100 1/1,000 1/10,000 Virus Worms Data Corruption System Availability Failures Disk Failure Network Problem Data Leakage Application Outage Failure to meet Compliance Mandates Lack of governance Failure to meet Industry standards Workplace inaccessibility Terrorism/Civil Unrest Regional Power Failures Building Fire Natural Disaster Pandemic 1/100,000 $1 $10 $100 $1,000 $10k $100k $1M $10M $100M low Consequences (Single Occurrence Loss) in Dollars per Occurrence high 6
7 Neither are all Security solutions Find a balance between effective security and cost The axiom never spend $100 dollars on a fence to protect a $10 horse Studies show the Pareto Principle (the rule) applies to IT security* 87% of breaches were considered avoidable through reasonable controls Pressure Cost Complexity Effectiveness Agility Time Small set of security controls provide a disproportionately high amount of coverage Critical controls address risk at every layer of the enterprise and Organizations that use security controls have significantly higher performance* *Sources: W.H. Baker, C.D. Hylender, J.A. Valentine, 2008 Data Breach Investigations Report, Verizon Business, June 2008 ITPI: IT Process Institute, EMA December
8 IBM ISS X-Force Trend Report
9 The mission of the IBM Internet Security Systems X-Force research and development team is to: Research and evaluate threat and protection issues Develop new technology for tomorrow s security challenges Deliver security protection for today s security problems Educate the media and user communities 9
10 The Security Landscape of Old Traditional Infrastructure was easier to protect... Concrete entities that were easy to understand Attack surface and vectors were very well-defined Application footprint very static Perimeter defense was king 10
11 The Changing Security Landscape of Today Webification has changed everything... Infrastructure is more abstract and less defined Everything needs a web interface Agents and heavy clients are no longer acceptable Traditional defenses no longer apply 11
12 This infrastructure abstraction has transformed the threat landscape into a parasitic era! The threats of today and tomorrow are acting as parasites Compromises are used as spring boards for further compromises Threats remain hidden and use affected infrastructure to grow and spread Threats depend upon the health and continued operation of the infrastructure they attack rather than being destructive, they feed off the host As computing infrastructure evolves and innovates, threats utilize new features and functions to increase exploitation and leverage new technology 12
13 Vulnerability Highlights Overall number of disclosed vulnerabilities increased in comparison to previous years Percent of high vulnerabilities continued to climb and 39% of all disclosed vulnerabilities are considered high or critical (CVSS ranking) Web-centric technologies have the most focus for vulnerability researchers and attackers alike 13
14 Vulnerability Impact 14
15 Exploitation Realities and Dynamics 15
16 Growth of Web Application Vulnerabilities 16
17 Endpoint Vulnerabilities The availability of public exploits for endpoint-related vulnerabilities is increasing More than 80% of these public exploits released on the same day as the vulnerability 17
18 Primary Exploit Target: Browser Plug-Ins The majority of publicly released exploits are for browser plug-ins The top five most exploited browser vulnerabilities all target plug-ins Although most active exploitation focuses on older vulnerabilities, newer attack tools have automatic methods to incorporate the most recent exploits 18
19 Virtualization Vulnerabilities by Year XFDB Search: VMware, Xen, Virtual PC, QEMU, Parallels, etc
20 VoIP Security Critical and high VOIP vulnerabilities were nearly double the number seen in 2007 Threats to VoIP infrastructure Man in the Middle Attacks Phishing Privacy Spam over VoIP (SPIT) Denial of Service (DoS) VoIP Assets that need protection: Underlying Network Call Servers (OS) Call Gateways Phones/Soft phones 20
21 IBM ISS Protection Platform Among the most advanced and complete security architecture ever developed delivering preemptive security Redefine and Simplify IT Risk Management Establish a Total Security Framework and Solutions Portfolio IBM Security Framework Simplify the Security Risk Lifecycle The X-Force team Drives IBM ISS Security Innovation X-Force R & D 21
22 IBM Security Framework: A comprehensive approach to a complex issue The The IBM IBM Security Security Framework Framework Security Security Governance, Governance, Risk Risk Management Management and and Compliance Compliance People and Identity Data and Information Application and Process Network, Server, and End-point Physical Infrastructure Common Policy, Event Handling and Reporting Common Policy, Event Handling and Reporting Helps you see your whole security landscape Identifies business risks and Shows you where gaps might exist Identifies security postures that help you meet risk levels Identifies activities to close gaps Helps prioritize security initiatives 22
23 PEOPLE AND IDENTITY Manage Identities and Access Issues Understanding the identity risk gap Cost of administering users and identities in-house Privileged user activity unmonitored Dormant IDs or shared identities being used to inappropriately access resources IBM Security Offerings Identity Lifecycle Management High-Assurance Digital Identities Identity Audit Identity & Access Design and Implementation Services ISS Managed Identity Services How can my business benefit from management of digital identity? Values Reduces the cost, increases efficiency and enables audit-ability of managing flow of users entering, using, and leaving the organization Decreases risk of internal fraud, data leak, or operational outage Supports globalization of operations Improves end-user experience with Web-based business applications by enabling such activities such as single sign-on 23
24 DATA AND INFORMATION Issues IBM Security Offerings Protect Data and Information How can I reduce the cost and pain associated with tracking and controlling who touched what data when? Data stored on removable media that can be lost/stolen Data stored or transmitted in the clear is easily accessible Inconsistent data policies and unstructured data Legal, regulatory and ethical exposure for the organization Costs of data breaches, notification, brand value Values ISS Data Security and Data Loss Prevention solutions Network Data Loss Prevention Endpoint Data Loss Prevention Data Encryption Data Classification Unstructured Data Security Data Privacy and Masking Reduces the cost, increases ability to meet audit and compliance mandates Assures data is available to the right people, at the right time Assures data is not deliberately or inadvertently taken, leaked, or damaged Decreases number and complexity of controls integrated within the enterprise 24
25 APPLICATION AND PROCESS Secure Web Applications Issues Web applications #1 target of hackers seeking to exploit vulnerabilities Applications are deployed with vulnerabilities Real and/or private data exposed to anyone with access to development and test environments, including contractors and outsourcers IBM Security Offerings Application Vulnerabilities Assessment Application Access Controls Messaging Security Security for SOA How can my business benefit from management of application security? Values Reduce risk of outage, defacement or data theft associated with web applications Improve compliance with industry standards and regulatory requirements Automated testing and governance throughout the development lifecycle, reducing long-term security costs 25
26 NETWORK, SERVER AND END POINT Issues IBM Security Offerings Manage Infrastructure Security Systems Storage Virtual Network How does my business benefit from infrastructure security protection? Mass commercialization and automation of threats Parasitic, stealthier, more damaging attacks Lack of skills to monitor and manage security inputs Compounding cost of managing an ever increasing array of security technologies Inability to establish forensic evidence or demonstrate compliance Values Threat Mitigation: ISS Network, Server and Endpoint Intrusion Prevention products powered by X-Force, Managed Intrusion Prevention and Detection, Network Mail Security, Managed firewall services, Vulnerability Management and Scanning Services Security Governance: Vulnerability Assessments, Security architecture and policy development Incident Response: Incident Management and Emergency Response services Reduces cost of ongoing management of security operations Improves operational availability and assures performance against SLA, backed by industry s only guaranteed SLA for managed protection services Increases productivity by decreasing risk of virus, worm and malcode infestation Decreases volume of incoming spam Drill down on specific violations to quickly address resolution 26
27 Protection products for the entire enterprise IBM Proventia Management SiteProtector system Unified security console manages all protection products Vulnerability Protection Network Protection Host Protection Data Leakage Prevention IBM Proventia Network Enterprise Scanner IBM Internet Scanner software IBM System Scanner vulnerability assessment application IBM Proventia Network Intrusion Detection System (IDS) IBM Proventia Server IBM Proventia Network IPS Intrusion Prevention System (IPS) IBM Proventia Server IBM Proventia Network Sensor Multi-Function Security (MFS) IBM Proventia Network Mail Security System IBM Extrusion Prevention - Fidelis XPS 27
28 Protection products for the entire enterprise IBM Proventia Management SiteProtector system Unified security console manages all protection products Reduce exposure to threats Block Network Threats Prevent Host Compromise Prevents Data Leakage Vulnerability Protection Network Protection Host Protection Data Leakage Prevention Identify and prioritize risk IBM Provide Proventia remediation Network Enterprise and measure Scanner results IBM Internet Scanner Meet compliance software IBM mandates System Scanner vulnerability assessment application Shield vulnerabilities Prevent host compromise ahead of patching Protect endpoint devices IBM Up Proventia to 10G throughput Network and IBM valuable Proventia data Server stored IPS Intrusion Detection System (IDS) on hosts Backed by leading IBM Proventia Desktop IBM Proventia Network Endpoint Security Intrusion security Prevention researchsystem (IPS) Prevent and identify the IBM Proventia Wireless IBM Proventia Network source Endpoint of insider Security attacks Prevent spam, spyware, Multi-Function Security (MFS) unwanted Web content Prove the security of IBM Proventia Network Mail and Security targeted System attacks sensitive information for IBM Proventia Web Filter technology compliance IBM Proventia Network Access Control Fidelis XPS prevents leakage of sensitive content IBM Extrusion Prevention - Inbound Fidelis XPS and outbound security for enterprise networks Identify and stop policy violations 28
29 IBM experience demonstrates how we help customers cut costs while addressing unique business challenges Industry: Financial Services Industry: Manufacturing Business challenge: Increase security spending preventing critical business investments Business challenge: Excessive mgmt. costs (Resources, and infrastructure), poor security performance Industry: Media and Entertainment Business challenge: Need to cost effectively secure remote locations while maximizing bandwidth Solution: Information Security Assessment Completed effort in 8 weeks Solution: Managed Security Services Reduced on-going mgmt. costs of security infrastructure by 45% Solution: IBM Proventia Multifunction appliances Benefit: Detailed roadmap for streamlining security process and infrastructure saved approx. US$1.5 million in investment costs Benefit: Lowered long-term support and management costs Benefit: Reduced companywide ISP costs by $260K per year 29
30 We also help organizations leverage existing infrastructure to help get more value from their IT investments Industry: Travel and transportation Business challenge: Application performance issues resulting from insufficient security Solution: Application Security Assessment Completed effort in 6 weeks Benefit: US$1.7 million first year savings Industry: Electronics Industry: Healthcare Business challenge: Excessive security management costs, information overload, and remote site security management Business challenge: Managing compliance regulations and evolving threats was placing a burden on the IT staff Solution: Managed Security Services 3 year contract Solution: Managed Security Services 24x7 protection by an army of highly trained engineers Benefit: Leveraged existing security technology investments Allowed for re-deployment of IT resources Total cost savings of 30+% over 3 years Benefit: Confidence of network security protection Reduction of in-house security costs by 55 percent 30
31 Where do You begin? Client Security Readiness Workshop Understand your security readiness, using a capability maturity model, across the IT security domains Balance your security focus and investment Develop a ranked security roadmap 31
32 IBM s security philosophy: Thoughtful balance to increase business value A secure environment is essential for organizations to deliver products and services to customers, and to take advantage of growth opportunities. Security management is integral to business strategy. It s the result of a thoughtful balance between opportunity, exposure and most importantly, Prioritization. 32
33 Why partner with IBM? Zurich, CH Toronto, CA Detroit, US Brussels, BE Almaden, US Boulder, US Atlanta, US TJ Watson, US Haifa,IL Tokyo, JP Tokyo, JP Sao Paulo, Brazil New Delhi, IN Brisbane, AU 8 Security Operations Centers 6 Security Research Centers Monitored Countries 17,000+ managed devices 2,600+ MSS Customers world wide Billion Events per day IBM ISS has the unmatched global and local expertise to deliver complete solutions and manage the cost and complexity of security 33
34 34
35 Avinash Pandey CISA CISSP ITIL-F PMP Security and Privacy Services, ASEAN
Securing a Dynamic Infrastructure. IT Virtualization new challenges
Christian Fahlke GMT Channel Leader Internet Security Systems IBM Central & Eastern Europe, Middle East and Africa (CEEMEA) May 20th, 2009 Securing a Dynamic Infrastructure IT Virtualization new challenges
More informationEveryday Security: Simple Solutions to Complex Security Problems
Everyday Security: Simple Solutions to Complex Security Problems Adrian Aldea Tivoli Technical Sales IBM South East Europe The world continues to get flatter, smaller and more interconnected through forces
More informationIBM Internet Security Systems Proventia Management SiteProtector
Supporting compliance and mitigating risk through centralized management of enterprise security devices IBM Internet Security Systems Proventia Management SiteProtector Highlights Reduces the costs and
More informationIBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.
IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats. Enhancing cost to serve and pricing maturity Keeping up with quickly evolving ` Internet threats
More informationIBM Security Services Overview
Services Overview Massimo Nardone Senior Lead IT Security Architect Global Technology Services, IBM Internet Security Systems massimo.nardone@fi.ibm.com THE VEHICLE THE SKILL THE SOLUTION Today s Business
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationArchitektura bezpieczeństwa dla otwartych zintegrowanych systemów administracji publicznej
Architektura bezpieczeństwa dla otwartych zintegrowanych systemów administracji publicznej Robert Michalski, Security Tiger Team, Central & Eastern Europe robert.michalski@pl.ibm.com Agenda 1 2 3 Threats
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationIBM Rational Software
IBM Rational Software Development Conference 2008 Our Vision for Application Security David Ng Rational Software Security, Asean IBM Software Group 2008 IBM Corporation Agenda Application Security Defined
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationData Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments
Trusted protection for endpoints and messaging environments Overview creates a protected endpoint and messaging environment that is secure against today s complex data loss, malware, and spam threats controlling
More informationCISO View: Top 4 Major Imperatives for Enterprise Defense
CISO View: Top 4 Major Imperatives for Enterprise Defense James Christiansen Chief Information Security Officer Evantix, Inc. Gary Terrell CIPP Chief Information Security Officer Adobe Session ID: Star
More informationFuture-ready security for small and mid-size enterprises
First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,
More informationDefense in Depth Security in the Enterprise
Defense in Depth Security in the Enterprise Mike Mulville SAIC Cyber Chief Technology Officer MulvilleM@saic.com Agenda The enterprise challenge - threat; vectors; and risk Traditional data protection
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationThreat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets
Threat Control and Containment in Intelligent Networks Philippe Roggeband - proggeba@cisco.com Product Manager, Security, Emerging Markets 1 Agenda Threat Control and Containment Trends in motivation The
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationIBM Proventia Management SiteProtector Sample Reports
IBM Proventia Management SiteProtector Page Contents IBM Proventia Management SiteProtector Reporting Functionality Sample Report Index 2-25 Reports 26 Available SiteProtector Reports IBM Proventia Management
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More information2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT
2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT THYCOTIC 2018 GLOBAL CHANNEL PARTNER SURVEY Channel Partner survey highlights client cybersecurity concerns and opportunities for
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationInternet Scanner 7.0 Service Pack 2 Frequently Asked Questions
Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)
More informationSecuring the Empowered Branch with Cisco Network Admission Control. September 2007
Securing the Empowered Branch with Cisco Network Admission Control September 2007 Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. 1 Contents 1 The Cisco Empowered Branch 2 Security Considerations
More informationIBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation
IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to:
More informationCIO Forum Maximize the value of IT in today s economy
CIO Forum Maximize the value of IT in today s economy Laura Scott, Vice President Service Product Line Sales Global Technology Services IT infrastructure is reaching a breaking point. 85% idle In distributed
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation
ALTITUDE DOESN T MAKE YOU SAFE Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation CYBER SECURITY IS THE GREATEST THREAT TO EVERY COMPANY IN THE WORLD. IBM CEO GINNI ROMETTY SD
More informationINSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security
Symantec Enterprise Security WHITE PAPER Integrated Security: Creating the Secure Enterprise INSIDE Evolving IT and business environments The impact of network attacks on business The logical solution
More informationIBM Security Network Protection Solutions
Systems IBM Security IBM Security Network Protection Solutions Pre-emptive protection to keep you Ahead of the Threat Tanmay Shah Product Lead Network Protection Appliances IBM Security Systems 1 IBM Security
More informationAutomated, Real-Time Risk Analysis & Remediation
Automated, Real-Time Risk Analysis & Remediation TABLE OF CONTENTS 03 EXECUTIVE SUMMARY 04 VULNERABILITY SCANNERS ARE NOT ENOUGH 06 REAL-TIME CHANGE CONFIGURATION NOTIFICATIONS ARE KEY 07 FIREMON RISK
More informationThink Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe
Think Oslo 2018 Where Technology Meets Humanity Oslo Felicity March Cyber Resilience - Europe Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationProtecting Your Digital World
Protecting Your Digital World C O R P O R A T E O V E R V I E W With revenues of more than $105 Billion, cybercrime generates more revenue than the illegal drug trade. Source: U.S. Treasury, reported by
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationAdaptive & Unified Approach to Risk Management and Compliance via CCF
SESSION ID: SOP-W08 Adaptive & Unified Approach to Risk Management and Compliance via CCF Vishal Kalro Manager, Risk Advisory & Assurance Services (RAAS) Adobe @awish11 Disclaimer All the views presented
More informationCompliance Audit Readiness. Bob Kral Tenable Network Security
Compliance Audit Readiness Bob Kral Tenable Network Security Agenda State of the Market Drifting Out of Compliance Continuous Compliance Top 5 Hardest To Sustain PCI DSS Requirements Procedural support
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationEstablish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions
Providing stronger ssecurity practices that enable PCI Compliance and protect cardholder data. Establish and Maintain Secure Cardholder Data with IBM Payment Card Industry Solutions Highlights Pre-assessment
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationIBM Europe, Middle East, and Africa Services Announcement ZS , dated October 6, 2009
Services Announcement ZS09-0202, dated October 6, 2009 Security software for IBM Proventia Endpoint Secure Control, IBM ISS Data Security Services endpoint system protection - Digital Guardian software
More informationThe New Era of Cognitive Security
The New Era of Cognitive Security IBM WATSON SUMMIT KANOKSAK RATCHAPAT Senior Technical Sales 1 Today s security challenges ACTORS TARGETS VECTORS REALITY Organized Crime Healthcare Ransomware Cloud, mobile,
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationDemystifying GRC. Abstract
White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationPosition Title: IT Security Specialist
Position Title: IT Security Specialist SASRIA SOC LIMITED Sasria, a state-owned company, is the only short-term insurer in South Africa that provides affordable voluntary cover against special risks such
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationCombating Today s Cyber Threats Inside Look at McAfee s Security
Combating Today s Cyber Threats Inside Look at McAfee s Security Charles Ross, Director Sales Engineering Public Sector 2008 McAfee, Inc. Agenda Today s Threat Landscape McAfee s Security Challenges McAfee
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationSecuring Your Microsoft Azure Virtual Networks
Securing Your Microsoft Azure Virtual Networks IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up
More informationJeff Wilbur VP Marketing Iconix
2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online
More informationCisco Start. IT solutions designed to propel your business
Cisco Start IT solutions designed to propel your business Small and medium-sized businesses (SMBs) typically have very limited resources to invest in new technologies. With every IT investment made, they
More informationCROWDSTRIKE FALCON FOR THE PUBLIC SECTOR
C R O W D S T R I K E P U B L I C S E C T O R S O L U T I O N S CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR SECURE YOUR ENTERPRISE WITH A THAT PROVIDES UNRIVALED PROTECTION, SECURITY EXPERTISE, AND OPTIMAL
More informationStopping Advanced Persistent Threats In Cloud and DataCenters
Stopping Advanced Persistent Threats In Cloud and DataCenters Frederik Van Roosendael PSE Belgium Luxembourg 10/9/2015 Copyright 2013 Trend Micro Inc. Agenda How Threats evolved Transforming Your Data
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationA Framework for Managing Crime and Fraud
A Framework for Managing Crime and Fraud ASIS International Asia Pacific Security Forum & Exhibition Macau, December 4, 2013 Torsten Wolf, CPP Head of Group Security Operations Agenda Introduction Economic
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationSecurity-as-a-Service: The Future of Security Management
Security-as-a-Service: The Future of Security Management EVERY SINGLE ATTACK THAT AN ORGANISATION EXPERIENCES IS EITHER ON AN ENDPOINT OR HEADING THERE 65% of CEOs say their risk management approach is
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationPaper. Delivering Strong Security in a Hyperconverged Data Center Environment
Paper Delivering Strong Security in a Hyperconverged Data Center Environment Introduction A new trend is emerging in data center technology that could dramatically change the way enterprises manage and
More informationCybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference
www.pwc.com 2016 ISACA Atlanta Chapter Geek Week Conference Highlights from surveys 38% Amount of security incidents In 2015, 38% more security incidents were detected than in 2014. $4.9M Cost of security
More informationHandling Economic Uncertainty While moving forward to a Smarter Planet
David Simms - Director, Integrated Technology Services, CEE, May/2009 Handling Economic Uncertainty While moving forward to a Smarter Planet Agenda Smarter Planet Economic Crisis Dynamic Infrastructure
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationAngelo Gentili Head of Business Development, EMEA Region, PartnerNET
Angelo Gentili Head of Business Development, EMEA Region, PartnerNET The Innovation Solution in the Business Security Field. PartnerNet introduces Seqrite Welcome To Dynamic. Scalable. Future-Ready. Why
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationCritical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,
More information