Ultimate. Security Guide

Transcription

1 Ultimate Security Guide

2 2 Softchoice Ultimate Security Guide Table of Contents 3 Security Overview 6 Changing Landscape 8 Solutions 15 Discovery Questions 19 Assessments 21 Next Steps 23 Key Vendors 25 Glossary 28 Questions

3 Security Overview

4 4 Softchoice Ultimate Security Guide Why we do it At Softchoice, we believe security is a process. Our goal is to audit the security of the entire infrastructure by assessing overall stability, and leveraging best-ofbreed solutions that will protect the unique network environment. By alleviating data security concerns, we help our clients unlock valuable time to focus on innovation instead of maintaining supportive technologies. As a Softchoice employee, this guide provides a comprehensive overview of the diverse elements in every network environment, along with insight into today s most powerful network security solutions. Covering a wide range of vendors, product selection tools, policy templates, and blog posts, this guide will help you design an impenetrable IT environment for your client. What we offer Consultation from agnostic non-billable security experts. Internal vendor-specific resources for top security vendors such as IBM, Kaspersky, Intel Security Group/McAfee, Sophos, Symantec and Trend Micro. Tools, TechChecks and assessments to ensure top performance of the security environment. A detailed understanding of attractive vendor pricing programs. Deep experience from sales engineers who will help your client implement their solution. Proactive management of your client s needs with performance and asset management as well as road mapping and continued support.

5 5 Softchoice Ultimate Security Guide Our Security Value Prop Depending on your client s need and the current stage of their security infrastructure, we offer many services to help them along the way: CONSULT IMPLEMENT MANAGE Industry Recognized as one of the top security solution providers in North America based on certifications and partnerships with top IT vendors. Solutions Architects with 15+ years of experience that will break down silos and help you design and implement a holistic solution for your client s security needs. Over 1000 implementations in North America helping clients plan, deploy, adopt, and operate solutions. Reduce project risk through PMI-based project management. Deliver quality assurance and system milestones based on Softchoice s industry best practices and a repeatable methodology that isolates issues and eases the transition to an operational state. The project doesn t stop after you turn it on. Managed Security Services Managed services through our partner infrastructure to help you manage and support your security environment.

6 Security Landscape

7 7 Softchoice Ultimate Security Guide Before we dive into security best practices and how that process affects your client s environment, we must review 4 important IT innovations over the last few years: 1. On-premise cloud, off-premise cloud or hybrid cloud? A couple of years ago, most cloud providers went to market with the message that all data will move to the cloud and we must prepare to move our infrastructure out of the datacenter immediately. That message drove a massive movement to virtualize everything from PCs to servers, storage, and software. Most organizations followed that trend. Why not? With cheaper infrastructure costs, anytime anywhere data access and no need to plan for future data growth, why haven t we all moved to a complete cloud strategy? We don t know how to secure it. 2. Mobile devices and the end of physical barriers Mobile devices, tablets and smartphones now outsell traditional laptops and PCs 2:1 and we expect that to grow to 5:1. Bringing these devices into the workplace, users demand access to their data immediately, anytime and anywhere. How do we secure mobile devices when we can t control what the devices are? 3. Data Data has and will continue to become the number one most important resource for today s organizations. We create 1.8 Petabytes of data every sixty seconds. That is more than two times the entire written work of mankind every hour, and it s growing. The amount of data entering and exiting your organization s network will only grow larger. How will you protect that data and still offer your users the freedom to choose their own devices and consume it how they desire? 4. Government regulations As more and more countries develop a cybersecurity strategy, a considerable amount of responsibility is often left to businesses and the end user. This has been done through a set of strict regulations and penalties and fines for organizations that do not meet those regulations. However, most cybercrimes are international and do not fall under the scope of any local governments. How do organizations comply with local regulations and ensure they are safe from international cybercriminals?

8 Solutions

9 9 Softchoice Ultimate Security Guide Data Center Security We already know that data in corporate and co-location data centers is doubling and even tripling in size. Cisco projects that the volume of incoming and stored data in the data center is currently approaching three zettabytes and will triple by A zettabyte is equal to a thousand exabytes or a billion terabytes. A data center security solution is typically composed of: Server Endpoint: Most common form of security, protects laptops, desktops, servers and mobile devices against viruses, malware and other threats. Intrusion Prevention: Standalone, or as part of a host-based intrusion prevention and/or firewall solution designed to identify unwanted traffic and stop it from hitting corporate assets. Firewall: Blocks traffic based on policies and rules defined by the administrator. Encryption: Protects data both at rest and in-transit by encrypting traffic and data to reduce the risk of unauthorized access. Security Information Event Management (SIEM): Monitors and logs traffic of servers and security devices to identify potential risks and perform forensic investigations after events. Web Application Firewall (WAF): Protects servers by blocking malicious internet traffic targeted towards websites and ecommerce servers. Client Security Our clients must enable employee systems with the right software for users to operate these systems productively, and securely. This is one of the key day-to-day management tasks for security teams. Having the right policies and tools in place provides an efficient and secure environment, while corporate assets remain protected. A client security solution is typically composed of: Endpoint: Most common form of security, protects laptops, desktops, servers and mobile devices against viruses, malware and other threats. Encryption: Protects data both at rest and in-transit by encrypting traffic and data to reduce the risk of unauthorized access. Patch Management: In-depth scanning for vulnerabilities combined with the automated distribution of patches. Web/ Gateway Security: Prevents based malware threats, phishing attacks and spam, along with filtering and managing inbound and outbound internet traffic.

10 10 Softchoice Ultimate Security Guide Enterprise Software Enterprise software from CRM to ERP and other productivity suites contain business critical information that IT teams must protect. However, ensuring that software suites have the right security policies that allow employees to access data from anywhere at any time is key to maintaining a healthy security posture. An enterprise software security solution is typically composed of: Encryption: Protects data both at rest and in-transit by encrypting traffic and data to reduce the risk of unauthorized access. User Access Control: Single Sign-On (SSO) or other user authentication systems to protect against unauthorized users accessing systems and applications. Data Loss Prevention: Policies and Controls to prevent unauthorized access to data and avoid data leakage due to theft and laptop/device loss. Microsoft Microsoft software remains a critical part of most day-today workplace operations. This means security teams must ensure that the latest patches and security policies are in place to protect users and corporate data. A Microsoft security solution is typically composed of: Exchange Server Security: Anti-malware and Anti-Spam protection for Microsoft Exchange Mail Servers. SharePoint Security: Filters content and detects, blocks, and removes malware to secure information in SharePoint servers. Hyper-V Security: Anti-malware, endpoint controls and network protection for virtual machines. Encryption: Protects data both at rest and in-transit by encrypting traffic and data to reduce the risk of unauthorized access. Patch Management: In-depth scanning for vulnerabilities combined with the automated distribution of patches.

11 11 Softchoice Ultimate Security Guide Laptops More employees with more laptops expose your network to many roaming security threats. In a worst-case scenario, a stolen laptop with sensitive client data or proprietary company information may expose the company to hefty legal liabilities. A laptop security solution is typically composed of: Endpoint: Most common form of security to protect laptops, desktops, servers and mobile devices against viruses, malware and other threats. Encryption: Protects data both at rest and in-transit by encrypting traffic and data to reduce the risk of unauthorized access. Virtual Private Network (VPN): Enables a computer to send and receive data across shared or public networks as if it s directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. Application & Web Controls: Admins can manage and restrict application usage while prohibiting the use of unwanted or grey software. They can also block malicious sites and control access to sites that don t conform to corporate policies. Device Control: Set, schedule and enforce data policies, controlling the connection of removable storage and other peripheral devices to USB, Firewire and Bluetooth. Mobile Devices Do your employees use tablets for work? How about mobile phones? These devices make employees more efficient and productive, but if you re not careful, these computers may also put your business data and network at risk. Just like laptops and computers, tablets and mobile phones face security threats from malware and hacker attacks. A mobile device security solution is typically composed of: Endpoint: The most common form of security that protects laptops, desktops, servers and mobile devices against viruses, malware and other threats. Mobile Device Management (MDM): By controlling and protecting the data and configuration settings for all mobile devices in the network, MDM reduces support costs and business risks. The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing costs and downtime. Remote Anti-theft: Prevents all unauthorized access to corporate data if a mobile device is lost or stolen using features like SIM card watch, remote lock, full or selective wipe. Application & Web Controls: Allows admins to manage and restrict application usage while prohibiting the use of unwanted or grey software. They also block malicious sites and control access to sites that don t conform to corporate policies. Application Containerization for BYOD: Corporate data and apps are isolated from personal files on a device by placing corporate apps in special containers which can be encrypted and wiped separately from user s personal data.

12 12 Softchoice Ultimate Security Guide Physical Servers Various high-profile hacking attacks have proven that web security remains the most critical issue to any business that conducts its operations online. Web servers are one of the most targeted public faces of an organization, because of the sensitive nature of the data they host. A physical server security solution is typically composed of: Server Endpoint Protection: Most common form of security, protects laptops, desktops, servers and mobile devices against viruses, malware and other threats. Mail Server Security: Prevents based malware threats, phishing attacks and spam. Collaboration Security: Defends SharePoint servers and farms against all forms of malware, while content and file filtering capabilities help prevent the storage of inappropriate content. File Server Security: Ensures that malware cannot spread to secured endpoints through stored, infected data. Intrusion Prevention: Host-based intrusion prevention and/or firewall solution designed to identify unwanted traffic and stop it from hitting corporate assets. Virtual Servers Traditional security solutions aren t designed to work with the unique characteristics of virtualized environments. Agentless and light-agent solutions designed and optimized for virtual infrastructure are key to successfully mitigating today s threats. A virtual server security solution is typically composed of: Endpoint: Designed for virtual environments, often agent-less, that protects against hypervisor and RAM threats. Virtual Controls: Includes application, device and web controls that can be applied when creating new virtual machines or using existing ones. Intrusion Prevention: Standalone or as part of a host-based intrusion prevention and/or firewall solution designed for virtualized environments. Encryption: Protects data both at rest and in-transit by encrypting both traffic and data to reduce the risk of unauthorized access.

13 13 Softchoice Ultimate Security Guide Security Policies and Monitoring As the frequency of high-profile breaches increases, having the right security policies in place as well as the latest tools to monitor your environment is critical to not just ensuring your corporate data stays private, but also to maintain compliance requirements. A security policies and monitoring solution is typically composed of: Vulnerability Management: Considered a security best practice defensive measure to protect against today s threats. Your tool should analyze vulnerabilities, controls, and configurations to find the who, what, and where of IT security risk. Risk & Compliance Management Product: Allow for risk management and security compliance help to minimize risk, automate compliance, and optimize security. Endpoint: Most common form of security, protects laptops, desktops, servers and mobile devices against viruses, malware and other threats. Intrusion Prevention: Standalone or as part of a host-based intrusion prevention and/or firewall solution designed to identify unwanted traffic and stop it from hitting corporate assets. Next-Generation Firewall: Blocks traffic based on policies and rules defined by the administrator. Encryption/Data Loss Prevention: Protects data both at rest and in-transit by encrypting traffic and data to reduce the risk of unauthorized access. Server Security: Endpoint designed to protect server environments from malware and other threats. Security Information Event Management (SIEM): Monitors and logs traffic of servers and security devices to identify potential risks and perform forensic investigations after events. Storage Some of the biggest risks every business in the digital world shares are related to storage security, backup and disaster recovery. These risks expose every business to from a few hours of downtime, to a number of days offline, grinding operations to a full stop. A storage security solution is typically composed of: Endpoint: Most common form of security, protects local and network storage against viruses, malware and other threats. Intrusion Prevention: Standalone or as part of a host-based intrusion prevention and/or firewall solution designed to identify unwanted traffic and stop it from hitting corporate assets. Firewall: Blocks traffic based on policies and rules defined by the administrator. Encryption: Protects data both at rest and in-transit by encrypting traffic and data to reduce the risk of unauthorized access. Security Information Event Management (SIEM): Monitors and logs traffic to storage locations and security devices to identify potential risks and perform forensic investigations after events.

14 14 Softchoice Ultimate Security Guide Cloud Security The big misconception about cloud security is that, as workload is moved to the cloud, so is the responsibility of its security. Organizations must be aware what pieces of a total security solution they are responsible for. Data Cloud Layer Service Models IaaS PaaS SaaS Client CSP Interfaces (APIs, GUIs) Applications Solution Stack (Programming languages) Operating Systems (OS) YOU Virtual Machines Virtual network infrastructure Hypervisors Processing and Memory Data Storage (hard drives, removable disks, backups, etc.) Network (interfaces and devices, communications infrastructure) Physical facilities/data centers

15 Discovery Questions

16 16 Softchoice Ultimate Security Guide Data Center Security Do you have any compliance requirements such as SOX, HIPAA or PCI? Are you using physical, virtualized or cloud servers/storage? How do you manage the day-to-day security of your environment? When is the last time you had a security audit or assessment? How many different security vendors do you work with? Have you thought about consolidation? What kinds of physical security controls do you currently implement? How do you deal with contractors, guests and other visitors who need access to your systems? Client Security How many different security vendors do you work with? Have you thought about consolidation? How do you manage patching, updates and other changes to programs installed on employee computers and back-end systems? When is the last time you had a security audit or assessment? What programs or applications are considered mission critical for your users? How are you securing access to these applications and the data they use? Enterprise Software How do you manage patching, updates and other changes to programs installed on employee computers and back-end systems? When is the last time you had a security audit or assessment? What programs or applications are considered mission critical for your users? How are you securing access to these applications and the data they use? Do you use collaboration solutions such as cloud storage, CRM or shared intranets? How many different security vendors do you work with? Have you thought about consolidation?

17 17 Softchoice Ultimate Security Guide Microsoft Do you currently use SharePoint within your organization? How are you securing it? Do you have any virtual machines or servers running Hyper-V or Azure? What kinds of security controls do you have in place to protect them? How do you currently deal with legacy OS versions such as XP, and older versions of web browsers? Do you have security policies for them? How do you manage patching and updates for your Microsoft programs and services? How many different security vendors do you work with? Have you thought about consolidation? Laptops What are your policies around laptop security when it comes to employees working from remote locations? Do you have policies on the types of websites or applications users can install or visit on their laptops? Do you have policies around removable devices such as USB sticks? Does your company issue laptops or do you offer BYOD? What types of security controls do you use to protect laptops? Do you use endpoint protection or encryption? How do you control the types of data stored on laptops in the case of loss or theft? Mobile Devices Which kinds of tablets does your company support? Do your employees access corporate information on their tablets? How (app, website)? What is the risk profile of the individuals using the devices? Are you proactive when it comes to allowing employees to use new tablets on corporate networks? What kinds of restrictions do you have in place when it comes to what kinds of tablets can be used or what kinds of applications can be installed on devices connected to corporate networks? What are your policies for connecting to the network when they are outside corporate offices such as in coffee shops or airports?

18 18 Softchoice Ultimate Security Guide Physical Servers What kinds of security policies do you current have in place to protect your servers? What kinds of data do you store on your servers? Virtual Servers What kinds of security policies do you current have in place to protect your virtual servers? What kinds of data do you store on your virtual servers? What kind of endpoint and other security tools do you currently use to monitor your virtual environments? Are they designed to scale with the unique characteristics of virtualization? Do you have any compliance requirements such as SOX, HIPAA or PCI? Are your security teams engaged on virtualization and cloud projects? When is the last time you did a security assessment for your virtual environment? Security Policies and Monitoring Do you have any compliance requirements such as SOX, HIPAA or PCI? Are you using virtualized or cloud infrastructure? What kind of endpoint and other security tools do you currently use to monitor your environments? Are they designed to scale with the unique characteristics of virtualization? When is the last time you had a security audit or assessment? How many different security vendors do you work with? Have you thought about consolidation? Do you have a dedicated IT security team? How do they spend most of their time? Do you do any in-house development? Is IT Security involved in these projects? Storage Do you have any compliance requirements such as SOX, HIPAA or PCI? Are you using physical, virtualized or cloud storage? What kind of endpoint and other security tools do you currently use to monitor your environments? Are they designed to scale with the unique characteristics of virtualization? When is the last time you had a security audit or assessment? How many different security vendors do you work with? Have you thought about consolidation? Cloud Security Are you considering moving to Infrastructure as a Service? Are you currently looking to use AWS of Azure?

19 Assessments

20 20 Softchoice Ultimate Security Guide Network Vulnerability Assessments These assessments identify vulnerabilities in your network that hackers will exploit. Our engineers scan your IP ranges for open services, and then identify known vulnerabilities in those services. Examples of what we typically find include unnecessary services running and unpatched or old server software running. Our reports are integrated into other security systems like Security Event Management systems. Web Application Vulnerability Assessments Quickly improve your web security posture with minimum resources and a limited budget. Our service offering assesses web applications remotely ensuring maximum protection against hacker attacks. Softchoice provides a real-time dashboard of dynamic results showing a prioritized listing of all vulnerabilities and remediation details. Our clients will be able to show internal stakeholders that their organization s website is secure by validating current security policies and practices. Examples of what we typically find include SQL injection and cross-site Scripting. Our advantage is the ability to integrate these reports into popular web application firewalls for instant protection. With scans specifically designed for PCI, GLBA, SB1386, SOX, HIPAA, and OWASP, you can be sure that your site is checked for the most relevant attacks, thoroughly and consistently. Malicious Activity Assessments Proactively discovering risks is effective, however your network may still have issues that were not detected by other systems. Softchoice uses innovative technology to identify threats that currently exist in the network. We provide either a server or a virtual appliance that will passively assess the network layer and perceive threats that are seldom identified by traditional signature-based security systems. Data Loss Prevention Assessments By passively monitoring network activity, a Softchoice Data Loss Prevention (DLP) assessment will determine what your critical data is, where it is going and who has been accessing it. For further detail, agents may be deployed on select endpoints and servers.

21 Next Steps

22 So you found an opportunity...now what? So you asked all the right questions, and the client is willing to work on their security needs with you. Sometimes the client will either let you know specifically what they want, or they are very vague and are willing to give you a shot. In an ideal world, here is the process of engagement you want to follow: Start here! If the client is not sure which vendor they want Engage a security architect: Mike Stines If the client tells you which vendor they want to work with If it is a managed vendor leverage the internal resource via Security PSR: Kaspersky Andreas Knoblauch Intel Security Group/McAfee Trevor Mulvihill Sophos Chris Walsh Symantec Jeremy Bandley Trend Micro Andrew Campbell IBM Jeff Kroth When you re ready to partner with the vendor 1. Register the deal 2. Vendor has access to special programs to help you win the deal like special pricing, demos, free trials, client visits and other incentives Win the Deal

23 Vendors

24 24 Softchoice Ultimate Security Guide Key Vendors

25 Glossary

26 26 Softchoice Ultimate Security Guide Glossary Application & Web Controls: Allows admins to manage and restrict application usage while prohibiting the use of unwanted or grey software. They also block malicious sites and control access to sites that don t conform to corporate policies. Application Containerization for BYOD: Corporate data and apps can be isolated from personal files on a device by placing corporate apps in special containers which can be encrypted and wiped separately from user s personal data. Collaboration Security: Defends SharePoint servers and farms against all forms of malware, while content and file filtering capabilities help prevent the storage of inappropriate content. Data Loss Prevention: Policies and controls to prevent unauthorized access to data and avoid data leakage due to theft and laptop/device loss. Device Control: Set, schedule and enforce data policies, controlling the connection of removable storage and other peripheral devices to USB, Firewire and Bluetooth. Encryption: Protects data both at rest and in-transit by encrypting traffic and data to reduce the risk of unauthorized access. Endpoint: Most common form of security, protects local and network storage against viruses, malware and other threats. Exchange Server Security: Anti-malware and antispam protection for Microsoft Exchange Mail Servers. File Server Security: Ensures that malware cannot spread to secured endpoints through stored, infected data. Firewall: Blocks traffic based on policies and rules defined by the administrator. Hyper-V Security: Anti-malware, endpoint controls and network protection for virtual machines. Intrusion Prevention: Standalone, or as part of a hostbased intrusion prevention and/or firewall solution designed to identify unwanted traffic and stop it from hitting corporate assets. Mail Server Security: Prevents based malware threats, phishing attacks and spam. Mobile Device Management (MDM): By controlling and protecting the data and configuration settings for all mobile devices in the network, MDM reduces support costs and business risks. The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing costs and downtime. Next-Generation Firewall: Blocks traffic based on policies and rules defined by the administrator. Patch Management: In-depth scanning for vulnerabilities combined with the automated distribution of patches. Remote Anti-theft: SIM Watch, remote lock, full or selective wipe and find all prevent unauthorized access to corporate data if a mobile device is lost or stolen. Risk & Compliance Management Products: Allow for risk management and security compliance help to minimize risk, automate compliance, and optimize security. Security Information Event Management (SIEM): Monitors and logs traffic to storage locations and security devices to identify potential risks and perform forensic investigations after events. Security Information Event Management (SIEM): Monitors and logs traffic of servers and security devices to identify potential risks and perform forensic investigations after events. Server Security: Endpoint designed to protect server environments from malware and other threats. SharePoint Security: Filters content and detects, blocks, and removes malware to secure information in SharePoint servers.

27 27 Softchoice Ultimate Security Guide Glossary User Access Control: Single Sign-On (SSO) or other user authentication systems to protect against unauthorized users accessing systems and applications. Virtual Controls: Includes application, device and web controls that can be applied when creating new virtual machines or using existing ones. Virtual Private Network (VPN): Enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. Vulnerability Management: Considered a security best practice defensive measure to protect against today s threats. Your tool should analyze vulnerabilities, controls, and configurations to find the who, what, and where of IT security risk. Web Application Firewall (WAF): Protects servers by blocking malicious internet traffic targeted towards websites and ecommerce servers. Web/ Gateway Security: Prevents based malware threats, phishing attacks and spam, along with filtering and managing inbound and outbound internet traffic.

28 Questions?

29