SecOps : Security Operations Saurav Sinha Head of Presales India 1
The World s Best and Most Innovative Companies Trust BMC #1 Ranked ITOM Vendor by Gartner for 3 consecutive years 300+ Patents $8B Investment 10K Customers 82% Fortune 500 Use BMC for their digital services Financials Healthcare Telco Retail Business Services CPG Public Sector 2
BMC Ecosystem Strategic Service Providers Strategic Technical Alliances Channel Partners 3
4
Online Banking Penetration 5 India has about 470 million banking customers out of which 60 million do online banking; these numbers will grow by 173 million as per analyst reports
Stolen credentials Malware Phishing Fun Governments Syndicates Lone Wolf Exploit backdoors Hacking Brute Force Spyware Espionage Ideology Grudge Financial Boredom DIGITAL WORLD is under attack 6
Known Vulnerabilities are the Biggest Threat 7 80% 99.9% ATTACKS More than 80% of attacks target known vulnerabilities FIX READY 99.9% of exploits were compromised over a year after the CVE was published There s so many more vectors that are easier, less risky and quite often more productive than [zero day excursions]. This includes, of course, known vulnerabilities for which a patch is available but the owner hasn t installed it. Rob Joyce Chief, Tailored Access Operations (TAO) National Security Agency
193 Days to resolve average vulnerability Lack of Integration Between Security and Operations Creates a SecOps Gap Increasing number of complex regulatory standards No visibility to actionable threat information Challenge to balance security & compliance actions against risk of sacrificing uptime/performance 8 Manual interventions for broken processes
SecOps Gap - Speed and Scale Impacts DELAYS DELAYS DELAYS DELAYS SECURITY OPERATIONS CVE Up to 40% of work sent to Ops has been seen before On average, every 1000 servers have 1-2 FTE working to analyze and plan action on vulnerability data Asset discovery and dependency mapping is manual and rarely without gaps attempting to cover 1000s of assets Manual or Semiautomated Remediation is Slow and Error Prone creating a large backlog and an average time to remediation of 193 days Manual change ticket creation takes 45 min but it takes 5 min to fix a server 9
Typical Workflow Security VULNERABILITIES DISCOVERED WITH SCANS REPORT CREATED SENT TO OPS EXTRA CHANGE DOCUMENTATION VERIFIED COMPLIANCE COMPLIANCE REPORTING OPS OPS DIGESTS REPORT AND PLANS WORK CHANGE TICKET OPENED MANUALLY CAB APROVAL (DUE TO RISK) REMEDIATION ANALYSIS AND BUILD REMEDIATION EXECUTED CHANGE TICKET CLOSED For every 500 Servers 1 FTE Digests Report and Plans Remediation APPs APP TEAMS GETTING EXCEPTIONS POTENTIALLY MANY APPROVALS Handled Manually Each Exception is 2-3 Hrs, Exceptions are 2-3 per server per quarter Each Approver Slows Process More Risk More Approvers 10
SecOps Workflow Security VULNERABILITIES DISCOVERED WITH SCANS REPORT CREATED SENT TO OPS EXTRA CHANGE DOCUMENTATION VERIFIED COMPLIANCE COMPLIANCE REPORTING OPS OPS DIGESTS REPORT AND PLANS WORK CHANGE TICKET OPENED MANUALLY CAB APROVAL (DUE TO RISK) REMEDIATION ANALYSIS AND BUILD REMEDIATION EXECUTED CHANGE TICKET CLOSED NOW AUTOMATED For every 500 Servers 1 FTE Digests Report and Plans Remediation APPs APP TEAMS GETTING EXCEPTIONS POTENTIALLY MANY APPROVALS Handled Manually Each Exception is 2-3 Hrs, Exceptions are 2-3 per server per quarter Each Approver Slows Process More Risk More Approvers 11
SecOps Integrated and Automated One SecOps Solution for 2 Risk Exposures 10% Coverage with UNKNOWN Risks ~ 193 Days or Unknown 90% Coverage, With Known Risk ~ 10-45 Days based on severity/risk Data center (corporate IT) Security Scans > Data center (corporate IT) Private cloud VULNERABILITY RISK ATTACK SURFACE EXPOSURE WINDOW AUTOMATED REMEDIATION > > Private cloud SERVER NETWORK Public Cloud > COMPLIANCE RISK (GAP AGAINST POLICY) REGULATORY OPERATIONAL SECURITY Public Cloud Unmanaged 12
The Value of BMC s SecOps Solution Vigilant, Precise and Relentless Automation to Accelerate and Scale Security Operations Workflow SecOps Integrated and Automated Vigilant Compliance Precise Threat Analysis Relentless Remediation Audit Ready All the Time Governance and Auditability Actionable Information Smart/Balanced Decision Making Blind Spot Analysis Accelerate Closure of Risk Windows 13
Integrated Visibility to Build Trust Integrated Data for Security and Operations Enriched, actionable threat data for immediate use by IT Ops and analysis by Security Operator Dashboard - To do list to address threats based on policy and impact insuring most critical issues fixed first. Security Dashboard - First time ever view for Security into operational plans with visibility into planned actions, predictive SLA, and burndown 14
Drive Compliance & Best Practices Consistent and trackable application of policies Maintain vigilance with a full cycle of system discovery, monitoring, remediation, and change control Integrated documentation and remediation simplifies repair, rollback, and configuration updates Easy to use out of the box regulatory compliance content, policies, and remediations, which reduces time for audit compliance 15
Accelerate and Scale Remediation Pursue vulnerabilities swiftly and efficiently Automatic correlation of discovered vulnerabilities and patches Remediate vulnerabilities based on severity and priorities Network vulnerability identification and remediation action capabilities Direct closed loop integration with Change Management 16
Customer Success with BMC SECOPS State of Michigan Reduced time for Audit report creation from 32 hours to 15 minutes Reduced 9,000+ staff hours by automatically remediating 94,273 events Reduced time for server provisioning from 2 months to 5 days 17 BMC's BladeLogic Threat Director will enable the security and operations teams to see what the other is doing, opening a dialog to allow the most urgent issues to be addressed first while balancing the operations team's need for uptime. Tracy McMahan, IT Support Coordinator, F. Korbel & Bros, Inc.
18 THANK YOU!