Vulnerability Management. June Risk Advisory

Similar documents
Preface. Operations within the EU. Serving the EU customers. Third parties operating in the EU

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary. For Private Circulation Only August 2018.

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

Cyber Security: Are digital doors still open?

Are we breached? Deloitte's Cyber Threat Hunting

Cyber Espionage A proactive approach to cyber security

Cyber Risk and Networked Medical Devices

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Emerging Technologies The risks they pose to your organisations

Real estate predictions 2017 What changes lie ahead?

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

The New Healthcare Economy is rising up

From Dabbling to Doing The Age of the Intuitive Enterprise

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Multi-factor authentication enrollment guide for Deloitte client or business partner user

Achieving third-party reporting proficiency with SOC 2+

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Achieving effective risk management and continuous compliance with Deloitte and SAP

Cyber Security is it a boardroom issue?

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

Cyber Risk Services Going beyond limits

Run the business. Not the risks.

locuz.com SOC Services

Anticipating the wider business impact of a cyber breach in the health care industry

Modern Database Architectures Demand Modern Data Security Measures

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Cyber Security Incident Response Fighting Fire with Fire

8 Must Have. Features for Risk-Based Vulnerability Management and More

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Securing Your Digital Transformation

CFOs in a new global environment Sandy Cockrell, Deloitte

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Vulnerability Assessments and Penetration Testing

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

Internet of Things (IoT) Securing the Connected Ecosystem

M&A Cyber Security Due Diligence

Cyber Security. It s not just about technology. May 2017

SECURITY SERVICES SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY

deep (i) the most advanced solution for managed security services

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

CYBER SOLUTIONS & THREAT INTELLIGENCE

DOWNLOAD OR READ : THREAT AND VULNERABILITY MANAGEMENT COMPLETE SELF ASSESSMENT GUIDE PDF EBOOK EPUB MOBI

HOSTED SECURITY SERVICES

Building Resilience to Denial-of-Service Attacks

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Adopting SSAE 18 for SOC 1 reports

MITIGATE CYBER ATTACK RISK

A new approach to Cyber Security

Changing the Game: An HPR Approach to Cyber CRM007

BHConsulting. Your trusted cybersecurity partner

ALIENVAULT USM FOR AWS SOLUTION GUIDE

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Protect Your Organization from Cyber Attacks

Department of Management Services REQUEST FOR INFORMATION

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA

CASE STUDY. How 16 Penetration Tests Missed A Vulnerability Which Could ve Cost One Company Over $103 Million In PCI Fines

RiskSense Attack Surface Validation for IoT Systems

Cybersecurity and the Board of Directors

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Optimisation drives digital transformation

Vulnerability Management

Risk Advisory Academy Training Brochure

IP Risk Assessment & Loss Prevention By Priya Kanduri Happiest Minds, Security Services Practice

Webcast title in Verdana Regular

CYBER SECURITY OPERATION CENTER

CipherCloud CASB+ Connector for ServiceNow

Best Practices in Securing a Multicloud World

Building a Resilient Security Posture for Effective Breach Prevention

CYBER INSURANCE: MANAGING THE RISK

Building and Testing an Effective Incident Response Plan

CYBER RESILIENCE & INCIDENT RESPONSE

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA?

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Reinvent Your 2013 Security Management Strategy

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

NEXT GENERATION SECURITY OPERATIONS CENTER

Headline Verdana Bold. Internet of Things Cyber threat intelligence

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Enabling Security Controls, Supporting Business Results

Cybersecurity Protecting your crown jewels

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Industrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

IoT & SCADA Cyber Security Services

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Transcription:

June 2018 Risk Advisory

Contents A Better Way To Manage Vulnerabilities 4 Business Challenge 6 Vulnerability Management as a Service 7 Robust Service Architecture 8 Our Differentiators 9 Vulnerability Management Services Catalog 10 Contacts Us 14 03

A Better Way To Manage Vulnerabilities More Business. New Challenges. The digital revolution is driving business innovation and growth but it s also exposing us to new and emerging threats. Exciting technological innovations bring fantastic opportunities to: Increase integration of business elements in the environment; Drive efficiencies and optimum ways of conducting business; and Initiate cost effective technological implementations. Together with opportunity, it also brings the following risks: Vulnerability Management is a matured outcome of an early day practice of vulnerability assessment. Today s threat landscape is unimaginably different, with thousands of new vulnerabilities reported annually and the growing complexity of the organization s environment. Verizon s Data Breach Incident Report of 2016 shows an increasing trend in the number of vulnerabilities identified and its exploits. The sheer volume of launched attacks demands best-in-class vulnerability management solutions that deliver comprehensive discovery to support the entire vulnerability management lifecycle. Increase in size and complexity of environment More exposure to cyber attacks than ever before Data pilferage and security breach leading to loss of sensitive information 04

Cloud Nation States Virtualisation Espionage Social Technology Your Business Threat Actions Criminal Syndicates Mobile Patch Failure Analytics Hactivities Shared Services Insiders 05

It is imperative for any organization to implement an effective Vulnerability Management to safeguard against attacks and threats in the environment. An effective way of handling such a requirement is to go with a Managed Service methodology, which provides the most comprehensive solution. Business Challenge Do you have critical business applications? Is it a regulated market bound by compliance requirements? Is the company environment getting complex day by day? Do you store or process sensitive data? Is your organisation routinely targeted and face attempts of attack? Are there multiple platforms and technologies used? Solution Deloitte's Cyber Risk Managed Services for Vulnerability Management is the key to this business challenge. It offers the following advantages: Effective management of vulnerabilities associated with critical Infrastructure components. Ability to manage increase in scale and complexity of the environment. Meet regulatory compliance requirements such as HIPAA, and SOX etc. Integration of Vulnerability Management with other security services such as SIEM and Threat Intelligence. Deep dive analysis of vulnerabilities along with correlation of threats and events. 06

Vulnerability Management as a Service Deloitte leverage its Cyber Intelligence Centre (CIC) platform to deliver differentiated vulnerability management services. It integrates advanced security capability with industry insight to provide application and infrastructure security and offers a broad approach to vulnerability management that goes well beyond security testing. End to End Support Unlike traditional vulnerability management program, we o end-to-end support right from the initiation of scan till remediation. This helps e ectively address the vulnerabilities through a managed approach. 24 x 7 Coverage Deloitte s CIC provides round-theclock support for our customers. This is critical while handling major vulnerability outbreaks such as POODLE and Shellshock. A swift response is imminent in such a scenario. False Positive Analysis False positives play an important role to remedy the vulnerabilities. A thorough analysis eliminates false positives which in turn greatly reduce the time and energy spent on applying th x. Proof of Concept Every major vulnerability will be supported by a Proof of Concept which helps in understanding the business impact of the vulnerabilities and the need to remediate Critical and High vulnerabilities in the environment. Remediation Tracking Vulnerability management doesn t end with performing a scan. An e ective program is substantiated by quality of remediation and takes corrective action from reoccurring. We track every vulnerability till it is brought to closure. 07

Robust Service Architecture Deloitte s managed Vulnerability Management service offers a complete vulnerability management life cycle for finding and remediating security weaknesses before they are exploited and helps with improved visibility to security posture. Our Solution is integrated with our Managed Threat Services (MTS) and Threat Intelligence and Analytics (TIA) Services to deliver true vulnerability intelligence to manage threats effectively. Vulnerability Management Presentation Layer - Customer Access Asset Inventory Host speci c Vulnerability Data Vulnerability Tracking status Remediation Trend Analysis On demand Scan Reporting and Dashboard Data feed to Deloitte Portal Creation of Account / Subscription 2.Scan Execution In-Scope assets (Network/Server/ Workstation) Service opted for Vulberability Management Policy Compliance PCI Compliance 1.Pre Requisites VM Lifecycle 3.Analysis of output Authentication records (Perform Credentialed) 5.Public Customize Report 4.Remove false Positives Service Integrations Threat Intelligence Managed Threat Services Vulnerability Intelligence Cyber Incident Response Software Asset Management 08

Our Differentiators Robust Infrastructure CIC is the backbone of Managed Vulnerability Service. It offers state of art facility that enable smooth fuctioning of Vulnerabilty Management service. Swift Response to incidents Vulnerabilities are likely to have catastrophic impact if not dealth properly. CIC enables organisation to provide precise and swift response to such incidents. Structured approach There are well defined and matured process and standards that govern the overall vulnerability management program. Integration and correlation Vulnerabilities are interlinked entities in relation to Threat Intelligence, SIEM, and other security components that provide additional information about the threat in the environment. Dashboard view Deloitte provides unique access to its customers to view their Vulnerability Management status. This gives a complete view of the threat landscape. 09

Vulnerability Management Services Catalog Deloitte CIC offers Managed Vulnerability Services in below mentioned options Basic Vulnerability Management Standard mode of service o ering with complete lifecycle of Vulnerability Management to meet your compliance needs Premium Vulnerability Management O ers integration with SIEM tool and Incident Management which are Customer or Deloitte owned. Advance Vulnerability Management Correlation with SIEM, Threat Intelligence tool, and Asset Management. Provides fully integrated view of threat landscape. 10

Deloitte leverages its Cyber Intelligence Centre to deliver managed vulnerability management services to its clients across the globe. The Deloitte Cyber Intelligence Centre (CIC) combines deep cyber intelligence with broad business intelligence to deliver relevant, tailored, and actionable insights to inform business decision-making. The CIC fuses a number of services together to provide our clients with a truly tailored service that enables them to fully understand their cyber risks and adopt proportionate responses in an increasingly digital and interconnected business environment. We do this by providing them with an improved visibility of threats and assets, based on highly relevant intelligence that reflects their specific business, market, and industry context. Related Services: Managed Threat Services Integrates all your security logs and event information for advanced correlation and analytics and provides actionable insight. Solution integrates vulnerability management services for true vulnerability intelligence and on-demand actions for e ective monitoring. Managed Application Security Provides full life-cycle application security services ranging from on-demand assessment to real-time application security of client s web presence. Threat Intelligence and Analytics Provides ability to leverage world s leading threat intelligence capabilities, including dark web monitoring, to help you with relevant threat intelligence to secure your business critical assets. Integrated with managed services to provides contextualized threat information for your environment. Cyber Attack Simulation Improve resiliency of environment through ondemand cyber-attack simulation and validate protection mechanism for enterprise IT systems. Simulation could range from a simple Phishing attempt to a complex DDoS on your environment. Software Asset Management Integrate the software asset information with Vulnerability Management capabilities to build real time vulnerability intelligence. This signi cantly improves visibility for potential vulnerabilities in software assets which are not part of scanned assets or are missing from asset information 11

12

13

Key Contacts: Rohit Mahajan President - Risk Advisory rmahajan@deloitte.com Mumbai Shree Parthasarathy Partner - Risk Advisory sparthasarathy@deloitte.com Delhi Anand Tiwari Partner - Risk Advisory anandtiwari@deloitte.com Delhi Sandeep Kumar Partner - Risk Advisory kumarsandeep@deloitte.com Delhi 14

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms. This material is prepared by Deloitte Touche Tohmatsu India LLP (DTTILLP). This material (including any information contained in it) is intended to provide general information on a particular subject(s) and is not an exhaustive treatment of such subject(s) or a substitute to obtaining professional services or advice. This material may contain information sourced from publicly available information or other third party sources. DTTILLP does not independently verify any such sources and is not responsible for any loss whatsoever caused due to reliance placed on information sourced from such sources. None of DTTILLP, Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this material, rendering any kind of investment, legal or other professional advice or services. You should seek specific advice of the relevant professional(s) for these kind of services. This material or information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person or entity by reason of access to, use of or reliance on, this material. By using this material or any information contained in it, the user accepts this entire notice and terms of use. 2018 Deloitte Touche Tohmatsu India LLP. Member of Deloitte Touche Tohmatsu Limited

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback