Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Similar documents
WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Unlocking the Power of the Cloud

ALERT LOGIC LOG MANAGER & LOG REVIEW

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

SIEMLESS THREAT MANAGEMENT

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Total Security Management PCI DSS Compliance Guide

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Simple and Powerful Security for PCI DSS

Clearing the Path to PCI DSS Version 2.0 Compliance

University of Pittsburgh Security Assessment Questionnaire (v1.7)

TRUE SECURITY-AS-A-SERVICE

Daxko s PCI DSS Responsibilities

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Cyber Security Audit & Roadmap Business Process and

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

PCI Time-Based Requirements as a Starting Point for Business-As-Usual Process Monitoring

SECURITY PRACTICES OVERVIEW

Locking Down the Cloud Security is Not a Myth

FairWarning Mapping to PCI DSS 3.0, Requirement 10

Automating the Top 20 CIS Critical Security Controls

Dynamic Datacenter Security Solidex, November 2009

IBM Managed Security Services - Vulnerability Scanning

Carbon Black PCI Compliance Mapping Checklist

The Devil is in the Details: The Secrets to Complying with PCI Requirements. Michelle Kaiser Bray Faegre Baker Daniels

Managed Security Services - Endpoint Managed Security on Cloud

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

Security Terminology Related to a SOC

Maximizing IT Security with Configuration Management WHITE PAPER

LOGmanager and PCI Data Security Standard v3.2 compliance

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Click to edit Master title style. DIY vs. Managed SIEM

SECURITY IN MICROSOFT AZURE. Marija Strazdas Sr. Solutions Engineer

PCI DSS 3.2 AWARENESS NOVEMBER 2017

A Comprehensive Guide to Remote Managed IT Security for Higher Education

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Advanced Malware Protection. Dan Gavojdea, Security Sales, Account Manager, Cisco South East Europe

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SIEMLESS THREAT DETECTION FOR AWS

The Importance of Cybersecurity Threat Detection for Utilities

PCI Compliance Assessment Module with Inspector

The Convergence of Security and Compliance

Industrial Defender ASM. for Automation Systems Management

Blueprint for PCI Compliance with Network Detective

June 2012 First Data PCI RAPID COMPLY SM Solution

Security Assessment Checklist

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy

locuz.com SOC Services

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

WHITE PAPER. PCI and PA DSS Compliance with LogRhythm

Combatting advanced threats with endpoint security intelligence

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives

HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Vulnerability Management

A QUICK PRIMER ON PCI DSS VERSION 3.0

Cybersecurity The Evolving Landscape

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Business Context: Key for Successful Risk Management

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Cyber security tips and self-assessment for business

A leading antivirus software company outsmarts viruses and malware and makes the Internet safer.

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Automate and simplify PCI DSS compliance using FileAudit Plus

McAfee Public Cloud Server Security Suite

Changing face of endpoint security

Watson Developer Cloud Security Overview

PCI DSS Compliance for Healthcare

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Achieving regulatory compliance

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

COMPLETING THE PAYMENT SECURITY PUZZLE

CORPORATE BUSINESS SOLUTIONS

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Symantec Security Monitoring Services

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

PCI DSS Requirements. and Netwrix Auditor Mapping. Toll-free:

2017 Annual Meeting of Members and Board of Directors Meeting

Clearing the Path to PCI DSS Version 2.0 Compliance

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

Cybersecurity Auditing in an Unsecure World

PCI Compliance in Oracle E-Business Suite

WHITE PAPER. Achieve PCI Compliance and Protect Against Data Breaches with LightCyber

Investigative Response Case Metrics Initiative Preliminary findings from 700+ data compromise investigations

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Transcription:

Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com

Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees: 100 + Technology: Patented

Security and Compliance Challenge IT organizations are faced with mounting pressure 1. Compliance regulations PCI DSS, SOX, HIPAA, GLBA, NIST, FISMA, FERC 2. Continued evolution of network threats Look what Microsoft did just in the last month? Responsibility of securing data is settling nicely on your shoulders and has been for a while

The Facts

The Facts 81% of companies breached in 2009 were not compliant with their required regulation 6% of the breaches were caught through event monitoring and logging 99% of all breached records were from compromised servers and applications * All percentages are from the 2009 Verizon Business Data Breach Investigation

2009 Data Breaches Who is breaching data? 73% External Sources 18% Inside Sources 39% Business Partners 30% Multiple Partners How do breaches occur? 62% Significant Error 59% Hacking 31% Malicious Code 22% Exploited Vulnerability 15% Physical Threats What Commonalities Exist 66% Victim was unaware data was on the system 75% Breaches were not discovered by the victim 83% Attacks were not highly difficult 85% Breaches were the result of opportunistic attacks 87% Were considered avoidable through reasonable controls *Statistics from 2009 Verizon Business Data Breach Investigation Report

Analyzing the Facts Companies aren t detecting solutions in an effective way Why? Chasing false alarms, other priorities, etc Companies are not focusing on continuous security Too many companies check a box and move on 6% success rate is too low! Companies need to be more vigilant in this area Most of the 99% of breaches could have been caught With effective log management and daily review of log data

Cloud-Powered Security

Traditional Deployment vs Cloud Model Instead of Deploying This: Deploy This:

Cloud-Powered Delivery Model

Solving Key Problems SECURITY & COMPLIANCE Vulnerability Assessment Identifying Weaknesses BEFORE Intrusion Protection Isolating Attacks DURING Log Management Investigating Incidents AFTER DELIVERED IN-CLOUD simple deployment no capital expense no maintenance easy & affordable

Software-as-a-Service Solutions Log Manager What it does: Automatically collect, store, correlate, search and report log data Why it s different and better: Unique cloud-powered delivery model and cloud-ready technology Patent-pending grid computing and storage architecture High-speed searching and flexible parsing of log data Correlates log, threat and vulnerability data to identify suspicious activity Threat Manager What it does: Protects against threats and identifies internal/external vulnerabilities PCI Approved Scanning Vendor Why it s different and better: Unique cloud-powered delivery model and cloud-ready technology Patent-pending grid computing and storage architecture Patented expert system detects threats and defends against attacks Security analysts provide monitoring, analysis and incident response services

Monitoring Services ActiveWatch 24/7 threat monitoring for rapid incident response Integrated incident and case management LogReview Daily review of log data to comply with PCI DSS 10.6 Analysts alert customers on suspicious activity and possible security threats

Meeting Compliance Requirements Vulnerability Assessment Intrusion Protection Log Management PCI DSS Penalties: fines, loss of credit card processing, and level 1 merchant requirements 6.2 Identify newly discovered security vulnerabilities 11.2 Perform network vulnerability scans quarterly by an ASV 5.1.1 Monitor zero day attacks not covered by Anti-Virus 11.4 Maintain IDS/IPS to monitor & alert personnel, keep engines up to date 10.2 Automated audit trails 10.3 Capture audit trails 10.5 Secure logs 10.6 Review logs at least daily 10.7 Maintain logs online for 3 months 10.7 Retain audit trail for at least 1 year SOX (CobiT) Penalties: fines up to $5M, up to 10 year imprisonment DS 5.9 Malicious Software Prevention, Detection, and Correction put preventive, detection, and corrective measures in place (especially up-to-date security patches and virus control) across the organization to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam) DS 5.6 Security Incident Definition clearly define and communicate the characteristics of potential security incidents so that they can be properly classified and treated by the incident and problem management process DS 5.10 Network Security use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorize access and control information flows from and to networks. DS 5.5 Security Testing, Surveillance, and Monitoring a logging and monitoring function will enable the early prevention and/or detection and subsequent timely reporting of unusual and/or abnormal activities that may need to be addressed.

Tangible Costs: Traditional vs. Cloud Traditional Costs Software Product or Appliance Reporting Database Data Storage Redundant Data Storage Data Center Footprint Electricity Centralized Reporting Server Web Server Implementation Costs Maintenance Fees Consulting Fees Training Cloud-based Costs Subscription Fee

Benefit Summary Easy to buy, deploy and use Cloud-powered solutions deliver capabilities appliances can t match No capital equipment to purchase and maintain All costs included in one monthly fee Enables regulatory compliance Identifies incidents and vulnerabilities that impact compliance Collects, reviews, and archives log data Improves network security Helps detect and remedy threats and vulnerabilities Reviews log data daily to detect suspicious activity

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback