Technology Roadmap for Managed IT and Security Michael Kirby II, Scott Yoshimura 04/12/2017
Agenda Managed IT Roadmap Operational Risk and Compliance Cybersecurity Managed Security Services 2
Managed IT Strategic Roadmap Long term strategic direction Scale services to larger financial institutions Managed IT Advanced Add Linux, Unix, Oracle, DBA Support, Application Development Add «Shared» Customer Tools Managed IT Custom Ala Carte Option Managed Risk Services Managed Security Services IPT/Network Services Hosted Services Help Desk/Deskside Support 3
Managed IT Enhancements Migrating to new endpoint management system Current system has not kept up with market enhancements New solution will allow greater efficiency in: Patch Management Asset Inventory Software Distribution Configuration Compliance 4
Operational Risk and Compliance Technology Roadmap for Managed IT and Security 5
Managed Risk Services Needs Drive Innovation Risk & Control Self Assessment (RCSA) Organizations are in need of a way to evaluate, document & monitor compliance with various regulations, framework & guidance. Managed Security Awareness (MSA) There is increased scrutiny by auditors/examiners surrounding cybersecurity awareness & training. Annual testing & training is not enough to properly equip employees with the tools to detect & properly handle phishing threats. Organizations need a tool to launch & manage phishing campaigns to properly test employees, report to management, & build awareness throughout the enterprise. Vendor Risk Manager (VRM) Enhancements Vendor management continues to be a focus area of regulators. As a result we are continuously looking at ways to create more efficient processes of managing vendors risk, while increase the oversight & monitoring capabilities. Enhanced GLBA/Information Security Risk Assessment & Enhanced Cybersecurity Risk Assessment Current risk assessment processes are designed for periodic (typically annual) evaluations of risk. Organizations are in need of a tool to integrate these risk assessment processes into their internal practices for better identification, monitoring, & reporting of risk. 6
Risk & Control Self Assessment (RCSA) Overview Designed to allow institutions to self assess against various regulations, frameworks, & guidance System defaults with defined Control Objectives to meet designated requirements, along with suggested Control Activities to meet the Control Objectives Quantify coverage & effectiveness of controls, along with documenting justification Ability to upload & attach supporting documentation to centralize documents to provide auditors & examiners to show compliance Progress indicators Ability to generate issues to document, track & monitor areas that need to be addressed based on the self assessment 7
8
9
10
11
Managed Security Awareness (MSA) Overview Social-engineering simulations across four vectors Email Phishing SMS (Smishing) Voice (Vishing) Mobile Media Over 300 phishing templates, 60+ landing pages and 150+ domains Patented multi-variable attack simulations Address book utility which incorporates over 50 data elements from which to measure risk Outlook plugin allows end-user reporting of suspected phishing attempts Leverage Regulatory University (RegU) for education & awareness 12
Vendor Risk Manager (VRM) Overview Real-time, online, quantitative vendor risk assessment and monitoring service VRM allows the institution to evaluate new vendor relationships and monitor existing relationships. Data feeds collected are analyzed by VRM s operational experts. The platform delivers a customized risk score based on the institution s unique relationship with the vendor, and the complete picture of empirical risk data on the vendor. VRM will initiate workflows to review, approve, or notify impacted stakeholders of material changes to the vendor s risk profile. Additionally, institutions can monitor their vendor risk with real time interactive dashboards that give a holistic view of all vendor profiles. 13
14
15
Vendor Risk Manager (VRM) Enhancements Roadmap 2017 - Q1 MAR 2017 - Q2 APR 2017 - Q3 MAY JUN JUL AUG FUTURE SEPT VENDOR SURVEY ENHANCEMENTS OPERATIONAL RISK ASSESSMENTS Nth PARTY RISK NON-MANAGED SERVICE SLA TRACKING MOBILE ENHANCEMENTS BBB INTEGRATION REPORTING ENHANCEMENTS SSO CONTRACT MANAGEMENT API VENDOR SURVEY ENHANCEMENTS: Nth PARTY RISK: BBB INTEGRATION: NON-MANAGED SERVICE: API: SSO: CONTRACT MANAGEMENT: ASSESSMENTS: SLA TRACKING: REPORTING ENHANCEMENTS: MOBILE ENHANCEMENTS: Support for vendor registration, and survey flow improvements Support for relating vendors and factoring in the risk of 4th parties and beyond Include BBB and D&B with the other vendor due diligence Support for stand-alone use of VRM Support for 2-way data integrations for importing/exporting of data with other systems Support for SSO for seamless authentication with other systems Enhanced support for managing contract terms, renewals, and workflows New RaaS module for performing Risk Assessments Support for SLA tracking, measuring, reporting and workflows New chart-based reporting with focus on auditors and compliance Support for Touch ID and push notifications on Apple ios Devices 16
Enhanced GLBA/Information Security & Cybersecurity Risk Assessments Web based risk assessment modules Based on GLBA & FFIEC Information Security Handbook Based on the FFIEC Cybersecurity Assessment Tool & NIST Cybersecurity Framework New product, service or asset risk assessment process to ensure Information Security & Cybersecurity risks are assessed before launch Incorporate within institutional policies to create a living risk assessment process instead of an annual risk assessment Issue management function to log, monitor & report issues identified in the risk assessment process Control testing documentation & tracking mechanism 17
Cybersecurity Product/Service Roadmap for Managed Security Service 18
New Services Roadmap Service Summary Cyberguard Endpoint Threat Detection Powered by Red Canary/Carbon Black Response Purpose: Endpoint threat detection platform that enables detection, response, and insight on threats in your network Cyberguard Endpoint Threat Prevention Powered by CylancePROTECT Purpose: Preventing unauthorized malware from running on a client s network through Artificial Intelligence Vulnerability Management (Enhanced Vulnerability Management, Perimeter and Internal Defense) Purpose: Managed Vulnerability Service utilizing FIS time to remediate asset prioritization 19
Cyberguard Endpoint Threat Detection Detect the threats your prevention tools miss. - Cloud-based 24/7 endpoint activity recording, visibility, and threat detection - Expert analysts to remove false positives - Integrated platform to rapidly respond to threats 20
Endpoint Platform SOC Analysts Alerts MSS responds sensors record Detects Threats Investigate customers with power activity file modifications registry modification user identity process creation module loads network connections process injection binary content EMET alerts 21
Endpoint Platform SOC Analysts Alerts MSS responds sensors record Detects Threats Investigate customers with power activity Using Identify Known bad New activity Good apps gone bad Unusual activity Application Behavioral Analysis Binary Analysis Threat Intelligence User Behavior Analytics Organizational Intelligence 22
Endpoint Platform SOC Analysts Alerts MSS responds sensors record Detects Threats Investigate customers with power activity 24/7 remote monitoring, investigation, and confirmation Full access to endpoint history Automated retrospective hunting from identified IOCs 23
Endpoint Platform SOC Analysts Alerts MSS responds sensors record Detects Threats Investigate customers with power activity Intelligence to understand the threat indicators, endpoint and user information threat timeline 24
Endpoint Platform SOC Analysts Alerts MSS responds sensors record Detects Threats Investigate customers with power activity Included tools and expertise to stop threats and return your organization to a good state Isolate Remediate Research Technical Q&A Automate 25
Cyberguard Endpoint Threat Prevention Predicts cyber attacks and blocks them on the endpoint in real-time before they ever execute. Leverages the power of machines, not humans, to dissect malware s DNA. Artificial intelligence then determines if the code is safe to run. Provides an innovative next generation endpoint threat protection solution to prevent advanced threats and malware from causing harm Utilizes artificial intelligence techniques, machine learning and algorithmic science 26
Cyberguard Endpoint Threat Prevention Prevents malware pre-execution No signatures / infrequent updates Silences memory attacks, exploits, privilege escalation, fileless attacks Ultra light agent footprint Thwarts unauthorized scripts Deployment simplicity Rejects potentially unwanted programs (PUPs) from entering the environment Uncovers the presence of powerful tools that can be used against you All without prior knowledge Protection is not Cloud dependent 27
Vulnerability Management The FIS-Developed Total Risk Score enables clients to quantify the risk of their devices in order to make effective decisions based on organizational risk appetite. Device usage cases build the device risk score and when paired with Common Vulnerability Security Score, it generates the Total Risk Score a numerical value for risk. Device Risk Score CVSS Total Risk Score 28
Vulnerability Management Allows workflow tracking for vulnerabilities Workflow Approvers provide oversight and governance over the Workflow Process. Bulk Remediation of many tasks at once. 29
Vulnerability Management Enhancements Integrate 3rd Party Objective Assessment/audit findings Track remediation efforts of 3rd party findings in the same system as tracking regular vulnerability remediation's Leverage existing workflow Risk Accepts Pending Fix False positives Integrate Threat Intelligence chatter into the system Scenario: Dark web chatter that a specific vulnerability is being exploited to deliver malware. The system would raise the priority of remediation based on this intelligence. Remediation prioritization would increase based on intelligence 30
Michael Kirby II, Scott Yoshimura Mike.Kirby@fisglobal.com, scott.yoshimura@fisglobal.com
2017 FIS and/or its subsidiaries. All Rights Reserved. FIS confidential and proprietary information.