Reserve Bank of India Cyber Security Framework

Similar documents
भ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

CYBER RESILIENCE & INCIDENT RESPONSE

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Gujarat Forensic Sciences University

Integrated, Intelligence driven Cyber Threat Hunting

NEXT GENERATION SECURITY OPERATIONS CENTER

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

empow s Security Platform The SIEM that Gives SIEM a Good Name

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

RSA NetWitness Suite Respond in Minutes, Not Months

External Supplier Control Obligations. Cyber Security

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

esendpoint Next-gen endpoint threat detection and response

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

ForeScout Extended Module for Splunk

Introducing Cyber Observer

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

RSA INCIDENT RESPONSE SERVICES

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

SFC strengthens internet trading regulatory controls

Managing Microsoft 365 Identity and Access

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

locuz.com SOC Services

RSA INCIDENT RESPONSE SERVICES

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

FOR FINANCIAL SERVICES ORGANIZATIONS

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Cyber Resilience - Protecting your Business 1

SIEM Solutions from McAfee

Detect Fraud & Financial Crime

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

4-6 Opportunities Significant value in using SPARKL for Security

Security Operations & Analytics Services

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

deep (i) the most advanced solution for managed security services

THE TRIPWIRE NERC SOLUTION SUITE

Prescriptive Security Operations Centers. Leveraging big data capabilities to build next generation SOC

Information Security Controls Policy

Acalvio Deception and the NIST Cybersecurity Framework 1.1

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

WHITE PAPER. HELPING BANKS SECURE DATA DURING AND AFTER DIGITIZATION An Infosys solution

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

ForeScout ControlFabric TM Architecture

Cyber security tips and self-assessment for business

Enhance Your Cyber Risk Awareness and Readiness. Singtel Business

MEETING ISO STANDARDS

Cyber Security Technologies

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

HISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security

The McGill University Health Centre (MUHC)

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

AKAMAI CLOUD SECURITY SOLUTIONS

CloudSOC and Security.cloud for Microsoft Office 365

Reducing the Cost of Incident Response

SECURITY & PRIVACY DOCUMENTATION

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Security. Made Smarter.

Are we breached? Deloitte's Cyber Threat Hunting

How AlienVault ICS SIEM Supports Compliance with CFATS

SECURITY SERVICES SECURITY

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Defining cybersecurity.

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

RUAG Cyber Security Understand Cyber. Protect Values.

Traditional Security Solutions Have Reached Their Limit

Cyber Threat Landscape April 2013

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Cybersecurity Today Avoid Becoming a News Headline

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

How Can Indian Banks Comply with RBI cybersecurity Guidelines

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Financial Conduct Authority. Financial Crime : A Guide for Firms

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Security+ SY0-501 Study Guide Table of Contents

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

Incident Response Agility: Leverage the Past and Present into the Future

Cyber Resilience: Developing a Shared Culture. Sponsor Guide

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Transcription:

Reserve Bank of India Cyber Security Framework HOW SMOKESCREEN HELPS YOU COMPLY

RBI Cyber Security Framework How Smokescreen Helps You Comply Table Of Contents Executive Summary 3 About the Framework 3 General Compliance 4 Annex 1 - Baseline Cyber Security and Resilience Requirements 5 Annex 2 - Operationalising Cyber Security Operation Centre (C-SOC) 7 Annex 3 - Template for Reporting Cyber Security Incidents 10 About Smokescreen 11 www.smokescreen.io 2

RBI Cyber Security Framework How Smokescreen Helps You Comply Executive Summary The RBI Cyber Security Framework specifically calls for implementing counter-response and honeypot technologies that Smokescreen offers through our pioneering IllusionBLACK decoy technology. The systems that need to be put in place as a part of the Cyber SoC requires the following aspects to be addressed Counter response & honeypots RBI Cyber Security Framework - Annex 2 This white-paper explains how IllusionBLACK also helps you comply with more than 20 other points in the RBI framework. About the Framework In the light of growing cyber risks against banks, the RBI s new cyber security framework seeks to improve resilience, define baseline security controls, and move banks to pro-active defence. It mandates that the cyber security policy must be distinct from the broader IT and IS policies currently in place. The framework specifically calls for banks to move their thinking to assume breach, act pro-actively, and focus on detection, response and containment rather than just preventive capabilities. It also details capabilities around information sharing, reporting requirements and cyber crisis management. The policy is divided into general guidance followed by 3 annex sections which contain the details of the prescribed controls. The following are the Annex sections: 1. Baseline cyber security resilience requirements Covering the minimum security controls that banks need to implement in their policy. 2. Setting up and operationalising Cyber Security Operation Centre (C-SOC) Describing the specific capabilities that are expected from the bank s security monitoring and response center. 3. Template for reporting cyber Incidents A format for structured documentation of incidents for reporting to the RBI. www.smokescreen.io 3

General Compliance The first section of the framework covers general guidance on how banks should approach cyber security at a strategic level. Smokescreen helps comply with the following points: Framework Reference Introduction Point 6 Framework Requirement Continuous surveillance How Smokescreen Helps Smokescreen s IllusionBLACK works 24/7, monitors the network in every single subnet, and is the only solution that covers the entire kill-chain (life-cycle of an attack). Introduction Point 6 Regularly updated on the latest nature of emerging cyber threats Smokescreen s IllusionBLACK detects the intent and behaviour of an attacker, and is agnostic to attacker s methodology, so it stays effective against any new type of threat. Introduction Point 12 Cyber crisis management plan should address detection, response, recovery and containment Smokescreen s IllusionBLACK is specifically designed for rapid detection, response and containment of advanced threats. We focus on reliable attack detection and minimising response time. Our integrations allow containment actions to be automated to stop attacks as soon as they occur. Introduction Point 14 Sharing of information on cyber security incidents with RBI Smokescreen's IllusionBLACK allows both human readable and machine readable export of threat intelligence in industry standard sharing formats such as STIX and CSV. Our ThreatPARSE natural language reconstruction automatically translates raw intelligence data into simple English. www.smokescreen.io 4

Annex 1 - Baseline Cyber Security and Resilience Requirements This section deals with the specific requirements to be put in place by banks to achieve minimal cyber security resilience. Framework Reference Network and Security Point 4.9 Framework Requirement Security Operation Centre to monitor the logs of various network activities and should have the capability to escalate any abnormal / undesirable activities. How Smokescreen Helps IllusionBLACK provides complete network monitoring down to the subnet level and has built in manual and automatic escalations. Decoy technology has the lowest false positives of any security solution, avoiding event overload, and making the SOC monitoring highly effective. User Access Control / Point 8.2 Carefully protect customer access credentials such as logon userid, authentication information and tokens, access profiles, etc. against leakage/ attacks Decoy technology can create fictitious customer access account details, credentials, login passwords and so on. These decoy credentials are distributed across the bank s IT environment and trigger when an attacker attempts to gain access to them. User Access Control / Point 8.5 Log and monitor privileged/ superuser/administrative access to critical systems (Servers/OS/DB, applications, network devices etc.). IllusionBLACK s credential theft decoys create fake administrative credentials that can be placed on servers and endpoints in such a way that attackers find them easily. These dummy credentials appear to offer privileged access, however, they raise an alarm when an attacker attempts to use them. User Access Control / Point 8.7 Monitor any abnormal change in pattern of logon. Same as for Point 8.5 above. www.smokescreen.io 5

Advanced Realtime Threat Defence and Point 13.1 Build a robust defence against the installation, spread, and execution of malicious code at multiple points in the enterprise. IllusionBLACK deception defences can detect the spread and execution of of malicious code in every single subnet of the network. The solution can also analyse the actions that the malware takes, and monitor its attempts to communicate with command and control channels. Data Leak Prevention Strategy Point 15.1 and 15.2 Develop a comprehensive data loss/leakage prevention strategy to safeguard sensitive (including confidential) business and customer data/ information. This shall include protecting data processed in end point devices, data in transmission, as well as data stored in servers and other digital stores, whether online or offline. IllusionBLACK creates data decoys that are decoy documents that appear to contain confidential information. These documents can be placed on the systems of highvalue targets (such as senior management), on servers, or on critical systems such as in the treasury or IT operations. Any attempt to access these data decoys will trigger a silent alarm. Furthermore, the decoys can track an entire nexus as the data is passed from one person to another. Incident Response and Point 19.6 (c) Establish and implement systems to collect and share threat information from local/ national/international sources IllusionBLACK can export industry standard threat intelligence that can be consumed by other systems. Additionally, it can integrate with practically any other security device in order to automatically push or pull threat information in real-time. Lastly, Smokescreen customers benefit from the wisdom of the crowd, where attacks seen against one bank create intelligence to protect all the others. Forensics Point 22.1 Have support/ arrangement for network forensics/forensic investigation/ddos mitigation services on stand-by. Smokescreen offers on-call triage and forensics services both independently and along with IllusionBLACK. Customers of our managed services model benefit from immediate attack analysis, system triage, containment recommendations and full-blown forensics. Our forensics services are on-demand with a pay only for what you use, when you use it commercial model. www.smokescreen.io 6

Annex 2 - Operationalising Cyber Security Operation Centre (C-SOC) The second annex covers the requirements for operations of a cyber security operations centre, including what must be monitored, and how incidents must be responded to. Framework Reference Introduction Point 3 Governance Aspects Point 1 Governance Aspects Point 2 Framework Requirement Constant and continuous monitoring of the environment using appropriate and cost effective technology tools Board briefing on threat intelligence Dashboards and oversight How Smokescreen Helps IllusionBLACK is one of the most cost-effective solutions for monitoring a large environment. On average, our decoy monitoring solutions are 2 to 3 times cheaper than traditional monitoring. Additionally, the system requires minimal maintenance, freeing up existing resources to work on other priority areas. Smokescreen's private threat intelligence decoys give information about threats that specifically target your bank, not just companies in general. This information about who is seeking you out is of tremendous value to the board and helps define security priorities. IllusionBLACK has a highly accoladed visual dashboard that makes complex attacks easy to understand for laypersons without any technical knowledge. Cyber SOC Points to be Considered Point 1 Cyber SOC Points to be Considered Point 4 (b) The approach and methodology required to be put in place has to necessarily take into account proactive approaches rather than reactive approaches and have to also address possible unknown attacks. Incident investigation, forensics and deep packet analysis need to be in place to achieve the above. Our dashboard is regularly presented to senior management, and features replay capabilities to visually help understand the chronology of an attack. Decoy technology falls under the category of Active Defence, which is the new pro-active approach to security. Instead of waiting for attacks to complete, active defence solutions try to bring the attack to light with extremely rapid detection and response. Decoy technology is also agnostic to the attack methodology, so it stays effective no matter what the bad guys try tomorrow. IllusionBLACK has full packet capture of all attacks seen by the decoys. It also maintains full forensic evidence, and creates IOCs (indicators of compromise) to help find more instances of compromise. www.smokescreen.io 7

Cyber SOC Points to be Considered Point 4 (d) Analytics with good dash board, showing the geolocation of the IP s IllusionBLACK s intuitive dashboard, and natural language attack reconstruction make analysis extremely simple. The system also geolocates attackers in real-time automatically, saving analysis time. Cyber SOC Points to be Considered Point 4 (e) Counter response and Honeypot services IllusionBLACK is an enterprise honeypot system. We have the maximum deception techniques and most holistic kill chain coverage of any deception technology available. Expectations from SOC Point (b) Ability to provide real-time/ near-real time information on and insight into security posture IllusionBLACK detection and alerts are real-time. They are also so accurate (minimal false positives) that telephone alerts can be configured directly from the system. Expectations from SOC Point (d) Ability to assess threat intelligence and the proactively identify/visualize impact of threats on the bank IllusionBLACK offers unparalleled threat intelligence that is instantly visualised, automatically analysed, and can be integrated with other systems. Expectations from SOC Point (e) Ability to know who did what, when, how and preservation of evidence IllusionBLACK ThreatPARSE automatically reconstructs attacker activity, reducing mean time to know (MTTK) from days to minutes. All attack evidence is forensically preserved in standard formats for further analysis. www.smokescreen.io 8

Expectations from SOC Point (f) Integration of various log types and logging options into SIEM, ticketing/workflow/case management. IllusionBLACK has multiple integrations to push and pull information to other systems. If an integration for a particular system does not exist, Smokescreen can build it for you. Key Responsibilities of SOC - Monitor, analyze and escalate security incidents - Develop Response - protect, detect, respond, recover IllusionBLACK and Smokescreen s managed services increase your capabilities to cover all the key responsibilities of the SOC. - Conduct Incident and Forensic Analysis External Integration Threat intelligence feeds from various sources may be provided by the product vendors. Security information feeds from other Banks in particular and the financial ecosystem in general will be quite useful. IllusionBLACK offers the benefit of threat information sharing. Our strong client base in banking and financial services in India means that we often know about targeted threat attempts before anyone else. The benefits of this threat intelligence is shared with all other Smokescreen customers. www.smokescreen.io 9

Annex 3 - Template for Reporting Cyber Security Incidents This section of the framework proposes a detailed documentation structure to capture the particulars of an incident for reporting to the RBI. When it detects an incident, Smokescreen s IllusionBLACK can provide information to help complete the following fields from the template: Basic Information Date and time of incident detection Type of incident and systems affected Chronological order of events Root cause analysis Date of resolution CSIR Form Incident severity Type of threat / incident When was the incident first observed? How was the incident first observed? Who observed TCP / UDP ports involved in the incident Affected systems IP address / attacker s IP address Operating system What is the earliest known date of attack? What is the source / cause of this incident? Did the bank locate / identify IP addresses / domain names relating to the incident? www.smokescreen.io 10

About Smokescreen At Smokescreen, we use our deep insight into how apex hackers operate to build deception based defences. Our IllusionBLACK is the industry s most advanced decoy technology bringing military deception principles to the digital battlefield. Smokescreen s solutions protect some of the most highly targeted organisations globally, including leading financial institutions, and Fortune 500 companies. Email: info@smokescreen.io Phone: +91 22 610 63851 Web: www.smokescreen.io Address Smokescreen Technologies Kaledonia D wing, 1st Floor Sahar Road, Andheri East Mumbai 400 069, India.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback