Dr. Phillipe Evrard Managing Director Why Are Quantar Solutions - PowerPoint PPT Presentation

Dr. Phillipe Evrard Managing Director

Why Are Quantar Solutions Systems Unique? Each component of the systems have been protected, resulting in preventing other companies copying or developing the same/similar methods of identifying, quantifying and calculating network operational risks. System backend – passive device management is a patented technology. Gulf States Patent n-ORM method of taking backend data and modelling Protected threats to derive a value at risk for networks attached Kuwait to the internet is a patented technology. U.A.E. Qatar n-STS method of taking backend data and modelling Saudi Arabia threats using advanced stochastic statistical Oman modelling is a patented technology. Bahrain n-REP method of taking n-ORM outputs and modelling reputational damage values financially has patents applied for (2010).

Network Trends Hackers Cyber attacks Organized crime Targeted attacks Security forces Viruses Government agents Automated attacks Eco warriors Trojans Subversive movements Worms Information loss Network risk management Data corruption Education Operational failures Training Weakened defences Controls Financial impacts Risk-aware culture Compromised security Pro-active resilience

Is your security better than the major world banks?

Is your security better than the leading military organizations?

Are all your crucial assets fully secure?

Etihad Airways Website 18 th May 2010 19.00 - 20.20 ❑ Your infrastructure is ALREADY under attack. ❑ Your security systems are being attacked hourly. ❑ Your operations are attacked every day. ❑ Can your security perimeter be secure 100% 24/7/365 ?

Where Does Quantar Fit? Network Risk Valuation Continuity (all risk not network) Identification Quantar + Quantar + Quantar + IASCA BS 25777:2008 Firewalls Algorithmics BS25999 Network Scanners Lombard ISO/IEC 27002 :2005 Intrusion Detection Munich RE BS 7799-1:2005, Anti-virus Swiss RE ISO/IEC 17799:2005 Lloyds of London Resilience NATIONAL & ENTERPRISE RESILIENCE Assessment I.T. Quantification Network Security (all risk not network) Firewalls Quantar + Quantar + Intrusion Detection Symantec ESM Methodware Network Scanners IBM – ISS Sungard Packet Filtering COBIT ISO 31000:2009 Content Scanners OCTAVE IBM – ISS Anti-virus ISO 27031 OpVantage Holistic Behaviour BS25999 Palisade

What Are Others Doing? Key Trends: 1.) Government backed nation infrastructure protection programs using private companies. 2.) Specialist centres/units established for cyber and information security using external suppliers. 3.) Co-ordination between different units for national resilience. National Infrastructure Cyber Specialist National Information Security Digital Systems Cyber Security Programme Council – NISC (Japan) Knowledge Transfer Network – KTN (U.K.) Centre for the Protection of United Arab Emirates Computer Emergency National Infrastructure - CPNI (U.K.) Response Team – aeCERT (U.A.E.) National Infrastructure Protection The French Network and Information Program – NIPP (U.S.A.) Security Agency – FNISA (France) Agence Nationale de la Sécurité Critical Infrastructure protection / des Systèmes d’Information - ANSSI Protection des infrastructures critiques - PIC (France) Co-operative Cyber Defence Centre - CCD (NATO) European Network & Information Security Institute for Cyber Security - ICS (U.S.A.) Agency – ENISA (European Commission)

Continuous improvement to enhance national infrastructure protection & the role of Quantar Physical Assess Risks Measure Set Implement Identify Cyber (consequences, Effectiveness Prioritize Protection Security vulnerabilities, Assets Programs Goals threats) Human Feedback Loop Original Source: U.S. National Infrastructure Security Plan (NIPP )

Current I.T. Security Environment Standards & Regulations • Resilience • Audit • Management • Control • Valuation • Compliance • Continuity • Reports Calculation Future • Safety • Oversight & Reporting Process Technical SAS C.A Methodware Symantec Emerging Algorithmics IBM/ISS Collection & Aggregation Internal External Processes Raytheon Cisco COBIT Mature C.A. Checkpoint ISO Symantec Nokia Sarbox IBM/ISS etc Octave etc etc Detection Existing Operations I.T. Integrated Non-I.T. Integrated I.T. Trends

Standards & Regulations • Resilience • Audit • Management • Control • Valuation • Compliance • Continuity • Reports • Safety • Oversight Calculation Future & Reporting Quantar Solutions n-ORM Emerging & Collection & Aggregation n-STS Mature Detection Existing Operations

Risk Management Systems Landscape Enterprise Risk Systems High Component Risk Systems Quantar Solutions SAS Reveleus Algorithmics Usage Methodware Potential RCS Open Pages Sunguard Paisley Chase Cooper FRS Interexa Coreprofit BWise Mega Guideline Ruleburst Centreprise Optial Low Low High Degree of Specialization of Offering Source: Chartis Research Report #RR0701 – Operational Risk Management Systems 2007

Quantar Solutions Systems Development History – A Mature System 1999 - 2005 System back-end developed by IT security specialists (working With NATO / Eurocontrol /NAMSA/SWIFT) n-ORM developed in conjunction with high level 2006 - present military intelligence simulation & training organization System back-end re-developed to integrate patented 2006 - present technologies by leading UK university + current R&D Advanced algorithms developed in conjunction with 2006 - 2009 multi-year award winning actuarial consultancy n-STS developed in conjunction with leading 2009 - present credit & market risk management organization

What Will Fail When an Attack Gets Through? Banking Traffic; Water Oil & Transport; & Military Telecoms Electricity Production Retail Shipping Treatment Internal Security Systems Technology Networks Network Security Layer 3 etc Layer 2 Network Security Network Security Layer 1 Foreign Military Anti-Religious Groups Organized Crime Internet Foreign Governments Hackers Terrorists Militia Eco Warriors Anti-Political Groups

Quantar Identifies Which Will Fail and Which Needs Maximum Protection. Traffic; Water Banking Oil Transport; & Military Telecoms Electricity & Production Shipping Treatment Retail Internal Security Systems Quantar Quantar Quantar Quantar Technology Networks Network Security Layer 3 etc Layer 2 Network Security Network Security Layer 1 Quantar Quantar Foreign Military Anti-Religious Groups Organized Crime Internet Foreign Governments Hackers Terrorists Militia Eco Warriors Anti-Political Groups

System Back-end Installation: Analyzes traffic between the internet and your firewall

Analytics engine: Identifies threats but does NOT read the actual data, eliminating risks of information theft or compromise.

Typical backend actual client data illustrating the day/time; category, target and severity of each attack This company experienced 350 attacks in one hour via its’ network of this attack with a severity of 7

High Level Concept Date & Time of Attack Severity of Attack <Crimson Version="1“>− ▪ <ObservedThreats ObservationStart=" 2008-02-25 T00:00:00" ObservationEnd=" 2008-03- ▪ 03 T00:00:00"> <Threat ID=" DOS MSDTC attempt" Category="Indiscriminate" Target="Unknown" ▪ SeverityScore="7" > <Observation Day="Monday" From="00:00:00" To="00:59:59" Count="52"/> ▪ <Observation Day="Monday" From="01:00:00" To="01:59:59" Count="32"/> ▪ <Observation Day="Monday" From="02:00:00" To="02:59:59" Count="56"/> ▪ <Threat ID=" WEB-MISC http directory traversal" Category="Indiscriminate" Target="Unknown" ▪ SeverityScore="7"> <Observation Day="Monday" From="00:00:00" To="00:59:59" Count="247"/> ▪ <Observation Day="Monday" From="01:00:00" To="01:59:59" Count="152"/> ▪ <Observation Day="Monday" From="02:00:00" To="02:59:59" Count="266"/> ▪ <Observation Day="Monday" From="03:00:00" To="03:59:59" Count="437"/> ▪ Categorization Target of Attack

High Level Concept Inputs Threat IT Business Database Systems Processes Processes System Process Activity Predicted Predicted Risk VaR Risk Predictor Activity Activity Calculator Calculator Systems Tuning of Values at Firewall Risk

Installation of n-ORM requires no computer skills. Just follow the simple Instructions.

The whole installation is fully automated. Advanced users can select locations and settings.

There are 2 options: Install the full version or just the infrastructure manager module.

A summary is given before the user accepts and installs the software

From start to finish, it takes around 30 seconds to install n-ORM on a PC or laptop.