Ministry of Science, People First, Performance Now Technology and Innovation Enterprise GRC Framework – p Unified Approach to Address Silo Cyber Security Landscape Ramaguru Ramasubbu and Rahul Moondra 7 th November 2012 h
Ministry of Science, People First, Performance Now Technology and Innovation A Agenda d � Current Scenario � Cyber security � EGRC Space � Future Vision � Unification � Automation � Case Study � Correlation � Value Proposition p
Technology and Innovation Ministry of Science, Performance Now People First, Current Scenario
Ministry of Science, People First, Performance Now Technology and Innovation Cyber security challenges that orgs face today Actors Actors Tools & Tools & Business Business Vulnerability Vulnerability Techniques Impacts CTURE Insecure Identity theft Cyber Criminals Malware protocols FRASTRUC Data loss / Social Outdated External Attackers leakage Attacks patches/signatures engineering Unauthorized Organized groups g g p Backdoors Weak passwords p Access Access A RPRISE IN Image / Business/ Lack of Freeware / open Reputation loss awareness National rivals scripts ENTER Service Weak perimeter Ignorant insider Botnets unavailability defense Disgruntled Customer Default employee / Espionage dissatisfaction configurations g P Partner t
Ministry of Science, People First, Performance Now Technology and Innovation And orgs respond to them with point solutions A d d t th ith i t l ti Vulnerability Patch Management Management NAP/NAC Configuration Security ON FORMATIO Breaches/Attacks Breaches/Attacks RUCTURE Espionage Security security Cyber threats Gateways, Malware/Botnets Malware protection Proxies, and Firewalls Identity theft Identity theft s TICAL INF NFRASTR Phishing/Social Engineering Network Security Application Security Monitoring g CRIT IN Wireless/Mobile Email Security Security Insider Attacks / Backdoors
Ministry of Science, People First, Performance Now Technology and Innovation Globally the attacks are ever increasing… “Cybercrime is more of a more of a reputational threat than threat than systems f il failure” ” “2012 IBM Global Reputational Risk and IT Study” 2012 IBM Global Reputational Risk and IT Study conducted by the Economist Intelligence Unit
Ministry of Science, People First, Performance Now Technology and Innovation Statistics in Malaysia are not different either…
Ministry of Science, People First, Performance Now Technology and Innovation On the other hand…. Policy Management Business Audit Continuity Management Planning GRC GRC Compliance Performance Management Management Controls Risk Management Management
Ministry of Science, People First, Performance Now Technology and Innovation Various org initiatives are related to each other Policy Control Management Management Compliance Performance Risk Management Management Management Business Audit Audit Continuity Management Planning
Ministry of Science, People First, Performance Now Technology and Innovation And cyber security is related Policy Business Audit Continuity Continuity GRC GRC Cyber Cyber IT GRC Security Compliance Performance Control Risk
.. and current state is… Solutions Element Security Cyber GRC GRC Anti Virus Poli cy Manage ement Malw ware protection Firewalls Compl iance Manage ement Proxies Ne twork Security Monitoring Perform mance Manage ement Patc ch Management GRC V Vulnerability M Management Contr rol Manage ement Wi reless Security App lication Security Busin ess Contin uity Plann ing Secured C Configuration Sec curity Gateways Aud it Performance Now People First, Manage ement NAP/NAC Technology and Innovation Email security E Ministry of Science, Risk k Manage ement M obile Security
.. running in silos… Solutions Element Security Cyber GRC Anti Virus Policy M Management Malw ware protection Firewalls C Compliance M Management Proxies Ne twork Security Monitoring Pe erformance Ma anagement Patc ch Management GRC GRC Vulnerability V M Management Control Ma anagement Wi reless Security App lication Security Business Continuity C Planning Secured C Configuration Sec curity Gateways Audit Performance Now People First, Ma anagement NAP/NAC Technology and Innovation Email security E Ministry of Science, Risk Ma anagement M obile Security
Solutions Security Element Cyber GRC GRC ..and overlapping with each other… Anti Virus Policy Managem ment Malw ware protection Firewalls Complian nce Managem ment Proxies Ne twork Security Monitoring Performan nce Manageme ent Patc ch Management GRC Vulnerability V Management M Control l Manageme ent Wi reless Security App lication Security Business s Continuit ty Secured Planning g C Configuration Sec curity Gateways Audit Performance Now People First, Manageme ent NAP/NAC Technology and Innovation E Email security Ministry of Science, Risk Manageme ent M obile Security
Technology and Innovation Ministry of Science, Performance Now People First, .. and the result is …
Technology and Innovation Ministry of Science, Performance Now People First, Case Study
Things look normal, in silo… Ministry of Science, People First, Performance Now Technology and Innovation Things look normal in silo Things look normal, in silo… Digitally signed Connectio and encrypted MS08-067 Anti-spyware n to port communication with RC4 Vulnerabili installed installed Users Users and RSA algorithms d RSA l ith 445/TCP 445/TCP ty patched locked out Files downloaded for wrong from internet passwords sites Operating Asset NIDS Vulnerability system manager scanner Operating Internet system security suite HTTP web Firewall File and Printer Files updated sites browsed rules sharing services in system updated accessed New Dlls folder attached tt h d to services Firewall NIDS File integrity File integrity HIDS monitor Antivirus
.. And suddenly few abnormal symptoms .. Ministry of Science, People First, Performance Now Technology and Innovation .. And suddenly few abnormal symptoms… Services are Network not available traffic Systems Systems to customers increases increases shutdown shutdown b become slow ISP bl blocks k Services are Disk Freeware your IP :- not available usage and PPP DDOS to customers increasing found on detected your servers your servers FROM FROM your IP
.. Analysis finds it .. Ministry of Science, People First, Performance Now Technology and Innovation .. Analysis finds it .. How Conficker Wh Who Wh Why worm When What
Ministry of Science, People First, Performance Now Technology and Innovation Which was an outcome of .. Employee used infected MS08-067 vulnerability USB patched with custom fix patched with custom fix Week policy on removable Automating patch media management MS08-067 Check for random DNS Custom protocols allowed , connect to HTTP service and download updates custom fix Week policy on removable Automating patch media management DLL based Autorun Trojan Open backdoor in firewall installed installed and Wi-Fi devices Week authorization to install Week configuration software management Scan other machines on Exploit MS08-067 Port 445/TCP for open p Vulnerability, Use Default Vulnerability Use Default windows shares passwords Week authorization to install software Default configurations Search for other vulnerable NetBIOS push to upload it machines , Infect any new self to exploited machines Removable Media Use of Unnecessary No vulnerability assessment protocols
Ministry of Science, People First, Performance Now Technology and Innovation .. And consequences could be .. Zombie systems Zombie systems Legal Financial losses Financial losses consequences ?
Ministry of Science, People First, Performance Now Technology and Innovation .. Let us see how they relate to .. L h h l Security Security Risk IT Risk Cyber security security Impact Impact incident Control IT IT objective bj ti Vulnerability
Technology and Innovation Ministry of Science, Performance Now People First, Future Vision
Ministry of Science, People First, Performance Now Technology and Innovation Key objectives are… Unification GRC GRC Automation
Solutions Element Security Cyber Cyber GRC GRC Unification at two levels… Anti Viru us Polic y Managem ment Malware prot tection Firewall ls Complia ance Managem ment Proxies s Network Sec curity Monitori ng Performa ance Managem ment Patch Manag gement GRC GRC Vulnerabi ility Managem ment Contro ol Managem ment Wireless Sec curity Application S ecurity Busine ss Continu uity Plannin ng Secured d Configurat tion Security Gate eways Audit t Performance Now People First, Managem ment NAP/NA AC Technology and Innovation Email secu urity Ministry of Science, Risk Managem ment Mobile Sec urity
Recommend
More recommend