Business Overview 1
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Business Overview
1
1. Company Introduction- Outline
SSR Inc. specialized in providing integrated information security service including
consulting, IT solution development and maintenance for government, education,
healthcare, finance and enterprises.
▪ Knowledge and Information Security
and Expert of Consulting
▪ Privacy Impact Assessment
▪ LG CNS Security Consulting
Specialization Business
▪ MOU : Pentax Security
▪ KISA Business Share Solution
SolidStep : Security Scan manager • IT Infrastructure (Server, NW, DB, WEB) Scan
• Infrastructure Vulnerability Scan
Cloud Service
• PC Security Solution
• Intrusion Activity Detection
• Web-page Change Audit
• Personal Information Detection
Consulting Technical Consulting
Administrative Consulting
Pen. Test
Service Security Scan
Information Asset
Security Scan
▪ 100% Success rate of Penetration Test
▪ Web, Mobile, C/S Vulnerability Asst.
▪ System in Infrastructure Security Asst.
▪ Asst. for Smart Home Devices like TV
▪ Source Code, Reverse Engineering
ISMS ISO27001
Financial Organization
▪ Information Security Management
▪ Management Private Information
▪ Scan Information
Communication Infrastructure
▪ Scan the Financial Services
Commission Electronic Finance
Director Regulation
Infrastructure
PIMS
SolidStep Cloud : IT Infrastructure Vulnerability Scan Management Service
SolidStep for PC : Security Scan Manager(PC)
MetiEye : Monitoring Web Malicious Code
2
1. Business Introduction– Team / Organization
SSR is composed of the best
information security experts of
knowledge information security
consulting business
“
“
Largest Scale of Experts!!
Tech. Consulting
Admin. Consulting
Sales
78 Technical Team
Support Department
Assigned Task #of Ppl
Consultant 48
R&D Planning 15
Tech. Support 15
Sales 7
Executive 6
Management 2
#of Ppl 93
Level #of Ppl
Super High 4
High 6
Mid 18
Elementary 20
#of Ppl 48
Total 93 people with 2 headquarters, 1 office, 1 laboratory, 7 groups, and 23 teams. 84% of people in our company are IT security technique experts. (Based on May. 2017)
20 People of MENSA
30
3
CEO
CTO
Executive Office
Consulting Business Div.
Tech. Consulting
Admin. Consulting
Solution Business Div.
Tech. Support
Tech. Laboratory
Service Business
Sales Group Service Business Group
38명
7 6
38명 30
48
The main business, Information Security Consulting, is consistently increasing. SSR
focusing on investment of information security solution since 2013. SSR obtained
11.3bilions in 8 years.
1. Business Introduction – Finance Structure
Increased employee for 7yrs x17
Increased revenue for 7yrs X56
4
2017 2017 2017 2010 2011 2012 2013 2014 2015 2016
5 11 42 52 59 80 84
2억 12억 36억 42억 50억 57억 82억
2017
0.2B 1.2B 3.6B 4.2B 5.0B
5.7B 8.2B
11.3B
5 11 42 52 59 80 84 86
SSR Inc. keep moving forward since August, 2010.
1. Business Introduction – History
2010. 08 Established
SSR Inc.
2010. 09 Selected as
Specialize Business on LG CNS Information
Security Consulting
2011. 12 Established Laboratory
2012. 09 Achieved ISO9001
Certification
2012. 10 Launched SolidStep MetiEye
2012. 12 Registered A Venture Company
2013. 04 Achieved
ISO/IEC 27001 Certification
2013. 12 Penta Security
MOU
2014. 03 Achieved MetiEye
GS Certification
2014. 03 Selected as
knowledge of Information Security
Consulting Specialized Company
2014. 04 Selected as Technology
Innovation Company (INNO-BIZ)
2014. 05 Achieved SolidStep
GS Certification
2014. 08 Achieved MetiEye
CC Certification
2014. 11 Minister’s Award
for Technical Commercialization
2014. 11 Achieved MetiEye Patent
2014. 12 Achieved SolidStep
CC Certification
2015. 07 Launched SolidStep PieLook
2015. 08 Selected as
Privacy Impact Assessment
2015. 09 Minister’s Award for Technique
Leakage Protection
2015. 12 Minister’s Award for Information
Protection Industry
2015. 12 Selected as
Development of
Human Resource
2016. 02 Launched SolidStep
for PC
2016. 04 ICT INNOVATION
Special Prize
2016. 04 Selected as
Youth Friendly Small Giants Company
2016. 05 Achieved SolidStep Patent
2016. 06 Established Laboratory
in Daejeon, Korea
2016. 08 Achieved
Executable Program Motion Monitor
Patent
2016. 09 Selected as
Seoul Small Giants Company
2016. 10 The
Prime Minister Award for A Day of
Electronic/IT
2016. 11 First
Overseas Export (U.S.)
2017. 01 Export
Solution to Europe
2017. 06 Selected as Excellent Venture Company
5
2017. 09 Launched SolidStep
Cloud
2018. 05 Launched MudFix
2018. 08 Listed on the
KOSDAQ Market
The experts at SSC are helping increase level of customer’s privacy by penetration test.
SSR’s 100% rate of succession on penetration test service is fulfilling analysis of expect threat which applied various scenario technique based on high level of understanding customer’s business.
2.1. Penetration Test Consulting
Service Area
Stable Access
Achieve Information Asset
Internal Area
OS Attack, Network Attack Application Attack
SSR Security Expert
Penetration Test Expert
Infra Expert Mobile Expert Reversing Expert Source Scan
Expert
Security Strategy ▪ security consultant who has great sense of SSR’s penetration test ▪ 100% composed with MENSA ▪ SSR’s best team leader for penetration test
Technical Consulting 1
▪ Made up with experts on scanning system such as server, network, security device, and wireless devices ▪ Made up with qualification of CCIE, SCSA, SCNA, CISSP, OCP etc. ▪ Team leaders who has various work experience with system/security
Technical Consulting 2
▪ Made up with mobile experts
▪ Fulfill vulnerability scan with smart appliances/IoT
▪ Made up with prize winner from Hacking Competition who has great knowledge about advanced technology
▪ A team leader from mobile security business
Technology Consulting 3
▪ Made up with experts of reverse engineering ▪ Develop specialized hacking tool across system area ▪ A team leader who has a long past with reversing
Technology Consulting 4
▪ Made up with expert who has work experience as programmer like web, mobile, CS ▪ Develop security module/ hacking tool with reversing team ▪ A team leader from a major security company
Mobile Web Application
Mail Backdoor Attack
H&R Data System
MES System
R&D System
6
Service Area
SSR Inc.’s technical consulting, which includes web, server, network, mobile, and smart appliance, is providing the best quality of service by customizing one’s requirements.
2.2. Information Security Technical Scan Consulting
▪ Web vulnerability scan
▪ Web penetration test
▪ Source code scan
Web App.
Information Asset Area
▪ Smart appliance scan
▪ Reverse engineering
▪ Source code scan
C/S & Smart App.
▪ Mobile vulnerability scan
▪ Information leakage risk
scan
▪ Source code scan
Mobile App.
Network
Server
Information Security System
▪ Policy management
scan
▪ Operation management
scan
▪ Access authority
Management scan
▪ OS vulnerability scan
▪ WEB vulnerability scan
▪ WAS vulnerability scan
▪ DBMS vulnerability
scan
▪ Component
security scan
▪ Device security scan
Year-round : Doosan, Nexon, LG U+, SKPlanet, eBayKorea General : Auction, LG Electronic, G-market, BCcard, Hyundai AUTOEVER, Posco, Daum, National Rehabilitation Center, Hyundai HMC Investment Security, Daelim Industrial Co., Yeungnam University, Korea Centers for Disease Control and Prevention, etc.
Major Implement Result
7
Security Management
SSR’s management consulting is providing information security management solution for successful and sustainable business to client based on multiple project experience.
2.3. Information Security Management Consulting
IT Security Infrastructure & Information Security Awareness Based
SSR’s Management Consulting Service
- Support consist improvement of security level - Operate systematic and efficient management of personal security/important information through ISMS, PIMS
ISMS, PIMS
- Support improvement of regular vulnerability manage/security level on national major infrastructure - Support secure availability of nationwide service and security management of institution
Major Info
communication
/ Infrastructure
- Meet compliance that related to financial services commission and electronic financial supervision regulation - Improve sensitive financial environment security level to support reliability on institution
Financial Institution
- Analyze infringement key and deduct improvement on degree of risk, possibility of right violation, a third party whether provide, and number of items when change/construct/ operate personal information file
Personal information
influence evaluation
Infrastructure
Administrative Consulting 3 Specializing team for analyze infrastructure
vulnerability and finance vulnerability Construct sustainable business environment Increase capability for customer through self-care
model
Information Security Policy
Information Security Process
Information Security Strategy
Information Security
Organization
Target for Information
Security
Information and communication infrastructure
/financial services
commission
ISMS/PIMS ISO27001
Influence evaluation on
personal information
Personal
Information
Administrative Consulting 2 1-Stop Service from impact evaluation to
management system realize manageable personal information system apply each level of personal information
management system to customer/in-company
Management System
Administrative Consulting 1 Optimized experts of materialization, establishment,
and dissemination Fulfill faultless project with best
efficiency/performance Provide product based on business environment
8
2.4. Information Security Consulting Result
SSR Inc. is providing information security consulting to over 340 of major public institutions/businesses. (based on June, 2018)
9
MetiEye supports secure web service operation environment by detecting/blocking malicious files and scripts (Webshell) which causes security threat in Web server.
3.1. A Real Time Web Server Detection Solution- MetiEye
Product Outline
Major Functions
MetiEye Monitoring System
Detecting Violation Measure
Statistic Report
Administrator
Most of developers have experience in security consulting New and variant Webshell patterns are reflected in heuristic engine
Webshell/Malicious URL Detection
Web Source Change Management
Limitation of File Creation (Upload)
Remote Management
Enterprise-class Administrative UI
Advantages Solution Support
Tech. Laboratory
Consulting Business
Headquarters
Abundant hacking pattern collection / application capabilities
New, variant Webshell detection via heuristic detection function
Availability via 4-Free (Install, Resource, OS, ACL Free)
Rapid detection speed of about 18 times faster than S.R.O.A architecture
Hash Value Matching Detection & Updating hash value consistently
Ensure stability with double encryption design
NETWORK APPLICATION
Vulnerable to new hacking method
Vulnerable to bypassing technique
Secure coding training is required Costly and long period of
development Large scale of application
management
Secure security Real-time monitoring Use web service smoothly Sense web server attack detection
pattern
10
3.1. A Real Time Web Server Detection Solution – MetiEye (Advantages)
It is the only product that is developed by a practical hacking consultant (Webshell development know-how). It boasts greater performance compared to its competitors with its overwhelming detection capability beyond patterned pattern detection.
Different Levels of Detection Capability Optimized Architecture
1
3
Industry-Leading pattern Collection / Apply Ability
Speedy Algorithm
Intelligent Detection
5
6
Ultra Light-Weight Agent
Security Design
- Detect unregistered patterns by detecting Webshell behavior
other than formal regular expression pattern
- Rapid detection speed of about 20 times faster than S.R.O.A
architecture
- Automatically detects new/variant Webshells intelligent heuristic
detection
- Minimize server burden via 4-Free Agent technologies
- Minimize of introduction fatigue
- Guarantee security between Agent and Manager via first and
second encryption
4
Hash Value Matching Detection
- Automatically detect hash values for known Webshells quarantine
2
11
MetiEye Other Company’s Product
Develop Team Information Security Consultant
(Hacker) IT Developer (Developer)
Pattern Collection Internal Development + Eternal
Collection (Supplement) Rely on External Supplement (Internal
Ability Absence)
QA & Text Actual Web-Shell Attack Test Internal Composition Check (Coding Error)
New Response New Trend Research and Webshell
Development Rely on External Supply (Internal Capability
Absence)
After Support Updating on Reflect Consulting Trend General Maintenance (H/W, S/W)
MetiEye has developed by professional consultant
who performed penetration test with real Webshell.
The Origin of Solution is Different The Specialized Company of Knowledge Information Security Consulting
3.1. A Real Time Web Server Detection Solution – MetiEye (Comparison)
MetiEye, a solution which developed by consulting specialized company, is reflected professional know-how about real web hacking.
Service Management
Patch/Log Management
Function/Option Management
Environment Composition Management
Network
SolidStep could fulfill overall automated security scan system of server, web, network, DBMS. Provide report that over professional manpower result and able to measure hardening information security level by accumulated statistic.
Compare Scan Type with SSR’s Solution and Other General Security Business.
Server DBMS WEB/WAS
Product Outline
3.2. Infrastructure Vulnerability Scan Solution - SolidStep
Account Management
File/Directory Management
Statistic Report
Method Unit Accuracy Speed Scale Sum Manage Report Stability
Existing Scan
Sampling 1M/M 100 ±75% Report
completed 1 1
Unable to compare with existing result
Re-scanning needed when
changing result
Save plain text file for
collecting data
SolidStep Overall
Inspection Unlimited 100%
Report ready in a short period of
time
1/300 1/10 Accumulate
statistic report is possible
Various forms of report
Coded collecting
result
13
SolidStep could fulfill overall automatized security scan system of server, web, network, DBMS. Provide higher quality report than professional manpower and able to measure hardening information security level by accumulated statistic.
3.2. Infrastructure Vulnerability Scan Automation Solution- SolidStep
14
Collecting-Analyzing’ segregate structure that security is the most privilege
to secure scan target system
* Only SSR has this structure and patent is being processed
main title Matchless Scan
Structure
Provide various operation method considering customer’s environment/culture such as Agent,
Agentless, Offline
Support the most platform compare to other same line of business products (PC, Server, DBMS,
WEB/WAS, Network)
main title Support Various
Operation Environment
Deduct acceptable scan result on both security team and management team by fulfilling
scan that 100% agree with customer’s internal security guidelines
main title 100%
Fixable Result
Fulfill infrastructure security scan by consulting expert who has experience over 200 times of
security consulting
main title Apply
Security Consulting Know-how
3.2. Infrastructure Scan Automate Solution – SolidStep(The Best Advantage)
Could secure higher competitiveness compare to other same line of business in management of security level. This continuously performing with core ability of SolidStep which reflected to SSR’s own information security consulting know-how.
15
3.3. Cloud Based Infrastructure Vulnerability – SolidStep Cloud
SolidStep Cloud provides best-in-class services to protect small-scale IT infrastructures such as small enterprises, start-ups, and small businesses at a low cost.
Collector
Vulnerability Analyzer
Reporter
Analyzer
Individual Agent
SolidStep Cloud Service
AGENT
Infrastructure Vulnerability Scan Area
Purchase Licenses by
Platform (Customizing)
Targets for Cloud Service Cloud
Small Enterprises
Start-UP Small
Businesses
16
3.3. Cloud Based Infrastructure Vulnerability – SolidStep Cloud
By introducing a platform license purchase method, SSR present the direction of infrastructure vulnerability scan management so that key elements of business can be safely protected.
Service Benefits
Optimized Customers
High-quality Vulnerable Scan
Service Reasonable Price
Compliance 100% Respond
Custom License
Fulfilling core vulnerabilities used by large corporations and financial institutions
in the same way
Providing cloud-based
vulnerability scan service at 1/10 price
Completely responds to
100 major legal items in Korea
Purchasing license by customer’s IT infrastructure
(customizing)
Small business owners and start up with small IT Infra environment
Small business where cannot even imagine high price vulnerability scan
Customers who have
experience with unsatisfied
security consulting
Companies & merchants collecting customer’s personal
information
17
3.3. Cloud Based Infrastructure Vulnerability – SolidStep Cloud
SolidStep Cloud boasts the largest scale of scan range as infrastructure vulnerability scan cloud service in Software as a Service (SaaS) type.
Type Platform Support Version
OS
Windows * PC - Vista/7/8/10, Server - 2003/2003 R2/2008/2008 R2/2010/2012
Linux * glibc2.4 ~ 4.5, Redhat, Debian
IBM - AIX * 5.1 ~ 7.2
HP - UX * PA-RISC 11.00 or higher, itanium11.23 or higher
Oracle Solaris * SPARC 5.7 ~ 5.9, x86 10 ~ 11
DBMS
Oracle * Oracle database 8/9/10/11/12 (Except 12C)
MSSQL * Microsoft SQL server 2000 ~ 2014
MySQL * MySQL 5.0 ~ 5.6
IBM - DB2 * DB2 9/10
Sysbase * Sysbase Database ASE 15.7 ~ 16.0
Tmax - Tibero * Tibero 5 ~ 6
Altibase * Altibase Database 6 ~ 6.5
Postgre SQL * PostgreSQL 9.1 ~ 9.6 (Support PPAS)
MariaDB * MariaDB 5.1 ~ 5.5, 10.0 ~ 10.2
WEB
Apache * Apache 1 ~ 2
IIS * IIS 6 ~ 8
Tmax WebToB * Tmax WebToB 4.1
Oracle Http Server * 11g, 12g
Iplanet * Iplanet 6.1
WAS
Apache Tomcat * Apache Tomcat 5 ~ 9
Oracle Weblogic Server * Oracle Weblogic Server 10 ~ 11
Tmax JEUS * Tmax JEUS 5 ~7
IBM WebSphere * IBM WebSphere 8
Nginx * Nginx 1.4 ~ 1.10
Jboss * Jboss 5 ~ 7
Resin * Resin 2 ~ 3
NETWORK
Cisco * IOS XE, XR
Juniper * Junos OS 12.1X45 ~ Junos OS 16.1
HP(3COM) * 3Com H3C – Support 4500, 5500, 4200G, 4500G, 4800G, 5500G, 7750, 7900E, 8800
Alteon * Alteon OS - version 23.2.2, version 24.0.7
Alcatel * Alcatel AOS – Support 6400, 6850, 6850E, 6855,. 9000E
Extreme * ExtremeXOS
18
19
Establish
security
awareness
Security awareness training solution, MudFix
Security
awareness
training
Prepare various
secondary and
tertiary
damages
MudFix is a solution that repeatedly improves security awareness through e-mail by preparing for social engineering attacks, and measuring/managing the security level of organizations.
3.4. Social Engineering Attacks (Malicious Email) Response Training Solution – MudFix
20
Advantages Functions
Training Target
Registering users, checking
information, tagging users
Training
Maximize accessibility of training and
minimize essential elements
Results
Individual/overall progress,
information, and training results
Visualizing leaked files
Fully Customized
training forms
Measuring behavior analysis
MudFix enhance security awareness through the visualization of leaked files, with various training forms, and measure the level of security at each level based on behavior analysis, and respond to hacking.
3.4. Social Engineering Attacks (Malicious Email) Response Training Solution – MudFix
1
2
3
4
5
Extract data from infected objects
Latest trends reflected training forms
Reasonable Price
Customized Service
Upgrading the security level
MudFix adopts the SaaS(Software as a Service) or the built-in method. MudFix prevents hacking, malicious code, Ransomware infection by repetitive training.
3.4. Social Engineering Attacks (Malicious Email) Response Training Solution – MudFix
21
MetiEye has the largest scale of installation and operation references in various environment such as financial and public institutions.
3.4. Case of Internal/External Solution Construction - MetiEye
Business
Daelim, Hyundai Heavy Industries Co., Ltd., Hansol, Coway, LG U+, Move Games, L&K Logic Korea, Modetour, Tourbaksa,
Yellow Cab, Research Ad, Café Bene, TonyMoly, Nflint, LG Household & Health Care Ltd., Inner’s Community, Korea Times, Hwaseung,
Herald Corp., Korea I.com, Daeha International, Asset Plus, Bobae Dream, Secure IDC, Sisley Korea,
NuriMedia, Ltd. Korea Textile News, Korea Professional Golf Tour, Korea Zinc Company Inc., Cheonson Culture Center, Sbox, Yanolja,
BrandStory, Enex, Degisnmay, Bearcreek, Interflex Co., Ltd., Boryung Inc. , AfricaTV, Dongil Rubber Belt Co., Payletter Co.,
Korea Daiichisankyo, Redcaptour, Public Homeshopping, Ezwelfare Co. Ltd., One Store, Ktoto, Ubcare, Ahnlab, Doosan, S1, Gabia, KTskylife
Songpa-gu Office, Scientry Daegu National Science Museum, Korea Fire Safety Association, Korea Machine Stock Exchange,
Ministry of Land-Infrastructure and Transport, Busan Port Authority, Korea Consumer Agency, Seoul Business Agency,
Korea Knowledge Property Strategy, Korea Education Development Institute, Korea Sports Promotion Foundation,
Korea Labor Foundation, Busan City Hall, Daegu Firefighting Headquarters, Korea Women’s Development Institute, Korean Educational
Development Institute, Korea Federation of Small and Medium Business, Korea Fire Safety Association
Public Institution
KB Investment Securities Co., SK Securities Co., Hanhwa Insurance Co., Smartro, Korea Deposit Insurance Corporation, Smartbank,
A&D Credit Information, KB Insurance Co., Ltd., Korean Federation of Community Credit Cooperatives,
Korea Credit Information Services, Nice D&B
Financial
Kyungnam College of Information & Technology, Jungchul Language Institute, Silla university, Chung-Ang University Healthcare System,
UNIST, Busan Catholic Univ., Eduzone, JEI, Youngsan Univ., Ulsan University Hospital,
Gyeongnam National University of Science and Technology
Educational/Hospital Institution
22
5,000 License Sold
3.4. Case of Internal/External Solution Construction - SolidStep
SolidStep is constructed in various environment like finance sectors and IT business operators. Therefore, SSR acquires the largest references of installation and management as a single business.
Business KT, KTDS, LG U+, Hyundai Motor, KIA Motors, Coway, LGcare, CJmall, Kolonbenit, Nuriins, LG Chemicals, Hyundai AUTOEVER, Wshopping, Hyundai
Mobis, SK broadband, SK Telecom, Isu Group, AhnLab, Hyundai America&Europe, Hyundai-wia, Golfzon, SK Networks, Asiana Airlines, GoodNeighbors
R.O.K. Cyber Command, The Ministry of Patriots & Veterans Affairs, Korea Institute of Civil Engineering and Building Technology,
Korea Telecommunications Operations Association, National Institute for Lifelong Education, Korea Educational Development Institute,
Korea Agro-Fisheries Trade Corporation, SEJONG CITY, Seoul Education Research&Information Institute, Defense Agency for Technology and Quality,
Agency for Defense Development, Korea Airports Corporation, Korea Environment Corporation, Korea Institute of Nuclear Safety,
Nuclear Safety and Security Commission, SEC lab, Anseong City Hall, Ulju County Office, Kangwonland, Ministry of Education,
Korea Securities Depository, LH Korea Land & Housing Corporation, Korea National Oil Corporation, Ministry of Culture, Sports and Tourism,
Korea Midland Power Co. Ltd., Korea Aerospace Reserch Institute, National Pension Service, Cheongju International Airport, UNIST,
Korea Credit Information Services, Jeollanamdo Provincial Government, Korea East-West Power Corporation,
Gyeongsangbuk-do Development Corporation, Korea Public Finance Information Service, Seogwipo City, Busan Port Authority, Yeoncheon County,
Ministry of Food and Drug Safety, Defense Security Command, Namhae County
Public Institution
UNIST, Catholic University of Pusan, Korea Maritime and Ocean University, Gyeongsang National University,
Seoul National University of Science & Technology, Kangwon University, Doowon Technical University, Daegu Health College, Woolsan University,
Silla University, National Cancer Center, Ulsan University Hospital
Educational/Hospital Institution
KB Insurance Co., KB Life Insurance Co., Hanhwa Insurance Co., KG Mobilians, Smatro Co., A&D Credit Information Company, Seoul Money Brokerage,
Kiwoom Stock, National Credit Union Federation of Korea, NH Life Insurance Co., DGB Life Insurance Co., ING Life Insurance Co., Woori Card,
Korea Securities Finance Corp., Dongbu Stock, Kyobo Life Insurance Co., BC Card, KG Inicis, NH NongHyup Property & Casualty Insurance Co.,
KB Kookmin Bank, Woori Bank, KB claim adjustment, Lotte Card, Heungkuk Life, Korea Credit Information Services, Industrial Bank of Korea,
Gyeongnam Bank, Hana Financial Group, Welcome Bank, Hanwha Investment & Securities Co., A&D Credit Information
Financial
23
More than 60,000 machine installation, 500,000 times of inspection. (Including consulting, overall scan experience: hundreds of thousands times)
Project Started Implementation
Check Overall
Inspection Follow-up Action
2012.04 2012.05 2012.06 2012.11
Discuss scan method
Check guide
Overall inspection on 12 types of 6,000 servers
Overall inspection on 1,600 servers
Security guide improvement
/regular check
Involved People :1
Involved People :1
Involved People :1
Involved People :1
1
2
3
Various system inspections needed due to company consolidation (3 companies)
The most secured scan is needed
System scan needed for isolated network
Scan Windows, AIX, Solaris, HPUX, Linux
Run 12 types of scan module according to architecture
Server operator get to choose own way to fulfill the case
Stable scan on legacy system that has been operated for over 10 years
Offline collecting results on automatic handling management server
12 types of 6,000 Systems, 200 Security Control Items
With the Speed of 300 people (by one person)
SolidStep UI
Internet
Windows Unix DBMS WEB WAS
Network
Overall Inspection, the level of security consulting, of Infrastructure - Reduce expense and resource
Digitized security level for security guide / compliance validation - Continuous implement check to standardized increasing levels of security
Expected Effect
3.5. Major Use of Example – LG U+ : SolidStep, MetiEye
SSR Inc. manages security system via SolidStep and MetiEye with stability complex infrastructure which has been operating for over 10 years based on LG U+’s various system environments.
24
Project Started Pre-Operating Regular Inspection
2014.02 2014.03 2014.04
Discuss scan methods
Develop guideline for scanning
implementation
check on 2013’
Overall inspection on 1,600 servers
Fulfill regular consulting business
Involved People : 1 Involved People : 1 Involved People : 1
Internet
Windows Unix DBMS WEB WAS
Network
1
2
3
Overall infrastructure for short term scan needed
Related regulation/electronic finance regulation of supervision compliance
Regular check up for annual schedule/events
Use SolidStep to fulfill scan over 1,600
Handled existing consulting via SolidStep
Support updating future item
Immediate security check for new/change system
Objective evaluation for consistently increasing security level
1,600 Systems, 150 Security Control Items
With the Speed of 300 people (by one person)
Short term overall inspection on infrastructure - Reducing expense/resource
SolidStep UI
Expected Effect
3.5. Major Use of Example – KB Indemnity Insurance : SolidStep
By security evaluation items, which strictly following compliance, defined as Regulation on Supervision of Electronic Financial Activities. SSR manages outsourcing consulting tasks based on existing sample via SolidStep’s automatic overall inspection.
Compliance on supervision of electronic financial activities - Instead of dealing with compliance by workers, dealing compliance
with our own solution
25
Project Started Pre-Operating Regular Inspection
2016.10 2016.11 2016.12
Discuss scan method
Develop Scan guide
2016’ perform inspection
1,300대 대상
전수검사
운영메뉴얼 개선 및 상시 점검
Internet
Windows Unix DBMS WEB WAS
Network
1
2
3
Short-term construction and scan required for overseas corporate conditions
Development of scan items based on US legal analysis
Annual schedule and event irregular inspection
By using SolidStep, more than 1,300 units are constructed ands scanned in a month
Developing items that meet US Privacy Act, Federal Information Security Management Act, etc.
Possible to comply with both domestic compliance and US laws
Immediate security inspection on new and changed systems
Negotiations on development of a continuous vulnerability item in the United States without clear guidance on vulnerability scan management
New standards for US legal standards for 1,300 systems, inspection at 300 speeds
Short term Inspection of the Entire Infrastructure - Reduce costs and resource
Scan Management Based on US Legal Analysis - Compliance with US Privacy Act, Federal Information Security Management Act, etc.
SolidStep UI
Expected Effect
3.5. Major Use of Example – Hyundai AutoEver America : SolidStep
Before SSR conducted manual inspections of vulnerability reports only through information provided by government agencies, SSR have developed customized vulnerability items via analyzing the North American market to ensure that can be checked at all times.
26
Involved People : 2 Involved People : 2 Involved People : 2
Contact Us
1606, JnK DIGITAL TOWER, 26 GIL ,111, DIGITAL-RO, GURO-GU, SEOUL, KOREA 08390
Homepage. www.ssrinc.co.kr
E-mail. [email protected]
Tel. 02-6959-0129 Fax. 02-6959-0130
27
Related Documents
![컴퓨터보안 실습 - parkjonghyuk.net€¦ · 컴퓨터보안 실습 ... 정보 보안 개론[개정3판], 양대일 저, 한빛미디어, 2018, 1. 디지털 포렌식 개론(2판),](https://static.cupdf.com/doc/110x72/604a7835ebbe86549a6b568b/e-e-e-e-eoeeeoe3oe.jpg)
