Implementing SANS Security Controls to Improve Information Security

Copyright © 2015 EiQ Networks, Inc. All rights reserved.

Justin PennockEiQ Networks

SANS 2015

Copyright © 2015 EiQ Networks, Inc. All rights reserved.2

• Threat Landscape

• The Evolving Security Model

• Critical Security Controls

• EiQ Security Monitoring Solutions

Agenda


• Open-source tools and exploit kits make it easy to get into the cyberattack business

• Cyber crime pays

Motivated attackers

$1 per credit card1 X 42M cards2 = $42,000,000

$20 per health insurance credential1

X 11M records3 = $220,000,000

1. “Managing Cyber Risks in an Interconnected World”, PwC, September 30, 2014

2. Target data breach, 20133. Premera Blue Cross data breach, 2015


• Average cost to a company = $3.5 Million per incident

• An increase of 15% over the previous year

Costly Security Incidents

”2014 Cost of Data Breach Study: Global Analysis”, Ponemon Institute


Prevention

Perimeter SecuritySignature-based Detection

Reactive

Behavior-based DetectionCorrelation & Analytics

Security Controls

Proactively strengthen security posture

Evolving Security Model


• Perimeter defense strategy is no longer effective – they’re probably already inside

• By definition there is no signature for a zero-day exploit

Signature-Based Detection


• Evolved to detect advanced threats using – Correlation– Analytics

• Can effectively reduce– Detection time– Investigation time– Response time

• Reactive by nature

SIEM


• Proactively improving security posture

• Allows you to build a process that is:– Automated & Continuous– Measurable

• Focused on risk reduction– Can’t eliminate threats but…– Reduce the attack surface– Contain the damage

Critical Security Controls


• Inventory of Authorized and Unauthorized Devices

•Why it’s important:– New and unprotected systems on the network can be

easy targets for attackers– Unauthorized devices could already be compromised

before they connect (BYOD)

• Applicable tools:– Network scanning– DHCP server logging– Network access control

Device Inventory


• Inventory of Authorized and Unauthorized Software

•Why it’s important:– Attackers scan for versions of software that contain

known vulnerabilities that can be exploited– The use of malware can allow an attacker to compromise

systems or send data out of the network

• Applicable tools:– Application whitelisting– Software inventory systems– Endpoint security

Software Inventory


• Secure Configurations for Hardware and Software

•Why it’s important:– Default settings for OS’s, applications and devices are not

always secure– Falling behind on the latest vulnerabilities, updates and

patches can leave systems open to attack

• Applicable tools:– Configuration monitoring– Automated patching– Secure standards – CIS Benchmarks/DISA STIGs

Secure Configurations


• First platform to combine SIEM & CSCs– Both reactive and proactive security monitoring

EiQ SecureVue

Security Controls

Are there unauthorized nodes on our network?

Is any unauthorized software running on our network?

Are hosts and devices configured securely?

Are there nodes with vulnerabilities on our network?

Are proper malware defense in place on our network?

Are there any unauthorized wireless access points on our network?

Are there any unauthorized ports & protocols on our network?

Is proper event logging in place?


• Save time & money, improve security posture

Subscription license to SecureVue SIEM/LMInstalled, managed & monitored 24/7 by EiQ SOCIncident notification & guidanceContinuous visibility into critical security controls

EiQ SOCVue Managed Service


SOCVue Security Portal


Please visit www.eiqnetworks.com to learn more

Request a Demo of SecureVue

Request a Free Trial of SOCVue Monitoring Service

Thank You

http://www.eiqnetworks.com/

Implementing SANS Security Controls to Improve Information Security

Technology