Top Banner
Information Security services Planning & Roadmap Ramanuj Prasad Singh
25

Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

May 27, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Information Security services Planning & Roadmap

Ramanuj Prasad Singh

Page 2: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

ISS Practice Structure

Ramanuj Prasad Singh

Marketing Pre-Sales Deployment Resource

Page 3: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Current Enterprise Scenario – Beyond Boundaries..

ApplicationServers

SuppliersCustomers

Stake Holders

Employees

Business to Suppliers

Business to Employees

Business to Stake Holders

Business to Customers

Business to Distributors

Distributors

Page 4: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

The Age of the Hyperextended Enterprise

HyperextendedEnterprise

Complex Risk, Security and

Compliance Environment

Supply Chain

IT Consumerization

CustomerServices

InnovationCollaboration

ExpandingIdentities

ExplodingInformation

EvolvingInfrastructure

IncreasingRegulations

BUSINESS ISSUES IMPACT

Virtualization andCloud Computing

Page 5: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Companies are Opening Up

5

Extranets Connectingbranchoffices

IP Telephony

Instant Messaging

Email on PDAs

Application Sharing

Web Applications

Email with Outsiders

Mobile Workers

Tele-Working

Page 6: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Manageability

Complicated

Complex

The Customer Environment…

Network security

Can such complexity

deliver a high level of

security?

Page 7: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Key Operational Challenges

Partners Perspective

70%

54%

40%

39%

35%

33%

21%

20%

19%

19%

11%

11%

9%

7%

4%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Cost of failure, downtime and business interruption

Growing complexity of threats and security requirements

Compliance and governance mandates

Escalating incidence of intrusions and threats

Growing mobile workforce

Global economic dependency on eBusiness

Customer and partner pressure

Increase corporate liability and insurance costs

Automation of critical manual processes

Concerns about corporate and brand reputation

Homeland security threats and imperatives

Media scrutiny and coverage

CEO and board room mandates

Heightened public concern

Other

All sample

Cost of Failure, Downtime

Cost of Failure, Downtime

Growing Complexity of Threats

Growing Complexity of Threats

Compliance and Regulatory Mandates

Compliance and Regulatory Mandates

Page 8: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Managing Risk and Threats

No clear visibility to threats and exposures

Inability to adequately address exposures Slow to respond

Page 9: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

9

Governance, Risk and Compliance

Users

Applications

Data

Systems

Network

FacilitiesAp

plic

atio

n Se

rvic

esIn

fras

truc

ture

Se

rvic

es

Information

SecurityInfrastructure

Security

Security IT

Infrastructure Availability and PerformanceReduce total cost of ownership IT Green IT

Information Access ControlApplication SecurityData Protection and Data Loss Prevention

System and End point SecuritySecurity Log HandlingMobile SecurityBusiness Continuity

Application AvailabilityApplication PerformanceSafeguarding Data

IT and Security Challenges

Page 10: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

10

Security Solutions

Governance, Risk and Compliance

Users

Applications

Data

Systems

Network

FacilitiesAp

plic

atio

n Se

rvic

esIn

fras

truc

ture

Se

rvic

es

Information

SecurityInfrastructure

Security

Security IT

Secu

rity

Inci

dent

and

Eve

nt M

anag

emen

tId

entit

y an

d Ac

cess

Man

agem

ent

Ente

rpris

e Se

rvic

e De

sk

Biometrics

Endpoint FW, AV

Patch Management

Enterprise FW, VPN, IPS

Network Access Control

Storage Security

Email and Web Security

Network Monitoring System

Bandwidth Optimization

Server and Desktop Virtualization

Disaster Recovery and BCPStorage –SAN, NAS

Backup, Restore and Archiving

Web Application Acceleration

Global Load Balancers

Application Infrastructure Design

Data Center Consolidation

Infrastructure Consulting

Server Load Balancers

Application Performance Monitoring

Data Leakage Prevention, DRM

SSL-VPN

Web and Mail Security

Multi Factor Authentication

Web Application Firewall

PKI & Enterprise Encryption

Professional Services

Page 11: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Targeted OEM

S. No. Technology OEM1 Antivirus, HIPS, Antispam Symantec, Trend Micro, Mcafee2 Load Balance (Link & Servers) F5 Networks, Array Networks, A10, Radware3 SIEM (Security Incident & Event Management) Arcsight, RSA, Symantec4 Two Factor Authentication RSA, Nexus, Vasco5 Proxy & Caching Solution Websense & Bluecoat6 WAN Optimisation Riverbed, Silver peak7 DLP Websense, RSA, Symantec8 Web Application Firewall F5, Palo Alto, Imperva9 Encryption Symantec, IBM

10 VA/PT Nessus, Burp suit

Page 12: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

12

Key Alliances Targeted

12

Information Security Solutions

Page 13: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

13

Our Strength- ISS Training & Certification Pool

13

Security Training/Certifications

Microsoft Certified System Administrator

Microsoft Certified System Engineer

Sun Certified System Administrator

Sun Certified Network Administrator

Sun Certified System Administrator for Cluster

Linux Certified System Administrator

Linux Certified Network Administrator

VERITAS Storage Foundation Administrator

EMC Certified Storage Consultants

VMware Certified Professionals

NetApp Certified Data Management Administrator

NetApp Accredited Storage Architect Professionals

NetApp Accredited Sales Professionals

IT Training/Certifications

CISSP

CISM

ITIL V3

ISO 27001

PMI

Checkpoint

Fortinet

Symantec

McAfee

Juniper

RSA

Arc Sight

Websense

Bluecoat

F5

Radware

Cisco

Page 14: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Few Important Technologies

• Two Factor• SIEM• WAF

Page 15: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Two-Factor Authentication: “The act of identifying an individual by using any combination of something they know, something they have or something they are.”

“Something you know” = PIN, password, life question

“Something you have” = Token, Smartcard, Trusted Device

“Something you are” = Biometrics (fingerprint, retinal scan, etc)

What is Two-Factor Authentication?

Page 16: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

How does It works?

Page 17: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

17

Two Factor Authentication Solution

Page 18: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

18

SIEM-The Enterprise Today Mountains of data, many stakeholders

Router logs

IDS/IDP logs

VPN logs

Firewall logs

Switch logs

Windows logs

Client & file server logs

Wireless access logs

Windows domain logins

Oracle Financial Logs

San File Access Logs

VLAN Access & Control logs

DHCP logs

Linux, Unix, Windows OS logs

Mainframe logs

Database Logs

Web server activity logs

Content management logs

Web cache & proxy logs

VA Scan logs

Configuration Control

Lockdown enforcement

Access Control Enforcement

Privileged User Management

Malicious Code DetectionSpyware detection

Real-Time Monitoring

Troubleshooting

UnauthorizedService Detection

IP LeakageFalse

Positive Reduction

User Monitoring SLA MonitoringHow to analyze and manage all the data to transform the

information into actionable knowledge and intelligence

Page 19: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

19

Solution: SIEMAn Information Management Platform…

Compliance Operations Security OperationsAccess Control

Configuration ControlMalicious Software

Policy EnforcementsUser Monitoring & Management

Environmental & Transmission Security

Access Control EnforcementSLA Compliance MonitoringFalse Positive ReductionReal-time MonitoringUnauthorized Network Service DetectionMore…

All the DataLog Management

Any enterprise IP device – Universal Device Support (UDS)No filtering, normalizing, or data reductionSecurity events & operational informationNo agents required

Server Engineering Business Ops. Compliance Audit App & DBNetwork Ops.Risk Mgmt.. Security Ops. Desktop Ops.

ReportAlert/Correlation

Incident Mgmt.Log Mgmt.

Asset Ident. Forensics

Baseline

…For Compliance & Security Operations

Page 20: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

• 82% of Web applications have vulnerabilities1

• 75% of all Internet attacks target applications2

• Attacks are getting more sophisticated– Increasing in scale due to automation, Google hacking

– Growing threats: L7 DDoS, CSRF, botnets, massive SQLi, scraping

Why Protect Web Applications?

1 White Hat - statistic for initial examination; 2 Gartner Research

Page 21: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Application Threat IPS/Network Firewall Application Firewall

Cookie poisoning Well known signatures only

Hidden field manipulation Well known signatures only

Cross Site scripting Well known signatures only

Injection Attacks None

Stealth Commanding None

Parameter Tampering None

Buffer overflow None

Google Hacks None

Forceful Browsing None

Identity Theft None

Application DoS None

Data Theft None

Challenges with Legacy Security Solutions

21

• Network Firewalls– Blindly allow HTTP/S Web traffic

• IPS/IDS– Signature matching only, not application aware– Cannot protect from zero-day attacks– No protection for encrypted traffic– Non deterministic protection– Cannot “normalize” traffic to detect attacks

What is Missing?More insight and control into application structure:URLs, cookies, headers, FORMs, Session, SOAP actions, XML elements …

Web Application Firewall - WAF

Page 22: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

The solution: Layer 7 security

Web Applications

Port 80/443 traffic goes through

Firewall blocks only network

attacks

Web Application Firewall

The solution: Web Application Firewall

Understands web traffic

Layer 4 and Layer 7 load balancing for Web servers

Accelerates application delivery

Protects against common web attacks

Mitigates broken access control 22

Page 23: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

A New Type of Security is Needed

Network Access(OSI Layer 1 – 3)

Protocols(OSI Layer 4 – 6)

Application(Layer 7)

Network Layer

Transport Layer

Application Layer

Traditional firewalls only detect network attacksOnly inspect IP address, port/service number

IPS and NG firewalls only detect known signatures No application understanding; high rate of false positives/negativesNo user/session tracking; No protection of SSL traffic

Web Application Firewalls alone detect application attacks!

Page 24: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Web Worm DetectionThreatRadar

Data Leak Prevention

Application Profile

Multiple Layers of Protection

Detects HTTP protocol violations

Identifies known attacks- 6,500+ signatures updated weekly

Detects abnormal application usage

Prevents sensitive data leaks

Stops malicious users before an attack is launched

Detects HTTP protocol violations

Identifies known attacks- 6,500+ signatures updated weekly

Detects abnormal application usage

Prevents sensitive data leaks

Stops malicious users before an attack is launched

Web Services

Protocol Validation

Attack Signatures

Page 25: Information Security services Planning & Roadmap · Security Infrastructure Security Security IT Security Incident and Event Management Identity and Access Management Enterprise Service

Let’s begin!