tehnologii vizionare security intelligence bogdan toporan │ best internet security

Tehnologii vizionare

Security Intelligence

Bogdan Toporan │ BEST INTERNET SECURITY

© BISS 2011 │ all rights reserved

Motive pentru IT Security

►Nevoia reala de conectare

►Existenta Internetului

© BISS 2011 │ all rights reserved

Motive pentru IT Security

Sursa: http://cm.bell-labs.com/who/ches/map/gallery/index.html

© BISS 2011 │ all rights reserved

Motive pentru IT Security

►Complexitatea sistemelor informatice

►Rapiditatea adoptarii noilor modele si tehnologii

© BISS 2011 │ all rights reserved

Ce protejam?

►Retele?

►Useri?

►Cloud?

►Securitatea informatiilor vizeaza mentinerea confidentialitatii, integritatii si disponibilitatii acestora.

© BISS 2011 │ all rights reserved

BISS – infiintata in 2001

Trusted information security integrator

© BISS 2011 │ all rights reserved

Expertiza

Gateway

Server

Desktop

NIPS / HIPS

VAM

Web filtering

IAM

Log Management

Encryption /PKI

UTM

DLP

WAN Optimization

SIEM

Intelligence

BISS

Web AppE-mailEtc.

WAFXML FwMail fwAntiSpamApp scansCode review

ApplicationApplication

OracleSQLEtc.

VAIPSDiscoveryLog mgmtAdmin monitorDAMReporting

DatabaseDatabase

CompliancePlanAuditTrainingDeploymentSupportProfessional services

ConsultantConsultantNetworkNetwork

© BISS 2011 │ all rights reserved

X-Force Trend Risk report H1 2011

© BISS 2011 │ all rights reserved

X-Force Trend Risk report H1 2011

►Common points of entry the public website and data servers.

employee workstations or endpoints.

© BISS 2011 │ all rights reserved

X-Force Trend Risk report H1 2011

► Aproximativ 50% din vulnerabilitatile cunoscute sunt inca unpatched

© BISS 2011 │ all rights reserved

X-Force Trend Risk report H1 2011

►Un studiu recent al Forrester Research, releva faptul ca peste 75% din companii nu au documentat inca un database security plan.

►Forrester estimeaza de asemenea ca in prezent, DBAs aloca sub 5% din timpul lor pentru database security.

►Key drivers pentru database security

Atacatorii sunt motivati sa compromita bazele de date cu o protectie slaba, de sumele pe care le castiga vanzand datele personale sustrase.

Cyber-spionajul vizeaza proprietatea intelectuala.

Hacktivism-ul este o forma de atac motivata politic, adesea sponsorizata politic si folosita pentru suportul activitatilor politice.

Amenintarile interne sunt considerate cele mai serioase, angajatii putand frauda si exploata facil accesul legitim.

Compliance – cerinte tot mai complexe

© BISS 2011 │ all rights reserved

X-Force Trend Risk report H1 2011

© BISS 2011 │ all rights reserved

Security drivers

© BISS 2011 │ all rights reserved

Welcome CERT-RO

►In cazul unui atac, exista resursa interna pregatita sa faca fata?

►La cine pot sa apelez?

• Lista de parteneri

• Date de contact

• Outsourced

►La cine am incredere sa apelez?

© BISS 2011 │ all rights reserved

Security solutions

►“An infinite number of monkeys with an infinite number of typewriters and an infinite amount of time could eventually write the works of Shakespeare “—The Infinite Monkey Theorem

►“An infinite number of hackers

with an infinite number of

keyboards, an infinite amount of

caffeine, and an infinite amount

of time could eventually

compromise a network.”

© BISS 2011 │ all rights reserved

Security Intelligence

►Informatie relevanta (intelligence)

►Vizibilitate (in timp real)

►Predictibilitate (risk management)

►Administrare unitara (corelare)

►Reactie rapida

►Analiza (forensic)

►Scalabilitate

© BISS 2011 │ all rights reserved

Security Intelligence

►Log Sources (log management)

►Event Sources (security event management)

►Incident data (security information management)

►Flow data (network behaviour anomaly) – app&user level

►Vulnerability data

►Realtime correlation & prioritization

►Relevance – offence identification

© BISS 2011 │ all rights reserved

Eliminate False Choice - Capability & Simplicity

Siloed Solution Integrated Solution

© BISS 2011 │ all rights reserved

Quick Facts – Q1Labs

►Headquartered in Waltham, Massachusetts, US – Founded 2001

Family of next-generation Log Management, SIEM, security intelligence solutions

Leader in Gartner Magic Quadrant

Named 2010 SIEM Industry Innovator

►QRadar: The Most Intelligent, Integrated and Automated SIEM in the Industry

Best solution for:

• Threat detection

• Rich contextual analysis of network behavior offenses to mitigate the impact of

security threats and network anomalies

• Analytics for threat and incident prioritization

• Layer 7 Application classification

• Heterogeneous network flow and security event support

Data Reduction/Summarization ■ Multivendor Support ■ Discovery/Classification

Policy violations detection ■ Bandwidth threshold detection ■ Host connection detection

Asset change detection ■ Network offense correlation ■ Linking network offenses

© BISS 2011 │ all rights reserved

QRadar

Compliance validation and security response improvement in the same solution

Out of the box content to swiftly meet PCI, NERC, SOX, HIPAA, GLBA, CoCo, etc.

Flexibility to meet new compliance standards as they evolve

PCI HIPAA FISMA

CoCo NERC SOX

© BISS 2011 │ all rights reserved

QRadar: Total Intelligence

Suspected Incidents

User correlation and application forensics enabled fraud detection prior to

exploit completion

2Bn log and event records a day reduced to 25 high priority

© BISS 2011 │ all rights reserved

QRadar: Full Impact Analysis

© BISS 2011 │ all rights reserved

Qradar: Offense Management

What was the attack?

Who was responsible?

How many targets involved?

Was it successful?

Where do I find them?

Are any of them vulnerable?

How valuable are they to the business?

Where is all the evidence?

Clear & concise delivery of the most relevant information …

© BISS 2011 │ all rights reserved

QRadar: Risk Manager

QRadar Risk Manager moves organizations beyond traditionally reactive security management by delivering:

Multi-vendor network configuration monitoring &

audit

Automated compliance and policy

verification

Predictive threat modeling & simulation

Requirement

Configuration Audit

Network Activity

Vulnerability Management

Risk Management

© BISS 2011 │ all rights reserved

QRadar: Risk Manager impact analysis

Feature Benefit

Network topology and traffic maps, provided in context of an active threat

Greatly enhance end-to-end visualization and remediation of security incidents

Summary network connection database and visualization tools built from high volume of network flow data

Improves the speed and efficiency of drilling into end user activity and attack path

Graphical mapping of risk (both pre and post exploit) on top of network visualization tools

Greatly improves time to recognize and remediate security incidents

© BISS 2011 │ all rights reserved

QRadar: Data Loss and Fraud Detection (offense 2853 in the data set)

Potential Data Loss?Who? What? Where?

Who?An internal user

What?Oracle data

Where?Gmail

© BISS 2011 │ all rights reserved

QRadar: Risk Manager Attack Path Visualization

Offense

Attack Path

Firewall & Interface

© BISS 2011 │ all rights reserved

QRadar: Predictive Threat Modeling and Simulation

Feature Benefit

Automated threat modeling, focused on active network zones and security policy, as new threats emerge on the internet

Helps assess the business impact of existing, and yet to be named, vulnerabilities

Ability to define a “virtual” sandbox, for modeling and simulating risk and/or threat impact of network changes

Provides invaluable insight during security planning

Powerful threat simulation tools, that visually shows the propagation of a threat

Greatly improves the ability to recognize threats before they occur

How are things configured?•Topology

What has Occurred?•Network Activity•Events

ExploitPropagation

VulnerabilityPrioritization

+

© BISS 2011 │ all rights reserved

QRadar: The Most Intelligent, Integrated and Automated in the Industry

• Proactive threat management• Massive data reduction• Rapid, complete impact analysis

• Eliminates silos • Highly scalable• Flexible, future-proof

• Operational elegance• Simple deployment• Rapid time to value

© BISS 2011 │ all rights reserved

Q&A

►In cazul unui atac, exista resursa interna pregatita sa faca fata?

►La cine pot sa apelez?

• Lista de parteneri

• Date de contact

• Outsourced

►La cine am incredere sa apelez?

►Cum tratez problemele de confidentialitate?

►S-ar fi putut detecta atacul mai devreme (inaintea declansarii impactului)?

►Cine e responsabil pentru securitate?

►Cum imi monitorizez reteaua si echipamentele de securitate acum?

►Cum monitorizez utilizarea aplicatiilor de socializare?

►Cum interpretez rezultatele fusnizate de scanerele de vulnerabilitati?

►Cum stabilesc anume o prioritizare a sistemelor vulnerabile?

►Am cum sa fac o corelare a informatiilor furnizate de reteaua mea?

© BISS 2011 │ all rights reserved

Sample Slide Bullet Points

►The text demonstrates how your own text will look when you replace the placeholder with your own text.

►This is a placeholder text. This text can be replaced with your own text.

►If you don’t want to use the style and size of the fonts as used in this placeholder it is possible to replace it by selecting different options.

For replacing the placeholder text you need to click on the placeholder text and insert your own text.

The text that you insert will retain the same style and format as the placeholder text.

MULŢUMESCBogdan Toporan │ BISS

bogdan.toporan@biss.ro

www.biss.ro