Integrated Managed Cyber Security Framework (IMCS)

Securing information, Staying compliant and

Ensuring brand protection

Cyber threat landscape is constantly

evolving in today’s digitally

connected world. Organizations

have to deal with complex IT

environments, which stretch the

boundaries of traditional enterprises

with integrated value chains, mobile

employee base and movement to

cloud. Cyber attackers often exploit

the weakest link in this complex

environment to launch cyber attacks

varying in their degree of severity

and stealth.

Organization these days deploy

myriad of technologies to prevent

these attacks and in case of

regulated industries to remain

compliant. There are over forty

different technology components

that for part of security ecosystem

covering network, datacenter, cloud,

application, email, data and

endpoints. This heterogeneous

approach on one hand provides the

best of breed technologies for

protecting the organizations but on

the other presents a large challenge

to define, collect, collate, interpret,

and define actionable intelligence

that can help organization improve their security posture.

Need for an Integrated Managed Security Framework

360o view to organization security posture

Define organizational

security posture

Determine type, level

volume, of sources

Collect, collate, correlate

& analyze telemetry data

Overlay cyber threat

intelligence

Derive actionable cyber

security intelligence

Cyber security incident

response & remediation

Linking organizational risk posture,

regulatory and compliance needs

to integrated managed cyber security framework

Every organization has a different security profile driven primarily by the industry

they are in, regulatory requirements, geographical dynamics and business value

chain. Understanding of these components helps in framing the security policies

and creating a framework that can monitor and respond to the threats whilst

adhering to these policies. It is essential to understand this risk profile to determine

the key sources of telemetry (security logs) data across security, infrastructure and

application elements. Beyond sources, it important to determine the right level of

telemetry is configured, volume managed and noise eliminated.

Governance

Iden fy

Assets

CyberRisk

Standards&Regula ons

TechnologyComponents

Audits&Compliance

Organiza onStructure

Policy&Process

Users

BusinessRisk

WebServers

AppServers

EmailServers

Endpoints

Applica ons

StorageArrays

IDS/IPSFirewallNetworkDevices

Volume

Noise

Level

Toomanydevices,hosts,networkandapplica onsgenera nglogsDifferentformatsandloca onsoflogsmakesitdifficultforaccessLargequan tyoflogsaregenerated,whicharedifficulttokeep

Lotofinforma ongeneratedinlogsisredundantandrepe veNoisewithinlogsmakesitdifficulttolocatemeaningfulinfoNoisylogsalsomakeitdifficultformaintenanceandreten on

Veryo enrightlevelsoflogsarenotenabledwithinsourcesEitheradefaultlogginglevelissetorelseaverylowlevelissetImproperlevelsleadtoinforma onlossandlackofvisibility

VarietyVarietyofdevices,apps&networksourcestochoosefromConstantreviewofthreat&technologylandscapefornewsourcesAssessmentoffullcoveragev/sriskbasedcoverage

Linking governance to telemetry decisions

Integrating organization telemetry

data with Cyber Threat Intelligence for driving actionable intelligence

Traditional security operations center focus on collecting telemetry data from

the devices into an SIEM for driving correlation and reporting. Whilst this may

have been sufficient in the past, changing threat landscape demands a much

tighter integration between various threat constituents.

Cyber Threat Intelligence Framework is a combination of tools, feeds and

analytics, which integrates with organization’s telemetry data and SIEM’s

correlations rule engine. This overlay of external and internal threats, gives a

clear picture of how organizations threat landscape is vis-à-vis global threats.

CTIF integrates with SIEM using STIX and TAXII formats, and allows the overlay

to determine alerts such as Ransomware, DDOS, SQL Injection, SPAM bots,

unauthorized logins, suspicious user behavior and policy violations.

Endpoints

WebServers

AppServers

EmailServers

Applica5ons

StorageArrays

IDSFirewall

NetworkDevices

RiskBasedPriori- za- on

OffenseIden- fica - on

Abilitytoseea, acksincontext

Accuracyofdetec5onandresponse

Fasterdetec5onandresponse

ProvidesinputsonIoCs&threatactors

CTIF

PrivateFeeds

PublicFeeds

Organ

iza-

onal

Telemetry

Public

ThreatIn

tel

CIFServer

PushedDailyFeeds

CIFClientAnalyst

Mi- ga- onEquipment(Firewall,IDS,dnsSinkhole)

UsersQuerying(IndexedFeeds)

CTIFFeed

ThreatCorrela on

Ac onableIntelligence

Cyber Security Incident Response

Framework for limiting the effect and duration of incidents

Corporations today face a high risk of security incident and increased possibility

of serious financial problems caused by a data breach. Research shows majority

of incidents would have been avoided through simple or intermediate-level

controls. An effective Computer Security Incident Response Team (CSIRT) can

help organization protect critical assets and data and lower risks by increasing

awareness and creating controls.

Effective CSIRT framework is combination of activities that organizations can

undertake during Peacetime primarily around monitoring, simulation and health

check, for Wartime (in case of attack) around respond, remediate and forensics.

PeaceTimeAc vi es

HealthCheck

Prepare

Monitor

Simulate

RootCause

RemediateForensics

Response WarTimeResponse

SLAdriven24x7overageAutomatedremedia onRootCauseandForensicsStakeholdercommunica onsThreatscenariossimula onsCo-ordina onwithOEM

Riskbasedassetclassifica onSecuritypolicyenforcementProac vesecuritymonitoringAutomatedremedia onworkflowSimula onusecasedefini on

Incidentiden fica onResponseandremedia onRootcauseanalysisandforensicsAnalyze,report&createevidenceUpdateincidentknowledgebaseUpdateremedia onworkflows

Deliverables

Peace

meac

vity

War

meac

vity

About Sequretek:

As the fastest growing, independent security, identity access governance and analytics

provider, Sequretek helps global organizations to secure, protect and manage their

information assets residing across different devices, data centers, and in the cloud.

Sequretek’s industry leading product portfolio offers end-to-end security solutions

ranging from modern end point protection to advanced access governance and analytics.

For more information, visit http://www.sequretek.com and info@sequretek.com.

Integrated Managed Cyber Security Framework

Sequretek IT Solutions, B Wing, 3rd floor, Navkar Chambers, Marol Naka, Andheri (E), Mumbai, India, 400059

Governance,RiskandCompliance

Endpoints

WebServers

AppServers

EmailServers

Applica ons

StorageArrays

IDSFirewall

NetworkDevices

Inciden

tRem

edia

on

Inputs

Repor ngRisk

Matrix

SecurityPolicyInput

CTIF

ThreatIntel

ICMS framework stitches together a 360O view to the organization from security

policy to devices and organizational telemetry to global feeds, and finally

bringing in an incident management component that ensures that organization is

prepared to deal with any potential security threat that may arise.