risk management and remediation

Risk Management and Remediation 1

Risk Management and Remediation

Kurt Van EttenSymantecDirector, Product Management

Stephen BrownArelliaPresident

Dan McManusArelliaDirector of Sales

Agenda


Need to Move to Risk Management1

Deeper Dive on Risk Manager2

Remediation3

Rapid Maturation of Information Security


Continuous Monitoring

CyberscopeReporting

• Collection of Data• Vulnerability• Configuration• Procedural

• Reporting to higher• Peer Comparison

Risk Scoring&

Management

• Focus on top priorities

• Drive action to reduce risk

Symantec Approach to IT Risk Management


CCS RISK MANAGER

TRANSLATE ACTINFLUENCE

How do you drive measurable

risk reduction?

How do you convey IT risks to your

peers?

How do IT risks affect your mission?

Introducing CCS Risk Manager


CCS RISK MANAGER

TRANSLATE ACTINFLUENCE

»Prioritize based on business impact

»Align Security andIT Operations

»Track risk reduction over time

»Convey IT risk in business terms

»Customized views for greater impact

» Justify new security investments

»Define virtual business assets

»Connect relatedIT assets

»Create business view of IT risk

Current View of IT Risk – Technology Centric


Transaction Processing

System

Case Management

Translating IT Risk


Translating IT Risk



System

CaseManagement

Plan Name Risk Objective Status

Current Score

Projected Score

Target Date Owner

Plan A Secure Configuration Completed 2.75 2.75 3/15/12 Bob

Plan B Patch Level Standard Completed 1.81 1.81 4/11/12 Joe

Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe

Plan C Protect Web Servers Completed 2.10 2.10 2/28/12 Dave


Current Score

Projected Score

Target Date Owner

Plan A Secure Configuration Submitted 3.65 2.75 3/15/12 Bob

Plan B Patch Level Standard Completed 1.81 1.81 4/11/12 Joe


Plan C Protect Web Servers Submitted 3.51 2.10 2/28/12 Dave


Current Score

Projected Score

Target Date Owner

Plan B Secure Configuration Submitted 3.65 2.75 3/15/12 Bob

Plan C Patch Level Standard Submitted 4.22 1.81 4/11/12 Joe


Plan D Protect Web Servers Submitted 3.51 2.10 2/28/12 Dave

Using Risk to Drive Accountability and Action



System

Define a business asset you want to manage

Visualize and understand IT risk for this business asset

Prioritize remediation based on IT risk, not technical severity

Monitor risk reduction over time

CCS Risk Manager Highlights

10


Risk & Compliance Sales Specialist Training - CCS Risk Manager

Visualize and Understand IT Risk

11

Enterprise Wide View of Business Risk

Risk Overview for People’s Bank

Risk & Compliance Sales Specialist Training - CCS Risk Manager

Visualize and Understand IT Risk

12

Balanced View of Business and Operational Metrics

Drill down to technical

details

Prioritize Remediation Based on Risk

13

Risk Modeling


Prioritize Remediation Based on Risk

14

Remediation Plan by Risk Objective

Review & finalize remediation plan


Monitor Risk Reduction Over Time

15

Manage Remediation Plans

Track risk reduction for remediation plans


Data Driven View of Risk• Cross-reference multiple data points for a true view of risk• Combine 3rd party data for ‘composite’ risk score• Easily digest and distill data from thousands of devices

1

Effective Risk Management

16

Ability to Show Business Value• Map IT assets to business assets• Present relevant information to business peers• Flexible reporting – avoid costly re-mapping efforts

Move Beyond Risk Assessment to Risk Monitoring & Management • Track objectives and monitor risk over time• Develop action plans to manage entire remediation process• Demonstrate risk reduction over time

2

3


Effective Remediation

• Remediation: The act or process of correcting a fault or deficiency• Automating Remediation can:– Fix 95% of Security Profile settings w/o manual intervention

– Immediately address an environment’s post-audit vulnerability status

– Provide significant ROI


Why Haven’t We Automated Remediation?


18

• Registry settings• Security audit• Account lockout

• Local password policies• Service configuration• Account privileges

• Automatic remediation for 6 well known configuration types

• Auditing and Remediation– Security (Auditing) vs. Operations (Change Management)

• SCAP Validated• Means that we can ingest SCAP audit results!!!

• Standards Enable Security• Common language between security and management• Security results become Management Tasks

• Actionable, Automated, & Auditable

Closed Loop Direct Remediation

19

SCAP Audit Initiated• FDCC• USGCB• STIG• CIS

SCAP Audit Tool Remediation Tool

End Point



20

Audit Complete• Results Available

via ReportingSCAP Audit Tool Remediation Tool

End Point

Security Results Management Tasks

Remediation Tasks Executed• Approval Manual

and/or Automated



Remediation Complete• Results Available via

ReportingSCAP Audit Tool Remediation Tool

End Point

Remediation Complete• SCAP Audit Tool

Notified

SCAP Validation Audit • FDCC, USGCB, etc.



22

Validation Audit Complete• Results Available

via ReportingSCAP Audit Tool Remediation Tool

End Point


Didn’t You Mention Something About ROI?

• Fix 95% of Security Profile settings w/o manual intervention

• Immediately address an environment’s post-audit vulnerability status

• Provide a significant ROI to a customer

Example: Windows 7• Post “Typical” Install of Windows 7, run a USGCB audit• Windows 7 installation will be around 30% compliant (70%

failure to comply)

• Soft costs (unfactored): Lost productivity of Jr. Admin AND End User

• Will need to perform remediation again after next audit!

Manual Audit Costs

Number of issues to address 100

Minutes per issue 5

Total Time (Hours) 8.33

Jr. Admin Salary $50,000

TOTAL COST $200.32


RemediationActions

Security Configuration

Visibility

A

BC

D

How Arellia Can Further Help Effective Risk Management

Removing End Users’ Administrator

Rights

Securing Local Admin Accounts &

Passwords

ApplicationWhitelisting

AutomatingRemediation

Privilege Management:

1 in 14

43%

110 Million

$653

Increasing Security AND End User Productivity

Programs downloaded in Windows are malicious

2011 MS Bulletins address Privilege Exploitation

Estimated new Windows 7 users in 2012

Annual cost savings per managed endpoint:“moderately managed” vs. “locked and well-managed”

Privilege Management: The ability to enable or secure applications through the addition or removal of user rights.


Windows 7 End User Accounts:

“Ideal” end user model?• Standard User with elevated

privileges for predetermined (by customer) functions– Cannot be done without a third

party tool

• Balances security needs with end user productivity– Security posture remains high

– End user productivity remains high

– Support costs at all levels lowered

High Security Posture AND End User Productivity

“Privilege management and application control tools help

achieve total cost of ownership (TCO) reasonably close to that of a locked and well-managed user, while giving users some

ability to control their systems.”

Gartner: “The Cost of Removing Administrative Rights for the Wrong

Users” (April 2011)


Local Administrative Rights:

• Who has Admin Access?!?!?• What was the justification?• When were these waivers last reviewed?• Where in my organization are these local end

user accounts with admin rights?• Why aren’t my GPOs enough?

The Interrogative Process


How Do I Fix This?• Local Admin Password: Randomization & Cycling• Discover local user accounts– Including accounts with admin rights

• Group Membership Enforcement• Windows Service Account Management• Auditing of Administrator Account Usage• Local Security Inventory and Configuration• Compliance Reporting


www.arellia.comItem Description

How to purchase Sold exclusively via Symantec sales and partners

Buying Options Available in Symantec buying programs

Contacts 800.889.8091 (Option 1) or [email protected]

Data Sheets www.arellia.com/solutions

Forums / Documentation portal.arellia.com/wiki

Videos (YouTube Channel) www.youtube.com/user/ArelliaSoftwareVideo

Webcasts / Events www.arellia.com/events

Blog www.arellia.com/blog

Twitter @ArelliaSoftware

Partner Portal arellia.channelplace.net

mailto:[email protected]

http://www.arellia.com/solutions

http://portal.arellia.com/wiki

http://www.youtube.com/user/ArelliaSoftwareVideo

http://www.arellia.com/events

http://www.arellia.com/blog

http://arellia.channelplace.net/

Thank you!

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Thank you!

32


risk management and remediation

Business

security profile settings

prioritize remediation based

timerisk management

risk management

privilege management

environments post

risk

www