risk management and remediation
DESCRIPTION
Speakers: Kurt Van Etten, Symantec Director, Product ManagementStephen Brown, Arellia, PresidentDan McManus, Arellia, Director of SalesTRANSCRIPT
Risk Management and Remediation 1
Risk Management and Remediation
Kurt Van EttenSymantecDirector, Product Management
Stephen BrownArelliaPresident
Dan McManusArelliaDirector of Sales
Agenda
Risk Management and Remediation 2
Need to Move to Risk Management1
Deeper Dive on Risk Manager2
Remediation3
Rapid Maturation of Information Security
Risk Management and Remediation 3
Continuous Monitoring
CyberscopeReporting
• Collection of Data• Vulnerability• Configuration• Procedural
• Reporting to higher• Peer Comparison
Risk Scoring&
Management
• Focus on top priorities
• Drive action to reduce risk
Symantec Approach to IT Risk Management
Risk Management and Remediation 4
CCS RISK MANAGER
TRANSLATE ACTINFLUENCE
How do you drive measurable
risk reduction?
How do you convey IT risks to your
peers?
How do IT risks affect your mission?
Introducing CCS Risk Manager
Risk Management and Remediation 5
CCS RISK MANAGER
TRANSLATE ACTINFLUENCE
»Prioritize based on business impact
»Align Security andIT Operations
»Track risk reduction over time
»Convey IT risk in business terms
»Customized views for greater impact
» Justify new security investments
»Define virtual business assets
»Connect relatedIT assets
»Create business view of IT risk
Current View of IT Risk – Technology Centric
Risk Management and Remediation 6
Transaction Processing
System
Case Management
Translating IT Risk
Risk Management and Remediation 7
Translating IT Risk
Risk Management and Remediation 8
Transaction Processing
System
CaseManagement
Plan Name Risk Objective Status
Current Score
Projected Score
Target Date Owner
Plan A Secure Configuration Completed 2.75 2.75 3/15/12 Bob
Plan B Patch Level Standard Completed 1.81 1.81 4/11/12 Joe
Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe
Plan C Protect Web Servers Completed 2.10 2.10 2/28/12 Dave
Plan Name Risk Objective Status
Current Score
Projected Score
Target Date Owner
Plan A Secure Configuration Submitted 3.65 2.75 3/15/12 Bob
Plan B Patch Level Standard Completed 1.81 1.81 4/11/12 Joe
Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe
Plan C Protect Web Servers Submitted 3.51 2.10 2/28/12 Dave
Plan Name Risk Objective Status
Current Score
Projected Score
Target Date Owner
Plan B Secure Configuration Submitted 3.65 2.75 3/15/12 Bob
Plan C Patch Level Standard Submitted 4.22 1.81 4/11/12 Joe
Plan A Info Sec Standard Completed 2.23 2.23 1/10/12 Joe
Plan D Protect Web Servers Submitted 3.51 2.10 2/28/12 Dave
Using Risk to Drive Accountability and Action
Risk Management and Remediation 9
Transaction Processing
System
Define a business asset you want to manage
Visualize and understand IT risk for this business asset
Prioritize remediation based on IT risk, not technical severity
Monitor risk reduction over time
CCS Risk Manager Highlights
10
Risk Management and Remediation
Risk & Compliance Sales Specialist Training - CCS Risk Manager
Visualize and Understand IT Risk
11
Enterprise Wide View of Business Risk
Risk Overview for People’s Bank
Risk & Compliance Sales Specialist Training - CCS Risk Manager
Visualize and Understand IT Risk
12
Balanced View of Business and Operational Metrics
Drill down to technical
details
Prioritize Remediation Based on Risk
13
Risk Modeling
Risk Management and Remediation
Prioritize Remediation Based on Risk
14
Remediation Plan by Risk Objective
Review & finalize remediation plan
Risk Management and Remediation
Monitor Risk Reduction Over Time
15
Manage Remediation Plans
Track risk reduction for remediation plans
Risk Management and Remediation
Data Driven View of Risk• Cross-reference multiple data points for a true view of risk• Combine 3rd party data for ‘composite’ risk score• Easily digest and distill data from thousands of devices
1
Effective Risk Management
16
Ability to Show Business Value• Map IT assets to business assets• Present relevant information to business peers• Flexible reporting – avoid costly re-mapping efforts
Move Beyond Risk Assessment to Risk Monitoring & Management • Track objectives and monitor risk over time• Develop action plans to manage entire remediation process• Demonstrate risk reduction over time
2
3
Risk Management and Remediation
Effective Remediation
• Remediation: The act or process of correcting a fault or deficiency• Automating Remediation can:– Fix 95% of Security Profile settings w/o manual intervention
– Immediately address an environment’s post-audit vulnerability status
– Provide significant ROI
Risk Management and Remediation
Why Haven’t We Automated Remediation?
Risk Management and Remediation
18
• Registry settings• Security audit• Account lockout
• Local password policies• Service configuration• Account privileges
• Automatic remediation for 6 well known configuration types
• Auditing and Remediation– Security (Auditing) vs. Operations (Change Management)
• SCAP Validated• Means that we can ingest SCAP audit results!!!
• Standards Enable Security• Common language between security and management• Security results become Management Tasks
• Actionable, Automated, & Auditable
Closed Loop Direct Remediation
19
SCAP Audit Initiated• FDCC• USGCB• STIG• CIS
SCAP Audit Tool Remediation Tool
End Point
Risk Management and Remediation
Closed Loop Direct Remediation
20
Audit Complete• Results Available
via ReportingSCAP Audit Tool Remediation Tool
End Point
Security Results Management Tasks
Remediation Tasks Executed• Approval Manual
and/or Automated
Risk Management and Remediation
Closed Loop Direct Remediation
Remediation Complete• Results Available via
ReportingSCAP Audit Tool Remediation Tool
End Point
Remediation Complete• SCAP Audit Tool
Notified
SCAP Validation Audit • FDCC, USGCB, etc.
Risk Management and Remediation
Closed Loop Direct Remediation
22
Validation Audit Complete• Results Available
via ReportingSCAP Audit Tool Remediation Tool
End Point
Risk Management and Remediation
Didn’t You Mention Something About ROI?
• Fix 95% of Security Profile settings w/o manual intervention
• Immediately address an environment’s post-audit vulnerability status
• Provide a significant ROI to a customer
Example: Windows 7• Post “Typical” Install of Windows 7, run a USGCB audit• Windows 7 installation will be around 30% compliant (70%
failure to comply)
• Soft costs (unfactored): Lost productivity of Jr. Admin AND End User
• Will need to perform remediation again after next audit!
Manual Audit Costs
Number of issues to address 100
Minutes per issue 5
Total Time (Hours) 8.33
Jr. Admin Salary $50,000
TOTAL COST $200.32
Risk Management and Remediation
RemediationActions
Security Configuration
Visibility
A
BC
D
How Arellia Can Further Help Effective Risk Management
Removing End Users’ Administrator
Rights
Securing Local Admin Accounts &
Passwords
ApplicationWhitelisting
AutomatingRemediation
Privilege Management:
1 in 14
43%
110 Million
$653
Increasing Security AND End User Productivity
Programs downloaded in Windows are malicious
2011 MS Bulletins address Privilege Exploitation
Estimated new Windows 7 users in 2012
Annual cost savings per managed endpoint:“moderately managed” vs. “locked and well-managed”
Privilege Management: The ability to enable or secure applications through the addition or removal of user rights.
Risk Management and Remediation
Windows 7 End User Accounts:
“Ideal” end user model?• Standard User with elevated
privileges for predetermined (by customer) functions– Cannot be done without a third
party tool
• Balances security needs with end user productivity– Security posture remains high
– End user productivity remains high
– Support costs at all levels lowered
High Security Posture AND End User Productivity
“Privilege management and application control tools help
achieve total cost of ownership (TCO) reasonably close to that of a locked and well-managed user, while giving users some
ability to control their systems.”
Gartner: “The Cost of Removing Administrative Rights for the Wrong
Users” (April 2011)
Risk Management and Remediation
Local Administrative Rights:
• Who has Admin Access?!?!?• What was the justification?• When were these waivers last reviewed?• Where in my organization are these local end
user accounts with admin rights?• Why aren’t my GPOs enough?
The Interrogative Process
Risk Management and Remediation
How Do I Fix This?• Local Admin Password: Randomization & Cycling• Discover local user accounts– Including accounts with admin rights
• Group Membership Enforcement• Windows Service Account Management• Auditing of Administrator Account Usage• Local Security Inventory and Configuration• Compliance Reporting
Risk Management and Remediation
www.arellia.comItem Description
How to purchase Sold exclusively via Symantec sales and partners
Buying Options Available in Symantec buying programs
Contacts 800.889.8091 (Option 1) or [email protected]
Data Sheets www.arellia.com/solutions
Forums / Documentation portal.arellia.com/wiki
Videos (YouTube Channel) www.youtube.com/user/ArelliaSoftwareVideo
Webcasts / Events www.arellia.com/events
Blog www.arellia.com/blog
Twitter @ArelliaSoftware
Partner Portal arellia.channelplace.net
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Thank you!
32
Risk Management and Remediation