Dr. Phillipe Evrard Managing Director Why Are Quantar Solutions - - PowerPoint PPT Presentation

• Dr. Phillipe Evrard

Managing Director

Why Are Quantar Solutions Systems Unique?

System backend – passive device management is a patented technology. n-ORM method of taking backend data and modelling threats to derive a value at risk for networks attached to the internet is a patented technology. n-STS method of taking backend data and modelling threats using advanced stochastic statistical modelling is a patented technology. n-REP method of taking n-ORM outputs and modelling reputational damage values financially has patents applied for (2010). Each component of the systems have been protected, resulting in preventing other companies copying or developing the same/similar methods of identifying, quantifying and calculating network operational risks.

Gulf States Patent Protected Kuwait U.A.E. Qatar Saudi Arabia Oman Bahrain

Hackers Organized crime Security forces Government agents Eco warriors Subversive movements Information loss Data corruption Operational failures Weakened defences Financial impacts Compromised security Network risk management Education Training Controls Risk-aware culture Pro-active resilience

Network Trends

Cyber attacks Targeted attacks Viruses Automated attacks Trojans Worms

Is your security better than the major world banks?

Is your security better than the leading military

• rganizations?

Are all your crucial assets fully secure?

❑ Your infrastructure is ALREADY under attack. ❑ Your security systems are being attacked hourly. ❑ Your operations are attacked every day. ❑ Can your security perimeter be secure

100% 24/7/365? Etihad Airways Website 18th May 2010 19.00 - 20.20

Where Does Quantar Fit?

Resilience

Network Security Firewalls Intrusion Detection Network Scanners Packet Filtering Content Scanners Anti-virus Holistic Behaviour Continuity Quantification Valuation

(all risk not network)

Assessment

(all risk not network)

Network Risk Identification NATIONAL & ENTERPRISE RESILIENCE

Quantar +

Firewalls Network Scanners Intrusion Detection Anti-virus

Quantar +

Symantec ESM IBM –ISS COBIT OCTAVE ISO 27031 BS25999 Quantar + BS 25777:2008 BS25999 ISO/IEC 27002 :2005 BS 7799-1:2005, ISO/IEC 17799:2005

Quantar +

IASCA Algorithmics Lombard Munich RE Swiss RE Lloyds of London

Quantar +

Methodware Sungard ISO 31000:2009 IBM – ISS OpVantage Palisade I.T.

What Are Others Doing?

Centre for the Protection of National Infrastructure - CPNI (U.K.) National Infrastructure Protection Program – NIPP (U.S.A.) United Arab Emirates Computer Emergency Response Team – aeCERT (U.A.E.) Critical Infrastructure protection / Protection des infrastructures critiques - PIC (France) Institute for Cyber Security - ICS (U.S.A.) The French Network and Information Security Agency – FNISA (France) Agence Nationale de la Sécurité des Systèmes d’Information -ANSSI National Information Security Council – NISC (Japan) European Network & Information Security Agency – ENISA (European Commission) Co-operative Cyber Defence Centre - CCD (NATO)

Key Trends: 1.) Government backed nation infrastructure protection programs using private companies. 2.) Specialist centres/units established for cyber and information security using external suppliers. 3.) Co-ordination between different units for national resilience. National Infrastructure Cyber Specialist

Digital Systems Cyber Security Programme Knowledge Transfer Network – KTN (U.K.)

Feedback Loop

Continuous improvement to enhance national infrastructure protection & the role of Quantar

Physical Cyber Human

Set Security Goals

Identify Assets Assess Risks

(consequences, vulnerabilities, threats)

Prioritize

Implement Protection Programs Measure Effectiveness Original Source: U.S. National Infrastructure Security Plan (NIPP )

I.T. Integrated Non-I.T. Integrated I.T. Trends

Existing Operations

Detection Collection & Aggregation Calculation & Reporting

Mature Emerging Future

Standards & Regulations

Processes External Internal COBIT ISO Sarbox Octave etc Raytheon C.A. Symantec IBM/ISS etc Cisco Checkpoint Nokia etc Technical Process C.A Symantec IBM/ISS SAS Methodware Algorithmics

• Audit
• Control
• Compliance
• Reports
• Oversight

Current I.T. Security Environment

• Resilience
• Management
• Valuation
• Continuity
• Safety

Existing Operations

Detection Collection & Aggregation Calculation & Reporting

Mature Emerging Future

Standards & Regulations

• Audit
• Control
• Compliance
• Reports
• Oversight
• Resilience
• Management
• Valuation
• Continuity
• Safety

Quantar Solutions

n-ORM & n-STS

High Low Low High Degree of Specialization of Offering Usage Potential Component Risk Systems Enterprise Risk Systems Quantar Solutions SAS Algorithmics Methodware RCS Reveleus Open Pages Sunguard Chase Cooper Interexa Mega Paisley Coreprofit BWise Centreprise Guideline Ruleburst Optial FRS

Source: Chartis Research Report #RR0701 – Operational Risk Management Systems 2007

Risk Management Systems Landscape

System back-end developed by IT security specialists (working With NATO / Eurocontrol /NAMSA/SWIFT) Quantar Solutions Systems Development History – A Mature System n-ORM developed in conjunction with high level military intelligence simulation & training organization 1999 - 2005 2006 - present 2006 - present 2006 - 2009 System back-end re-developed to integrate patented technologies by leading UK university + current R&D Advanced algorithms developed in conjunction with multi-year award winning actuarial consultancy 2009 - present n-STS developed in conjunction with leading credit & market risk management organization

What Will Fail When an Attack Gets Through?

Technology Networks

Network Security

Internet

Hackers Terrorists Foreign Governments Militia Eco Warriors Anti-Political Groups Organized Crime Anti-Religious Groups Foreign Military Oil Production Layer 1 Network Security Layer 2 Network Security Layer 3 etc Traffic; Transport; Shipping Military Telecoms Water & Treatment Banking & Retail Electricity Internal Security Systems

Quantar Identifies Which Will Fail and Which Needs Maximum Protection.

Technology Networks

Network Security

Internet

Hackers Terrorists Foreign Governments Militia Eco Warriors Anti-Political Groups Organized Crime Anti-Religious Groups Foreign Military Oil Production Layer 1 Network Security Layer 2 Network Security Layer 3 etc Traffic; Transport; Shipping Military Telecoms Water & Treatment Banking & Retail Electricity Internal Security Systems Quantar Quantar Quantar Quantar Quantar Quantar

System Back-end Installation: Analyzes traffic between the internet and your firewall

Analytics engine: Identifies threats but does NOT read the actual data, eliminating risks of information theft or compromise.

Typical backend actual client data illustrating the day/time; category, target and severity of each attack This company experienced 350 attacks in one hour via its’ network of this attack with a severity of 7

High Level Concept

▪ <Crimson Version="1“>−

▪

<ObservedThreats ObservationStart="2008-02-25T00:00:00" ObservationEnd="2008-03- 03T00:00:00">

▪

<Threat ID="DOS MSDTC attempt" Category="Indiscriminate" Target="Unknown" SeverityScore="7">

▪

<Observation Day="Monday" From="00:00:00" To="00:59:59" Count="52"/>

▪

<Observation Day="Monday" From="01:00:00" To="01:59:59" Count="32"/>

▪

<Observation Day="Monday" From="02:00:00" To="02:59:59" Count="56"/>

▪

<Threat ID="WEB-MISC http directory traversal" Category="Indiscriminate" Target="Unknown" SeverityScore="7">

▪

<Observation Day="Monday" From="00:00:00" To="00:59:59" Count="247"/>

▪

<Observation Day="Monday" From="01:00:00" To="01:59:59" Count="152"/>

▪

<Observation Day="Monday" From="02:00:00" To="02:59:59" Count="266"/>

▪

<Observation Day="Monday" From="03:00:00" To="03:59:59" Count="437"/>

Date & Time of Attack Categorization Target of Attack Severity of Attack

Inputs Processes Systems Threat Database IT Systems Business Processes Tuning of Firewall Values at Risk Activity Predictor System Risk Calculator Predicted Activity High Level Concept Predicted Activity Process VaR Risk Calculator

Installation of n-ORM requires no computer skills. Just follow the simple Instructions.

The whole installation is fully

• automated. Advanced users can

select locations and settings.

There are 2 options: Install the full version

• r just the infrastructure

manager module.

A summary is given before the user accepts and installs the software

From start to finish, it takes around 30 seconds to install n-ORM on a PC or laptop.

The primary configuration screen offers the user numerous facilities, such as language; time zone; currency; scale for currency; the location of the threat data from the backend system; and the location name.

The threat data view shows observed threats seen by the backend system. each virus count has a growth rate

• projected. The system can assist in

providing network security additional data to fine-tune security.

n-ORM has 2 options: install the full version or install only the Infrastructure Manager module for business process mapping throughout the organization

The infrastructure manager module is a key part of any risk management program and can be used not just for network risks, but for all business process mapping tasks.

Processes, systems and categories are linked simply by dragging and dropping onto the page. No skill is required to complete the task.

A picture is built up of the relationships between operations and systems and the impact of a failure of any of them.

The physical attacks module can be used both for threats such as fire/flood/etc, but also for other types of threat, such as insider activities or any other relevant threats.

Various risk management actions can be input and modelled. The user can input a new scenario or duplicate and change an existing scenario.

With each new scenario input, the

• verall cost/benefit can be easily
• seen. As long as the saving is greater
• r equal to the cost, the action should

be taken.

After feedback at ISNR Abu Dhabi in March 2010, we have implemented a warning system for n-ORM & n-STS to warn if the risk level is increased.

Here the baseline risk value has been accepted and the status is green = OK

Here the baseline risk value has been exceeded and the user is clearly warned. There must be an acceptance of the new level or a risk management action taken. Red = Warning.

The reporting module allows a clear visualisation of which processes are the most critical to the organization and therefore which should be protected first, then second, etc.

An important feature is the non-interactive

• function. Running n-ORM in this mode, once

set up, means the value at risk figure can be posted to any folder or file – even in MS Excel

Every change to the system is logged For both risk management and Compliance / audit requirements.

n-ORM Key Features & Benefits Summary

Feature Benefit Simple to install anywhere & low computer knowledge needed to use Auto-installer Graphical output of main data Easy to understand & explain the results of risk management program Infrastructure Manager Module Key item in any mapping of processes &

• systems. Can be used for other risk

management programs as well as n-ORM Reporting module Graphical output showing the critical processes/systems & enables prioritization

• f protection & security

Non-interactive mode Value at risk can be saved to a folder

• r file for daily viewing without running

n-ORM in the foreground. Can be used in an Excel sheet or similar. Variance warning function Traffic light-style warning system for increased risk. Demands action if status becomes red.

User defined results displayed Hierarchical results Network risk value status Main n-STS results display illustrating trend analysis under expected loss scenario.

Time series via user defined period Selected period for analysis set

Configuration set by administrator level users

n-STS is used for regulatory audit & compliance

User defined history of results for display/audit

Statistical analysis background demonstration of n-STS (1)

Statistical analysis background demonstration of n-STS (2)

Statistical analysis background demonstration of n-STS (3)

n-STS Key Features & Benefits Summary

Feature Benefit Risk status bar Traffic light display clearly showing risk status Different risk measures, such as expected loss & confidence levels featured Select risk measures Trends Time series feature illustrates pattern of attack over a period of time for wider understanding of the risks Create report Reports function enables complete record keeping for effective risk management and for audit/compliance Model selection Advanced stochastic statistical modelling

• f risks for leading-edge risk management

Implementation of Quantar Solutions Backend system – requires some network skills n-ORM – quick to install and easy to use n-STS – quick to install. Needs some statistical knowledge One-to-one training (or train-the trainers) Approved installers Video training Pre-installed software on new servers Customization per implementation – setting up and configuration De-locked general use of software under single licence Supply data on an outsourced basis and provided with reports & risk values

What Will Fail When an Attack Gets Through?

Technology Networks

Network Security

Internet

Hackers Terrorists Foreign Governments Militia Eco Warriors Anti-Political Groups Organized Crime Anti-Religious Groups Foreign Military Oil Production Layer 1 Network Security Layer 2 Network Security Layer 3 etc Traffic; Transport; Shipping Military Telecoms Water & Treatment Banking & Retail Electricity Internal Security Systems

Quantar Identifies Which Will Fail and Which Needs Maximum Protection.

Technology Networks

Network Security

Internet

Hackers Terrorists Foreign Governments Militia Eco Warriors Anti-Political Groups Organized Crime Anti-Religious Groups Foreign Military Oil Production Layer 1 Network Security Layer 2 Network Security Layer 3 etc Traffic; Transport; Shipping Military Telecoms Water & Treatment Banking & Retail Electricity Internal Security Systems Quantar Quantar Quantar Quantar Quantar Quantar

10 Point Summary of Quantar Solutions Unique Systems

• 1. Gives a financial value of your I.T. Risk exposure.
• 2. Creates a framework process for your risk management & continuity planning.
• 3. Prioritizes which processes & systems should have security focussed upon them.
• 4. Enables efficient use of resource allocation to security.
• 5. Educates the organization to become more ‘risk-aware’.
• 6. Complements your perimeter security systems with additional data and profiles.
• 7. Facilitates process mapping that can be used outside of the system.
• 8. Easy to implement & use, with low cost of ownership.
• 9. Option of base n-ORM product or advanced statistical analysis or use both.
• 10. Bar graph output makes the results easy to explain and understand.

Why Quantar Solutions?

• 1. Your whole infrastructure is built on the base of networks.
• 2. Every day your networks are attacked by many different types of groups.
• 3. You need to protect critical resources such as oil production facilities, which are

based upon networks for their operation.

• 4. Other countries have experienced successful attacks against their best protected

systems – it is not ‘if’ but ‘when’ you have a successful attack that you have to plan for.

• 5. Security solutions are based upon layers of protection, with no single solution

providing the best security.

• 6. There is a need to map all the processes and systems and their interdependencies

in a simple and efficient way to start

• 7. The cost-benefit of security systems is incredibly low compared to the cost of

lost production through attacks.