Enterprise GRC Framework p Unified Approach to Address Silo Cyber - - PowerPoint PPT Presentation
Ministry of Science, People First, Performance Now Technology and Innovation Enterprise GRC Framework p Unified Approach to Address Silo Cyber Security Landscape Ramaguru Ramasubbu and Rahul Moondra 7 th November 2012 h Ministry of
People First, Performance Now Ministry of Science, Technology and Innovation
Enterprise GRC Framework – p Unified Approach to Address Silo Cyber Security Landscape
Ramaguru Ramasubbu and Rahul Moondra
h
7th November 2012
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
Vulnerability Business Actors Tools &
CTURE Vulnerability Business Impacts Actors Tools & Techniques
Cyber Criminals Malware Insecure protocols Identity theft
FRASTRUC
Attacks
External Attackers Organized groups Social engineering Backdoors
Outdated patches/signatures
Weak passwords Data loss / leakage Unauthorized Access
RPRISE IN
A
g g p Business/ National rivals Freeware / open scripts p Lack of awareness Access Image / Reputation loss
ENTER
Ignorant insider Disgruntled employee / P t Botnets Espionage Weak perimeter defense Default configurations Service unavailability Customer dissatisfaction Partner g
People First, Performance Now Ministry of Science, Technology and Innovation
Vulnerability Management Patch Management
Breaches/Attacks
ON
Configuration Security NAP/NAC
Cyber security threats
Breaches/Attacks Espionage Malware/Botnets Identity theft
FORMATIO RUCTURE
Malware protection Security Gateways, Proxies, and Firewalls
s
Identity theft Phishing/Social Engineering
TICAL INF NFRASTR
Application Security Network Security Monitoring
CRIT IN
Wireless/Mobile Security g Email Security Insider Attacks / Backdoors
People First, Performance Now Ministry of Science, Technology and Innovation
“2012 IBM Global Reputational Risk and IT Study” 2012 IBM Global Reputational Risk and IT Study conducted by the Economist Intelligence Unit
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
Policy
Management
Business Continuity Audit
Planning
Management
Performance Management
Compliance
Management
Risk
Management
Controls
Management
People First, Performance Now Ministry of Science, Technology and Innovation
Control Management
Policy Management
Risk Management
Compliance Management Performance Management
Business
Audit
Continuity Planning
Audit Management
People First, Performance Now Ministry of Science, Technology and Innovation
Policy Business Continuity Audit Continuity
Cyber Performance
Compliance
IT GRC
Cyber Security
Risk Control
People First, Performance Now Ministry of Science, Technology and Innovation
Cyber Security Solutions
Anti Virus ware protection Firewalls Proxies twork Security Monitoring ch Management Vulnerability Management reless Security lication Security Secured Configuration curity Gateways NAP/NAC Email security
GRC cy ement
Malw
iance ement mance ement
Ne Patc
rol ement
V M Wi
ess uity ing
App C
it ement
Sec
k ement
E M
GRC Element Poli Manage Compl Manage Perform Manage Contr Manage Busin Contin Plann Aud Manage Risk Manage
People First, Performance Now Ministry of Science, Technology and Innovation
Anti Virus ware protection Firewalls Proxies twork Security Monitoring ch Management Vulnerability Management reless Security lication Security Secured Configuration curity Gateways NAP/NAC Email security
Cyber Security Solutions
Malw Ne Patc V M Wi App C Sec E M
Policy Management Compliance Management erformance anagement Control anagement Business Continuity Planning Audit anagement Risk anagement GRC Element
M C M Pe Ma Ma C Ma Ma
People First, Performance Now Ministry of Science, Technology and Innovation
Anti Virus ware protection Firewalls Proxies twork Security Monitoring ch Management Vulnerability Management reless Security lication Security Secured Configuration curity Gateways NAP/NAC Email security
Cyber Security Solutions
Malw Ne Patc V M Wi App C Sec E M
ment nce ment nce ent l ent s ty g ent ent GRC Policy Managem Complian Managem Performan Manageme Control Manageme Business Continuit Planning Audit Manageme Risk Manageme GRC Element
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
Things look normal, in silo…
Anti-spyware installed Users Digitally signed and encrypted communication with RC4 d RSA l ith MS08-067 Vulnerabili Connectio n to port 445/TCP
installed Users locked out for wrong passwords and RSA algorithms Files downloaded from internet sites ty patched 445/TCP
Asset manager Operating NIDS Internet Vulnerability scanner Operating system system security suite
File and Printer sharing services accessed Files updated in system folder New Dlls tt h d Firewall rules updated HTTP web sites browsed attached to services
File integrity Firewall NIDS HIDS File integrity monitor Antivirus
People First, Performance Now Ministry of Science, Technology and Innovation
.. And suddenly few abnormal symptoms ..
Systems b Services are not available to customers Network traffic increases Systems shutdown become slow increases shutdown ISP bl k Services are not available to customers blocks your IP :- DDOS detected FROM Freeware and PPP found on your servers Disk usage increasing FROM your IP your servers
People First, Performance Now Ministry of Science, Technology and Innovation
.. Analysis finds it ..
How Wh Wh
Conficker
Why Who
worm
What When
People First, Performance Now Ministry of Science, Technology and Innovation
Employee used infected USB MS08-067 vulnerability patched with custom fix
Week policy on removable media
patched with custom fix
Automating patch management
Custom protocols allowed MS08-067 Check for random DNS , connect to HTTP service and DLL based Autorun Trojan installed Open backdoor in firewall
Week policy on removable media
download updates custom fix
Automating patch management
installed
Week authorization to install software
and Wi-Fi devices
Week configuration management
Scan other machines on Port 445/TCP for open Exploit MS08-067 Vulnerability Use Default p windows shares
Week authorization to install software
Vulnerability, Use Default passwords
Default configurations
NetBIOS push to upload it Search for other vulnerable self to exploited machines
Use of Unnecessary protocols
machines , Infect any new Removable Media
No vulnerability assessment
People First, Performance Now Ministry of Science, Technology and Innovation
Zombie systems Zombie systems Financial losses Legal Financial losses consequences ?
People First, Performance Now Ministry of Science, Technology and Innovation
Security
Security
Risk
Cyber security Impact IT Risk IT security incident Impact
Control
bj ti IT Vulnerability
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
us tection ls s curity ng gement ility ment curity ecurity d tion eways AC urity urity
Cyber
Anti Viru Malware prot Firewall Proxies Network Sec Monitori Patch Manag Vulnerabi Managem Wireless Sec Application S Secured Configurat Security Gate NAP/NA Email secu Mobile Sec
Cyber Security Solutions y ment ance ment ance ment
ment ss uity ng t ment ment GRC Polic Managem Complia Managem Performa Managem Contro Managem Busine Continu Plannin Audit Managem Risk Managem GRC Element
People First, Performance Now Ministry of Science, Technology and Innovation
Anti-Virus Policies Anti-Virus Policies Malware Protection Malware Protection Malware Protection Policies Malware Protection Policies Fi ll P li i Fi ll P li i Policy Management Policy Management Firewall Policies Firewall Policies Proxy Policies Proxy Policies Proxy Policies Proxy Policies Patch Management Policies Patch Management Policies Policies Policies
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
Certification, Accreditation, and Security Assessments
Awareness and Training
Access Control Planning Risk Assessment System and Services Configuration Management Contingency Planning Incident Response Audit and Accountability Identification and Authentication System and y Acquisition Incident Response Maintenance Media Protection y Communications Protection Personnel Security Physical and Environmental Protection System and Information y Integrity
People First, Performance Now Ministry of Science, Technology and Innovation
EGRC IT GRC
IAM can aid in automating around 20-30% f IT l SIEM can aid in automating around 30-40%
IT Risk
IT Controls
Compliance to Regulations and Adherence to Standards
Identity Management
Standards
Identity Management
Authentication/SSO, Access Management, Directories, Provisioning
Log. Security
Security Information Event Management
Phsc. Security
People First, Performance Now Ministry of Science, Technology and Innovation
Cyber Security Controls
Vulnerability Management Patch Management
Event
Event Parser Event Mapper Correlation & Analysis Configuration Security NAP/NAC
Event Receivers Queues
Log storage
Security Security Gateways, Proxies, and Firewalls
Network monitoring Attack monitoring Risk Analysis / treatment Compliance Audit
Malware protection Application Security
monitoring g Application monitoring Data monitoring treatment Policy monitoring Incident management
Wireless/Mobile Security Email Security
User monitoring Performance Monitoring
People First, Performance Now Ministry of Science, Technology and Innovation
Identity Management
ID Stores
Access Management
Employees
User / Credential management User provisioning and de-provisioning Role life cycle management Privileged Account Management
y g
Human Resources Customers
Host Access Control Network Access Control Enterprise Access Control Web Access Control
Contractors
management Management Streamlined Access Grant & Certification
Services
Partners Custom stores
Policy management
Services
P t / Identity services Policy services Integration Reporting i
IAM User DB Policy DB
Authentication gateways Authorization services Single Sign-on Policy Di t ib ti Partners / Consultants Integration services
Network / Security Application (Web / Non-Web)
Database
Hosts
Txn DB
Single Sign on Distribution Public
People First, Performance Now Ministry of Science, Technology and Innovation
Cyber security controls
Control
Policy Information IAM
Management
y Management security IAM
Risk Management
Compliance Management Performance Management SIEM Business Continuity Audit Management
People First, Performance Now Ministry of Science, Technology and Innovation
C ll b i A t ti
Collaboration Automation Elimination of overlapping Oversight
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
India
M t S l ti Ltd
Magnaquest Solutions Ltd. 1523 & 1524, Durga Enclave , Road No:12, Banjara Hills Hyderabad - 500 034 Andhra Pradesh India Tel : +91 - 40 - 2332 0220/975, Fax : +91 - 40 - 2337 0037 Email : mqindia@magnaquest.com / www.magnaquest.com
Malaysia
Email : mqmalaysia@magnaquest com / www magnaquest com
Malaysia
Magnaquest Solutions Sdn Bhd (566396-A) , Units A-2-07 & A-2-09, SME Technopreneur Centre Cyberjaya 2270, jalan Usahawan 2 63000, Cyberjaya, Selangor DE Malayasia Tel: +603 83192864, 83182544 Fax: +603 83192534 Email : mqmalaysia@magnaquest com / www magnaquest com Email : mqmalaysia@magnaquest.com / www.magnaquest.com Email : mqmalaysia@magnaquest.com / www.magnaquest.com
US
Magnaquest Inc. 16219 S, 31st way, Phoenix , Arizona, 85048 USA Tel : + 1 480 706 3444 / 602 228 9248 Fax : + 1 413 403 0081 Email : mqusa@magnaquest.com / www.magnaquest.com
People First, Performance Now Ministry of Science, Technology and Innovation
People First, Performance Now Ministry of Science, Technology and Innovation
Key Facts
Established in 1997 Offering IAM, Billing, CRM and Service Fulfillment solutions Around 250 employees Software R&D facility in Hyderabad India Software R&D facility in Hyderabad, India Subsidiaries in Malaysia, US, and the UAE Over 150 satisfied customers across the globe Serving customers in over 25 countries Serving customers in over 25 countries Installations in multiple business models & networks Strong player in the medium to large customer segment worldwide
Domains & customer segments
Government, BFSI, Education, healthcare, Oil & Gas, Defence, etc… for IAM & EBT Solutions PayTV, Broadband, Internet Telephony, IPTV, OTT & On Demand Services – for BSS & OSS solutions
Solutions Offered
Identity and Access Management (IAM) products and solutions, integrated citizen ID cards Electronic Benefit Transfer (EBT) solutions, leveraging on the government driven ID initiatives Service Fulfillment Platform for Broadband Operators – Operational Support System (OSS) p p pp y ( ) Subscriber Management & Billing – Business Support System (BSS)
People First, Performance Now Ministry of Science, Technology and Innovation
Customers Installations
INDIA | MALAYSIA | USA | UAE
Phili i