© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

17/02/2016

Denis Valter Cassinerio

Security BU Director

& Sales North Director ®

Prevenzione e Monitoraggio:

le sentinelle per la sicurezza

del dato

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

IT SECURITY DRIVERS

1

THREATS LANDSCAPE

INTERNET MALWARE INFECTION EXTERNAL EXPLOITATION

PHYSICAL MALWARE INFECTION

T

e

x

t

CYBER ATTACKS

JUST AHEAD

• Drive-by Download

• Email Attachment

• File sharing

• Pirated sw& keygen

• Spear Phishing

• DNS & Routing Mods

• Professional Hacking

• Mass vulnerability exploits

• Co-location Host Exploitation

• Cloud Provider penetration

• Rogue WiFi prenetration

• SmartPhone Bridging

• Infected USB sticks

• Infected CD’s/DVS’s

• Infected memory cards

• Infected appliances

• Backdoored IT equipment

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

IT SECURITY DRIVERS

COMPLIANCE

Common Standards L 196, L 231, ISO 27001, HIPAA, SOX, PCI DSS…

New Challenges

• DATA PROTECTION OFFICER

• AVOID DATA BREACH

• DETECT & ALERT

• FORENSICS

Compliance + Controls

Identify + Processes

Proactive

Investigate

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

New «SECURITY DRIVERS»

Social & Mobility

Advanced Persistent Threats

Application Security

Big Data

Who

Where

How

What

METADATA :

Location

Distribution

Topic

Versions

…

INDICATORS OF COMPROMISE

EVOLVING THREAT LANDSCAPE

Corporation Employees

Data Loss

Cloud

Services

Malware

&

Vulnerabilities Business

Associates

Mobile

Devices /

Employees

Hackers

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

CYBER THREATS JUST AHEAD

4

TOP 3 CYBER THREATS

Facing organisation in 2016

52% Social Engineering 40% Insider Threats 39% Advanced Persistent

Threats

Source: ISACA’S Jan2016 CYBERSECURITY, SNAPSHOT, GLOBAL DATA

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Information Security Risk Management Fundamentals

5

AVAILABILITY

INTEGRITY

CONFIDENTIALITY

Risk = Vulnerability x Threat

Counter Measure Score

x Valuation

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Information Security Risk Management Fundamentals

6

VULNERABILITY Processes

Systems

Network

Applications

Continuous check

Continuos remediation

THREATS New threats every 1.5 seconds

Variants

Exploit kits

Botnets

APT

Penalties

COUNTERMEASURES Processes

Checks

AV

IPS

FW

APT

WAF

HIPS

APP CTRL…….

Consultancy

VALUATION Data

Assets

ANALYSIS Qualitative

Quantitative

Risk = Vulnerability x Threat

Counter Measure Score

x Valuation

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Situational Awareness Security

7

«Paying attention on what is going

on around you. Basically the

definition is the ability to scan the

environment and sense danger,

challenges and opportunities, while

maintaining the ability to conduct

normal activities»

New «Threats»

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Security: The Operational Impacts

8

INFORMATION SECURITY

DLGS. 196/2003 e s.m.i.

DLGS. 231/01 e s.m.i. Law 547/93 e s.m.i.

ISO/IEC 27001:2013

COBIT

ITIL

……

Virus

Worm

Trojan

Payloads

Man in the Middle

Brute Force Authentication..

APT

OPERATIONAL IMPACTS

SECURITY RISK MANAGEMENT

Legal & Compliance Threats Vulnerabilities

CVE MS 2008-067

CVE 2014-62-71

ISO

NIST

OWASP

OSST

Vectors of Attack

Technical Impacts

Business Impacts

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

SIEM Role: Situational Awareness Security

9

BI

GRC

Network Full Visibility

SIEM

Manual Input

Info

rma

tio

n M

atu

rity

iAM DLP Net

flow

FW/iD

PS

Anti-

virus FIM VAM

CM-

DB Fraud

Other

log

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Security Analytics: the process

10

Investigation

Compliance Reporting

Endpoint Analysis

Session Reconstruction

Incident Management

Capture Time Data Enrichment

LOGS

PACKETS

ENDPOINT

NETFLOW

On Prem

Cloud

Action Analysis Visibility

LIVE

Threat Intelligence | Rules | Parsers | Feeds | Reports | RSA Research RSA LIVE INTELLIGENCE

Advanced Analytics

ENRICH

Monitor everything Logs, network traffic, user activity

Correlate intelligently Connect the dots of disparate activity

Detect anomalies Unusual yet hidden behavior

Prioritize for Action Attack high-priority incidents

LIVE

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

SIEM and beyond – Security Analytics Goals

11

1 - Log Collection & Compliance Catturare i log, mantenerli nel loro stato inalterato, e

analizzarli anche a fini di compliance

2 – Full Network Visibility Garantire piena visibilità su ciò che avviene nella

propria infrastruttura grazie alla Full Packet Capture

3 - Information and Event Correlation Correlare ed analizzare il flusso dei log, netflow

e pacchetti per identificare le anomalie.

5 - Enterprise Security Risk,

Vulnerability & Compliance in one view

Riassumere ed identificare costantemente

lo stato di rischio.

4 - Intelligence, Real Time Security and

Threat Visibility, Analytics

Garantire visibilità real time degli eventi, delle

minacce, degli alerts e dello stato di sicurezza

contestualizzati con le informazioni di intelligence.

7 – Situational awareness Adattare il processo al nuovo stato di rischio.

6 – Risk Mitigation, Prioritized and

Contextualized Action

Gestire la severità degli eventi / falsi positivi

ed intraprendere prontamente le corrette attività di

intervento/remediation

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Need of The «RIGHT» Tools

12

Time relevant matter to close the gap

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Security BU – The Right «Partner»

SOLUTIONS

SERVICES

CONSULTING

GOVERNANCE

Compliance

Professional

Services

Technology

Cyber Security

Managed

Security

Services

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Security BU Offering: Cyber Security

• APT Assessment

• Ethical Hacking

• Forensic Analysis

Assessment

• Multi Protocol Network Detection

• Spear Phishing Mitigation

• Anti Bot Net

• Sandboxing & behavioral monitor

• Zero Day Protection

Technology

• SIEM implementation

• IOC Analysis

• Malware Analysis

• CSIRT Services

Management

Detect

Analyze

Adapt

Respond

Cyber

Security

APT Cycle

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Security BU Offering: Technology

• Anti Malware

• Mobile Security

• Anti Spam

• Web Threat Security

• URL Filtering

• Data Loss Prevention

• Encryption

CONTENT SECURITY

• Firewall

• IDS/IPS

• Next Generation Firewall

• Host Intrusion Prevention

• Network Access Control

• Unified Threat

Management

• SSL / Virtual Private

Network

NETWORK SECURITY

• Virtualization Protection

• Anti Malware

• Vulnerability Protection

• Firewall

• IPS / IDS

• Log Inspection

• DDOS

DATACENTER & CLOUD SEC.

• IAM Identity & Access

Mgmt

• PAM Privileged Account

Mgmt

• SIEM Security

Information Event Mgmt

• SSO Single Sign On

• Log Mgmt

SECURITY MANAGEMENT

Content Security

Network Security

Datacenter & Cloud Security

Security Management

Technology

© Hitachi Systems CBT S.p.A. 2015. All rights reserved.

Contacts

HEADQUARTER

ROME

Via Francesco P. Da Cherso, 30 - 00143

+39 06 519931

www.hitachi-systems-cbt.com

marketing@hitachi-systems-cbt.com

infosecurity@hitachi-systems-cbt.com

MAIN SITES

MILAN

Via Dei Gracchi, 7 – 20146

+39 02 489571

VENICE - QUARTO D’ALTINO

Via L. Mazzon, 9 – 30020

+39 0422 19702

TURIN

Via Gian Domenico Cassini, 39 - 10129

+39 011 5613567

NOVARA

Via Biandrate, 24 - 28100

+39 0321 670311

BOLOGNA - CASALECCHIO DI RENO

Via Ettore Cristoni, 84 - 40033

+39 051 8550501

Superior service empowered by combining the strength of our people and information technology.