Upload
dothu
View
224
Download
0
Embed Size (px)
Citation preview
Integrated Managed Cyber Security Framework (IMCS)
Securing information, Staying compliant and
Ensuring brand protection
Cyber threat landscape is constantly
evolving in today’s digitally
connected world. Organizations
have to deal with complex IT
environments, which stretch the
boundaries of traditional enterprises
with integrated value chains, mobile
employee base and movement to
cloud. Cyber attackers often exploit
the weakest link in this complex
environment to launch cyber attacks
varying in their degree of severity
and stealth.
Organization these days deploy
myriad of technologies to prevent
these attacks and in case of
regulated industries to remain
compliant. There are over forty
different technology components
that for part of security ecosystem
covering network, datacenter, cloud,
application, email, data and
endpoints. This heterogeneous
approach on one hand provides the
best of breed technologies for
protecting the organizations but on
the other presents a large challenge
to define, collect, collate, interpret,
and define actionable intelligence
that can help organization improve their security posture.
Need for an Integrated Managed Security Framework
360o view to organization security posture
Define organizational
security posture
Determine type, level
volume, of sources
Collect, collate, correlate
& analyze telemetry data
Overlay cyber threat
intelligence
Derive actionable cyber
security intelligence
Cyber security incident
response & remediation
Linking organizational risk posture,
regulatory and compliance needs
to integrated managed cyber security framework
Every organization has a different security profile driven primarily by the industry
they are in, regulatory requirements, geographical dynamics and business value
chain. Understanding of these components helps in framing the security policies
and creating a framework that can monitor and respond to the threats whilst
adhering to these policies. It is essential to understand this risk profile to determine
the key sources of telemetry (security logs) data across security, infrastructure and
application elements. Beyond sources, it important to determine the right level of
telemetry is configured, volume managed and noise eliminated.
Governance
Iden fy
Assets
CyberRisk
Standards&Regula ons
TechnologyComponents
Audits&Compliance
Organiza onStructure
Policy&Process
Users
BusinessRisk
WebServers
AppServers
EmailServers
Endpoints
Applica ons
StorageArrays
IDS/IPSFirewallNetworkDevices
Volume
Noise
Level
Toomanydevices,hosts,networkandapplica onsgenera nglogsDifferentformatsandloca onsoflogsmakesitdifficultforaccessLargequan tyoflogsaregenerated,whicharedifficulttokeep
Lotofinforma ongeneratedinlogsisredundantandrepe veNoisewithinlogsmakesitdifficulttolocatemeaningfulinfoNoisylogsalsomakeitdifficultformaintenanceandreten on
Veryo enrightlevelsoflogsarenotenabledwithinsourcesEitheradefaultlogginglevelissetorelseaverylowlevelissetImproperlevelsleadtoinforma onlossandlackofvisibility
VarietyVarietyofdevices,apps&networksourcestochoosefromConstantreviewofthreat&technologylandscapefornewsourcesAssessmentoffullcoveragev/sriskbasedcoverage
Linking governance to telemetry decisions
Integrating organization telemetry
data with Cyber Threat Intelligence for driving actionable intelligence
Traditional security operations center focus on collecting telemetry data from
the devices into an SIEM for driving correlation and reporting. Whilst this may
have been sufficient in the past, changing threat landscape demands a much
tighter integration between various threat constituents.
Cyber Threat Intelligence Framework is a combination of tools, feeds and
analytics, which integrates with organization’s telemetry data and SIEM’s
correlations rule engine. This overlay of external and internal threats, gives a
clear picture of how organizations threat landscape is vis-à-vis global threats.
CTIF integrates with SIEM using STIX and TAXII formats, and allows the overlay
to determine alerts such as Ransomware, DDOS, SQL Injection, SPAM bots,
unauthorized logins, suspicious user behavior and policy violations.
Endpoints
WebServers
AppServers
EmailServers
Applica5ons
StorageArrays
IDSFirewall
NetworkDevices
RiskBasedPriori- za- on
OffenseIden- fica - on
Abilitytoseea, acksincontext
Accuracyofdetec5onandresponse
Fasterdetec5onandresponse
ProvidesinputsonIoCs&threatactors
CTIF
PrivateFeeds
PublicFeeds
Organ
iza-
onal
Telemetry
Public
ThreatIn
tel
CIFServer
PushedDailyFeeds
CIFClientAnalyst
Mi- ga- onEquipment(Firewall,IDS,dnsSinkhole)
UsersQuerying(IndexedFeeds)
CTIFFeed
ThreatCorrela on
Ac onableIntelligence
Cyber Security Incident Response
Framework for limiting the effect and duration of incidents
Corporations today face a high risk of security incident and increased possibility
of serious financial problems caused by a data breach. Research shows majority
of incidents would have been avoided through simple or intermediate-level
controls. An effective Computer Security Incident Response Team (CSIRT) can
help organization protect critical assets and data and lower risks by increasing
awareness and creating controls.
Effective CSIRT framework is combination of activities that organizations can
undertake during Peacetime primarily around monitoring, simulation and health
check, for Wartime (in case of attack) around respond, remediate and forensics.
PeaceTimeAc vi es
HealthCheck
Prepare
Monitor
Simulate
RootCause
RemediateForensics
Response WarTimeResponse
SLAdriven24x7overageAutomatedremedia onRootCauseandForensicsStakeholdercommunica onsThreatscenariossimula onsCo-ordina onwithOEM
Riskbasedassetclassifica onSecuritypolicyenforcementProac vesecuritymonitoringAutomatedremedia onworkflowSimula onusecasedefini on
Incidentiden fica onResponseandremedia onRootcauseanalysisandforensicsAnalyze,report&createevidenceUpdateincidentknowledgebaseUpdateremedia onworkflows
Deliverables
Peace
meac
vity
War
meac
vity
About Sequretek:
As the fastest growing, independent security, identity access governance and analytics
provider, Sequretek helps global organizations to secure, protect and manage their
information assets residing across different devices, data centers, and in the cloud.
Sequretek’s industry leading product portfolio offers end-to-end security solutions
ranging from modern end point protection to advanced access governance and analytics.
For more information, visit http://www.sequretek.com and [email protected].
Integrated Managed Cyber Security Framework
Sequretek IT Solutions, B Wing, 3rd floor, Navkar Chambers, Marol Naka, Andheri (E), Mumbai, India, 400059
Governance,RiskandCompliance
Endpoints
WebServers
AppServers
EmailServers
Applica ons
StorageArrays
IDSFirewall
NetworkDevices
Inciden
tRem
edia
on
Inputs
Repor ngRisk
Matrix
SecurityPolicyInput
CTIF
ThreatIntel
ICMS framework stitches together a 360O view to the organization from security
policy to devices and organizational telemetry to global feeds, and finally
bringing in an incident management component that ensures that organization is
prepared to deal with any potential security threat that may arise.