18
1 SecOps : Security Operations Saurav Sinha Head of Presales – India

SecOps : Security Operations - eletsonline.com · ops digests report and plans work extra change documentation potentially many approvals apps secops workflow now automated. 12 compliance

Embed Size (px)

Citation preview

1

SecOps : Security Operations

Saurav SinhaHead of Presales – India

2

300+Patents

#1Ranked

ITOM Vendorby Gartner for 3

consecutive years

$8BInvestment

82%Fortune 500

Use BMC for their

digital services

10KCustomers

Public SectorRetailFinancials CPGHealthcare Telco Business Services

The World’s Best and Most

Innovative Companies Trust BMC…

3

BMC Ecosystem

Strategic Service Providers Strategic Technical Alliances Channel Partners

4

5

Online Banking

Penetration

India has about 470 million banking customers out of which 60 million do online

banking; these numbers will grow by 173 million – as per analyst reports

6

DIGITAL WORLD is under attack

Syndicates

Lone

Wolf

Governments

Stolen

credentials

Exploit

backdoors

Malware

Hacking

Brute Force

Spyware

PhishingFun

Grudge

Financial

Boredom

Espionage

Ideology

7

There’s so many more

vectors that are easier, less

risky and quite often more

productive than [zero day

excursions]. This includes,

of course, known

vulnerabilities for which a

patch is available but the

owner hasn’t installed it.

Rob Joyce

Chief, Tailored Access Operations (TAO)

National Security Agency

ATTACKS

80%

More than 80%

of attacks target

known

vulnerabilities

FIX READY

99.9%

99.9% of exploits

were compromised

over a year after

the CVE was

published

Known Vulnerabilities

are the Biggest Threat

8

Manual interventions for broken

processes

No visibility to actionable

threat information

193Increasing number of complex

regulatory standards

Challenge to balance security &

compliance actions against risk of

sacrificing uptime/performance

Days to resolve

average

vulnerability

Lack of Integration

Between Security and

Operations Creates a

SecOps Gap

9

CVE

Up to 40% of

work sent to Ops has been seen before

On average, every

1000servers have

1-2 FTE working to analyze and plan action on vulnerability data

Manual or Semi-automated Remediation is Slow and Error –Prone creating a large backlog and an average time to remediation of

193 days

Manual change ticket creation takes

45 min but it takes

5 min to fix a server

Asset discovery and dependency mapping is manual and rarely without gaps attempting to

cover 1000sof assets

OPERATIONS SECURITY

DELAYS DELAYS DELAYS DELAYS

SecOps Gap - Speed and Scale Impacts

10

Handled Manually Each

Exception is 2-3 Hrs,

Exceptions are 2-3 per

server per quarter

Each Approver Slows

Process – More Risk

More Approvers

For every 500

Servers 1 FTE

Digests Report and

Plans Remediation

Security

OPSCHANGE TICKET

OPENED

MANUALLY

VULNERABILITIES

DISCOVERED

WITH SCANS

REMEDIATION

ANALYSIS AND

BUILD

CHANGE TICKET

CLOSED

REMEDIATION

EXECUTED

COMPLIANCE

REPORTING

CAB APROVAL

(DUE TO RISK)

VERIFIED

COMPLIANCE

APP TEAMS

GETTING

EXCEPTIONS

REPORT

CREATED

SENT TO OPS

OPS DIGESTS

REPORT AND

PLANS

WORK

EXTRA CHANGE

DOCUMENTATION

POTENTIALLY

MANY

APPROVALSAPPs

Typical Workflow

11

Handled Manually Each

Exception is 2-3 Hrs,

Exceptions are 2-3 per

server per quarter

Each Approver Slows

Process – More Risk

More Approvers

For every 500

Servers 1 FTE

Digests Report and

Plans Remediation

Security

OPSCHANGE TICKET

OPENED

MANUALLY

VULNERABILITIES

DISCOVERED

WITH SCANS

REMEDIATION

ANALYSIS AND

BUILD

CHANGE TICKET

CLOSED

REMEDIATION

EXECUTED

COMPLIANCE

REPORTING

CAB APROVAL

(DUE TO RISK)

VERIFIED

COMPLIANCE

APP TEAMS

GETTING

EXCEPTIONS

REPORT

CREATED

SENT TO OPS

OPS DIGESTS

REPORT AND

PLANS

WORK

EXTRA CHANGE

DOCUMENTATION

POTENTIALLY

MANY

APPROVALSAPPs

SecOps Workflow

NOW

AUTOMATED

12

COMPLIANCE RISK(GAP AGAINST POLICY)

>

>Private cloud

Data center (corporate IT)

Public Cloud

VULNERABILITY RISK

>

>

REGULATORY | OPERATIONAL | SECURITY

ATTACK SURFACE | EXPOSURE WINDOW

SERVER NETWORK

Security Scans

Private cloud

Data center (corporate IT)

Public Cloud

SecOps – Integrated and AutomatedOne SecOps Solution for 2 Risk Exposures

Unmanaged

AUTOMATEDREMEDIATION

10% Coverage with UNKNOWN Risks~ 193 Days or Unknown

90% Coverage, With Known Risk~ 10-45 Days based on severity/risk

13

“Audit Ready” All the Time

Governance and Auditability

Accelerate Closure of Risk

WindowsActionable Information

Smart/Balanced Decision Making

Blind Spot Analysis

The Value of BMC’s SecOps SolutionVigilant, Precise and Relentless Automation to Accelerate and Scale Security Operations Workflow

Vigilant

Compliance

Precise

Threat Analysis

Relentless

Remediation

SecOpsIntegrated and

Automated

14

• Enriched, actionable threat data for immediate

use by IT Ops and analysis by Security

• Operator Dashboard - “To do” list to address

threats based on policy and impact insuring

most critical issues fixed first.

• Security Dashboard - First time ever view for

Security into operational plans with visibility

into planned actions, predictive SLA, and

burndown

Integrated Data for

Security and Operations

Integrated Visibility to Build Trust

15

Consistent and trackable

application of policies

• Maintain vigilance with a full cycle of system

discovery, monitoring, remediation, and change

control

• Integrated documentation and remediation

simplifies repair, rollback, and configuration

updates

• Easy to use out of the box regulatory

compliance content, policies, and remediations,

which reduces time for audit compliance

Drive Compliance & Best Practices

16

• Automatic correlation of discovered

vulnerabilities and patches

• Remediate vulnerabilities based on severity

and priorities

• Network vulnerability identification and

remediation action capabilities

• Direct closed loop integration with Change

Management

Pursue vulnerabilities swiftly

and efficiently

Accelerate and Scale Remediation

17

Customer Success

with BMC SECOPS

State of Michigan

Reduced time for Audit report creation from

32 hours to 15 minutes

Reduced time for server

provisioning from

2 months to 5 days

Reduced 9,000+ staff hours by automatically remediating

94,273 events

BMC's BladeLogic Threat Director will enable the security and operations teams to see what the other is doing, opening a dialog to allow the most urgent issues to be addressed first while balancing the operations team's need for uptime.— Tracy McMahan, IT Support Coordinator, F. Korbel & Bros, Inc.

18

THANK YOU!