Upload
lyduong
View
214
Download
0
Embed Size (px)
Citation preview
Agenda
2
• Managed IT Roadmap
• Operational Risk and Compliance
• Cybersecurity – Managed Security Services
Managed IT Strategic Roadmap
3
• Long term strategic direction
– Scale services to larger financial institutions
– Managed IT Advanced
Add Linux, Unix, Oracle, DBA Support, Application Development
Add « Shared » Customer Tools
– Managed IT Custom
Ala Carte Option
Managed Risk Services
Managed Security Services
IPT/Network Services
Hosted Services
Help Desk/Deskside Support
Managed IT Enhancements
4
• Migrating to new endpoint management system
– Current system has not kept up with market enhancements
– New solution will allow greater efficiency in:
Patch Management
Asset Inventory
Software Distribution
Configuration Compliance
Operational Risk and ComplianceTechnology Roadmap for Managed IT and Security
5
• Transition slide in template is un-editable, using this as a place holder
Needs Drive Innovation
Managed Risk Services
6
• Risk & Control Self Assessment (RCSA)
– Organizations are in need of a way to evaluate, document & monitor compliance with various regulations, framework & guidance.
• Managed Security Awareness (MSA)
– There is increased scrutiny by auditors/examiners surrounding cybersecurity awareness & training. Annual testing & training is
not enough to properly equip employees with the tools to detect & properly handle phishing threats. Organizations need a tool to
launch & manage phishing campaigns to properly test employees, report to management, & build awareness throughout the
enterprise.
• Vendor Risk Manager (VRM) Enhancements
– Vendor management continues to be a focus area of regulators. As a result we are continuously looking at ways to create more
efficient processes of managing vendors risk, while increase the oversight & monitoring capabilities.
• Enhanced GLBA/Information Security Risk Assessment & Enhanced Cybersecurity Risk Assessment
– Current risk assessment processes are designed for periodic (typically annual) evaluations of risk. Organizations are in need of a
tool to integrate these risk assessment processes into their internal practices for better identification, monitoring, & reporting of
risk.
Overview
Risk & Control Self Assessment (RCSA)
7
• Designed to allow institutions to self assess against various regulations, frameworks, &
guidance
• System defaults with defined Control Objectives to meet designated requirements, along with
suggested Control Activities to meet the Control Objectives
• Quantify coverage & effectiveness of controls, along with documenting justification
• Ability to upload & attach supporting documentation to centralize documents to provide auditors
& examiners to show compliance
• Progress indicators
• Ability to generate issues to document, track & monitor areas that need to be addressed based
on the self assessment
Overview
Managed Security Awareness (MSA)
12
• Social-engineering simulations across four vectors
– Email Phishing
– SMS (Smishing)
– Voice (Vishing)
– Mobile Media
• Over 300 phishing templates, 60+ landing pages and 150+ domains
• Patented multi-variable attack simulations
• Address book utility which incorporates over 50 data elements from which to measure risk
• Outlook plugin allows end-user reporting of suspected phishing attempts
• Leverage Regulatory University (RegU) for education & awareness
Overview
Vendor Risk Manager (VRM)
13
• Real-time, online, quantitative vendor risk assessment and monitoring service
• VRM allows the institution to evaluate new vendor relationships and monitor existing
relationships.
• Data feeds collected are analyzed by VRM’s operational experts.
• The platform delivers a customized risk score based on the institution’s unique relationship with
the vendor, and the complete picture of empirical risk data on the vendor.
• VRM will initiate workflows to review, approve, or notify impacted stakeholders of material
changes to the vendor’s risk profile.
• Additionally, institutions can monitor their vendor risk with real time interactive dashboards that
give a holistic view of all vendor profiles.
Roadmap
Vendor Risk Manager (VRM) Enhancements
16
2017 - Q1 FUTURE
MAR APR MAY JUN JUL AUG SEPT
OP
ER
AT
ION
AL
RIS
K
VENDOR SURVEY ENHANCEMENTS: Support for vendor registration, and survey flow improvements
Nth PARTY RISK: Support for relating vendors and factoring in the risk of 4th parties and beyond
BBB INTEGRATION: Include BBB and D&B with the other vendor due diligence
NON-MANAGED SERVICE: Support for stand-alone use of VRM
API: Support for 2-way data integrations for importing/exporting of data with other systems
SSO: Support for SSO for seamless authentication with other systems
CONTRACT MANAGEMENT: Enhanced support for managing contract terms, renewals, and workflows
ASSESSMENTS: New RaaS module for performing Risk Assessments
SLA TRACKING: Support for SLA tracking, measuring, reporting and workflows
REPORTING ENHANCEMENTS: New chart-based reporting with focus on auditors and compliance
MOBILE ENHANCEMENTS: Support for Touch ID and push notifications on Apple iOS Devices
2017 - Q2 2017 - Q3
Nth PARTY RISK
VENDOR SURVEY ENHANCEMENTS
NON-MANAGED SERVICE
API
BBB INTEGRATION
SLA TRACKING
CONTRACT MANAGEMENT
MOBILE ENHANCEMENTS
SSO
ASSESSMENTS
REPORTING ENHANCEMENTS
Enhanced GLBA/Information Security & Cybersecurity Risk Assessments
17
• Web based risk assessment modules
– Based on GLBA & FFIEC Information Security Handbook
– Based on the FFIEC Cybersecurity Assessment Tool & NIST Cybersecurity Framework
• New product, service or asset risk assessment process to ensure Information
Security & Cybersecurity risks are assessed before launch
• Incorporate within institutional policies to create a living risk assessment process
instead of an annual risk assessment
• Issue management function to log, monitor & report issues identified in the risk
assessment process
• Control testing documentation & tracking mechanism
Cybersecurity Product/Service Roadmap for Managed Security Service
18
• Transition slide in template is un-editable, using this as a place holder
New Services Roadmap
19
Service Summary
• Cyberguard Endpoint Threat Detection
– Powered by Red Canary/Carbon Black Response
– Purpose: Endpoint threat detection platform that enables detection, response, and insight on threats in your
network
• Cyberguard Endpoint Threat Prevention
– Powered by CylancePROTECT
– Purpose: Preventing unauthorized malware from running on a client’s network through Artificial Intelligence
• Vulnerability Management (Enhanced Vulnerability Management, Perimeter and Internal Defense)
– Purpose: Managed Vulnerability Service utilizing FIS “time to remediate” asset prioritization
Cyberguard Endpoint Threat Detection
Detect the threats your prevention tools miss.
20
- Cloud-based 24/7 endpoint activity recording, visibility, and threat detection
- Expert analysts to remove false positives
- Integrated platform to rapidly respond to threats
21
Endpoint
sensors record
activity
SOC Analysts
Investigate
Platform
Detects
Threats
file modifications
process creation
process injection
user identity
network connections
EMET alerts
registry modification
module loads
binary content
Alerts
customers
MSS responds
with power
22
Endpoint
sensors record
activity
SOC Analysts
Investigate
Platform
Detects
Threats
Alerts
customers
MSS responds
with power
Identify
Known bad
Good apps
gone bad
New activity
Unusual activity
Application Behavioral
Analysis
User Behavior Analytics
Organizational
Intelligence
Using…
Binary Analysis
Threat Intelligence
23
Endpoint
sensors record
activity
SOC Analysts
Investigate
Platform
Detects
Threats
Alerts
customers
MSS responds
with power
“24/7” remote monitoring, investigation, and confirmation
Full access to endpoint history
Automated retrospective hunting from identified IOCs
24
Endpoint
sensors record
activity
SOC Analysts
Investigate
Platform
Detects
Threats
Alerts
customers
MSS responds
with power
Intelligence to understand the threat indicators, endpoint and user information
threat timeline
25
Endpoint
sensors record
activity
SOC Analysts
Investigate
Platform
Detects
Threats
Alerts
customers
MSS responds
with power
Isolate Remediate ResearchTechnical
Q&A
Included tools and expertise to stop threats and return your organization to
a good state
Automate
Cyberguard Endpoint Threat Prevention
26
• Predicts cyber attacks and blocks them on the endpoint in real-time before they ever execute.
– Leverages the power of machines, not humans, to dissect malware’s DNA. Artificial intelligence then determines if the
code is safe to run.
• Provides an innovative next generation endpoint threat protection solution to prevent advanced
threats and malware from causing harm
• Utilizes artificial intelligence techniques, machine learning and algorithmic science
Cyberguard Endpoint Threat Prevention
• Prevents malware pre-execution
• Silences memory attacks, exploits, privilege
escalation, fileless attacks
• Thwarts unauthorized scripts
• Rejects potentially unwanted programs
(PUPs) from entering the environment
• Uncovers the presence of powerful tools that
can be used against you
• All without prior knowledge
• Protection is not Cloud dependent
• No signatures / infrequent updates
• Ultra light agent footprint
• Deployment simplicity
27
Vulnerability Management
28
• The FIS-Developed Total Risk Score enables clients to quantify the risk of their devices in order
to make effective decisions based on organizational risk appetite.
• Device usage cases build the device risk score and when paired with Common Vulnerability
Security Score, it generates the Total Risk Score – a numerical value for risk.
Device
Risk
Score
CVSSTotal Risk
Score
Vulnerability Management
29
• Allows workflow tracking for
vulnerabilities
• Workflow Approvers provide
oversight and governance over the
Workflow Process.
• Bulk Remediation of many tasks at
once.
Vulnerability Management Enhancements
30
• Integrate 3rd Party Objective Assessment/audit findings
– Track remediation efforts of 3rd party findings in the same system as tracking regular vulnerability remediation's
– Leverage existing workflow
Risk Accepts
Pending Fix
False positives
• Integrate Threat Intelligence “chatter” into the system
– Scenario: “Dark web chatter” that a specific vulnerability is being exploited to deliver malware. The system would raise
the priority of remediation based on this intelligence.
– Remediation prioritization would increase based on intelligence
Michael Kirby II, Scott Yoshimura