How to Close the SecOps Gap

  • View

  • Download

Embed Size (px)

Text of How to Close the SecOps Gap

BMC Engage 2014 Presentation Template

The SecOps Gap Copyright 12/12/2014 BMC Software, Inc#

Dominic Wellington @dwellingtonIntelligent Compliance

Copyright 12/12/2014 BMC Software, Inc#The Solution is KnownMost breaches exploit known vulnerabilities for which patches are available.More than 80% of attacks target known vulnerabilities(source: F-Secure)79%30+ days80%79% of vulnerabilities have patches available on day of disclosure(source: Secunia)On average, it takes 30+ days to patch an identified vulnerability(source: Qualys) Copyright 12/12/2014 BMC Software, Inc#3Heartbleed

March 14 2012: Vulnerable code introduced into OpenSSL libraryWhat happened? Copyright 12/12/2014 BMC Software, Inc#Heartbleed: a timelineHeartbleed bug registered, logo createdPatch available (1.0.1g)309,197 public web servers remain vulnerable318,239 public web servers remain vulnerableCommunity Health Systems hack disclosure

April 7April 3June 21April 1May 8August 18


Copyright 12/12/2014 BMC Software, Inc#5

[] the breadth of at-risk machines is going to be significantly higher with Shellshock than with Heartbleed.ShellshockNIST: 10/10A new bug every week Copyright 12/12/2014 BMC Software, Inc#

Security problems are like vampires Copyright 12/12/2014 BMC Software, Inc#

Clone old VMtemplateReinstall old vulnerable software versionBoot unpatched serverMissed the unofficial ITHow do companies get bitten? Copyright 12/12/2014 BMC Software, Inc#

The SecOps Gap Copyright 12/12/2014 BMC Software, Inc#

Intelligent compliance transforms compliance from an activity that is exhausting, risky and incomplete into one that is routine, secure and comprehensive. Copyright 12/12/2014 BMC Software, Inc#Best Practices Guidance for Intelligent ComplianceAD HOCPROCESSSTANDARDIZEDADVANCEDTOOLSPATCHASSESSCOMPLYINTELLIGENTVALUELEVELSTIME Copyright 12/12/2014 BMC Software, Inc#Heres a quick refresh on the value path.11DISCOVERREMEDIATEDEFINEAUDITGOVERNServer

NetworkDatabaseMiddlewareIntelligent Compliance Copyright 12/12/2014 BMC Software, Inc#Status QuoIntelligent ComplianceIncomplete dataOut of date systems provisioned faster than discoveredData accuracy you can verify and trustEffortless continuous mapping of infrastructure and applicationsDiscover Copyright 12/12/2014 BMC Software, Inc#13You cant manage what you cant measureReplace manual data collection with automatic inventory & relationship discoveryLeverage inventory & relationship data in other IT processesApplication Mapping: Connect data center infrastructure to business applications

Copyright 12/12/2014 BMC Software, Inc#Status QuoIntelligent ComplianceDisconnected from operational detailsIncomplete specification of requirementsPre-defined policies short time to valueDetailed, actionable definition of desired stateDefine Copyright 12/12/2014 BMC Software, Inc#15Regulatory ComplianceSarbanes-Oxley (SOX) 404Health Insurance Portability & Accountability Act (HIPAA)Payment Card Industry Digital Security Standard (PCI DSS)Security ComplianceDefense Information Systems Agency Security Technical Implementation Guides (DISA STIG)Center for Internet Security (CIS)

Copyright 12/12/2014 BMC Software, Inc#Status QuoIntelligent ComplianceBased on individual interpretationInconsistent and incomplete implementation and coverageGranular configuration visibility avoid false positives & false negativesRegular, scheduled and automatedAudit Copyright 12/12/2014 BMC Software, Inc#17Identify drift away from desired stateCompare live configurations to a live reference systemTroubleshoot issues caused by configuration discrepanciesCompare the current state to known good state from a week agoCompare snapshots to each other to aid troubleshootingDifferent comparison types support different use cases.Compare the current state to out-of-the-box policiesUse standard policies as templates to build customized operational policyLIVESNAPSHOTPOLICY Copyright 12/12/2014 BMC Software, Inc#Status QuoIntelligent ComplianceNo way to verify successRisk of introducing additional issues No way to roll back changesGranular configuration changes coexist with other tools and approachesBuilt-in rollback in case of failure or unforeseen consequencesRemediate Copyright 12/12/2014 BMC Software, Inc#19Close the SecOps GapAutomated remediation no scriptingAutomated rollback in case of problemsSupport for exceptions to standard policy


Copyright 12/12/2014 BMC Software, Inc#Status QuoIntelligent ComplianceManual entry (time consuming, error prone)Lack of trust in dataNo process enforcementConsistent audit trail and automatic documentation of actions & exceptionsProcess governance change approval, maintenance windows, collision avoidanceGovern Copyright 12/12/2014 BMC Software, Inc#21Orchestrate Automation and ITSM

Copyright 12/12/2014 BMC Software, Inc#Key takeawaysCompliance is a big problem The consequences of getting it wrong are severeNeither Security nor Operations can fix it aloneDifferent teams need to work togetherThere is no one size fits all solutionNo single product can solve this problem eitherTackle this problem in stagesNo need to solve the whole problem at once

Dominic Wellington@dwellington Copyright 12/12/2014 BMC Software, Inc#23

Thank You. Copyright 12/12/2014 BMC Software, Inc#