24
© Copyright 12/12/2014 BMC Software, Inc 1 The SecOps Gap

How to Close the SecOps Gap

Embed Size (px)

Citation preview

Page 1: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc1

The SecOps Gap

Page 2: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc2

Dominic Wellington @dwellington

Intelligent Compliance

Page 3: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc3

The Solution is Known

Attacks Patches

Most breaches exploit known vulnerabilities for which patches are available.

Time

More than 80% of attacks target known vulnerabilities

(source: F-Secure)

79%30+ days

80%

79% of vulnerabilities have patches available on day of disclosure

(source: Secunia)

On average, it takes 30+ days to patch an identified vulnerability

(source: Qualys)

Page 4: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc4

Heartbleed

March 14 2012: Vulnerable code introduced into OpenSSL library

What happened?

Page 5: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc5

Heartbleed: a timeline

Heartbleed bug disclosed

heartbleed.com registered,

logo created

Patch available (1.0.1g)

309,197public web

servers remain vulnerable

318,239 public web servers remain vulnerable

Community Health Systems hack disclosure

April 7April 3 June 21April 1 May 8 August 182014

Page 6: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc6

“ ”[…] the breadth of at-risk machines is going to be significantly higher with Shellshock than with Heartbleed.

Shellshock

NIST: 10/10

A new bug every week

Page 7: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc7

Security problems are like vampires

Page 8: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc8

Clone old VM

template

Reinstall old vulnerable software version

Boot unpatched

server

Missed the “unofficial”

IT

How do companies get bitten?

Page 9: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc9

The SecOps Gap

Page 10: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc10

Intelligent compliancetransforms compliance from an activity that is exhausting, risky and incomplete into one that is routine, secure and comprehensive.

Page 11: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc11

Best Practices Guidance for Intelligent Compliance

AD HOC

PROCESS

STANDARDIZED

ADVANCED

TOOLS PATCH

ASSESS

COMPLY

INTELLIGENT

LEVELS

TIME

Page 12: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc12

DISCOVER

REMEDIATE DEFINE

AUDIT

GOVERN

Server

Network

Database

Middleware

Intelligent Compliance

Page 13: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc13

Status Quo Intelligent Compliance

Incomplete data

Out of date – systems provisioned

faster than discovered

Data accuracy you can verify and trust

Effortless continuous mapping of

infrastructure and applications

Discover

Page 14: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc14

You can’t manage what you can’t measure

Replace manual data collection with automatic inventory & relationship discovery

Leverage inventory & relationship data in other IT processes

Application Mapping: Connect data center infrastructure to business applications

Page 15: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc15

Status Quo Intelligent Compliance

Disconnected from operational details

Incomplete specification of

requirements

Pre-defined policies – short time to value

Detailed, actionable definition of desired

state

Define

Page 16: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc16

Regulatory ComplianceSarbanes-Oxley (SOX) 404

Health Insurance Portability & Accountability Act (HIPAA)

Payment Card Industry Digital Security Standard (PCI DSS)

Security ComplianceDefense Information Systems Agency Security Technical Implementation Guides (DISA STIG)

Center for Internet Security (CIS)

Page 17: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc17

Status Quo Intelligent Compliance

Based on individual interpretation

Inconsistent and incomplete

implementation and coverage

Granular configuration visibility – avoid

false positives & false negatives

Regular, scheduled and automated

Audit

Page 18: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc18

Identify drift away from desired state

Compare live configurations to a live reference system

Troubleshoot issues caused by configuration discrepancies

Compare the current state to known good state from a week ago

Compare snapshots to each other to aid troubleshooting

Different comparison types support different use cases.

Compare the current state to out-of-the-box policies

Use standard policies as templates to build customized operational policy

LIVE SNAPSHOT POLICY

Page 19: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc19

Status Quo Intelligent Compliance

No way to verify success

Risk of introducing additional issues

No way to roll back changes

Granular configuration changes – co-exist

with other tools and approaches

Built-in rollback in case of failure or

unforeseen consequences

Remediate

Page 20: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc20

Close the SecOps Gap

Automated remediation – no scripting

Automated rollback in case of problems

Support for exceptions to standard policy

44%Reduction 32%

Reduction

45%Reduction

Page 21: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc21

Status Quo Intelligent Compliance

Manual entry (time consuming, error prone)

Lack of trust in data

No process enforcement

Consistent audit trail and automatic

documentation of actions & exceptions

Process governance – change approval,

maintenance windows, collision avoidance

Govern

Page 22: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc22

Orchestrate Automation and ITSM

Page 23: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc23

Key takeaways

1. Compliance is a big problem The consequences of getting it wrong are severe

2. Neither Security nor Operations can fix it aloneDifferent teams need to work together

3. There is no one size fits all solutionNo single product can solve this problem either

4. Tackle this problem in stagesNo need to solve the whole problem at once

Dominic Wellington@dwellington

http://www.bmc.com/it-solutions/intelligent-compliance.html

Page 24: How to Close the SecOps Gap

© Copyright 12/12/2014 BMC Software, Inc24

Thank You.